Sei sulla pagina 1di 582

ALTIRIS

Deployment Solution 6.8 SP2 Deployment and Migration Guide

Notice
Altiris Deployment Solution 6.8 SP2 2007 Altiris, Inc. All rights reserved. Document Date: June 25, 2007 Information in this document: (i) is provided for informational purposes only with respect to products of Altiris or its subsidiaries (Products), (ii) represents Altiris' views as of the date of publication of this document, (iii) is subject to change without notice (for the latest documentation, visit our Web site at www.altiris.com/Support), and (iv) should not be construed as any commitment by Altiris. Except as provided in Altiris' license agreement governing its Products, ALTIRIS ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTIES RELATING TO THE USE OF ANY PRODUCTS, INCLUDING WITHOUT LIMITATION, WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS. Altiris assumes no responsibility for any errors or omissions contained in this document, and Altiris specifically disclaims any and all liabilities and/or obligations for any claims, suits or damages arising in connection with the use of, reliance upon, or dissemination of this document, and/or the information contained herein. Altiris may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights that relate to the Products referenced herein. The furnishing of this document and other materials and information does not provide any license, express or implied, by estoppel or otherwise, to any foregoing intellectual property rights. No part of this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means without the express written consent of Altiris, Inc. Customers are solely responsible for assessing the suitability of the Products for use in particular applications or environments. Products are not intended for use in medical, life saving, life sustaining, critical control or safety systems, or in nuclear facility applications. *All other names or marks may be claimed as trademarks of their respective companies.

Altiris Deployment Solution 6.8 SP2

Contents
Chapter 1: About Altiris Deployment Solution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Deployment Solution Architecture Deployment Server . . . . . Deployment Database . . . Deployment Share . . . . . Management Consoles . . Automation Tools . . . . . . Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 22 23 23 23 24 24

Part I: Planning and Installing Your Deployment System . . . . . . . . . . . . 25


Chapter 2: Preparing To Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Step Step Step Step Step Step 1: 2: 3: 4: 5: 6: Log on to Your Deployment Server Computer as an Administrator Create a Services Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . Gather Automation Operating System Install Files . . . . . . . . . . . Obtain a License File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Install .NET and MDAC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Start Microsofts Internet Information Server (IIS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 27 28 28 28 28

Chapter 3: Installing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Simple or Custom Install? . . . . . . . . . . . . . . . . . Simple Install. . . . . . . . . . . . . . . . . . . . . . . Custom Install . . . . . . . . . . . . . . . . . . . . . . Running the Setup Program . . . . . . . . . . . . . . . . . . . Enable Microsoft Sysprep Support . . . . . . . . . . . Enable Microsoft Windows Vista Sysprep Support . Remotely Install Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 29 29 29 29 30 30

Chapter 4: Post-Installation Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31


Step 1: Grant Full Control of the Deployment Share to Your Service Account. . . . . Step 2: Create Domain Join and Deployment Share Accounts . . . . . . . . . . . . . . . Domain Join Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Deployment Share Read/Write Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . Step 3: Grant Services Account the db_owner Role to Your Deployment Database . Step 4: Configure Your Deployment System . . . . . . . . . . . . . . . . . . . . . . . . . . . Add Your Domain Join Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enable Security and Add Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . Grant Console Rights to Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . Grant Database Rights to Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . Configure Deployment Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Step 5: Configure Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Step 6: Install the Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Step 7: Configure Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Step 8: (Optional) Configure PXE Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 31 31 32 32 33 33 33 34 34 35 35 35 35 35

Chapter 5: Deployment Agent Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36


About the Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Installing the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Altiris Deployment Solution 6.8 SP2

Using the Remote Agent Installer (Windows XP). . . . . . . . . . . . . . . . Step 1: Disable Simple File Sharing on Windows XP . . . . . . . . . . Step 2: Allow File and Printer Sharing in Windows XP SP2 Firewall Step 3: Get Local User Rights (admin$ Share) . . . . . . . . . . . . . . Step 4: Run the Remote Agent Installer . . . . . . . . . . . . . . . . . . Using a Script, E-Mail Link, or Manual Installation (All Platforms) . . . . Step 1: Provide Users Access to the Agent Installation Program . . Step 2: Create the Input File for a Silent Install . . . . . . . . . . . . . Step 3: Run the Installation Program . . . . . . . . . . . . . . . . . . . . Agent Auto Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

37 37 37 37 37 37 38 38 38 39 39

Part II: Booting Computers to Automation . . . . . . . . . . . . . . . . . . . . . . . 40


Chapter 6: What is Automation? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Chapter 7: Automation Boot Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Which Automation Boot Method Should I Use? . PXE. . . . . . . . . . . . . . . . . . . . . . . . . . . . Automation Partitions . . . . . . . . . . . . . . . Boot Media (DVD/CD, USB Device, Floppy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 43 44 44

Chapter 8: Automation Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46


Which Automation Operating DOS . . . . . . . . . . . . . . Windows PE . . . . . . . . . Linux . . . . . . . . . . . . . System Should I Use? ................ ................ ................ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 46 47 47

Chapter 9: Installing and Configuring Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48


Configuring Automation Operating Systems . . . . . . . . . . . . Obtaining and Installing Windows PE, Linux, or DOS. . . Adding Additional Files . . . . . . . . . . . . . . . . . . . . . . . Adding Mass Storage Drivers for Windows PE. . . . . Adding Large Files to a Linux Boot Configuration . . . . . Configuring Automation Boot Methods . . . . . . . . . . . . . . . Configuring PXE . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Automation Partitions . . . . . . . . . . . . . . . Configuring Boot Media (DVD/CD, USB device, Floppy) . Deploying Automation to Managed Computers . . . . . . . . . . Using Automation Partitions or Boot Media . . . . . . . . . Using PXE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 48 49 50 50 51 51 51 52 52 52 53

Chapter 10: Setting Up the Altiris PXE Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55


What is PXE? . . . . . . . . . . . . . . . . . . . . . . . Why Use PXE? . . . . . . . . . . . . . . . . . . . . . . PXE Services and Architecture . . . . . . . . . . . How PXE Works . . . . . . . . . . . . . . . . . . . . . Part 1: DHCP Request and PXE Discovery Part 2: PXE Bootstrap . . . . . . . . . . . . . . PXE Planning and Installation. . . . . . . . . . . . Enabling PXE on Managed Computers . . . Installing and Configuring DHCP. . . . . . . How Many Altiris PXE Servers Do I Need? Number of Client Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 55 56 57 58 58 59 60 60 60 60

Altiris Deployment Solution 6.8 SP2

Network Speed. . . . . . . . . . . . . . . . . Physical Layout of your Network. . . . . PXE Request Routing. . . . . . . . . . . . . Installing Altiris PXE Servers . . . . . . . . . . Configuring PXE Settings . . . . . . . . . . . . . . . . PXE Settings . . . . . . . . . . . . . . . . . . . . . . . . Shared vs. Local. . . . . . . . . . . . . . . . . . . Session Timeout . . . . . . . . . . . . . . . . . . . DHCP Server Options . . . . . . . . . . . . . . . Boot Integrity Services . . . . . . . . . . . . . . Boot Integrity Services (BIS) Removal Boot Options . . . . . . . . . . . . . . . . . . . . . . . . Shared vs. Local. . . . . . . . . . . . . . . . . . . PXE Redirection . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

60 60 61 61 61 62 62 62 62 62 63 63 63 63

Part III: Using Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65


Chapter 11: Deployment Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Computers. . . . . . . . . . . . . . . . . Jobs . . . . . . . . . . . . . . . . . . . . . Creating Jobs and Tasks . . . . . . . Context Menus (Right-click). . . . . Find a Computer in the Database Using Lab Builder . . . . . . . . . . . Computer Import File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 66 67 67 67 68 70

Managing from the Deployment Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72


Deployment Console Basics . . . . . . . . . . . . . . . . . . . . . . Features of the Deployment Console. . . . . . . . . . . . . . Computers pane . . . . . . . . . . . . . . . . . . . . . . . . . . . Jobs pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Details pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Shortcuts and Resources View . . . . . . . . . . . . . . . . . . Thin Client View of the Deployment Console . . . . . . . . . . . Installing the Thin Client View . . . . . . . . . . . . . . . . . . Switching Between Two Views . . . . . . . . . . . . . . . . . . Computers Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . Resources pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . Software Packages . . . . . . . . . . . . . . . . . . . . . . . . . . Inventory Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . Toolbars and Utilities . . . . . . . . . . . . . . . . . . . . . . . . Deployment Solution Utility Tools . . . . . . . . . . . . . . . . Software Virtualization Solution . . . . . . . . . . . . . . . . . . . . Using SVS Admin Utility with Deployment Solution . Extending the Tools Menu on the DS Console . . . . . . . . . . Computer Filters and Job Conditions . . . . . . . . . . . . . . . . . Creating Conditions to Assign Jobs . . . . . . . . . . . . . . . Creating a Computer Group Filter . . . . . . . . . . . . . . . . General Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Console options . . . . . . . . . . . . . . . . . . . . . . . . . . . Global options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Sysprep Settings . . . . . . . . . . . . . . . . . . . . . . . . OS Product Key tab. . . . . . . . . . . . . . . . . . . . . . . Task Password options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 73 73 74 74 75 76 76 76 77 78 78 79 80 80 81 81 82 83 83 84 85 85 85 86 86 86

Altiris Deployment Solution 6.8 SP2

Domain Accounts options . . . . . . . . . . . . . . . . RapiDeploy options . . . . . . . . . . . . . . . . . . . . Agent Settings options . . . . . . . . . . . . . . . . . . Custom Data Sources options . . . . . . . . . . . . . Allowed Stored Procedure List . . . . . . . . . . Virtual Centers . . . . . . . . . . . . . . . . . . . . . . . Security in Deployment Solution . . . . . . . . . . . . . . Best Practices for Deployment Solution Security. Enabling Security . . . . . . . . . . . . . . . . . . . . . Groups . . . . . . . . . . . . . . . . . . . . . . . . . . Rights . . . . . . . . . . . . . . . . . . . . . . . . . . Setting Permissions . . . . . . . . . . . . . . . . . . . . Connecting to Another Deployment Server . . . . . . . Rejected Computers in Deployment Solution . . . . . . Refresh Deployment Solution . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

87 87 88 88 88 89 89 89 90 92 92 93 95 96 96

Managing Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Viewing Computer Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Adding New Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Creating a New Computer Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Importing New Computers from a Text File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Computer Configuration Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 General Configuration Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Microsoft Networking Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 TCP/IP Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 TCP/IP Advanced Options - IP interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 TCP/IP Advanced Options - Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 TCP/IP Advanced Options - DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 TCP/IP Advanced Options - WINS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 TCP/IP Advanced Options - Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 NetWare Client Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 Operating System Licensing Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 User Account Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 Deployment Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 Deployment Agent Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Server Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Log File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Startup/Shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Deployment Agent for Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 Deployment Agent Settings for DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 Drive Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Remote Desktop Connection Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Agent for Macintosh Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Deployment Agent for CE .NET. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Managing Client Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Computer Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Altiris Deployment Solution 6.8 SP2

Network Configuration . . . . . . . . . . . . . . . . . . . . TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Bay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Server Deployment Rules . . . . . . . . . . . . . . . Lights-Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . Remote Operations Using Deployment Solution . . . . . . Restoring a Computer from its Deployment History Configuring Computers . . . . . . . . . . . . . . . . . . . . Quick Disk Image . . . . . . . . . . . . . . . . . . . . . . . . Power Control . . . . . . . . . . . . . . . . . . . . . . . . . . Remote Control . . . . . . . . . . . . . . . . . . . . . . . . . Send Files during Remote Control . . . . . . . . . . Remote Control Properties . . . . . . . . . . . . . . . Set Remote Control Permissions . . . . . . . . . . . Start Multiple Sessions . . . . . . . . . . . . . . . . . Execute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . User Account . . . . . . . . . . . . . . . . . . . . . . . . Chat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Prompt User for Properties . . . . . . . . . . . . . . . . . Install Automation Partition . . . . . . . . . . . . . . . . . Change Agent Settings . . . . . . . . . . . . . . . . . . . . Deploying and Managing Servers . . . . . . . . . . . . . . . . Server Management Features . . . . . . . . . . . . . . . Server Deployment Options . . . . . . . . . . . . . . . . . Managing Server Blades . . . . . . . . . . . . . . . . Managing New Server Blades . . . . . . . . . . . . . Virtual Bays . . . . . . . . . . . . . . . . . . . . . . . . Hewlett-Packard Server Blades . . . . . . . . . . . Dell Server Blades . . . . . . . . . . . . . . . . . . . . Fujitsu-Siemens Server Blades . . . . . . . . . . . . IBM Server Blades . . . . . . . . . . . . . . . . . . . . Find a Computer in the Database . . . . . . . . . . . . . . . Using Lab Builder . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

125 125 125 125 125 126 126 126 127 127 129 130 130 130 131 133 133 134 134 135 135 136 136 137 138 138 139 139 141 141 141 142 143 143 144 144 145

Building and Scheduling Jobs

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 148 150 151 151 151 152 152 152 152 153 153 153 153 154

Viewing Job Details. . . . . . . . . . . . . . . . . . . . . New Job Wizard . . . . . . . . . . . . . . . . . . . . . . . Migrating Computers . . . . . . . . . . . . . . . . Selecting Computers in the New Job Wizard Apply Computers to a Job . . . . . . . . . . . . . Associating Destination Computers . . . . . . Setting up Conditions in the New Job Wizard Install Software Packages . . . . . . . . . . . . . Summary of Options . . . . . . . . . . . . . . . . . Building New Jobs . . . . . . . . . . . . . . . . . . . . . Job Scheduling Wizard . . . . . . . . . . . . . . . . . . Select Job(s) . . . . . . . . . . . . . . . . . . . . . . Select Computer(s) or Computer Groups . . . Setting Conditions for Task Sets . . . . . . . . . . . Order Condition Sets. . . . . . . . . . . . . . . . .

Altiris Deployment Solution 6.8 SP2

Scheduling Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 Deployment Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 Creating a Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 Creating a Mac Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 Creating a Ghost Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 Advanced Sysprep Settings for Creating a Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . 162 Advanced Sysprep Settings for Creating a Disk Image in Windows Vista . . . . . . . . . . . . . 162 Create Disk Image Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 Distributing a Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 Distributing a Mac Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 Distributing a Ghost Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Advanced Sysprep Settings for Distributing a Disk Image . . . . . . . . . . . . . . . . . . . . . . . 166 Advanced Sysprep Settings for Distributing a Disk Image in Windows Vista . . . . . . . . . . . 166 Distribute Disk Image-Resizing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Distribute Disk Image-Additional Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Imaging Computers from USB Disk on Key (DOK) Devices (JumpDrives). . . . . . . . . . . . . 167 Scripted OS Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Scripted Install for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 Select Operating System Version and Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 Installation Source Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Operating System-Source Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Partition and Format Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Import an Answer File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 Answer File Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 Add a New Variable Value or Section. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 Add a New Variable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Command-line Switches for Scripted Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Deployment Agent Settings for Scripted Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Scripted Install Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Scripted Install for Windows Vista . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Scripted Install for Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Scripted Install Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 Distributing Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 Distribute Software Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Managing the SVS Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Import Package Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 Capturing Personality Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 Capture Personality Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 Distributing Personality Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 Distribute Personality Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 Modifying Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 Backing up and Restoring Registry Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 Get Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Run Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Script Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Using LogEvent and WLogEvent in Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 Copy File to . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 Copy File to Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 Power Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Wait . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Modifying Tasks in a Deployment Job . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Modifying Multiple Change Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Creating New Script Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Copy and Paste Jobs and Job Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

Altiris Deployment Solution 6.8 SP2

Importing and Exporting Jobs . . . . . Setting Up Return Codes . . . . . . . . Sample Jobs in Deployment Solution Initial Deployment . . . . . . . . . . . . . Configurations . . . . . . . . . . . . . Advanced Configuration. . . . Jobs . . . . . . . . . . . . . . . . . . . . Advanced . . . . . . . . . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

192 193 195 196 196 197 197 198

Part IV: Best Practices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199


Chapter 12: Securing Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Part 1: Deployment Server Accounts . . . . . . . . . . . . . . Service Account . . . . . . . . . . . . . . . . . . . . . . . . . . Domain Join Accounts . . . . . . . . . . . . . . . . . . . . . . Deployment Share Read/Write Account . . . . . . . . . . Part 2: Deployment Administrator Accounts. . . . . . . . . . Role and Scope Based Security . . . . . . . . . . . . . . . Deployment Console Security. . . . . . . . . . . . . . . . . Manage By Exception . . . . . . . . . . . . . . . . . . . . . . Rights and Permissions . . . . . . . . . . . . . . . . . . . . . Grant Rights to Administrators . . . . . . . . . . . . . Grant Permissions to Administrators . . . . . . . . . Permission Rules . . . . . . . . . . . . . . . . . . . . . . . . . Part 3: Database Security . . . . . . . . . . . . . . . . . . . . . . Required Database Rights . . . . . . . . . . . . . . . . . . . Rights Required to Install . . . . . . . . . . . . . . . . Rights Required for the Services Account. . . . . . Rights Required for Deployment Administrators . Part 4: Securing Communication . . . . . . . . . . . . . . . . . Deployment Agent Authentication. . . . . . . . . . . . . . Key Authentication . . . . . . . . . . . . . . . . . . . . . Additional Agent Security . . . . . . . . . . . . . . . . . . . Keyboard Locks in Automation . . . . . . . . . . . . . . . . Appendix A: Remote Agent Installer Rights . . . . . . . . . . Appendix B: Managing Task Passwords . . . . . . . . . . . . . Appendix C: Managing Key-Based Agent Authentication . Backing up the Server Private Key . . . . . . . . . . . . . Enabling Key-based Authentication with Redirection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 201 202 202 203 203 204 204 204 205 205 205 205 206 206 207 207 208 208 208 210 210 211 211 212 212 212

Chapter 13: Migrating Application Data and User Settings . . . . . . . . . . . . . . . . . . . . . 213 Chapter 14: Capturing and Deploying Disk Images . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
What is a Disk Image? . . . . . . . Imaging in Deployment Solution How Imaging Works . . . . . . . . . File Systems . . . . . . . . . . . Partitions. . . . . . . . . . . . . . Partition Size . . . . . . . . Spanning Media . . . . . . . . . Multicasting . . . . . . . . . . . . How Multicasting Works HTTP Imaging . . . . . . . . . . Capturing Images. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 214 214 214 215 215 215 216 216 216 216

Altiris Deployment Solution 6.8 SP2

Deploying Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216 Post-Imaging Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216 Managing Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Chapter 15: ImageX Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218


Obtaining and Installing ImageX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218 Capturing and Distributing ImageX Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

: Mac Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219


Creating an Automation Image . . . . . . . . . . . . . . . . . . . . . . . . Step 1: Configure a Source Computer . . . . . . . . . . . . . . . . . Step 2: Provide Root Password for Automation . . . . . . . . . . Step 3: Provide Credentials to Access Images . . . . . . . . . . . Step 4: Image the Source Computer. . . . . . . . . . . . . . . . . . Configuring NetBoot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Step 1: Configure the NetBoot Image . . . . . . . . . . . . . . . . . Step 2: Start the NetBoot Service . . . . . . . . . . . . . . . . . . . Configuring AppleTalk Filing Protocol Shares to Host Disk Images. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219 219 220 220 221 221 221 222 222

Chapter 16: Symantec Ghost Imaging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223 Chapter 17: Software Packaging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Why Use Software Packaging? . . . . . . . . . . Overview of the Software Packaging Process Setting up a Reference Computer . . . . . . . . . . . Accessing Wise SetupCapture . . . . . . . . . . Capturing a Software Package . . . . . . . . . . . . . What Can I Capture?. . . . . . . . . . . . . . . . . The Capture Process . . . . . . . . . . . . . . . . . Customizing a Software Package . . . . . . . . . . . Distributing a Software Package . . . . . . . . . . . . Appendix A: Migrating From RapidInstall . . . . . . . . . Appendix B: Windows Installer Format Explained . . . Advantages of Windows Installer . . . . . . . . Appendix C: SetupCapture Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224 224 225 225 225 225 226 226 226 226 226 227 229

Chapter 18: Deploying Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231


Writing a Script . . . . . . . . . . . . . . . . . . . . . Server Scripting Commands . . . . . . . . . Retrieving Database Values Using Tokens Running Scripts on the Server . . . . . . . . Reporting Errors . . . . . . . . . . . . . . . . . . . . . DOS/CMD Error Handling. . . . . . . . . . . . Visual Basic Error Handling . . . . . . . . . . Linux Shell Error Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232 232 233 234 234 235 236 237

Chapter 19: Creating an Image Distribution Framework . . . . . . . . . . . . . . . . . . . . . . . 238


Why Use an Image Distribution Framework? PXE Redirection . . . . . . . . . . . . . . . . . . . . What if I Am Not Using PXE? . . . . . Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating a Distribution Framework . . . . . . . Step One: Set Up Local Image Stores . . Step Two: Replicate Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238 239 239 239 239 239 240

Altiris Deployment Solution 6.8 SP2

10

Step Three: Configure the Server Lookup Utility. . . . Create a Configuration . . . . . . . . . . . . . . . . . . Create a Server Lookup File . . . . . . . . . . . . . . GetSRV.EXE Parameter Descriptions . . . . . . . . . Step Four: Create a Boot Disk Creator Configuration Modify Mapdrv.bat to call Getsrv.bat. . . . . . . . . Deploy the Boot Configuration . . . . . . . . . . . . . Step Five: Distribute an Image . . . . . . . . . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

240 240 240 241 241 242 242 242

Chapter 20: Deploying and Managing Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243


Server Management Features . . . . Server Deployment Options . . . . . . Managing Server Blades . . . . . Managing New Server Blades . . Hewlett-Packard Server Blades Virtual Bays . . . . . . . . . . . . . Dell Server Blades . . . . . . . . . Fujitsu-Siemens Server Blades . IBM Server Blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243 244 245 246 246 247 247 248 248

Part V: Operating System and Platform Reference . . . . . . . . . . . . . . . . 249


Chapter 21: 64-bit Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
64-bit Job Conditions and Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 64-bit PXE Boot Images & Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 Adding Files to a Boot Disk Creator Configuration for 64-bit. . . . . . . . . . . . . . . . . . . . . . . . . 250

Chapter 22: Linux and Unix Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251


ADLAgent . . . . . . . . . . . . . . . . . . . . . . Installing and Configuring ADLAgent . Distributing Software . . . . . . . . . . . . . . Imaging Linux and Unix Filesystems . . . . Linux Bootloaders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 251 251 252 252

Chapter 23: Managing Thin Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253


Supported Thin Client Manufacturers Thin Client Operating Systems . . . . . Windows XP Embedded (XPe) . . The Enhanced Write Filter . . Using the EWFMGR Utility . . Windows CE .NET . . . . . . . . . . . Linux . . . . . . . . . . . . . . . . . . . Licensing Thin Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254 254 254 255 256 257 257 257

Chapter 24: Windows Vista. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258


Installing the Deployment Agent on Vista Vista Remote Control . . . . . . . . . . . . . . Vista Software Distribution . . . . . . . . . . Vista Run Script Tasks. . . . . . . . . . . . . . Deployment Agent UI on Vista . . . . . . . . Vista Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258 258 258 258 259 259

Chapter 25: Power Mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260


Installing The Mac Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

Altiris Deployment Solution 6.8 SP2

11

Removing the Mac Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

Part VI: Reference: Deployment Solution Help Files . . . . . . . . . . . . . . . 261


Deployment Server Configuration Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Logon Account . . . . . General Option . . . . . Drive Mappings Option Transport Option . . . . Disk Imaging Option . Authentication Option Connections Option . . Debug Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 264 264 265 267 268 268 269

Introduction to Altiris Boot Disk Creator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270


Toolbar Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . New Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . Configuration Name . . . . . . . . . . . . . . . . . . . . . . . . . File Server Type (DOS) . . . . . . . . . . . . . . . . . . . . . . . Multi-Network Adapter Configurations . . . . . . . . . . Network Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . Have Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Internet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TCP/IP Protocol Settings . . . . . . . . . . . . . . . . . . . . . . Altiris Deployment Server Communication . . . . . . . . . . Network Configuration . . . . . . . . . . . . . . . . . . . . . . . Network Drive Mappings and Mount Points . . . . . . . . . WinPE Boot Option Settings . . . . . . . . . . . . . . . . . . . . Configuration Summary . . . . . . . . . . . . . . . . . . . . . . Edit Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . Additional Files . . . . . . . . . . . . . . . . . . . . . . . . . . Create PXE Boot Image Files (PXE) . . . . . . . . . . . . . . . PXE Boot Image Creation Complete . . . . . . . . . . . . . . Automation Partitions, Network and Automation Boot Disks. Create Boot Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . Create an Automation Install Package . . . . . . . . . . . . . Create Automation Boot Disk . . . . . . . . . . . . . . . . . . . Create Network Boot Disk . . . . . . . . . . . . . . . . . . . . . Remove Automation Partition. . . . . . . . . . . . . . . . . . . Import Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . Missing Files for Processor Types . . . . . . . . . . . . . . . . Install Pre-boot Operating System Files . . . . . . . . . . . . . . DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FreeDOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MS-DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows PE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 272 272 273 273 274 274 275 275 275 276 277 277 278 278 278 279 280 280 280 280 281 282 283 283 284 284 285 285 285 286 286 286

PXE Configuration Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288


Boot Menu Tab . . . . . . . . . . . . New Shared Menu Option . Edit Shared Menu Option . . Redirect Shared Boot Menu ...... ...... ...... Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290 292 293 293

Altiris Deployment Solution 6.8 SP2

12

Import Boot Menu Options. . . . . . . . . . . . Regenerate Boot Images . . . . . . . . . . . . . Install Pre-boot Operating System Files. . . . . . DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . FreeDOS . . . . . . . . . . . . . . . . . . . . . MS-DOS . . . . . . . . . . . . . . . . . . . . . Linux . . . . . . . . . . . . . . . . . . . . . . . . . . Windows PE . . . . . . . . . . . . . . . . . . . . . . New Configuration Wizard . . . . . . . . . . . . . . . Configuration Name . . . . . . . . . . . . . . . . File Server Type (DOS) . . . . . . . . . . . . . . Multi-Network Adapter Configurations . Network Adapter . . . . . . . . . . . . . . . . . . Have Disk . . . . . . . . . . . . . . . . . . . . Internet. . . . . . . . . . . . . . . . . . . . . . Advanced . . . . . . . . . . . . . . . . . . . . TCP/IP Protocol Settings . . . . . . . . . . . . . Altiris Deployment Server Communication . Network Configuration . . . . . . . . . . . . . . Network Drive Mappings and Mount Points Configuration Summary . . . . . . . . . . . . . Edit Configurations . . . . . . . . . . . . . . . . . Additional Files . . . . . . . . . . . . . . . . . Create PXE Boot Image Files (PXE) . . . . . . PXE Boot Image Creation Complete . . . . . PXE Server Tab . . . . . . . . . . . . . . . . . . . . . . DS Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . MAC Filter Tab . . . . . . . . . . . . . . . . . . . . . . . Define MAC Addresses . . . . . . . . . . . . . . Multicast Tab . . . . . . . . . . . . . . . . . . . . . . . . BIS Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . Data Logs Tab . . . . . . . . . . . . . . . . . . . . . . . Status Tab . . . . . . . . . . . . . . . . . . . . . . . . . . Remote PXE Installation . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

294 294 294 295 295 295 296 296 296 297 297 298 298 299 299 299 300 300 301 301 302 302 303 304 304 304 306 307 308 308 310 310 311 311

Altiris ImageExplorer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313


Using ImageExplorer . . . . . . . . . . . . . . . . . View Properties . . . . . . . . . . . . . . . . . . General Properties for an Image File General Properties for a Volume . . . General Properties for a Folder . . . . General Properties for Files . . . . . . . Description Properties for an Image . Disk Partition Properties . . . . . . . . . Open a File . . . . . . . . . . . . . . . . . . . . . Opening Split Image Files . . . . . . . . Find Missing Split Image Files . . . . . Add New Files . . . . . . . . . . . . . . . . . . . Convert an Image . . . . . . . . . . . . . . . . Create an Image Index . . . . . . . . . . . . . Extract a Folder . . . . . . . . . . . . . . . . . . Find Files . . . . . . . . . . . . . . . . . . . . . . Filter Results . . . . . . . . . . . . . . . . . Make Self-Extracting Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318 318 318 318 319 319 319 319 319 319 319 320 320 321 322 322 322 323

Altiris Deployment Solution 6.8 SP2

13

Not Enough Free Space . . . . . . . ImageX Sample Scripts . . . . . . . . . . Print Folder Contents . . . . . . . . . . . Print Preview . . . . . . . . . . . . . . Print a File . . . . . . . . . . . . . . . . . . Setting a Password on an Image File Settings . . . . . . . . . . . . . . . . . . . . Split Image . . . . . . . . . . . . . . . . . . Command Line Switches . . . . . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

324 324 324 325 325 326 326 327 328

Installing Deployment Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331


Deployment Server Components . . . . . . . . . . . . . . . . . . . . . Deployment Console . . . . . . . . . . . . . . . . . . . . . . . . . . . Deployment Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . Deployment Database . . . . . . . . . . . . . . . . . . . . . . . . . . Support for Multiple Database Instances . . . . . . . . . . Deployment Share . . . . . . . . . . . . . . . . . . . . . . . . . . . . Altiris PXE Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Deployment Web Console . . . . . . . . . . . . . . . . . . . . . . . Deployment Server System Requirements . . . . . . . . . . . . . . . Simple Install for Deployment Server . . . . . . . . . . . . . . . . . . Custom Install for Deployment Server . . . . . . . . . . . . . . . . . Thin Client Install for Deployment Server . . . . . . . . . . . . . . . Component Install for Deployment Server . . . . . . . . . . . . . . . Installing Deployment Solution Agents . . . . . . . . . . . . . . . . . Client Connectivity and Network Adapters . . . . . . . . . . . . Installing the Deployment Agent . . . . . . . . . . . . . . . . . . Remote Agent Installer . . . . . . . . . . . . . . . . . . . . . . . . . Enter administrator account information . . . . . . . . . . Specify install directory . . . . . . . . . . . . . . . . . . . . . . Automatically Add to a Group. . . . . . . . . . . . . . . . . . Select Computers on the Network. . . . . . . . . . . . . . . Download Microsoft Sysprep . . . . . . . . . . . . . . . . . . Change Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . Get Server Security Key . . . . . . . . . . . . . . . . . . . . . Installing Deployment Agent for Windows . . . . . . . . . . . . Automating the Installation of Deployment Agent. . . . . . . Editing the Sample.inp file . . . . . . . . . . . . . . . . . . . . Creating a Template File using Remote Agent Installer Using the Template File . . . . . . . . . . . . . . . . . . . . . . Installing Deployment Agent on Linux . . . . . . . . . . . . . . . Installing the Automation Agent . . . . . . . . . . . . . . . . . . Managing Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the License Utility . . . . . . . . . . . . . . . . . . . . . . . . Install a Regular License for Altiris Products. . . . . . . . HP client computers and licensing. . . . . . . . . . . . . . . Install Multiple Licenses. . . . . . . . . . . . . . . . . . . . . . Adding a License from the Deployment Console . . . . . . . . Rapid Deployment Pack Licensing. . . . . . . . . . . . . . . . . . Finding the Number of Licenses Used . . . . . . . . . . . . . . . Computers Not Using a Regular License . . . . . . . . . . . . . Detecting an Expired License . . . . . . . . . . . . . . . . . . . . . Expired Licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DS Installation Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331 332 332 333 334 334 334 335 336 337 340 343 343 344 345 346 346 347 347 347 347 348 348 348 349 349 349 349 350 350 352 352 353 354 355 355 356 356 357 357 357 358 358

Altiris Deployment Solution 6.8 SP2

14

Install Configuration . . . . . . . . . . . . . Installing Deployment Server. . . . . . . Deployment Server Install . . . . . . . . . Pre-boot Operating System (Simple) . Pre-boot Operating System (Custom) Deployment Database Install . . . . . . . Altiris PXE Server Install . . . . . . . . . . Client Connection to Server . . . . . . . . Deployment Web Console Information Sysprep. . . . . . . . . . . . . . . . . . . . . . Installing Components . . . . . . . . . . . Installation Information Summary . . . Add Components Summary . . . . . . . . Deployment Database Authentication . Add Components . . . . . . . . . . . . . . . Console Install . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

359 360 360 361 362 363 363 364 364 365 365 365 365 366 366 366

Part VII: Deployment Web Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367


Managing from the Deployment Web Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
Deployment Web Console Basics . . . . . . . . . . . . . . . . . . . . Computers pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jobs pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Details pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Deployment Web Console Options . . . . . . . . . . . . . . . . Basic Tasks from the Deployment Web Console . . . . . . . . . . Remote Computer Operations . . . . . . . . . . . . . . . . . . . Reject Client Computer Connections . . . . . . . . . . . . . . . Assigning and Scheduling Jobs . . . . . . . . . . . . . . . . . . Finding and Filtering Computers and Jobs . . . . . . . . . . . Scheduling Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Deployment Server Configuration . . . . . . . . . . . . . . . . . . . . Global . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Agent Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Production Agent Settings . . . . . . . . . . . . . . . . . . . Automation Agent Settings . . . . . . . . . . . . . . . . . . Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enabling Security . . . . . . . . . . . . . . . . . . . . . . . . . Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Setting Permissions . . . . . . . . . . . . . . . . . . . . . . . Logon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Automated Deployment Services (ADS) . . . . . . . . . . . . . . . Deployment from the Altiris Console . . . . . . . . . . . . . . . . . . Adding Deployment Servers. . . . . . . . . . . . . . . . . . . . . Task Password options . . . . . . . . . . . . . . . . . . . . . . . . Configuring the Deployment Server AClient . . . . . . . . . . Viewing Notification Server Clients without AClient . . Installing AClient to a Notification Server Client . . . . Creating Deployment Server AClient Packages . . . . . Configuring the Deployment Server Agent . . . . . . . . . . . Generating Deployment Reports from the Altiris Console. Altiris Console Collections . . . . . . . . . . . . . . . . . . . . . . Using Package Servers to Replicate Deployment Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369 370 371 371 372 372 372 372 373 373 373 373 374 375 375 375 379 380 381 382 383 385 385 386 387 387 387 388 388 388 389 389 390 390

Altiris Deployment Solution 6.8 SP2

15

Overview of Package Servers . . . . . . . . . . . . . . Setting Up a Central Deployment Server Library Setting Up Package Servers . . . . . . . . . . . . . . . Modify the DS Library Package . . . . . . . . . . Exporting and Importing Deployment Jobs . . . . Setting Polling Intervals in Deployment Solution . . . Setting the DS Agent Polling Interval . . . . . . . . Setting the Altiris Agent Configuration Request .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

390 391 392 392 393 396 396 397

Managing Computers from the Deployment Web Console . . . . . . . . . . . . . . . . . . . . . . 398


Managing Multiple Deployment Server Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399 Adding Deployment Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399 Changing Task User Password options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400 Scheduling Jobs from Other Deployment Server Systems . . . . . . . . . . . . . . . . . . . . . . . . . . 400 Viewing Computer Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402 Adding New Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403 Creating a New Computer Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404 Importing New Computers from a Text File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405 Computer Configuration Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406 Networking Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406 TCP/IP Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408 NetWare Client Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409 Operating System Licensing Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410 User Account Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410 Deployment Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410 Managing Agent Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411 Computer Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412 Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413 Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413 TCP/IP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413 Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413 Bay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413 Server Deployment Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413 Lights-Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415 Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415 Remote Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415 Find a Computer in the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417 Creating a Computer Group Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417

Scheduling Jobs from the Deployment Web Console . . . . . . . . . . . . . . . . . . . . . . . . . . 419


Viewing Job Details. . . Building New Jobs . . . Job Scheduling Wizard Select Computers . Select a Job . . . . . Schedule Job . . . . Scheduling Jobs . . . . . Deployment Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419 420 422 422 422 422 422 423

Altiris Deployment Solution 6.8 SP2

16

Creating a Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424 Advanced Sysprep Settings for Creating a Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . 425 Create Disk Image Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425 Distributing Disk Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426 Advanced Sysprep Settings for Distributing a Disk Image . . . . . . . . . . . . . . . . . . . . . . . 427 Distribute Disk ImageResizing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427 Distribute Disk ImageAdditional Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428 Imaging Computers from USB Disk on Key (DOK) Devices (JumpDrives). . . . . . . . . . . . . 428 Distributing Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429 Distribute Software-Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431 Capturing Personality Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432 Capture Personality-Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432 Distributing Personality Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433 Distribute Personality Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434 Modifying Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434 Backing up and Restoring Registry Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434 Get Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435 Run Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435 Advanced Run Script Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436 Copy File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437 Copy File Advanced. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438 Power Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438 Copy Jobs and Job Folders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439 Importing and Exporting Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439 Setting Up Return Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440 Initial Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442 Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443 Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444

Part VIII: Technical Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445


Appendix A: Command-Line Switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
Job Utilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Job Export Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . Job Import Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . Create Job Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . Schedule Job Utility . . . . . . . . . . . . . . . . . . . . . . . . . . Import Computer Utility . . . . . . . . . . . . . . . . . . . . . . . axengine.exe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Deployment Agent for Windows . . . . . . . . . . . . . . . . . . . . . Aclient.exe Command-line Switches . . . . . . . . . . . . . . . Aclient.inp Parameters . . . . . . . . . . . . . . . . . . . . . . . . ADLAgent.config Parameters . . . . . . . . . . . . . . . . . . . . . . . AClient.config Parameters . . . . . . . . . . . . . . . . . . . . . . . . . Deployment Agent for DOS Command-line Switches . . . . . . . Bootwork.exe. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Deployment Agent for DOS Install (Bwinst.exe) Switches Keyboard and Screen Lock Utility (Kbdsclk) Switches . . . Deployment Server Install Switches . . . . . . . . . . . . . . . . . . Silent Install Options. . . . . . . . . . . . . . . . . . . . . . . . . . Simple Install Entries . . . . . . . . . . . . . . . . . . . . . . Custom Install Entries . . . . . . . . . . . . . . . . . . . . . . Add Component Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446 446 447 448 450 451 451 452 452 453 456 460 471 472 474 476 478 479 480 482 484

Altiris Deployment Solution 6.8 SP2

17

Client BIOS Settings for Wake-On LAN and PXE . Command-line Switches for the Pocket PC Agent Command-line Install Switches for Linux . . . . . . Command-line Install Switches for WinPE . . . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

485 486 486 487

Chapter 26: RapiDeploy Technical Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489


RapiDeploy Executable Files. . . . . . . . . . . . . . . . . . . . . . . . . Running RapiDeploy from the Command-line . . . . . . . . . . . . . RapiDeploy Command-line Switches . . . . . . . . . . . . . . . . Using Command-line Switches with Executable Images. . . Using File System Independent Resource Management (FIRM). How FIRM Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Running FIRM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FIRM Command-Line Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489 489 490 502 502 503 503 504

Appendix B: Tokens: Dynamic Database Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509


System Tokens. . . . . . . . . . . . . . . . . . Finding the Right Token Value . . . . . . . Creating Unique Files Using Tokens. . . . Tokens . . . . . . . . . . . . . . . . . . . . Token Replacement Template Files . Template File Rules. . . . . . . . . The Token Replacement Process . . . . . . Custom Tokens. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509 511 512 512 512 513 513 514

Appendix C: Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516


General Error Messages . . . . . Client Error Messages . . . . . . . Communication Error Messages Critical Error Messages . . . Memory Error Messages . . . . . Partition Error Messages . . . . . Installer Return Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517 519 520 520 522 523 524

Appendix D: System Jobs for Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . 529


Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . Create Disk Image . . . . . . . . . . . . . . . . Distribute Disk Image . . . . . . . . . . . . . . Simple Tests . . . . . . . . . . . . . . . . . . . . . . . DIR Command at DOS . . . . . . . . . . . . . DIR Command at Windows . . . . . . . . . . Distribute RapidInstall Package . . . . . . . Migrations . . . . . . . . . . . . . . . . . . . . . . . . . Capture User Application Settings. . . . . . Capture User Desktop Settings. . . . . . . . Capture User Microsoft Office Settings . . Capture User Printer Settings. . . . . . . . . Misc Jobs. . . . . . . . . . . . . . . . . . . . . . . . . . Install Office XP from Mapped Drive . . . . Install Office XP from UNC Source . . . . . SQL 2000 Unattended Install . . . . . . . . . SQL 2000 Unattended Install Using a RIP Copy WLogevent to Client . . . . . . . . . . . Install MSI 2.0 Runtime. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530 530 530 530 530 530 531 531 531 531 532 532 532 533 533 534 534 535 535

Altiris Deployment Solution 6.8 SP2

18

Repair Office XP . . . . . . . . . . . . . . . . . . . . . . . Restart Computer . . . . . . . . . . . . . . . . . . . . . . Shutdown Computer . . . . . . . . . . . . . . . . . . . . Start SQL Server Service. . . . . . . . . . . . . . . . . Stop SQL Server Service . . . . . . . . . . . . . . . . . Uninstall Office XP . . . . . . . . . . . . . . . . . . . . . Wake up Computer . . . . . . . . . . . . . . . . . . . . . Pocket PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distribute Software. . . . . . . . . . . . . . . . . . . . . Install Altiris Pocket PC Agent . . . . . . . . . . . . . Scripted OS Installs . . . . . . . . . . . . . . . . . . . . . . . Create W2K Install Disk Image (Target HD). . . . W2K Scripted Install (Target HD) . . . . . . . . . . . Create RH7 Install Disk Image (Network) . . . . . Create RH7 Install Disk Image (Target HD) . . . . RH7 Scripted Install (Network). . . . . . . . . . . . . RH7 Scripted Install (Target HD) . . . . . . . . . . . Create RH8 Install Disk Image (Network) . . . . . RH8 Scripted Install (Network). . . . . . . . . . . . . Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Send Email if Disk Space Low (Linux) . . . . . . . . Logevent Script (Linux) . . . . . . . . . . . . . . . . . . Restart HTTPD Service (Linux) . . . . . . . . . . . . . Move Computer to Default Container (Windows) Move Computer to Specific OU (Windows) . . . . . Send Error Email (Windows) . . . . . . . . . . . . . . Server-side Embedded VBScript (Windows) . . . . WLogevent CMD Script (Windows) . . . . . . . . . . WLogevent VB Script (Windows) . . . . . . . . . . . XP Embedded . . . . . . . . . . . . . . . . . . . . . . . . . . . Disable Enhanced Write Filter. . . . . . . . . . . . . . Enable Enhanced Write Filter . . . . . . . . . . . . . . Distribute RapidInstall Package . . . . . . . . . . . . Agent Update. . . . . . . . . . . . . . . . . . . . . . . . . . . . SVS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

535 535 535 536 536 536 536 536 537 537 537 537 539 540 541 541 542 543 543 544 545 545 545 545 546 546 546 546 547 547 547 547 547 548 548

Appendix E: Network Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549


PXE MTFTP . . . . . . . . . . . . . . . . . . . . . PXE Manager and PXECfg Service . . . . . . Deployment Web Console (Web Console) DB Management (Middle Man) . . . . . . . . Deployment Server. . . . . . . . . . . . . . . . Deployment Console (Win32 Console). . . Deployment Agent on Windows (AClient) Deployment Agent on Linux . . . . . . . . . . Client/Server File Transfer Port . . . . . . . RapiDeploy Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550 550 551 552 552 553 553 554 554 555

Appendix F: Deployment Agent Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556 Appendix G: Windows Registry Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559
Key in the Security Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563

Altiris Deployment Solution 6.8 SP2

19

Appendix H: Pocket PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 564 Appendix I: Managing Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 568


LAN Switch Support List . . . . . . . . . . . . . . . . . . . . Using Deployment Solution Switch Add-On . . . . . . . Adding a Switch Device . . . . . . . . . . . . . . . . . . Discovering a Device. . . . . . . . . . . . . . . . . . . . Deleting a Device . . . . . . . . . . . . . . . . . . . . . . Viewing and Setting Device Properties . . . . . . . Setting the VLAN for a Switch Port . . . . . . . . . . Assigning Connectivity to a Switch Port . . . . . . . Command-line Parameters . . . . . . . . . . . . . . . GUI Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . Deployment Solution Switch Add-On (Command Line Command-line Examples . . . . . . . . . . . . . . . . . ....... ....... ....... ....... ....... ....... ....... ....... ....... ....... Options) ....... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569 569 570 571 571 571 571 572 573 573 574 575

Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576

Altiris Deployment Solution 6.8 SP2

20

Chapter 1

About Altiris Deployment Solution


Altiris Deployment Solution software provides a suite of tools to quickly install operating systems and software. Deployment Solution leverages a number of Altiris technologies to provide extensive management capabilities:

Altiris Technology
RapiDeploy Imaging Scripted OS Installation and Sysprep Integration PC Transplant Personality Migration Software Virtualization and Software Distribution Wise Package Studio and Wise SetupCapture Script deployment engine

Description
Capture and deploy computer images using PXE, DVDs, CDs, or USB drives. Perform automated scripted operating system installations using sysprep. Migrate user data and application settings to new hardware and operating systems. Deploy, activate, and manage SVS layers, and install other software packages. Build and capture custom installation packages using the latest Windows Installer technology. Remotely execute Visual basic and Linux shell scripts.

In addition, the following technologies are integrated with the features of Altiris Deployment Server software to provide comprehensive deployment and migration:

Deployment Server Feature


Task-sequencer

Description
Management tasks provided by Deployment Server can be grouped and executed in order, enabling you to perform complex management operations in a single job. Computers can be organized into multiple groups to simplify job deployment. Drag and drop a computer group onto a job and the job runs on all computers in the group. Scripts, Sysprep configuration files, and other values can use tokens to retrieve database values at run time. Quickly install the Deployment Agent on large numbers of Windows computers using the Remote Agent Installer. Managed computers are inventoried for software and hardware, and conditions and filters can be created based on this inventory. Example: a distribute software task could check the operating system and distribute the correct software version.

Computer groups

Dynamic insertion of database values (tokens) Computer discovery

Inventory

Altiris Deployment Solution 6.8 SP2

21

Deployment Server Feature


Extensive supported platforms

Description
Support for 32- and 64-bit architecture, servers, blades, thin clients, and Itanium, running Windows and Linux operating systems. Managed computers can be started or shutdown remotely.

Power control, Wake on LAN

Deployment Solution Architecture


Before installation, you should become familiar with the different components of a Deployment System and how these components interact. The following diagram provides an overview of the Deployment System components:

Depending on the needs of your environment, multiple Deployment System components can be installed on the same computer. A single dedicated server could host your Deployment Server, Share, Database, Management Consoles, and PXE Server.

Deployment Server
The Deployment Server is the central component of a Deployment System and manages the Deployment Database, the communication between the different components, and schedules jobs to run on managed computers.

Altiris Deployment Solution 6.8 SP2

22

Deployment Database
The Deployment Database provides the back-end datastore and stores details about the computers, groups, and jobs in your Deployment System. Most of the time, you do not need to interact directly with the database.

Deployment Share
The Deployment Share stores all files, such as installation programs, disk images, and SVS layers you want accessible to managed computers. This share can reside on your Deployment Server or on another computer, and is often replicated to different locations to provide better access, especially in distributed networks or when sharing large files.

Management Consoles
Deployment Solution provides three management consoles: Deployment Console: A Windows application that provides complete access to the Deployment System administration. Deployment Web Console: A Web application that provides browser-based administration. This console can be executed remotely using any Web browser, and has built-in tools to manage multiple Deployment Servers.

Altiris Deployment Solution 6.8 SP2

23

Deployment Tab in the Altiris Console: This interface is integrated into the Altiris Console to provide integrated management with other Altiris Solutions. Its features are the same as the Deployment Web Console.

Automation Tools
Automation is the preboot environment loaded by Deployment Server to perform tasks which need to happen outside of the normal operating system. If you have ever used a disk imaging utility, or booted a computer using an installation CD, you are probably familiar with running computers in a similar environment. Deployment Solution provides several tools to boot computers to this environment and supports several automation operating systems.

Deployment Agent
This agent runs on managed computers to report inventory, run software and scripts, perform power control, and boot the computer into automation. A Remote Agent Installer is provided to quickly install the agent on multiple Windows computers. Linux computers can install the agent using startup scripts and other automated processes.

Altiris Deployment Solution 6.8 SP2

24

Part I Planning and Installing Your Deployment System


Deployment Solution is designed to meet deployment, management, and migration needs for small, medium and large organizations with diverse topologies and varying computer management requirements. This section provides steps for installing Deployment Solution components, but also includes system architecture details and discusses planning strategies to install and optimize your Deployment Solution system. The installation process is divided into the following sections: Preparing To Install (page 26) Installing (page 29) Post-Installation Configuration (page 31) Deployment Agent Installation (page 36)

Altiris Deployment Solution 6.8 SP2

25

Chapter 2

Preparing To Install
This sections lists the tasks you need to complete before you install Deployment Solution. Step 1: Log on to Your Deployment Server Computer as an Administrator (page 26) Step 2: Create a Services Account (page 27) Step 3: Gather Automation Operating System Install Files (page 28) Step 4: Obtain a License File (page 28) Step 5: Install .NET and MDAC (page 28) Step 6: Start Microsofts Internet Information Server (IIS) (page 28)

Step 1: Log on to Your Deployment Server Computer as an Administrator


The account you use to install Deployment Solution must be a Windows Administrator and must possess System Administrator rights on the SQL server that will host your Deployment Database to install the Deployment Database. These database rights can be granted temporarily and revoked after the installation completes. If you want to use a different account to create the database, you must select a custom install and provide SQL credentials instead of Windows NT authentication. Important In SQL Server 2005 TCP/IP is disabled by default. This must be enabled before you install Deployment Solution.

To grant database rights


1. 2. Open Enterprise Manager and connect to your SQL Server. Browse to Security > Logins:

Altiris Deployment Solution 6.8 SP2

26

3. 4.

Select the Administrator account you are using to install Deployment Solution. If it does not exist, add it. Click the Server Roles tab, and enable System Administrators:

5.

Click OK and verify that the role was added.

MSDE Database Engine


Optionally, in smaller installations, you can use the MSDE database engine instead of SQL Server. This is typically not recommended due to the lack of database management tools. MSDE must be installed on the same computer as the Deployment Server component. If you decide to use MSDE, it can be installed by selecting the Simple Install Helper option in the installation program. We recommend using the Simple Install Helper to install MSDE as this version is usable by Deployment Solution immediately after installation and requires no additional configuration on your part.

Step 2: Create a Services Account


Create an account to run the services and connect to the database. This account is used only by Deployment Server, and is not tied to a user. For security reasons, we dont recommend using an existing administrator account which might possess rights beyond those needed by Deployment Server. The account should not be part of a group and should not posses interactive login privileges. If your Deployment Database, Server, and Share are installed on the same computer, create a local account on that computer. If your Deployment Database or Share will be on a different computer than your Deployment Server, create a domain-level account, or create local accounts with the same credentials on each computer hosting a Deployment Solution component. Example: If your SQL Server is on another computer and you are not using a domain-level account, create a local account with the same credentials on your SQL Server computer. The same situation applies if your Deployment Share is hosted on another computer.

Altiris Deployment Solution 6.8 SP2

27

To create a services account


1. 2. On each computer where you host a Deployment System component, click Start > Administrative Tools > Computer Management. Browse to Local Users and Groups, and add a new user:

The process for creating domain-level accounts is similar. This is the only account that needs to be created before you install.

Step 3: Gather Automation Operating System Install Files


If you are ready to install an automation operating system, this can be done during the installation. If you are new to Deployment Solution and are not familiar with automation, we recommend skipping this step and installing automation operating systems later. Place your automation install files (BDC*.frm) in the same folder as the Deployment Solution installation program (by default, this is c:\DSSetup). During install, these files are detected automatically.

Step 4: Obtain a License File


For evaluation, you can use the integrated 7-day license, or you can use the 30-day 10node trial license that is sent automatically when the software is downloaded. If you have purchased a license, you need to have the .lic license file available during installation.

Step 5: Install .NET and MDAC


Your Deployment Server computer requires .NET 1.1 and MDAC 2.7 SP1 or later. This software is available on the Microsoft download site.

Step 6: Start Microsofts Internet Information Server (IIS)


If IIS is running during the Deployment Solution installation, the Deployment Web Console is installed automatically.

Altiris Deployment Solution 6.8 SP2

28

Chapter 3

Installing
Simple or Custom Install?
If you plan to install your Deployment Server, Database, and Share on the C drive of the same computer, select the Simple install. Otherwise, select Custom.

Simple Install
Installs to the C drive. Installs each of the Deployment System components (with the exception of the Deployment Agent) on the computer where the install was launched. Lets you install a single automation operating system (more can be added later). The Simple Install Helper installs the MSDE database engine if no database is detected.

Custom Install
Installs to a drive other than C. Lets you select a computer other than the computer the install was launched from to install each Deployment System component. If you select to do this, certain values regarding the installation are stored in the local Windows registry. This simplifies adding components or installing add-ons such as the Altiris packaged WinPE. Lets you select a custom name and instance for the Deployment Database. Lets you select a different computer to host the Deployment Share. If you plan on doing this, you must create the share and grant the account you created in Step 2: Create a Services Account (page 27) full control before installation. Lets you install multiple automation operating systems (more can be added later).

Running the Setup Program


After you have completed the steps outlined in the previous section, launch setup.exe. Use the administrator account you configured in the previous section to perform the installation, and provide the services account you created when prompted. If you need clarification during any of the installation steps, click Help. After Deployment Solution is installed, you have the option of enabling Sysprep support and remotely installing the Deployment Agent.

Enable Microsoft Sysprep Support


If you plan on using Sysprep to deploy standard images and scripted operating system installs, provide the location of the deploy.cab file for the operating systems for which you want to enable Sysprep. These are located on your Windows installation CDs.

Altiris Deployment Solution 6.8 SP2

29

This can be installed later by running setup.exe and selecting Component Install.

Enable Microsoft Windows Vista Sysprep Support


Microsoft Windows Vista Sysprep lets Sysprep run on a Vista Client after an Imaging event. Vista Sysprep lets Administrators prepare generic images for deploying images to different types of systems within an environment to eliminate the support for multiple images. After building the basic image, the Administrator can run Microsoft Sysprep on a computer to delete unnecessary information and prepare the system for imaging and distribution to other systems.

Remotely Install Deployment Agent


After the installation completes, you have the option of remotely installing the Deployment Agent. Unless you are familiar with Deployment Solution and the Remote Agent Installer, we recommend you do not install the agent at this time. A full discussion of Deployment Agent rollout is contained in Deployment Agent Installation (page 36).

Altiris Deployment Solution 6.8 SP2

30

Chapter 4

Post-Installation Configuration
This section contains the tasks you should perform after installation to complete the set up of your Deployment System: Step 1: Grant Full Control of the Deployment Share to Your Service Account (page 31) Step 2: Create Domain Join and Deployment Share Accounts (page 31) Step 3: Grant Services Account the db_owner Role to Your Deployment Database (page 32) Step 4: Configure Your Deployment System (page 33) Step 5: Configure Security Settings (page 35) Step 6: Install the Deployment Agent (page 35) Step 7: Configure Automation (page 35) Step 8: (Optional) Configure PXE Server (page 35)

Step 1: Grant Full Control of the Deployment Share to Your Service Account
If your Deployment Share was created during the installation, grant the services account full control of this share. By default, this folder is C:\Program Files\Altiris\eXpress\Deployment Server.

Step 2: Create Domain Join and Deployment Share Accounts


After installation, we recommend creating some additional accounts. These accounts are different than the accounts used by the people who are going to manage computers. These accounts are not tied to users, and should not possess interactive login or any rights beyond what is recommended here. The domain join account is used to join or re-join computers to a domain after imaging or initial deployment. The Deployment Share read/write account is used to access this share from the automation environment.

Domain Join Accounts


Create a separate domain-level account for each domain in which you manage computers, granting the rights recommended in the following table:

Rights
Domain

Description
Grant privileges to add computer to domain.

Altiris Deployment Solution 6.8 SP2

31

Deployment Share Read/Write Account


Create this account on the computer hosting your Deployment Share, granting the rights in the following table:

Rights
File System

Description
Grant read/write privileges to your Deployment Share.

Step 3: Grant Services Account the db_owner Role to Your Deployment Database
1. 2. Open Enterprise Manager and connect to your SQL Server. Browse to Security > Logins:

3. 4.

Double-click the account you are using to run the Deployment services. If the login is not listed, add it. Click the Database Access tab, select the eXpress database, and enable the db_owner role:

Altiris Deployment Solution 6.8 SP2

32

5.

Click OK and verify that the change was successful.

Step 4: Configure Your Deployment System


The majority of tasks you perform in your Deployment System use the Deployment Console.

To open the Deployment Console


1. Click Start > Programs > Altiris > Deployment Solution > Console.

Add Your Domain Join Accounts


If you are using accounts to join computers to a domain you need to provide the account credentials.

To add domain join accounts


1. 2. In the Deployment Console, click Tools > Options > Domain Accounts. Provide the accounts you created in Step 2: Create Domain Join and Deployment Share Accounts (page 31).

Enable Security and Add Administrators


By default, the Deployment Console can be used on your Deployment Server by any user who possesses rights to log in and run applications. This works well in situations where you already have policies in place to control server access, and you have a group of administrators who will have full access to deployment functionality. If you want to provide more granular access to configuration options, jobs, and computers, you can enable security.

To enable security
You must add at least one user or group to enable security.

Altiris Deployment Solution 6.8 SP2

33

1. 2.

In the Deployment Console, click Tools > Security. Add a new user or group. We recommend clicking AD Import and importing Active Directory groups, as this simplifies rights management. The first user or group added is granted administrator rights. Each additional user or group after the first are granted no rights and must be assigned rights explicitly.

Security is automatically enabled after a user or group is added. Additional users or groups can be added using this same method.

Grant Console Rights to Administrators


1. 2. 3. In the Deployment Console, click Tools > Security. Select a user or Group and click Rights. Enable the rights you want granted. For a more complete discussion, see See Securing Deployment Solution 6.8 on the Altiris Knowledgebase.

Grant Database Rights to Administrators


Each Administrator with console access must be granted public rights to your Deployment Database. The best way to do this is by assigning public access to the Active Directory groups containing your Deployment administrators. This prevents you from manually granting this access to individual administrators as they are added or removed from Deployment management responsibilities. 1. 2. 3. 4. Open Enterprise Manager and connect to your SQL Server. Browse to Security > Logins. Add a login for each user or group that will manage computers using Deployment Solution. For each user or group, on the Database Access tab, grant the public role for the eXpress database:

Altiris Deployment Solution 6.8 SP2

34

Configure Deployment Server


The Deployment Server Configuration Utility lets you configure advanced settings for the Deployment Server component. You can stop, start, or restart the Deployment Server services, update the services account, and configure additional options. You do not need to perform any configuration at this time, though you should become aware of the configuration options provided.

To Open the Deployment Server Configuration Utility:


1. Click Start > Programs > Altiris > Deployment Solution > Configuration.

Step 5: Configure Security Settings


See Securing Deployment Solution 6.8 on the Altiris Knowledgebase for an in-depth discussion of Deployment Solution security.

Step 6: Install the Deployment Agent


The Deployment Agent needs to be installed on all computers you want to manage using Deployment Solution. See Deployment Agent Installation (page 36).

Step 7: Configure Automation


If you plan on imaging computers or deploying computers using scripted installs you need to configure your automation environment. See Deployment Solution 6.8 Preboot Automation Environment on the Altiris Knowledgebase for an in-depth discussion of automation.

Step 8: (Optional) Configure PXE Server


Preboot Execution Environment (PXE) is an open industry standard that enables computers to boot remotely using a network card.

Altiris Deployment Solution 6.8 SP2

35

Chapter 5

Deployment Agent Installation


The Deployment Agent runs on managed computers to perform local management tasks as directed by Deployment Server. Some of these tasks include: Software installations SVS layer management Script execution Remote control Inventory and configuration If you plan on doing more than computer imaging or scripted installations, you should install the Deployment Agent on managed computers. Without installing the Deployment Agent, you can still boot computers to automation using PXE, embedded partitions, or boot media to perform some tasks. The agent simplifies these tasks by automatically restarting the computer and controlling when to boot the embedded partition, but it is not required.

About the Deployment Agent


The Deployment Agent can be installed in the production environment of all the computers you want to manage. Additionally, the Deployment Agent is automatically included in each of the automation boot configurations you create using PXE, automation partitions, or boot media. There are three versions of the Deployment Agent: DAgent - Windows Vista AClient - Windows XP and previous ADLAgent - Linux, UNIX, Solaris, Mac References in this document to the Deployment Agent refer to all versions; references to DAgent, AClient, or ADLAgent refer to the specific executable.

Installing the Agent


There are two standard methods to install the Deployment Agent on multiple computers: Using the Remote Agent Installer (Windows XP) (page 37) Using a Script, E-Mail Link, or Manual Installation (All Platforms) (page 37) For Additional details on the Vista, Linux and Mac agent see Operating System and Platform Reference (page 249).

Altiris Deployment Solution 6.8 SP2

36

Using the Remote Agent Installer (Windows XP)


Advantage: Browse your network to quickly select computers, monitor installation status in real time, and retry failed installations. Disadvantage: Requires Local User rights on each computer. Does not work with simple file sharing in Windows XP. Does not work on Vista.

Step 1: Disable Simple File Sharing on Windows XP


1. 2. In Windows Explorer, click Tools > Folder Options > View tab. Clear the Use simple file sharing check box in the Advanced settings section.

Step 2: Allow File and Printer Sharing in Windows XP SP2 Firewall


1. 2. Open the Security Center from the Windows Control Panel. Manage the security settings for the Windows firewall to add an exception for File and Printer Sharing.

Step 3: Get Local User Rights (admin$ Share)


To initially install the agent on managed computers, you need an account with Local User rights. You need access to this account only when performing the one-time agent installation, so either use your domain administrator, a domain account with local user rights, or any other account with local rights. After the agent is deployed, you no longer need access to this account. To determine whether you have sufficient rights, browse to:

\\hostname\admin$
Replacing hostname with the name of the computer where you want to install the Deployment Agent. If you can access this share you have sufficient rights.

Step 4: Run the Remote Agent Installer


In the Deployment Console, click Tools > Remote Agent Installer. If you need clarification during any of the installation steps, click Help.

Using a Script, E-Mail Link, or Manual Installation (All Platforms)


Advantages: You do not need Local User rights to install if you have individual loggedin users initiate the install, works for Linux and Unix computers. Disadvantages: Not as automated as the Remote Agent Installer, troubleshooting will likely require direct intervention. The remaining installation methods are grouped together because they perform the same functions: Execute the agent installation while providing a configuration file for a silent install.

Altiris Deployment Solution 6.8 SP2

37

Step 1: Provide Users Access to the Agent Installation Program


The agent installation programs are stored in the Agents folder on your Deployment Share. Copy this file to a location that your users can have access. For security purposes, we do not recommend granting any users direct rights to your Deployment Share, especially if you are storing software or computer images on this share. Tip If you are managing 32- and 64-bit computers, you can install the 32-bit agent on both hardware types. After connecting, the 32-bit computers automatically update to the 64bit version.

Step 2: Create the Input File for a Silent Install


To configure new computers using a silent install, you can specify an input file containing configuration settings. Windows computers installing AClient use aclient.inp file. Linux and UNIX computers installing ADLAgent use adlagent.conf. Details on the options are contained within each file and are also described in the Deployment Solution Reference Guide. When modifying adlagent.conf, ensure you use a text editor that properly handles UNIXformat line endings. Configure each file and place a copy with the agent installation program. Optionally, for Windows computers, you can use the Force Deployment Agent Settings on New Computers feature to reduce the amount of configuration you need to perform in the input file. When this is enabled, the agent receives global settings you have specified when it connects for the first time.

To force agent settings on new computers:


1. 2. 3. In the Deployment Console, click Tools > Options. Click the Agent Settings tab and select the Force new agents to take the default settings check box. Click Change Default Settings to define default settings.

Step 3: Run the Installation Program


On each computer, you need to run a command similar to the following:

\\myshare\AClient.exe aclient.inp -install


or

./adlagent
To run this, you could: Have users copy and paste it into the Windows Run dialog, or send the link in an email message. Place it in a startup script. Execute it remotely using Telnet or SSH.

Altiris Deployment Solution 6.8 SP2

38

Agent Auto Update


The Deployment Agent has the ability to update itself to a newer version automatically, and is set to update computers in batches to prevent network overload. This greatly reduces the effort required when upgrading. See the release notes on the Altiris Knowledgebase for specific information on Agent upgrades.

Troubleshooting
See the following article on the Altiris KnowledgeBase: 18248 Remote Agent Installer Fails for AClient

Additional articles can be found by searching the Altiris KnowledgeBase.

Altiris Deployment Solution 6.8 SP2

39

Part II Booting Computers to Automation


Deployment Solution has the ability to perform work on computers before the normal operating system loads. To do this, a managed computer is booted into an environment where it can communicate with your Deployment Server to perform tasks. This preboot environment is called automation. In order to perform image capture and deployment, scripted installs, or execute certain scripts, you must implement a way to boot computers into this environment. This section provides the information you need to configure a boot method, including PXE, and select an operating environment for automation tasks.

Altiris Deployment Solution 6.8 SP2

40

Chapter 6

What is Automation?
Deployment Solution uses two modes to manage computers: Automation Automation is to the pre-boot environment loaded by Deployment Server to perform tasks which need to take place outside the normal operating system. If you have ever used a disk imaging utility, or booted a computer using an installation CD, you are probably familiar with running computers in a similar environment. Production The normal operating system of the computer. Production tasks include software installation and personality capture.

Several of the tasks you perform to manage your network can be completed in the production environment. However, other tasks, primarily imaging, must be performed before the operating system boots. In Deployment Solution, this pre-boot environment is called the automation environment, or booting into automation mode. The following table contains a list of Deployment Solution tasks and the environment in which they execute:

Production Tasks
Distribute Software Capture Personality Distribute Personality Get Inventory SVS Copy File to Modify Configuration Power Control Run script

Automation Tasks
Create Disk Image Distribute Disk Image Scripted OS Install Run script

In order to manage computers in automation, you must select a method to boot computers to automation and decide which operating to use in the automation environment. Deployment Solution provides support for a broad range of boot methods and automation operating systems; this section helps you decide which works best for your environment. In order to set up automation, you must make the following decisions: Which Automation Boot Method Should I Use? (page 43)

Altiris Deployment Solution 6.8 SP2

41

Which Automation Operating System Should I Use? (page 46)

Altiris Deployment Solution 6.8 SP2

42

Chapter 7

Automation Boot Methods


Which Automation Boot Method Should I Use?
Deployment Solution supports a broad range of methods to boot computers into the automation pre-boot environment: PXE, automation partitions, or boot media (CD/DVD, USB device, or floppy). This section provides an overview of the available boot methods to help you select the method that works best for your environment, and contains the following: PXE (page 43) Automation Partitions (page 44) Boot Media (DVD/CD, USB Device, Floppy) (page 44)

PXE
Pre-boot Execution Environment (PXE) is an industry standard developed to boot computers using a network card. PXE can boot computers regardless of the disk configuration or operating system installed, and doesnt require any files or configuration settings on a client. After PXE boot is turned on in the BIOS, a computer can communicate with your DS PXE server to receive automation jobs. PXE provides a number of advantages, especially when you are using the initial deployment features of DS, which enables you to remotely deploy an image to a computer which has no software installed. Example: the receiving department of your company could have PXE enabled on their subnet. When a new computer arrives, a technician could quickly unpack and plug the computer into the network, and possibly enable PXE boot if it was not enabled by the manufacturer. When this unknown computer contacts the Deployment Server, it is assigned an initial deployment job, which could image the computer with the corporate standard image, install additional packages, and power off the computer. The computer is now ready for delivery with minimal effort. PXE also provides an advantage if you need to use multiple automation operating systems in your environment. Since the image containing the automation operating system is downloaded when a task is executed, different operating system environments can easily be assigned to different tasks. At the same time however, this can be a disadvantage if you are using an operating system with a large footprint, such as Windows PE, since the entire image must be downloaded each time you run an automation task. If you often run automation jobs, especially on several computers simultaneously, embedding the automation operating system on the disk is faster and significantly reduces network traffic. It is also possible to use PXE for initial deployment and install an automation partition as part of the deployment. In this case, you could use the initial deployment features of PXE for arriving computers and install an automation partition in case you need access to automation at a later time.

Altiris Deployment Solution 6.8 SP2

43

This configuration does not require PXE in your general network environment, but still provides access to the automation environment without physical access. When using the DOS automation environment, PXE provides an additional advantage: multicast boot. This enables your PXE server to simultaneously boot up to 100 computers in a single session to perform automation work. Although multicast imaging is supported in WinPE and Linux, multicast PXE booting is not provided in WinPE and is not supported in Linux. That means that after each computer has booted to automation, an imaging task can be multicast, but you cannot use multicast to boot these computers.

Automation Partitions
An automation partition is a sector of your hard disk drive partitioned and managed by DS. This partition contains the automation operating system and the files needed to contact your Deployment Server, and must be present on each managed computer. The biggest advantage to an embedded partition is that it does not require PXE, yet it still enables you to boot into automation remotely. The biggest disadvantages to embedded partitions are that they consume space on the drive, they require an existing partition on the drive, and they must be manually installed from a disk on Linux and Unix operating systems. Another drawback, depending on your configuration, might be the fact that only one automation operating system can be installed to a managed computer that is using an automation partition. If you have tools that are supported only in DOS, this might limit you to DOS for all automation tasks on a particular managed computer. Automation partitions have an additional advantage in some configurations. Optionally, you can create a different type of automation partition, called a hidden partition, to store an image (or other files) locally. This provides advantages in environments where computers need to be re-imaged often or in environments where there is limited bandwidth or network connectivity. Since the image is stored locally, the time needed to create and restore images is greatly reduced and network traffic is significantly reduced as well.

Boot Media (DVD/CD, USB Device, Floppy)


Generally, the biggest drawback to boot media is that it forces you to physically access the managed computer. However, if you are managing smaller numbers of computers or do not plan to access the automation environment often, it might be a good choice. Also, if you have employees with the ability and access to boot their own computers using disks you provide, this could also be a good solution. Boot media has some configuration limitations though. Deployment Solution is designed to manage computers remotely, even in the automation mode, and several tasks and jobs require access to both the production operating system and the automation environment. Example: An imaging operation first captures configuration details from the production operating system before booting to automation to capture the image. After imaging, this configuration is restored. Because of this, it is often difficult to schedule a job and coordinate booting the managed computer to the right environment at the right time. If you assign a job which

Altiris Deployment Solution 6.8 SP2

44

requires booting into automation mode, the boot disk must be present at the right time to boot automation. If a complex job requires access to the production environment during this time, the BIOS will most likely continue to boot to automation until the boot media is removed. If this job, or a subsequent job, requires automation access again, the boot media must be re-inserted. To avoid these issues, some customers load the automation operating system, the RapiDeploy imaging executable, and the image on bootable physical media. They boot a computer, execute the necessary commands, and provide the required image files. In this circumstance, the remote management capabilities of Deployment Server are not being used, so the process is more manual, but it does not require network access. This works especially well when managing thin clients or other computers where all necessary files can fit on a single disk or USB device.

Altiris Deployment Solution 6.8 SP2

45

Chapter 8

Automation Operating Systems Which Automation Operating System Should I Use?


After you have selected a method to boot computers into automation, you need to decide which operating system you want to use. In the past, MS DOS was the only supported option. Deployment Solution now supports Windows PE, Linux, MS DOS, and FreeDOS. This section provides an overview of the available automation operating systems so you can find an environment (or environments) that suit your needs. An important thing to note is that the automation environment you use is not constrained by the production operating system on the computer. All of the DS automation tools support these operating systems, so you can perform DS automation tasks in any operating system (Linux computers can be imaged from DOS, Windows computers can be imaged from Linux, and so on). You might even use two automation operating systems for different tasks within the same job. Example: you might use a vendor-supplied tool to perform a BIOS update in DOS, boot to Windows PE or Linux to perform an imaging task. When you set up your test environment, you might want to run automation jobs in multiple operating systems to see if one performs better in your environment. The following sections contain an overview of the automation operating systems: DOS (page 46) Windows PE (page 47) Linux (page 47) Although you can use these environments to perform a wide-variety of management using scripts and other tools, support for these environments is limited to the task performed by Deployment Solution.

DOS
DOS is still used often today as a pre-boot environment, though new technologies have emerged that might better suit your environment, such as Windows PE. The largest roadblocks most companies face when using DOS are access to drivers that support modern hardware, and security concerns. DOS still performs well for several tasks though, and can be a good choice if you have the proper driver support. DOS typically requires only around 1 MB of space. DOS provides an additional advantage in a PXE environment. When performing an automation task on multiple computers, the PXE server can use multicast to boot automation, which enables large numbers of managed computers to boot DOS simultaneously.

Altiris Deployment Solution 6.8 SP2

46

Windows PE
Windows PE (Windows Pre-boot Environment) is the next generation boot environment for Windows computers. Windows PE provides several advantages over DOS, including better driver support (Windows PE uses the same drivers used by the other modern versions of Windows), increased speed, and generally more functionality. Windows PE typically requires around 150 MB of space. The biggest drawbacks are its size, which causes increased boot time, especially when booting over the network using PXE, and its licensing requirements. Additionally, clients using Windows PE require at least 256 MB of RAM.

Linux
Linux provides an alternate pre-boot environment to DOS or Windows PE. Many vendors provide gigabit and wireless drivers for Linux that are not available in DOS. Linux typically requires around 10 MB of space. Linux can be a good choice if you do not want to license MS DOS or Windows PE, but you need updated driver support.

Altiris Deployment Solution 6.8 SP2

47

Chapter 9

Installing and Configuring Automation


This section explains: Configuring Automation Operating Systems (page 48) Configuring Automation Boot Methods (page 51) Deploying Automation to Managed Computers (page 52)

Configuring Automation Operating Systems


The following sections guide you through installing and configuring the automation operating systems supported by Deployment Solution.

Obtaining and Installing Windows PE, Linux, or DOS


Automation operating systems are installed using the Boot Disk Creator, which is available in the Deployment Console by clicking Tools > Boot Disk Creator. The following files are required to install the listed automation operating system: WindowsPE Windows PE 2005 installation CD. Currently, Windows PE is available to volume licensing customers through Microsoft. See http://www.microsoft.com/licensing/ programs/sa/support/winpe.mspx for information on obtaining Windows PE. Windows 2003 Server SP1 installation CD or Windows Server 2003 x64 installation CD. Linux The Linux 32 and 64-bit and FreeDOS preboot environments are available on the Deployment Solution for Clients or Servers download page at http:// www.altiris.com/Download.aspx. Click the Linux and FreeDOS Automation Environment link and save the file. Browse to the downloaded file when prompted during the installation, or when adding preboot operating systems using the Boot Disk Creator. MS DOS A Windows 98 installation CD (Windows 98 SE is preferred), and the proper licensing to use this on the intended computers. Files are copied from the win98 folder from this installation CD. The FreeDOS preboot environment is contained in the same file as the Linux preboot, see the Linux instructions for details. For additional information on FreeDOS visit www.freedos.org.

FreeDOS

Altiris Deployment Solution 6.8 SP2

48

To install
1. 2. 3. In Deployment Console, click Tools > Boot Disk Creator. In Boot Disk Creator, click Tools > Install Pre-Boot Operating Systems. Click Install and complete the wizard, providing the files listed in the previous table when prompted.

For complete details on this process see the Boot Disk Creator help.

Adding Additional Files


Occasionally, you might need to make additional files available within an automation environment, such as utilities or mass storage drivers. These files can be added to every automation configuration of a specific type, or to select configurations only. This is determined by the location you add the files in Boot Disk Creator:

Altiris Deployment Solution 6.8 SP2

49

The following example provides an overview of this process.

Adding Mass Storage Drivers for Windows PE


1. 2. 3. Select either the Windows PE Additional Files folder, or a specific Boot Disk Creator configuration. Right-click and select add > Folder. Using this add folder command, create the following path: i386\system32\diskdrivers Within the diskdrivers folder, create the necessary folders to contain your drivers. The folders you add should contain a txtsetup.oem file, and at least one *.sys file, and possibly additional files. You must also ensure that any sub-folders specified by txtsetup.oem are included, and that the [defaults] section references the proper device driver (some textsetup.oem files might support multiple devices and drivers, and the proper device must be specified in the [defaults] section).

The diskdrivers path is for adding mass storage drivers. If you are adding different driver types, you might need to modify this path.

Adding Large Files to a Linux Boot Configuration


Linux automation is typically loaded into RAM. Due to limitations on the amout of RAM available on most computers, there is a size constraint on the files that can be included. If you need to access larger files locally (such as a disk image), Boot Disk Creator provides a mechanism to mount a folder outside of the ramdisk, letting you access files that are too large to fit on the ramdisk. This is done by creating a folder named . in the root of your boot configuration. 1. 2. Right-click your configuration and select New > Folder. Name this folder . (do not include the quotes, just .).

Altiris Deployment Solution 6.8 SP2

50

Files placed in this folder are mounted in Linux automation at /mnt/atrsboot.

Example
You can place a disk image and the rdeployt executable in this folder, create a boot DVD, and restore the included image without network access, using a command similar to the following:

/mnt/atrsboot/rdeployt -md -f/mnt/atrsboot/[imagename].img

Configuring Automation Boot Methods


When pre-boot tasks need to be performed, DS sends a message to the client computer to restart in the automation environment. This includes a shutdown command issued from DS, and a modification to the MBR if using an automation partition. After the managed computer reboots, the automation environment is loaded from PXE, an automation partition, or from boot media. The deployment agent now contacts the Deployment Server. After a connection is established, the Deployment Server sends the client computer its assigned jobs and tasks. After the automation tasks run, a status message is sent to the Deployment Server indicating that all work is complete. The Deployment Server sends a message that the client computer should reboot back to the Production environment (the MBR is restored when using automation partitions). The following sections guide you through the process of setting up PXE, automation partitions, or media to boot your computers into the automation mode: Configuring PXE Configuring Automation Partitions Configuring Boot Media (DVD/CD, USB device, Floppy)

Configuring PXE
PXE is a server-based technology, and requires additional components on your DS server, and possibly other computers. Setting up and configuring PXE is covered in detail in a separate document, PXE in Deployment Solution.

Configuring Automation Partitions


DS provides two types of automation partitions: Embedded Partition A small embedded section installed on the production partition of a managed computer which contains the automation operating system. Depending on the operating system, the size varies from 5 to 200 MB (you can specify the size when the partition is created based on recommendations). A larger partition installed on the hard drive of a managed computer to contain not only the automation operating system, but to provide room to store images and other files. This partition is not normally viewable in the production operating system.

Hidden Partition

Altiris Deployment Solution 6.8 SP2

51

An embedded partition doesnt create an actual disk partition, it reserves space on an existing partition by marking the sectors on the disk as unusable. The target drive must have an existing partition before an embedded partition can be installed. A hidden partition creates an actual disk partition, but this partition is hidden from normal view within the production system, though it is still viewable by FDISK or by an administrator. The partition is listed as a non-DOS partition. When a computer using an automation partition is assigned jobs, the Master Boot Record (MBR) of the computer is modified to boot to this hidden partition. After the work is completed, the MBR is restored to the previous configuration. Hidden partitions are very useful for computers which are imaged often, such as those in a test lab or provided for general use (such as a hotel or a library). After the visiting person is done using this computer, you may want to quickly re-image to ensure that the next visitor finds the computer in good working order. In these circumstances, a hidden partition enables you to quickly restore an image without needing access to a high bandwidth network. Automation partitions can be installed using an installation package deployed from DS (windows only), or installed from a CD, USB device, or floppy. This is different than using boot media to access automation, because the automation partition media is used once per computer to install, later the partition is used to perform tasks. Using boot media to access automation doesnt leave any files on the computer, but the media must be used each time you want to access automation.

Configuring Boot Media (DVD/CD, USB device, Floppy)


Creating and using boot media is a straightforward process. Boot media boots a managed computer to automation without leaving any files on the computer, and can be installed to DVDs, CDs, USB devices, or floppy disks. Boot media is created directly from the Boot Disk Creator utility.

Deploying Automation to Managed Computers


Automation partitions and boot media configurations are created using the Boot Disk Creator utility. PXE configurations are created using the PXE configuration utility. This difference is due to the way in which the automation operating system is deployed to the managed computer. Automation partitions and boot media use install packages or boot disks, while PXE uses a configurable menu to provide boot options, with each option on the PXE menu linked to a specific automation configuration. This section contains guidelines to create PXE, automation partitions, or boot media configurations and deploy these configurations to managed computers.

Using Automation Partitions or Boot Media


1. 2. Install the automation operating systems you want to use, as explained in Obtaining and Installing Windows PE, Linux, or DOS. In Boot Disk Creator, Create a new configuration. The wizard is accessed by clicking File > New configuration.

Altiris Deployment Solution 6.8 SP2

52

This configuration contains the automation operating system files, network drivers, IP address of your server, and other settings which control how the managed computer communicates with your Deployment Server. This configuration does not specify how this automation configuration is installed. This is done using the Create Boot Disk wizard, which is launched automatically after you create a configuration. 3. The Create Boot Disk wizard provides three options: Creates an executable, or configures a CD, USB device, or floppy to install the automation environment. This process is executed once per device. After that, the computer uses the files from the automation partition. Select this if you are using automation partitions. For managed linux computers, you need to use a CD, USB device or floppy because no executable is provided for this platform. Create an automation boot disk Configures a CD, USB device, or floppy with the files necessary to boot a computer to automation mode. After booting, the computer executes any automation work previously scheduled, or waits for work to be assigned. Select this if you are using boot media to boot computers to automation. None of these files are installed, so the media must be used each time you need to access automation. Create a network boot disk Configures a CD, USB device, or floppy with the files necessary to boot to a prompt. This is useful if you have management task to perform that doesnt require interaction with DS, as your Deployment Server is not contacted in this scenario. None of these files are installed to the managed computer.

Create an automation partition install package

4.

After selecting how you want to install automation, complete the wizard. See the Boot Disk Creator help for additional details.

You can also uninstall an automation partition using an install package, or configure a CD, USB device, or floppy from Boot Disk Creator.

Using PXE
1. 2. Install the automation operating systems you want to use, as explained in Obtaining and Installing Windows PE, Linux, or DOS. In the PXE Configuration utility (Start > All Programs > Altiris > PXE Services > PXE Configuration Utility), create a new menu item to correspond to the automation configuration you want to install.

Altiris Deployment Solution 6.8 SP2

53

3.

Click Create Boot Image to launch the configuration wizard. This wizard is identical to the wizard used when creating configurations for automation Partitions or boot media. When this option is selected from the PXE menu, the necessary files are loaded, the job is performed, the computer boots to the production operating system. None of these files are saved on the managed computer, they are downloaded each time the computer boots to automation.

4.

Provide any additional configuration options and click Save.

Altiris Deployment Solution 6.8 SP2

54

Chapter 10

Setting Up the Altiris PXE Server


What is PXE?
Preboot Execution Environment (PXE) is an open industry standard which enables computers to boot remotely using a network card. PXE uses standard network protocols to establish a communication channel between a computer and an Altiris PXE server during the boot process. Using this channel, an Altiris PXE server sends an execution environment to the computer so that work can be performed in a pre-boot state. In Deployment Solution, this pre-boot state is called the automation environment, and DOS, Linux, and WinPE are currently supported as pre-boot operating systems. An overview of the automation boot methods and environments is contained in a separate document, Deployment Solution: Automation Preboot Environments. An advanced, tightly integrated PXE environment is provided with Deployment Solution. Deployment Solution leverages PXE to provide the following advantages: When a managed device needs to boot into automation, Deployment Solution restarts the computer and notifies the Altiris PXE Server. Altiris PXE Server now boots the computer into the automation environment indicated in the Deployment Solution job automatically. PXE can perform an initial deployment of a new system by checking to see if a computer exists in Deployment Solution. All PXE configuration is done using the PXE Configuration Utility from the Deployment Solution console, enabling you to remotely configure all PXE servers in your network.

Why Use PXE?


PXE is used in Deployment Solution to perform two tasks: Boot managed computers into the automation environment Perform initial deployment of new managed computers How you implement PXE is partially dependent on what you plan to do with it. Many organizations use PXE only on a subnet in a receiving department to deploy corporate images and initial configuration of new computers. After this computer is assigned to a user, PXE is not used in the normal production environment. This limits the extent of the PXE environment, but prevents you from accessing the automation environment to capture images and perform other automation-only tasks. Other companies which often use automation select PXE because it leaves no footprint on the managed computer, and has several other advantages such as image multicasting and tight Deployment Solution integration.

Altiris Deployment Solution 6.8 SP2

55

Regardless of how broadly you implement PXE, Deployment Solution provides tools and services to simplify management of PXE in your environment. This section contains the following topics providing an overview of PXE in Deployment Solution: PXE Services and Architecture How PXE Works

PXE Services and Architecture


PXE services use a tiered-architecture which enables you to provide global settings and boot options shared across all Altiris PXE Servers, override configuration and expand boot options on a local level. Boot options and PXE settings can be applied to a shared configuration. This shared configuration is inherited by all Altiris PXE Servers in your environment. Each Altiris PXE Server still has its own specific configuration, so you can override settings and add additional boot options as needed. New services have been provided to replicate settings and data automatically, making it unnecessary for you to individually configure each PXE server. The following table contains an overview of the PXE services:

Service
PXE Manager

Description
Provides all boot options and configuration settings for each Altiris PXE Server in your environment. Interfaces with the PXE Config Utility to replicate data and apply PXE configuration. Manages all communication between your Deployment Server and your Altiris PXE Servers. The PXE Manager Service is installed on your Deployment Server regardless whether or not you have also installed an Altiris PXE Server.

PXE Config Helper

Interfaces with PXE Manager to receive data and configuration. Configures, starts, and stops the additional PXE services on the Altiris PXE Server.

Altiris PXE Server

Provides the PXE listener and proxy DHCP to respond to PXE requests and send the location of bootstrap files. Sends bootstrap files to managed computers using TFTP.

MTFTP

The PXE Manager service interacts with Deployment Server, PXE Helper service, and the PXE config utility to perform centralized PXE management:

Altiris Deployment Solution 6.8 SP2

56

On each individual Altiris PXE Server, the Altiris PXE Server service and the MTFTP service are installed to perform the work of an Altiris PXE Server. These services are configured, started and stopped by the PXE Config Helper service. Clients connect directly to these services during the PXE boot process:

How PXE Works


Before a computer can boot over a network, it needs two things: an IP address to communicate, and the location of an Altiris PXE Server to contact for boot instructions. The following sections outline the PXE boot process: Part 1: DHCP Request and PXE Discovery Part 2: PXE Bootstrap

Altiris Deployment Solution 6.8 SP2

57

Part 1: DHCP Request and PXE Discovery


Request and Receive an IP Address
Initially, the boot agent directs the execution of normal DHCP operations by broadcasting a DHCPDISCOVER packet (255.255.255.255) to port 67 on its local physical subnet to discover a DHCP server. Any available DHCP servers respond with a broadcast DHCPOFFER packet indicating their server IP. When the client has chosen a target DHCP server, it broadcasts a DHCPREQUEST packet that includes its MAC address and the IP address of the selected DHCP server. The DHCPREQUEST also contains option 60 to identify the client as a PXE client.

PXE Option 60
DHCP lets clients to receive options from the DHCP server indicating various services that are available on the network. A number of standard and custom options are available that can convey a vast amount of information to DHCP clients. Option 60 deals specifically with PXE related services. Both PXE clients and servers use option 60 to convey specific information about the PXE services they need or are providing.

Contacting the Altiris PXE Server


All DHCP servers examine the DHCPREQUEST packet. If the request is intended for a different server, the IP address they offered is reclaimed. The DHCP server providing the accepted offer supplies a DHCPACK packet to the client to acknowledge the clients receipt of its IP. During this process, the Altiris PXE Server monitors the wire for DHCPREQUEST packets with an option 60 (PXE client). When a packet is recognized, the clients MAC address is used to find any pending automation work in Deployment Server. If no automation work is required, the Altiris PXE Server does not respond to the client and it boots normally. If there is work to do, the Altiris PXE Server responds with its address using a DHCPACK with option 60. At this point, the client has received a DHCPACK containing an IP address, and a DHCPACK with option 60 containing an Altiris PXE Server. If the Altiris PXE Server is located on the same server as DHCP, both are contained in the same DHCPACK packet.

Part 2: PXE Bootstrap


The client is ready to contact the Altiris PXE Server for boot files. After this request, clients are provided with a boot menu containing all boot options that the Altiris PXE Server can provide. Most of the time, the correct boot option has already been selected by the Deployment Server, so this is transfered to the client. After the selection is made, the client requests the necessary boot files using MTFTP. This consists of a .0 and a .1 file. The .0 file functions as a bootstrap loader. It creates a RAM disk and manipulates the BIOS interrupt vectors, interrupt structures and hardware information tables to make the RAM disk function exactly like a typical floppy disk. This file copies the .1 file byte by byte into the newly created RAM disk.

Altiris Deployment Solution 6.8 SP2

58

The .1 file is an image of a boot disk floppy with modifications to the autoexec.bat and additional files which ultimately provide the automation environment on the managed computer. The following diagrams contain a basic outline of this process:

PXE Planning and Installation


This section contains an overview of the PXE deployment process, in the following sections: Enabling PXE on Managed Computers Installing and Configuring DHCP How Many Altiris PXE Servers Do I Need? Installing Altiris PXE Servers

Altiris Deployment Solution 6.8 SP2

59

Enabling PXE on Managed Computers


Each computer you plan to manage using PXE must have PXE boot enabled (sometimes called network or NIC) and set to the correct sequence in the BIOS. It is also a good idea to apply the latest BIOS updates, especially if your network card is integrated on the motherboard. Deployment Solution also supports Wake on LAN to power on managed computers remotely. If this is enabled, a Wake on LAN signal is sent to the managed computer if the device is disconnected from Deployment Server when a job is scheduled to start.

Installing and Configuring DHCP


DHCP is an integral part of the PXE process, and must be installed and configured in order to use PXE. A DHCP server is not provided with Deployment Solution, you must obtain, install, and configure this component separately. After DHCP is set up and your Altiris PXE Servers are installed, you need to configure how your Altiris PXE Servers interact with the DHCP server. This is done using the PXE Configuration Utility.

How Many Altiris PXE Servers Do I Need?


Number of Client Connections
Altiris PXE Servers do not typically require a lot of resources. By using multicast, a single Altiris PXE Server can deploy a DOS boot image to up to 100 computers at a time, and not consume any more resources than it would while deploying a single image. If you are using WinPE or Linux however, multicast boot is not available. Usually a single Altiris PXE Server in a specific location is enough if you either use multicast to deploy images or spread out your image capturing jobs to be in line with the capabilities of your server. Additional Altiris PXE servers can easily be added if necessary.

Network Speed
Since the majority of the resources on an Altiris PXE Server are used for transferring files over the wire, the faster the network, the more work a single Altiris PXE Server can do. A single Altiris PXE Server on a gigabit network can capture and deploy several times as many images over a period of time than even multiple servers on a slower network.

Physical Layout of your Network


Your PXE configuration might be set up according to the physical layout of your network. If you have three offices in different locations, it might make sense to install an Altiris PXE Server at each location to reduce traffic and resolve routing issues (see PXE Request Routing). In these configurations, the deployment share can be mirrored to a local server, and images are usually taken from and restored to local file servers. See PXE Redirection (page 63) for an example of this type of configuration.

Altiris Deployment Solution 6.8 SP2

60

PXE Request Routing


PXE clients use broadcast packets to find DHCP and PXE services on a network, and multicast packets (MTFTP) to transfer files. These packet types can present challenges when planning a PXE deployment because most default router configurations do not forward broadcast and multicast traffic. Because of this, either your routers need to be configured to forward these broadcast and multicast packets to the correct server (or servers), or you need to install an Altiris PXE Server on each subnet. Routers generally forward broadcast traffic to specific computers. The source subnet experiences the broadcast, but any forwarded broadcast traffic targets specific computers. Enabling a router to support DHCP is common. If both PXE and DHCP services are located on the same computer, and DHCP packet forwarding is enabled, you shouldnt have any problem transferring broadcast packets. If these services are located on different computers, additional configuration might be required. If you are going to forward packets, ensure your router configuration lets DHCP traffic to access the proper ports and IP addresses for both DHCP and Altiris PXE servers. Once the broadcast issues are resolved, the routing of multicast traffic must be considered. Multicasting leverages significant efficiencies in transferring files but also introduces challenges similar to broadcast packet forwarding. Like the broadcasting solution, routers can be configured to support multicast traffic between PXE Clients and Altiris PXE Servers. Please consult the documentation provided by your router vendor for additional information on packet forwarding.

Installing Altiris PXE Servers


After you have determined the PXE needs of your network, you must to determine where to install these Altiris PXE Servers. An Altiris PXE Server can be installed on your Deployment Server, on your DHCP server, on another server in your network (such as a file server), or as a standalone server. You can also use a combination of these (example: an Altiris PXE Server on your Deployment Server and your DHCP server). The actual installation process is straightforward. You can install an Altiris PXE Server at the same time as you install Deployment Solution, or you can install one later by running the installation program and selecting the add additional components option. After these servers are installed an running, they are configured using the PXE Configuration Utility. See the following section.

Configuring PXE Settings


All PXE configuration is done using the PXE Configuration Utility. The PXE config utility is used to create and modify two things: Global and local configuration settings. These settings include timeout values, replication and logging options, and so on.

Altiris Deployment Solution 6.8 SP2

61

Boot options. Each boot option corresponds to a specific configuration which includes an operating system, network and other drivers, utilities, mapped drives, and so on. This section contains a brief overview of selected PXE configuration and boot options. For complete details, see the help for the PXE Configuration Utility.

PXE Settings
Shared vs. Local
Deployment Solution provides a PXE settings hierarchy enabling you to provide shared and local PXE configuration values. All Altiris PXE Servers inherit the shared values unless they are overridden on the local server.

Session Timeout
The PXE configuration utility connects the PXE Manager service on Deployment Server. To ensure your changes are not overwritten by another instance of the PXE Configuration Utility, only one instance of PXE config can connect to PXE manager at any given time. If you attempt to launch PXE Configuration when another instance is running, you receive an error. To prevent you from being completely locked out for extended periods (example: an instance is inadvertently left open on another computer), a timeout has been added which terminates a connection after 30 minutes of inactivity after someone else attempts to connect. This timeout only applies if someone else is attempting to launch PXE Configuration. If no other connections are attempted, the timeout is never enabled and your session remains active.

DHCP Server Options


For most circumstances, you want option 1. If you have DHCP installed on your Deployment Server but it is not active, Deployment Server might still attempt to communicate with that instance. This is changed by selecting option 3. If you are using a 3rd party DHCP server which automatically sends the client 60 message, select option 2.

Boot Integrity Services


PXE is potentially vulnerable to hackers, especially in security-conscious business and government settings not willing to risk network boot ups unless safeguards are in place (example: it is important ensure that the boot image comes from a trusted source and has not been tampered with in transit). You can also designate and enforce which boot images can be installed on selected groups of platforms. Boot Integrity Services (BIS) addresses these security needs. BIS enhances the network boot environment by providing mechanisms to validate the source and integrity programs and data downloaded over the network prior to the time an operating system is installed. Using BIS firmware built into the client computer, BIS can validate (before executing a boot image) that the image came from a trusted source and was not tampered with en route.

Altiris Deployment Solution 6.8 SP2

62

Deployment Server supports the BIS technology. However, the BIS support from Altiris is only applicable when the computers being managed also supports BIS. Even if BIS is configured from the Deployment Server console, BIS will not work unless the physical computer supports it. At the present time, there are very few computers that support BIS.

Boot Integrity Services (BIS) Removal


With the advent of Deployment Solution 6.8 and 64-bit support the Boot Integrity Services (BIS) could no longer be managed. In the released version of Deployment Solution 6.8 the BIS configuration was removed from PXE Config utility. In SP1 the BIS CDSA database has been removed and is no longer supported. If you are currently running DS 6.5 with active BIS support, please remove the BIS support before upgrading to Deployment Solution 6.8 because when Deployment Solution 6.8 SP1 is installed all references to BIS are removed.

Boot Options
Boot options are the boot configurations provided to a client by an Altiris PXE Server. Each boot option has a corresponding automation operating system, network drivers, and other settings.

Shared vs. Local


Deployment Solution provides a PXE boot option hierarchy enabling you to provide shared and local PXE boot options. Shared boot configurations are available on all Altiris PXE Servers, while local boot options are available on a specific Altiris PXE server.

PXE Redirection
Lets you redirect a global PXE menu option to a local PXE menu option. Redirection settings are not available globally, they are always specific to an individual Altiris PXE Server. This is due to the role redirection plays in your PXE environment. Consider the following example: You manage computers in three locations: Two offices in Ontario, and one office in Alberta. To limit transfer between each site, each office has a local Altiris PXE Server, and a file server with a mirror of the deployment share. This enables clients at each location to contact the local Altiris PXE Server to boot and use the local deployment mirror to access the network tools and to store images. You need to create a job to capture an image of each managed computer on Friday evening, once a month. To create this job, you add an imaging task, select a PXE boot option, and set the schedule. Hold on. If you select the same PXE boot option for each office, you are going to have problems. The Alberta office uses a mirror of the deployment share on alb1\eXpress, and stores captured images on alb1\images. The two Ontario offices use the ont1 and ont2 servers respectively. You could go ahead and create three global configurations and three different jobs, but that is confusing and could potentially cause problems if the wrong selection is made. If you took this route, on each Altiris PXE Server, two of the three global configurations could potentially cause problems (they are mapped to drives in remote offices). To avoid

Altiris Deployment Solution 6.8 SP2

63

problems, select a single global configuration for a job and update it based on the location of the Altiris PXE Server. This is exactly what redirection does. You create a global configuration (example: named Imaging Environment). On each Altiris PXE Server, you create a local configuration for each office with the correct server mappings. The Imaging Environment global option is redirected to the local option, and the process is simplified. Now the imaging job can be applied to all computers at once, simplifying the process and reducing the chance of errors.

Altiris Deployment Solution 6.8 SP2

64

Part III Using Deployment Solution


This section provides feature identification and basic procedures for deploying and managing computers using Altiris Deployment Solution software.

Altiris Deployment Solution 6.8 SP2

65

Chapter 11

Deployment Basics
Deployment Solution provides a graphical, object-based interface to manage computers. After you have installed the Deployment Agent and the computer has connected, the computer can be managed using the Deployment Console.

Computers
Each computer and computer group in your environment is represented in the computers pane:

Computers can be dragged into a group, or automatically assigned to a group when the agent is installed. Computers can belong to only one group. When a new computer connects, it is placed in the New Computers group.

Jobs
Jobs contain a sequence of tasks to perform work on managed computers. Example: a job might be install and activate Winzip 10. This job might have a condition specifying that it should only execute on Windows XP computers with 500 MHZ or greater processors.

Altiris Deployment Solution 6.8 SP2

66

Each job that can be assigned to a computer or computer group is represented in the jobs pane:

Computers are assigned jobs by dragging and dropping computers onto a job. Jobs can also be scheduled by right-clicking and selecting the Job Scheduling Wizard.

Creating Jobs and Tasks


Jobs are created by adding one or more tasks to a job. Tasks include create disk image, distribute software, manage SVS layer, and run script. These tasks run sequentially and can trigger other events, such as a stop job or execute other job depending on the return code of the task.

Context Menus (Right-click)


In the Deployment Console, you can right-click almost any object for a context-specific list of management options. Example: if you right click a computer or group, you are given the option of viewing computer details or job history, remote controlling or opening a chat session, renaming, power control, and several other options.

Find a Computer in the Database


This search filter lets you type a string and query specified database fields for specific computer properties. You can search for user or computer names, licensing or location information, or primary lookup keys: MAC address, serial number, asset number, or UUID. This search filter queries the property values appearing in the Computer Properties (page 124).

Altiris Deployment Solution 6.8 SP2

67

Click <CTRL> F or click Find Computer on the console toolbar to search the Deployment Database for computers by property settings. The computers that match the search will be highlighted in the Computers pane. 1. In the Search For field, type all or part of the computers property values you would like to search for. This alpha-numeric string will be compared with specified database fields. In the In Field box, select the field you want to search in the Deployment Database. Example: to find a computer by searching for its IP address, type the address in the Search For field and select IP Address from the In Field drop-down list.

2.

Name MAC Address IP Address ID Serial Number Asset Tag UUID Product Key Physical Bay Name

BIOS name of the computer. Example: 0080C6E983E8. Example: 192.168.1.1. Example: The computer ID. 5000001. Serial number installed in BIOS. A primary lookup key. Asset number in BIOS. A primary lookup key. A primary lookup key. Product Key for the operating system. The actual bay number. Example: 7x.

Computer Name Deployment Solution name of the computer.

Registered User Name entered when the operating system was installed. Logged On User Name of the user currently using the computer.

The computer you are looking for appears highlighted in the Computers window in the console. Note This search is not case-sensitive and lets wildcard searches using the *.

Using Lab Builder


Use the Lab Builder to set up jobs under the Lab folder in the Jobs pane to set up a classroom or lab environment.

Click Lab Builder on the console toolbar or click File > New > Lab Builder to set up jobs specifically created for managing multiple computers in a lab environment.

Altiris Deployment Solution 6.8 SP2

68

You can set up jobs to:


Create Disk Image Deploy Lab Restore Lab Update Configuration Upload Registries Each job contains a default list of tasks. Lab Builder places these five new jobs under a folder (which you name) located under the Lab folder. All tasks in the jobs are assigned default paths and file names that let them use the same images and configuration information, registry data, and so on. We recommend that you do not change the file names and paths. If you change the default settings (Example: changing the image name), you must change it in all jobs where the image is used.

To use Lab Builder


1. 2. Click the Lab Builder icon on the toolbar, or choose File > New > Lab Builder. Enter the name of the lab setup. Note The lab name must be unique because the program creates a default image file name based on the name, and the image file name must be unique. The default image name is synchronized in all lab jobs, so if you change the name later you must change it in all jobs that use the image. 3. 4. 5. Enter a lab description to help you differentiate the lab from others. This field is optional. Click OK. Identify an image in the Create Disk Image job. Set computer names and addresses in the Update Configuration job.

The following information describes the default jobs. To run one of these jobs, drag it to the computer or computer group you want it applied to. Create Disk Image. This job uploads an image of a computer to the server and an image name is created automatically based on the lab name. However, there is no actual image in the job until you drag the image source computer to this job. Deploy Lab. This job has three default tasks: Deploy image, Apply configuration settings, and Back up registry files. The image that is uploaded using the Create Disk Image job is deployed when you use this job. The configuration settings you specify in the Update Configuration job are applied to the computers, and the computer registry files are uploaded to the Deployment Server. Restore Lab. This job restores the image and registry files to a computer where a lab was previously deployed. You can quickly get a computer running again by restoring the lab on that computer. Update Configuration. This job lets you to set unique configuration information (such as computer names and network addresses) for client computers. When a lab is deployed, each computer has an identical image, but not the same configuration settings. This means you don't have to visit each computer to reset IP addresses and other settings when you deploy an image. Upload Registries. This job backs up computer registry files to the Deployment Server.

Altiris Deployment Solution 6.8 SP2

69

Computer Import File


Use the following format to import new computers from a text file. You can easily create a computer import file by entering data in the provided Microsoft Excel spreadsheet (ImportComputers55.xls) located in the Samples folder of the Deployment Share. A semicolon as the first character denotes comment lines. Quotes around fields are optional. Leaving the job name blank does not assign the computer to any job. Leaving the start time blank makes an entry in the job for the computer, but does not schedule it for a specific time. Only the Name field is required. Quotes around fields are optional. You can populate your computer database using the format provided below. The Import Computers text file can be imported into Deployment Solution using the File > New Computer > Import or File > Import/Export > Import Computers.

Tips for creating a new computers import file


When using Boolean references, do not use quote marks. These fields are marked with a B: 1=On/True and 0=Off/False. For some fields, this input format supports multiple IP Addresses, delimited by a ; (semicolon) within the field. These fields are marked with a (;). Example: the gateway field could read, 30.11.11.2, for a single IP address or, 30.11.11.2;30.11.11.3;30.11.11.4, to support three IP addresses. All fields (up to and including site) must be present in the file, but all data except for Name is optional. To use optional fields for multiple network adapters, the preceding fields are required. Example: to use Nic3 fields, all fields for Nic2 are required. For Deployment Server to read the import text correctly, ensure there is a final hard return at the end of the file.

Format for the New Computers text file


Outlined below is the field order for the database input. Fields marked (ignored) are not used by version 5.5 and later, but are included to support previous versions. ;Name,MAC Address 1,Serial Number,Asset Tag,Computer Name,Domain(B),Domain/ Workgroup Name,Domain Controller Name(ignored),DHCP(B),IP Address(;),Netmask(;),Gateway(;),Preferred DNS(;),Alternate DNS,Alternate 2 DNS,Preferred WINS,Alternate WINS,Hostname,Domain Suffix,Use Preferred Tree(B),Preferred Server,Preferred Tree,Netware User,NDS Context,Run Scripts(B),User,Organization,Key,Password Never Expires(B)(ignored),Cannot Change Password(B)(ignored),Must Change Password(B)(ignored),Username(ignored),Full Name(ignored),Groups(ignored),Password(ignored),Contact,Department,Email,Mailstop ,Phone,Site,Computer Group,Job,Job Start Time,NIC2 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC3 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC4 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC5 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain

Altiris Deployment Solution 6.8 SP2

70

Suffix,NIC6 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC7 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC8 MAC Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix

Example Import File


DB Computer 1,00a0c95c2640,6X18FHGZP21P,6X18FHGZP21P,Computer1,1,Altiris,,1,,,,,,,,,computer 1h,altiris.com1,1,server1,tree1,user1,context1,1,John Doe,"Altiris, Inc.",12345-OEM1234567-12345,,,,,,,,John Doe,Engineering,jdoe@altiris.com,111,(801) 8051111,Lindon,Test Group,Test Job,12/31/2001 17:30,00a0c95c2641,0,172.25.10.180,255.255.0.0,172.32.0.4,172.32.0.1;172.32.0.7, 172.32.0.4,altiris.com2,00a0c95c2642,1,,,,,,altiris.com3,00a0c95c2643,0,1.1.1.1;2.2.2 .2,255.255.255.255;255.255.255.0,1.1.1.2;2.2.2.1,3.3.3.3;4.4.4.4,5.5.5.5;6.6.6.6,alti ris.com4,00a0c95c2644,1,,,,,,altiris.com5,00a0c95c2645,0,1.1.1.1,2.2.2.2,3.3.3.3,4.4. 4.4,5.5.5.5,altiris.com6,00a0c95c2646,1,,,,,,altiris.com7,00a0c95c2647,0,5.5.5.5,4.4.4 .4,3.3.3.3,2.2.2.2,1.1.1.1,altiris.com8

Altiris Deployment Solution 6.8 SP2

71

Managing from the Deployment Console


Deployment Solution provides both Windows and Web user interface consoles to deploy and manage computer devices across local or wide area networks. It also provides a Thin Client view of the Deployment Console. As an IT administrator, you can manage all computer devices from one of these Deployment consoles: The Deployment Console is a Windows-based console with complete deployment and management features, including remote control, security, Altiris PXE Server configuration, image editing, and other deployment utilities and features. See Deployment Console Basics (page 73). The Deployment Web Console provides basic deployment and management functionality from a Web browser, including the ability to remotely access and manage computer devices, build and schedule jobs, and view multiple Deployment connections. The Thin Client View of the Deployment Console provides a simplified experience when dealing exclusively with Thin Clients. The functionality of the Thin Client Console is identical to that of the current Deployment Console. However, you can toggle from Full View to Thin Client View. Deployment from the Altiris Console combines management and reporting features across multiple Deployment Server systems and lets you integrate additional Web applications in the client and server management suites, including Inventory, Software Delivery, Recovery, HelpDesk, Patch Management and Application Metering solutions.

To launch the Deployment Console, double-click the icon on the desktop, or click Start > Programs > Altiris > Deployment Solution > Console.

Features of the Deployment Console. The Windows console for Deployment Solution provides standard Computers, Jobs, and Details panes to drag and drop icons, view properties, and identify state and status of Deployment objects. In addition, the Deployment Console also includes a Shortcuts and Resources view and provides the tools, utilities and features required for complete computer resource management. See Deployment Console Basics (page 73). Set Program Options. From the Tools > Options dialog, you can set preferences for each Deployment Server system. See General Options (page 85). Set Security. From the Tools > Security dialog, you can set security rights and permissions for all Deployment consoles. See Security in Deployment Solution (page 89). Connecting to other Deployment Server systems. Connect to other Deployment Server connections from your current Deployment Console and manage computers beyond your current network segment or site. See Connecting to Another Deployment Server (page 95). Customize the Tools menu. You can add commands to the Tools menu to open commonly-used deployment programs and utilities. See Extending the Tools Menu on the DS Console (page 82).

Altiris Deployment Solution 6.8 SP2

72

Deployment Console Basics


The Deployment Console is your main portal to Deployment Solution. It is a feature-rich Win 32 program with real-time access to computer resources, deployment jobs, and package files, each represented with distinct icons to identify the status and settings. From the Deployment Console you can build simple or complex deployment jobs, assign them to a computer group, and verify deployment execution. Because the Deployment Console can reside on its own computer, you can have multiple consoles running from different locations. The Deployment Console needs to be running only while creating assignments or viewing information about the managed computers. You can turn on the console, run management tasks, and turn off the console. Scheduling information is saved in the Deployment Database and tasks are executed at their scheduled time. If an assignment to a managed computer is made from two different consoles at approximately the same time, the computer is assigned those tasks in the order they are received. See Console options (page 85) to set refresh intervals for the Deployment Console.

Features of the Deployment Console


Like all Deployment consoles, the Deployment Console is divided into several panes to organize computers, deployment jobs, and software packages and scripts. It gives you a graphical view of your network and provides features to build jobs, drag-and-drop icons to schedule operations, store and access jobs and packages, and report the status and state of your computer resources. The Deployment Server includes three main panes, plus toolbars, wizards, shortcuts, and utility programs.

Computers pane
Use this area to view and select managed computers for the Deployment Server system. You can select and right-click a computer in the Computers pane to run Remote Operations Using Deployment Solution (page 127), or view Computer Properties (page 124). You can also create computer groups to organize collections of similar computers.

Create computer groups by clicking Computer Groups on the toolbar, or right-clicking in the Computer pane and selecting Groups. Click View > Show Computers to display only computer group icons and not the individual computers.

When a computer or group is selected, a list of computers in the group appears in the Details pane and provides the basic information about each computer. The Filter detail bar appears in the Details pane that helps to view computers by a set criteria. When a computer is selected, you can view the computer status in the Details pane, including a list of jobs that are run or scheduled to run on the computer, and the status of each job. To get more details about all tasks that are run on computers, click Status Detail. Status Detail displays a more detailed breakdown of the processes that the job has executed and a status message indicating what has been completed. You can also import new computers from a text file or add security rights and privileges for a specified computer or group of computers. See Managing Computers (page 97) for

Altiris Deployment Solution 6.8 SP2

73

complete information about setting up, importing, and managing computers from the Computer pane.

Jobs pane
Use this area to create and build jobs with specific deployment tasks. You can select and right-click a job in the Jobs pane when Building New Jobs or running the New Job Wizard. You can also import new jobs from a text file or add security rights and privileges for a specified job or collection of jobs. Set up folders to organize and access jobs according to your specifications. Create a new folder by right-clicking in the Jobs section and select the New Folder option. You can also create folders by selecting File > New > Folder.

Click View > Jobs View to show or hide the Jobs pane.

When a job is selected, the Details pane displays a list of computers in the folder and gives a basic information about each job, such as its state and status. It also shows the computers or computer groups to which the job is assigned. The Conditions detail bar also appears, letting you assign jobs to computers. See Setting Conditions for Task Sets (page 153). In System Jobs, folders are created to store jobs that are created when running operations from the console. Drag-n-Drop Jobs. Jobs are created and automatically placed in this folder when you drag an .MSI, .RIP, or other package files from the Resources view to a specific computer or group. See Shortcuts and Resources View (page 75). Image Jobs. Jobs are placed in this folder when you create a Quick Disk Image. Restoration Jobs. Jobs are placed in this folder when you run a Restoring a Computer from its Deployment History job. From the Jobs pane you can drag job icons to computer icons to execute jobs, such as creating images, deploying computers, changing configurations, or installing software. Once a job is created, you can change it by adding, modifying, or deleting tasks. Jobs can be run immediately, scheduled to run a particular time, or saved for a later time. See Building and Scheduling Jobs (page 147) for complete information about setting up, importing, and managing computers from the Jobs pane.

Details pane
The Details pane extends the user interface features when working in the Computers, Jobs, or Shortcuts panes. When you select a computer in the Computers pane, the Details pane changes to a Filters area (if you click a group icon) and displays the status of all jobs assigned to the selected computer.

Altiris Deployment Solution 6.8 SP2

74

When you select a job icon in the Jobs pane, the Details pane displays the information about the job to set up conditions; order tasks; and add, modify, or remove tasks. When you select a computer or computer group in the Computers pane, the Details pane displays the information about a computer, including IP address, MAC address, and status. When you select a batch file, you can click Modify to update the file. When you select a hard disk image file (.IMG), the Details pane displays a description of the image file, and information about the included partitions. When you click on the package files, the Details pane displays the title, description, version, creation date, and platform of a .RIP file or Personality Package.

Shortcuts and Resources View


The Shortcut and Resources pane provides easy access to the computers and job objects identified in the console and the software packages stored in the Deployment Share. In the Shortcuts view, you can drag computers, computer groups, jobs, and job folders to organize and access commonly-used console objects. In the Resources view, you can identify and assign package files.

Click View > Shortcuts to open the Shortcuts and Resources pane. You can drag the jobs and computer icons to this pane. Click Resources in the Shortcuts and Resources view, or click View > Resources or CTRL+R to open a filtered list of packages on the Deployment Share.

The Shortcuts view provides quick links to view and access computers, jobs and packages. It can act as a palette of Deployment Solution icons to drag to other working panes in the console, or as a storage to save commonly-used jobs and computer icons. The Resources view lets you see a filtered view of the package files.MSI files, .RIPs, image files, Personality Packages, and other resource packagesstored in folders in the Deployment Share. From the Resources view, you can drag packages directly to the computers in the Computers pane to deliver the software. This automatically creates jobs in the System Jobs > Drag-n-Drop Jobs folder in the Jobs pane. The Resources view lets you identify packages assigned to each job and assign those packages to create new jobs.

Using Resources Directly


If you do not want to create a shortcut to a resource but still want to use a resource to assign work to a computer, you can move the resource to a designated computer. To do so: 1. 2. 3. Enable the Shortcut view. Click Resources at the bottom of the Shortcut window. Browse to the selected resource and drag it to the appropriate computer.

You can create a new script file from the Resources view, and use it directly to schedule it on a computer. See Creating New Script Files (page 191). See Console options (page 85) for options to set refresh intervals for Resources view.

Altiris Deployment Solution 6.8 SP2

75

Thin Client View of the Deployment Console


The Thin Client view of the Deployment Console provides a simplified experience when dealing exclusively with Thin Clients. The functionality of the Thin Client view is identical to that of the current Deployment Console. However, you can switch from Full View to Thin Client view. The Thin Client Console has four panes: Computers Resources Software Packages Inventory The Computers, Resources, and Software Packages panes are on the left side of the Thin Client view, while the Inventory pane is on the right side of the Thin Client view.

Installing the Thin Client View


During installation, you can install the Deployment Solution Thin Client view. By default, the traditional Deployment Console is installed. If you select Thin Client view, a Thin Client Jobs system folder is created. All the jobs created from the Deployment Solution Thin Client view are stored in this folder. During the installation process, the following folders are created in this hierarcy for the Thin Client resources: Configuration Packages Images Software Packages Deployment Solution for Thin Clients uses the same installation program as Deployment Solution. No licensing is required even if you select Thin Client Install.

To install Thin Client


1. On the Deployment Server Installation dialog, select the Install Thin Client option. The Thin Client view of the Deployment Console appears. or On the Deployment Server Installation dialog, select the Simple Install option. The Deployment Console appears. 2. Click View > Thin Client View. The Thin Client view of the Deployment Console appears.

Switching Between Two Views


When you switch between the traditional view and the Thin Client view, you can maintain the last state in which you viewed the console. This ensures that you open the console in the same view that you last closed it in.

To switch between the traditional and the Thin Client view


1. Click View.

Altiris Deployment Solution 6.8 SP2

76

2.

Select Show Thin Client View.

Note By default, the Thin Client view is visible if you select Thin Client Install. When you switch to the Thin Client view, all the menus and items not necessary for the Thin Client view are unavailable. These are visible when you switch to the traditional view.

Computers Pane
This pane is the same as that in the traditional view. However, only thin clients are displayed. You can right-click this pane to view a new menu. When you right-click a thin client, you can view the following options: Capture Configuration Capture Images Deploy Configuration Deploy Image Install Automation Partition Get Inventory Power Control Properties Remote Control Manage Inventory View If you select a Capture option, a text field appears, prompting you for the name of the captured resource. By default, the name is the same as the serial number on the thin client, that you can change. If you select a deploy option, a list of the available resources for the selected type appears, such as Configurations, Images, or Software Packages appears. You can select a resource from this list.

To create a job
You can create a job in one of the following ways: Select any of the first six options from the Computers pane. All these jobs are scheduled at the current time. Note The Schedule Computers for Job dialog does not have the Job Schedule tab. Also, all the automation jobs have the default option selected for boot image. Drag resources to the Computers pane or computers to the Resources pane to schedule jobs at the current time. Note Ensure that you have the required permissions to drag and drop resources.

Altiris Deployment Solution 6.8 SP2

77

All thin client job details are saved in the Thin Client Jobs system folder. You cannot delete or rename this new system folder from the console. All the above options, except Properties, are disabled when the client is not active. Note All the jobs on the thin clients are automatically created and scheduled by the console, and this is done only when the clients are active. When creating the jobs, the console refers to the operating system type (platform) of the client.

Resources pane
This pane is a tree view listing all the resources that you can drag and drop to the thin clients and vice versa. Three types of resources appear in this pane: Configuration Packages. Example: Captured Registry Settings. Images Software Packages. Example: HP Tools. Note All these resources reside in the express share in the ThinClient directory. When you click any of the three submenus corresponding to the subdirectories within the ThinClient directory, the tree expands and displays all the resources included in the directory. If the folder is empty, an appropriate message appears. You can rename or delete the resources.

Software Packages
The Software Packages pane displays the software packages that can be created for the available computers. You can drag and drop this resource to the thin clients and vice versa. When you right-click the Software Packages pane, you can view the following options: New folder. Select this option to create a new folder. Import. Select this option to import a job. See To import a job. Rename. Select this option to rename a folder. Note You cannot rename the Software Packages pane. You can only rename a folder. Delete. Select this option to delete folders. Find Software Packages. Select this option to find software packages.

To import a job
1. 2. Open the Thin Client view. Right-click the Software Packages pane and select Import. The Import Job dialog appears. 3. Browse to specify the file to be imported in the Job file to import field.

Altiris Deployment Solution 6.8 SP2

78

Note By default, the Import to Job Folder, Overwrite existing Jobs and Folders with the same names, and Delete existing Jobs in folder options are disabled. 4. 5. To preserve the source operating system file paths of Scripted Install, select the Preserve Scripted Install OS source paths option. Click OK.

You can delete the Software Packages pane from the Thin Client view through the Deployment Console view.

To delete the Software Packages option from the Deployment Console


1. 2. 3. Open the Deployment Console. In the Jobs pane, select System Jobs > Thin Client Jobs > Software Packages. Right-click Software Packages and select Delete. A confirmation dialog opens. 4. Click Yes to confirm the deletion. The Software Packages option is deleted from the Deployment Console view. Note The Software Packages option is automatically added in the Jobs pane in System Jobs > Thin Client Jobs when you switch from the Deployment Console view to the Thin Client view.

Inventory Pane
The pane displays a table, listing all the thin clients identified by the console. The following columns appear in the Inventory pane: Name Computer Status Action Status Product Name Operating System Image Version Flash Size Memory Size BIOS Version You can select which columns to view. The following columns are available, but do not appear: Automation Partition CPU Domain Name IP Address

Altiris Deployment Solution 6.8 SP2

79

MAC Address

To view Inventory columns


1. 2. 3. Right-click the Inventory pane. The Manage Inventory Column dialog appears. Add columns to either the Selected columns list or the Available columns list by clicking the required arrows. Click OK.

Toolbars and Utilities


The toolbars and menus on the Deployment Console provides major features and utility tools to deploy and manage computers from the console. From the Main toolbar, you can create new jobs and computer accounts and run basic deployment tasks. On the Tools toolbar, you can launch Deployment Solution administration tools and package editing tools. It also includes icons to quickly run commonly used Remote Operations Using Deployment Solution.

Deployment Solution Utility Tools


The Deployment Console lets you open utility programs from the Tools menu or from the Tools toolbar. You can launch Deployment Solution administration tools (Boot Disk Creator, PXE Configuration, Wise SetupCapture and Remote Agent Installer) and package editing tools (Wise MSI Editor, PC Transplant Editor, and Image Explorer) from the toolbar.

Administration tools

Boot Disk Creator. Use this tool to create boot disk configurations, and automation and network boot media to image client computers. The Boot Disk Creator can maintain several different boot disk configurations for different types of network adapter cards. See Altiris Boot Disk Creator help.

PXE Configuration. After installing the Altiris PXE Server, you can create and modify configurations, which make up the boot menu options that appear on client computers. This is another solution to boot computers to automation. See the Altiris PXE Configuration help.

Remote Agent Installer. Remotely install the Deployment Agent on client computers from the console. This utility lets you push the agent installation to client computers from the Deployment Console.

Altiris Deployment Solution 6.8 SP2

80

Carbon Copy. Remotely control managed computers to view and troubleshoot problems from the Deployment Console. This utility provides comprehensive remote access features beyond the Remote Control feature accessed by right-clicking a computer or computer group from the Deployment Console.

Package Editing Tools

PC Transplant Editor. Use this tool to edit a Personality Package to add or remove data. See the Altiris PC Transplant Help located in the Deployment Share.

Image Explorer. After a disk image is saved to the Deployment share, this tool lets you view and manage data in the image file. You can edit and split an image, create and index, and more. See the Altiris Image Explorer help file located in the Deployment Share.

Wise MSI Editor. Edit .MSI packages generated from the Wise Setup Capture tool or other .MSI files used to distribute software and other files.

SVS Admin Utility. Create, import, and manage virtual software layers. See Software Virtualization Solution (page 81).

Software Virtualization Solution


Altiris Software Virtualization solution (SVS) is a revolutionary approach to software management. SVS places applications and data into managed units called virtual software packages. Using SVS you can activate, deactivate, or reset applications to avoid conflicts between applications without altering the base Windows installation. The SVS Admin Utility is a part of SVS. It creates, imports and manages virtual software layers, which are part of the packages. For information on installing and using the SVS Admin Utility, see the Software Virtualization Solution Reference Guide. For information on the integration of the SVS Admin Utility with Deployment Solution, see Using SVS Admin Utility with Deployment Solution (page 81).

Using SVS Admin Utility with Deployment Solution


On a Deployment Solution computer, you can capture application and data files. The installed application, data files, and settings are captured into the virtual software layers. The Deployment Solution computer should have a clean installation of the Windows operating system. The computer should not have any background processes or programs running that can be captured into the layers. Your base computer should not be running an antivirus program or any other computer management program. If possible, the computer should not have an active Internet connection.

Altiris Deployment Solution 6.8 SP2

81

You can create layers on a virtual computer. (See Managing the SVS Layer on page 177) This lets you disconnect a computer from the network and reset the computer after each capture. This ensures that you have a clean operating system. You can also distribute .RIPs, .MSI files, scripts, personality settings, and other package files to computers or groups. See Distributing Software (page 175).

Extending the Tools Menu on the DS Console


You can add commands to the Tools menu on the Deployment Console to quickly access additional management applications. This lets easy access to applications commonly used with Deployment Solution. Commands are added by modifying or adding new .INI files. You can insert commands to the root ATools.ini file for the main menu or add new .INI files to create submenus. Place both types of .INI files in the same directory where the Deployment Console executable (eXpress.exe) is located (the default location is the Program Files\Altiris\ eXpress\Deployment Server). You can add up to eight menu items to the main menu, and eight menu items for each submenu. These .INI fields are included for each application added to the Tools > Altiris Tools menu:

[Application name or submenu declaration] MenuText=<the application name displayed in the menu> Description=<the name displayed when you mouse over the menu item> WorkDir=<directory set as default when executable is run> Executable=<path to the executable files>
The ATools.ini file extends the main Tools menu on the console. This sample file contains one submenu, Web Tools, and two additional menu items, Notepad, and Netmeeting. The .INI files are located in the Deployment Share.

[Submenus] Web Tools=wtools.ini [Notepad] MenuText=Notepad Editor Description=Simple Editor WorkDir=. Executable=C:\WINNT\notepad.exe [NetMeeting] MenuText=NetMeeting Description=NetMeeting WorkDir=. Executable=C:\Program Files\NetMeeting\conf.exe

Altiris Deployment Solution 6.8 SP2

82

Another Tools .INI file is wtools.ini. It is a submenu file referenced by the main ATools.ini file. On the main menu this is titled Web Tools (see Tools.ini) and contains two applications, Internet Explorer and Adobe Acrobat.

[Explorer] MenuText=Explorer Description=Windows Explorer WorkDir=. Executable=C:\Program Files\Internet Explorer\explorer.exe [Acrobat] MenuText=Acrobat Reader Description=Acrobat Reader WorkDir=. Executable=C:\Program Files\Adobe\Acrobat\acrobat.exe

Computer Filters and Job Conditions


Use this dialog while Creating a Computer Group Filter to filter only the specified computers in a computer group, or while Setting Conditions for Task Sets when running a job only on the specified computers in a group.

Creating Conditions to Assign Jobs


You can Set Conditions on a scheduled job to run only on the computer devices that match a defined criteria. As a result, you can create a single job with tasks defined for computers with varying properties, including the type of the operating system, network adapters, processors, free disk space, and other computer properties. You can now create task sets for each job that are applicable only to the computers matching those conditions.

Click a job in the Jobs pane. The Condition feature appears in the Details pane. Click Setup to add new conditions or edit existing conditions. When you are setting conditions to schedule a job, select from a list of predefined database fields or create custom tokens that key on other fields in the database.

Creating Custom Tokens


You can create custom tokens to set conditions based on the database fields not provided in the available preset conditions. in the Conditions dialog . Example: select User Defined Token from the drop-down list in the Fields box. Select contains in the Operation field, and enter Milo in the Value field. In the Token field, enter the following custom token:%#!computer@lic_os_user%.This filters out only the jobs with the registered license user named Milo. The job runs only on the computers that meet the specified criterion.

Altiris Deployment Solution 6.8 SP2

83

Filter Name
Active Computers Inactive Computers Computers With Failed Jobs Windows 98 Windows 2000/ 2003 Windows XP Windows CE (PDAs) Linux Windows XP Embedded Windows CE .NET Pocket PC (PDAs)

Description
Displays all the active computers. Displays all the inactive computers. Displays all the computers where jobs have failed to execute. Displays only the computers with Windows 98 operating systems. Displays only the computers with Windows 2000 or 2003 operating systems. Displays only the computers with Windows XP operating systems. Displays only the computers with Windows CE operating systems. Displays only the computers with Linux operating systems. Displays only the computers with Windows XP Embedded operating systems. Displays only the computers with Windows CE .NET operating systems. Displays only the Pocket PC computers.

Creating a Computer Group Filter


The Computer Filters dialog displays a list of all computers in a group according to the specified criteria. Example: you can create a filter to view all the computers in a particular group that have Windows 2000, 256 MB of RAM, and 20 GB hard disks only. By applying the filter, you can view all the computers that meet the specified criteria in the Details pane of the Deployment Console.

Click a computer group in the Computers pane. The Filter feature appears in the Details pane for the selected computer group. Click Setup to add new filters, or modify, and delete existing computer filters.

To create or modify a computer filter


1. 2. Click the All Computers group or any other computer group. On the Filter bar in the Details pane, click Setup > New to create a new filter. Or Click Setup > Modify. 3. 4. Type a name for the filter, and click Add. The Filter Definition screen appears. Define the conditions you want to filter. Click the Field box to see a list of computer values stored in the Deployment Database. Select a computer value and set the appropriate operation from the

Altiris Deployment Solution 6.8 SP2

84

Operations list. In the Value box enter an appropriate value for the selected database field. Example: you can choose Computer Name as the Field, Contains as the Operation, and Sales as the Value. 5. Repeat to include other conditions. Click OK.

General Options
Use Program Options feature to set the general options for Deployment Solution. Click Tools > Options to view the Program Options dialog. Console options (page 85) Global options (page 85) Task Password options (page 86) Domain Accounts options (page 87) RapiDeploy options (page 87) Agent Settings options (page 88) Custom Data Sources options (page 88)

Console options
Set basic console features for miscellaneous refresh actions and warning messages. Scan resource files for changes every ____ seconds. Specify how frequently (in seconds) the Deployment Console updates its view of package files in the Resources view, see Shortcuts and Resources View (page 75). Warn user when no tasks are assigned to the 'default' condition. When a job is assigned to computers and the Default condition has no tasks assigned, a message appears. The job has no secondary default tasks assigned if a computer in the group does not meet the primary conditions. See Setting Conditions for Task Sets (page 153). Refresh displayed data every ____ seconds. Refresh the display of data accessed from the Deployment Database. This lets you refresh console data at defined intervals rather than updating every time the Deployment Console receives a command from the server, which can be excessive traffic in large enterprises.

Global options
Set global options for the Deployment Server system. Delete history entries older than _____ days. Specify the number of days an entry is kept in the history until it is deleted. Enter any number between 1 and 10,000. If you dont select this option, log entries remain in the history. Remove inactive computers after ____ days. Specify the number of days you want to keep inactive computers in the Deployment database before they are deleted. The default value is 30 days, but any number between 1 and 10,000 is valid. Synchronize display names with computer names. Automatically update the displayed name of the managed computer names in the console when the client computer name changes. If this option is not selected, changes to the computer names is not reflected in the console. Synchronization is off by default. The names do not have to be synchronized for the Deployment Server to manage the computer.

Altiris Deployment Solution 6.8 SP2

85

Reschedule failed image deployment jobs to immediately retry. Immediately retry a failed image deployment job. The program continues to retry until the job succeeds or until the job is cancelled. Client/server file transfer port: _____. Specifies a static TCP port for file transfers to the clients. The default value is 0 and causes the server to use a dynamic port. This setting is useful if you have a firewall and need to use a specific port rather than a dynamically assigned port. Automatically replace expired trial licenses with available regular licenses. Lets Deployment Solution to automatically assign a permanent license to the computer after the trial license expires. Note Be careful when using this option. Ensure that you do not give a permanent license to computers you do not want to manage after their trial license expires. Display Imaging status on console. Displays the status of the imaging job on the Deployment Console. Remote control ports. Specifies ports for using the Remote Control feature. You have the option to enter a primary port address and a secondary port address (Optional). Primary lookup key. Specifies the lookup key type used to associate a new computer with a managed computer. The options are Serial Number, Asset Tag, UUID, or MAC Address. Sysprep Settings. This lets you enter global values for Sysprep. See Sysprep Settings (page 86).

Sysprep Settings
View and configure the Sysprep settings for the Deployment Server.

OS Product Key tab


In the OS Product Key tab, select the suitable operating system from the Operating System drop-down list. After you select the operating system, a list of all product keys for the selected operating system appears. Select an operating system from the Operating System drop-down list, and click Add to type the Product Key. You can type up to 29 characters for the Product Key. The new product key is added to the list of available keys of the selected operating system. To modify a product key, select the product key to be modified, and click Edit. To remove a product key, select the product key to be deleted, and click Remove. Note If the product key is being used by another task, you cannot delete the product key. You are prompted with a message stating that the product key is being used by another task.

Task Password options


According to the network and security properties, the passwords for administrators and users change after a certain number of days. In such a scenario, the password becomes invalid and all jobs and tasks using the user name whose password changes must be

Altiris Deployment Solution 6.8 SP2

86

modified to use the new password. The Task Password option provides administrators with a simple option to manage all password changes from a centralized location. This feature lets you set or change user passwords from a central location, so you can modify the password for the Copy File to, Distribute Software, Run Script, Distribute Personality, and Capture Personality tasks when creating or modifying jobs. However, this tab is enabled only to administrators and select users who have been granted the appropriate privileges. The Status field displays the results of password updates. Example: User As user name and password is used in ten tasks. If you want to update the password for these ten tasks, you can do so through the Task Password option. After the password is updated, the Status field displays the message: Password for 10 tasks updated.

Domain Accounts options


This sign-on feature retrieves the name of the administrator (or user with administration rights) and the password for each domain, avoiding the need to log on for each managed computer when completing imaging and configuration jobs. Click Add to enter the Domain name. The Add Domain account appears. Enter the name of the selected domain and provide the administrator credentials. Click OK. The administrator name and domain are listed in the Domain Accounts list box. Note To enter the administrator user name for a Windows XP domain, you need to add both the domain name with the user name. Example: instead of entering just the user name jdoe, you need to enter domainName\jdoe.

RapiDeploy options
This feature optimizes the multicasting ability of the RapiDeploy application in Deployment Server, letting you deploy images to a group of computers simultaneously, download an image from a file server, or access a local hard drive, and manage the imaging of several client computers concurrently. Because RapiDeploy is more efficient when writing directly to the IP address of the network adapter driver, you can enter a range of IP addresses when using the multicasting feature to speed computer deployment and management. Deployment Server accesses the range of computers using the defined IP pairs and avoids retrieving the computers through the port and operating system layers. However, because some network adapter cards do not handle multiple multicast addresses, you can also identify a range of ports to identify these computers. On the first pass Deployment Server accesses the selected computers using the list of IP numbers. On the second pass, Deployment Server accesses the selected computers using the port numbers or higher level operating system ID's. Note Multicasting images are not supported when using the UNDI driver on PXE, and are disabled on the client. Click Reset to set the default values.

Altiris Deployment Solution 6.8 SP2

87

Agent Settings options


These are the default agent settings for new computers. Click Change Default Settings to change Windows Agents Settings for Windows and DOS. Set Deployment Agent Settings for new computer accounts or set Deployment Agent Settings for DOS for new computers. These default settings are applied only for new client computers that have never connected to the Deployment Server, and have no information stored in the Deployment Database. These settings are not for the existing managed computers nor are these settings applied when setting properties using the Remote Agent Installer. When the Deployment Agent connects, Deployment Server verifies if the computer is a new or an existing computer. If the client computer is new and if the Force new agents to take these default settings option is selected, the Deployment Agent on the client computer receives the default settings established in the Options > Agent Settings dialog. If the computer is recognized as an existing managed computer, it uses the existing agent settings. The same process occurs for automation agents if the Force new Automation agents to take these default settings option is selected. Force new agents to take these default settings. Select this option to force the default settings when adding a new computer. Force new Automation agents to take these default settings. Select this option to force the default settings when adding a new automation agent connects.

Custom Data Sources options


This option lets you set up credentials to authenticate to external Deployment Databases and other Microsoft SQL Server databases to extract data using custom tokens. Click Add to enter an administrator alias and other login information for the Microsoft SQL Server (or MSDE) hosting the desired Deployment Database. The information required to create a custom data source entry are listed below: Alias. The alias name you would like to use when referencing the external SQL database. Server. The name of the external SQL database server or IP address. Database. The name of the external database from which you want to extract data. Use Integrated Authentication. This option authenticates to the external database using the domain account you are currently logged on as. User name and Password. When the integrated authentication is not being used, you must provide a user name and password to authenticate to the external database. Click Allowed Stored Procedures to modify the existing list. See Allowed Stored Procedure List (page 88).

Allowed Stored Procedure List


Click Allowed Stored Procedures to identify the stored procedures from the selected custom data source. You can now select from the list of available stored procedures in the data source. This lets you call stored procedures outside of the Deployment Database (express database) using custom tokens within scripts or answer files.

Altiris Deployment Solution 6.8 SP2

88

Virtual Centers
You can keep a list of all VMware Virtual Center Web services. The hosts and virtual computers from each Virtual Center that have corresponding computers in the Deployment Database appear in the computer tree. These virtual computers appear under the Virtual computers node in the Computer pane. Click Add on the Virtual Center page, and enter the Server host name, display name, and user name. You can also set up a password for the selected user.

Security in Deployment Solution


Deployment Solution provides a security system based on associating job and computer objects with user and group permissions, letting IT personnel to be assigned to different security groups to manage operations on specific computer groups or job folders. Each security group can perform only a defined scope of deployment operations on each computer group or job folder. Additionally, each user can be assigned rights to access general console features. Note Security rights and permissions set in one console is enforced in all Deployment consoles.

To set general security rights, click Tools > Security and add a user name and password. You can create users and groups and set scope-based rights. To set feature-based permissions for specific computers or jobs, select the object in the console, right-click and click Security.

See also
Best Practices for Deployment Solution Security (page 89) Enabling Security (page 90) Setting Permissions (page 93) Groups (page 92) Rights (page 92)

Best Practices for Deployment Solution Security


Deployment Solution is based on defining groups of users and groups of computers and jobs, and associating one with another. Altiris recommends that you first create user groups based on administration duties or access to levels of deployment operations. Example: you will most likely set up a group with full Administrator rights. This group will have access to run all operations on all computers using all types of jobs. No permissions need to be set on each computer group or job folders for the Administrator group because they have full rights to all features and resources. However, you can also set up a Technician group that has only basic access and permissions limiting deployment operations. This prohibits members of the group from re-imaging the Server computer group or scheduling Distribute Disk Image jobs. You

Altiris Deployment Solution 6.8 SP2

89

can explicitly Allow or Deny the group from running these operations for each computer group in the Computers pane or each job folder in the Jobs pane. After creating the Technician group, you can limit their rights to set General Options and set permissions on each computer groups and job folder for the group. You can select the computer group, right-click it and select Permissions. Select the group name in the left pane, and click Allow or Deny for a list of deployment operations. Example: you can select the Deny check box for Restore, Schedule Create Disk Image, and Schedule Distribute Disk Image. Additional groups can be created with different rights and permissions depending on the needs and responsibilities in the IT team. If users are assigned to multiple groups, the Evaluate Permission and Evaluate Rights features are sorted and display effective permissions and rights.

Enabling Security
You can enable security by first creating a group with Administrator rights, adding a user to the Administrator group, and selecting Enable Security. Note When the Administrator Right is selected, you do not need to select any other rights because the Administrator Right implies that all other rights are selected. 1. Click Tools > Security. The Security dialog appears. 2. 3. Click Manage User Groups tab and click Add. The Add User Group dialog appears. Select the authentication type. You can add a DS group or a group from the Active Directory. To add groups from Active Directory, see Adding groups from the Active Directory (page 92). Click DS Group Note The Browse option is disabled for Local Group. 5. Type a name and description in the Add User Group dialog. Click OK. The group name appears in the window. 6. 7. 8. Select the new group name and click Rights. Select Administrator in the Rights dialog. This assigns complete rights and permissions to the group. Click OK, and click Close. On the main Security dialog, click the Manage Users tab, and click Add. The Add User Account dialog appears. 9. Select the authentication type. You can add a DS user or a user from the Active Directory. To add users from Active Directory, see Adding users from the Active Directory (page 91).

4.

10. Click DS User in the Add User Account dialog. Note The Browse option is disabled for DS User.

Altiris Deployment Solution 6.8 SP2

90

11. Type user name, full name, and password. Retype the password, and provide a description for the user. Click OK. 12. Select the user name in the main Security dialog. Click Rights. 13. Click the name of the new Administrator group in the Groups window. This assigns the new user to the new group with Administrator rights. Click OK. Note You can assign the user Administrator rights directly, but we recommend you to assign users to groups. See Best Practices for Deployment Solution Security (page 89). 14. Now that you have a user with administrator rights, select the Enable Security box. Security is now enabled. You can now create users and groups and assign permissions to computer groups and job folders.

Adding users from the Active Directory


You can add users from the Active Directory. 1. 2. 3. In the main Security dialog, click Manage Users tab, and click Add. Click AD User in the Add User Account dialog. If you know the user name, type it in the User name box, or click Browse to select the user from the Active Directory. The password field is deactivated as the user is being added from the Active Directory. Note You can add only one user at a time. To import users, see Importing users from the Active Directory (page 91). 4. 5. Type a description for the user in the Description box. Click OK.

Importing users from the Active Directory


You can also import users from the Active Directory. To open a standard Windows Active Directory dialog, from the main Security dialog, click the Manage Users tab, and click AD Import. Add users from Active Directory, not groups. The users are added to the Deployment Database. However, you still need to assign the users to security groups with appropriate rights and permissions. Note When logging on with the imported AD account, Deployment Solution accessed the Windows Active Directory server to validate the user password.

Evaluate Rights
Click Evaluate Rights to identify the combined rights of the selected user and its user group(s). This feature identifies effective rights for each user by resolving any possible conflicts between multiple group settings.

Altiris Deployment Solution 6.8 SP2

91

Groups
Assign the user to previously created groups. If you are enabling security, you can assign the user to a group with Administration rights. To add groups, from the Security dialog, click the Manage User Groups tab, and click Add. Select the authentication type, and type the required details. You can view the members of any group by clicking the group in the Manage User Groups dialog and clicking View Members. See also Best Practices for Deployment Solution Security (page 89), and Enabling Security (page 90).

Adding groups from the Active Directory


You can add users from the Active Directory. 1. 2. 3. In the main Security dialog, click Manage User Groups tab, and click Add. Click AD Group in the Add User Group dialog. If you know the group name, type it in the Name field, or click Browse to select the group from the Active Directory. A list of groups, along with their descriptions, appears in a new dialog. Select a group from the list, and click OK. The Name, Domain, and Description gets automatically filled. However, you can modify the description. Click OK.

4.

The newly added group appears in the main Security dialog.

Importing groups from the Active Directory


You can also import users from the Active Directory. In the main Security dialog, click the Manage User Groups tab, and click AD Import to open a standard Windows Active Directory dialog. Add groups from Active Directory. You can choose a domain from the Domain List, and select a group from the displayed list. The group is added to the Deployment Database. However, you still need to assign the users to security groups with appropriate rights and permissions.

DS Authentication
If the user is already in the DS database, and tries to access the Deployment Console, Deployment Server checks the authentication with the logged on user, and upon matching does not prompt for user credentials. Similarly, if a group has already been added in the DS database, and if a system logged-on user, who is a part of the AD group, tries to access the Deployment Console, Deployment Server does not prompt for credentials.

Rights
This dialog lets you set general rights for a user or group. To verify, add or change the rights assigned to each console user, use the following steps: 1. 2. 3. 4. From the Security screen, select a user and click Rights. From the Set Rights For window, click the Rights tab. Select the check box for each right you want to grant. After selecting all applicable rights, click OK to save your changes.

Altiris Deployment Solution 6.8 SP2

92

A brief explanation of each Deployment Server right that can be assigned is detailed below: Administrator. Lets user access all features available on the Deployment console. You must have Administrator rights to enable security. See Enabling Security (page 90). Options Console. Lets you set Console options. If this check box is selected, you can set the view and set the console options. Options Global. Lets you to set Global options. If this check box is selected, you can view and set the global options. Options Domain Accounts. Lets you set Domain Accounts options. You can view and set the domain accounts option. Options RapiDeploy. Lets you set RapiDeploy options. You can view and set the RapiDeploy options. Options Agent Settings. Lets you set Agent Settings options. You can view and set the agent settings. Options Custom Data Sources. Lets you create Custom Data Sources options. You can view, create, and set database aliases. Manage Rejected Computers. Lets you view Rejected Computers in Deployment Solution and change status. Refresh Clients. Lets you Refresh Deployment Solution clients. You can use the View > Refresh clients <CTRL +F5> feature to disconnect and reconnect client computers. Allow scheduling on All Computers. Lets you schedule jobs on All Computers. If you have administrator rights, by default you have the rights to schedule job on all computers, irrespective of the check box state. You can grant this right to a specific user or a group. Import/Export. Lets you import and export jobs and import computers as well. See Importing and Exporting Jobs (page 192) and Importing New Computers from a Text File (page 102). Options Task Password. Lets you centrally update passwords for users and groups so they can access the tasks: Copy File to, Distribute Software, Run Script, Distribute Personality, and Capture Personality when creating or modifying. You must have administrative rights to access this option. See Task Password options (page 86). Use PXE Configuration Utility. Lets you use the PXE Configuration Utility. Options Virtual Centers. Lets you view and add options for Virtual Centers. See Virtual Centers (page 89).

Setting Permissions
Set permissions for jobs, job folders, computers, and computer groups. See Best Practices for Deployment Solution Security (page 89) for additional design tips. 1. 2. Right-click on a computer group or job folder (or individual computers and jobs) and select Permissions. The Object Security dialog appears. Click the Groups tab and select a group name. Or click the User tab and select a user name.

Altiris Deployment Solution 6.8 SP2

93

3.

From the list in the right pane, select if you want to Accept or Deny permission to run the operations on the selected computers or job objects. These permissions include access to Remote Operations Using Deployment Solution and features for scheduling Deployment Tasks. Select the Allow or Deny check box to explicitly set security permissions for these Deployment Solution features for the selected objects. Note Administrators have access to all objects with unrestricted rights and permissions. You cannot explicitly deny permissions to computer or job objects for users with administrator rights.

4.

5. 6.

To assign permissions to multiple groups, click Set permissions on all child objects to assign the values without closing the dialog. Click Close.

Note You can set permissions for all jobs and computers by clicking in the Jobs pane or Computers pane without selecting a job or computer object.

Permission Rules
Permissions received through different sources may conflict with each other. The following permission rules determine which permissions are enforced: Permissions cannot be used to deny the user with Administrator console rights access to use any console objects or features. User permissions take precedence over Group permissions. Deny overrides Allow. When a user is associated with multiple groups, one group could be allowed a permission at a particular level while the other group is denied the same permission. In this scenario, the permission to deny the privilege is enforced. Permissions do not flow down an object tree. Instead, the object in question looks in the current location and up the tree for the first permission it can find and uses the same. If a console user does not have permissions to run all tasks the job contains, the user cannot run the job.

Evaluate Permissions
Click Evaluate Permissions to identify the combined permissions of groups and containers with contrasting permissions. This feature identifies effective permissions for each object by resolving any possible conflicts. If a job includes multiple tasks and one of the tasks does not have sufficiently assigned permissions, the whole job fails due to lack of access permissions. Note Permissions to schedule jobs also lets a user to delete jobs in the Details pane after a job runs. Example: if a job contains errors and does not run, no other jobs can be scheduled. The user must delete the job before scheduling a new job.

Altiris Deployment Solution 6.8 SP2

94

Connecting to Another Deployment Server


From the Deployment Console you can connect to other Deployment Servers on your LAN and manage computers beyond the network segment you are currently logged on to. Opening a connection requires that you connect to the Deployment Database of the preferred Deployment Server connection using the ODBC Data Source Administrator.

Click File > Connect to or press CTRL+O to open the Connect to Deployment Server dialog. Enter requisite information to connect to the external Deployment Server connections using an ODBC driver.

Note Although you are accessing another connection (another Deployment Database), Windows remembers the last place you browsed to, which would be the Deployment Share of the previous Deployment Server connection. You need to browse to the new connections Deployment Share to access its shared folder containing its RIPs, images, executables, and other resources.

Connecting to a new Deployment Database


1. 2. 3. Click New. The Define Connection Information dialog appears. Enter a name for the connection to be opened. Establish an ODBC data source. a. b. c. d. e. Click ODBC Administrator. Click the System DSN tab, and click Add. Select the SQL Server driver source and click Finish. In the Create a New Data Source to SQL Server dialog, enter a name and description for the data source. If an entry for your server already exists, select it from the menu. Otherwise, enter the name of the server hosting your remote SQL server in this box. Click Next. Click Next in the Create a New Data Source to SQL Server dialog to accept the default settings. Select the Change the Default Database to check box and select eXpress from the menu. Click Next. Click Finish. The specifications for the ODBC data source appears. Click Test Data Source to verify that the source is reachable. Click OK. You return to the main ODBC Data Source Administrator dialog with your new data source listed in the System DSN tab. Click OK.

f. g. h. i. j. 4. 5.

Using the menu in the ODBC Data source name dialog, select the new Data Source name you just created. In the Installation Directory path field enter the full UNC path (or path using any locally mapped drive) to the directory of the required Deployment Server, for example:

Altiris Deployment Solution 6.8 SP2

95

\\SalesServer\express or H: 6. Click OK.

Rejected Computers in Deployment Solution


When an unwanted managed client computers attaches to your Deployment Solution system, you can right-click the computer in the Computers pane and select Advanced > Reject Connection. You can view these rejected computers by clicking View > Rejected Computers. The rejected computers are prohibited from being active in the Deployment Database. They are identified and rejected by their MAC address. You can remove computers from the Rejected Computers list by selecting it and clicking Accept Computer(s). This lets the computer to attach again and be managed by the Deployment Solution system.

Refresh Deployment Solution


You can refresh the Deployment Console by clicking View > Refresh Console (or pressing <F5>) to update data from the Deployment Database. You can also click View > Reset Client Connections (or press Ctrl+<F5>) to disconnect and reconnect all managed computers in a Deployment Server system. When you refresh the managed client computers, you are asked if you want to disconnect all computers. Click Yes. This tells the Deployment Agent to shut down and restart. It also creates additional network traffic when all computers connect and disconnect. By refreshing the managed client computers, you ensure that you are viewing the current status and state of all computers resources in your system.

Altiris Deployment Solution 6.8 SP2

96

Managing Computers
From the Computers pane of a Deployment Solution console, you can identify, deploy, and manage all computer resources across your organization, including desktop computers, notebooks, handhelds, network and Web servers, and network switches. You can quickly modify any computers configuration settings or view its complete management history. Or you can take on big projects, like completely re-imaging the hard drive, restoring software and migrating personality settings for a whole department. You now have management of all your computer resources available from a Windows or Web console from any location. All computer resources can be accessed and managed as single computers or organized into computer groups with similar hardware configurations or deployment requirements, letting you run deployment jobs or execute operations on multiple computers simultaneously. You can use search features to locate a specific computer in the Deployment Database, or set filters to sort computers by type, configuration, operating system, or other criteria. Manage with Computer icons. Major computer types are identified by a computer icon in the console, with a listing of scheduled jobs and operations associated with each computer. In the Deployment Console, you assign and schedule deployment jobs to computers or groups by dragging the computer icon to a job in the Jobs pane, or vice versa. See Viewing Computer Details (page 98).

Computer icons appear in the Computer pane of the Deployment console where they can be organized into groups. To assign and schedule a computer in the Deployment Server Console, drag a computer icon or group icon to a job icon.

Add new computers. Deployment Solution lets you add new computer accounts and set configuration properties for new computers before they are recognized by the Deployment Server system. Preset computer accounts automatically associate with new computers when they start up, or can be associated with pre-configured computers. See Adding New Computers (page 100).

Click New Computer on the console to create a new computer account. You can also click File > New > Computer or right-click in the Computers pane and select New Computer. When the new computer starts up you can assign it a preset account. Click New Group on the console to add a new group in the Computers pane of the Deployment console. You can also click File > New > Computer Group or right-click in the Computers pane and select New Group.

Deploy to groups of computers. Organize computers by department, network container, hardware configuration, software requirements, or any other structure to

Altiris Deployment Solution 6.8 SP2

97

meet your needs. You can deploy and provision computers on a mass scale. To filter computers in a computer group to schedule jobs only to the appropriate computer types, see Computer Filters and Job Conditions (page 83). Configure Computer Agents. See the property pages for modifying Deployment Agent settings. See Deployment Agents on page 112. View and configure computer properties. You can modify computer settings for each computer from the console. See Computer Configuration Properties (page 103). Or you can view the Computer Properties page for detailed access to a computers hardware, software, and network property settings. See Computer Properties (page 124). Run remote operations from the console. Perform operations quickly in real-time from a Deployment console. Restore a computer to a previous state, configure property settings, send a file, remote control, chat, set security, run deployment jobs or select from additional management commands. See Remote Operations Using Deployment Solution (page 127). Build and schedule jobs. Build deployment jobs with one or more management tasks to run on selected computers. Create jobs, add tasks, and assign the job to computer groups. Jobs can be organized and assigned for daily tasks or to handle major IT upgrades. See Building and Scheduling Jobs (page 147). Manage Servers. Deployment Solution also manages network or Web servers to administrate high-density server farms or server network resources across your organization. See the Deployment Solution Reference.

Viewing Computer Details


In Deployment Solution, a computer resource is identified in the console with a distinctive icon to display the computer type Windows desktop or notebook, handheld, server, or Linux operating system and its current status. These computer icons change to convey the state of the computer, such as the log on status, server waiting status, or user with a timed license status. You can also view the status of the jobs assigned to the selected computer in the Details pane of a Deployment console. See Viewing Job Details (page 147). The following is a sample list of computer icons displayed in each Deployment console, identifying computer type and state.

Computer connected to the Deployment Server with a user logged in.

Computer connected to Deployment Server but the user is not logged on.

Computer with a time-limited user license and a user logged on.

Altiris Deployment Solution 6.8 SP2

98

Computer not currently connected to the Deployment Server but known to the Deployment Database. A pre-configured computer with values defined in advance using the New Computer feature. As soon as the computer connects and the Deployment Server recognizes the new computer and changes the icon. See Adding New Computers (page 100). A managed computer waiting for user interaction before running deployment tasks. This icon appears if the Workstations check box is selected in Initial Deployment. See Sample Jobs in Deployment Solution (page 195). A master computer is identified as a computer used to broadcast images to other client computers.

A connected handheld computer.

A managed server connected to the Deployment Server with a user logged on. Additional icons identify different states of server deployment. A managed Linux computer connected to the Deployment Server with a user logged on. Additional icons identify different states of Linux computer deployment.

Physical view of Rack/Enclosure/Bay components for high-density server systems. These icons appear as physical representations to allow management of different levels of the server structure. In addition, server icons identify logical server partitions. See Bay (page 126) for properties and rules to deploy Rack/Enclosure/Bay servers.

Select the New Computers or All Computers group to run jobs or operations for these default groups identified by an icon in the Computers pane.

Additional computer groups can be added to the Computers pane to organize similar computer types or to list computers of similar departments or locations. Click New Group or select New > Computer Group to create a new group.

Altiris Deployment Solution 6.8 SP2

99

See also Deployment Agents (page 112).

Adding New Computers


Computers can be added to the Deployment Database using three methods: Install the Deployment Agent. If you install the Deployment Agent to a computer with the operating system already installed, the computer is added automatically to the Deployment Database at startup. New computers with the Deployment Agent installed are added to the All Computers groups (unless otherwise specified in the Deployment Agent configuration). You can move the computer to another group if desired. Use Initial Deployment to configure and deploy new computers booting to automation. Starting up a new computer with the Automation Agent lets you image the hard drive, assign IP and network settings, distribute personal settings and software, and install the Deployment Agent for new computers. Using Initial Deployment you can associate new computers with pre-configured computer accounts. These newly configured computers appear in the New Computers group. See Sample Jobs in Deployment Solution (page 195). Create or import computer accounts from the Deployment console. You can add new computers using the New Computer feature or import computers using a delimited text file. You can pre configure computer accounts by adding names and network settings from the console. See Creating a New Computer Account (page 101).

About New Computers


When a new computer starts up, if Deployment Server recognizes the MAC address provided in a New Computer account or import file, it automatically associates the user account at startup with the New Computer icon. If this value is not provided, the computer appears as a pre-configured computer account, letting you associate it to a new computer.

The New Computer icon appears for a new computer if the MAC Address is provided when creating a new computer account using any import or new computer account feature. A pre-configured computer account icon appears if specific hardware data (MAC Address) is not known. As soon as the computer starts up and is associated with a pre-configured computer account, Deployment Server recognizes the new computer and the icon changes.

A pre-configured computer account can be associated with a new computer using the Initial Deployment feature. You can create multiple pre-configured computer accounts and associate the account with a new computer when it boots to automation. At startup, the configuration settings and jobs assigned to the pre-configured computer account can be associated with the new computer.

Pre-configured Computer Account


Deployment Solution provides features to create a pre-configured computer account to pre-define a computers configuration settings and assign customized jobs to that

Altiris Deployment Solution 6.8 SP2

100

computer even if you do not know that computer's MAC address. This type of computer is known as a pre-configured computer account. Pre-configured computer accounts offer a great deal of power and flexibility, especially when you need to deploy several computers to individual users with specific needs. The pre-configured computer account saves your time because you can configure the computer before it arrives on site. You can set up as much configuration information (computer name, workgroup name, and IP address, for example) you know about the computer and apply it to the new computer as it comes online. You can also prepare jobs prior to the arrival of the new computer to deploy the computer using customized images, .MSIs and RIPs based on a user's specific needs. Example: a user might request Windows 2000 with Office 2000 and virus scanning software installed on the new computer. The user also might request that the computer personality (customized user settings, address books, bookmarks, familiar desktop settings) be migrated from the old system. You can build any job, including any of the available tasks, and assign it to a pre-configured computer account. When the new computer finally arrives, you are ready to deploy it because you have done all the work ahead of time. Boot the client computer to automation, and the new computer can connect to the server and become a managed computer. Now you can perform an Initial Deployment, or run a deployment imaging job on the new computer.

Creating a New Computer Account


You can create computer accounts for individual computers or for computer groups. When creating new accounts for computer groups, you can automatically assign new names and associate them with existing computer groups or the New Computer group.

Click New Computer on the console to create a new computer account. You can also click File > New > Computer or right-click in the Computers pane and select New Computer.

To create a new computer account


1. 2. Click Add. Enter names and configuration settings for each new computer account using the Computer Configuration screens. See Computer Configuration Properties (page 103) for a description of the configuration settings. Note If you do not enter a MAC address, the computer you create or import becomes a virtual computer. 3. 4. (Optional) Click Import to add new computers from a delimited text file. See Importing New Computers from a Text File (page 102). Click OK. A pre-configured computer account icon appears in the Computers pane. When a new computer starts up, you can assign it to this preset account.

Altiris Deployment Solution 6.8 SP2

101

To create and associate multiple computer accounts


You can create computer accounts and automatically assign predefined names. These computer accounts can be associated with computers in a selected computer group. 1. 2. Select a computer group, including the New Computers group (empty groups cannot access features). Right-click and select the Configure command. Enter names and configuration settings for each new computer account using the Computer Configuration screens. See Computer Configuration Properties (page 103). Click the Microsoft Networking category and click Define Range. This is optional. a. b. In Fixed Text box, type a base computer name. Example: enter Sales. Type a numeral or letter in the Range Start box to add to the Fixed Text name. This creates a unique name for a group of computers starting with the specified character. The range of numerals and letters is assigned to the computer name. Example: enter 3. Select Append to add the range of numerals after the computer name. Clear the check box to add names before the computer name. The example computer names begin with Sales3 and end with Sales7. d. 4. 5. Click OK.

3.

c.

Click Associate. You can now associate computers in a group (including the New Computers group) with the multiple computer accounts. Click OK.

Importing New Computers from a Text File


You can import computer configuration data using delimited text files (.txt, .csv, or .imp files) to establish multiple computer accounts in the Deployment Server database. This file contains all configuration data for a new computer, including all settings in the Computer Properties of a selected computer. 1. Click File > Import/Export > Import Computers. A dialog appears letting you select import files. These files can have .TXT, .CSV, or .IMP extensions. 2. Select the import file. Click Open. If a correctly formatted computer import file is selected, a message appears, informing you that the computer import is complete and identify the number of computers added. Click OK. New computers appear as pre-configured computer accounts in the Computers area of the console (as single computers or in groups), and any jobs imported from the import file are listed in the Jobs area. Note Jobs can be added to the import file. They can be created and associated with the new computers. If the computer import file is incorrectly formatted, a warning appears, stating that the computer import file is incorrect.

Altiris Deployment Solution 6.8 SP2

102

3. 4.

Edit computer settings by selecting a computer from the list and clicking Properties. The Computer Properties sheet opens to edit or add values not set in the import file, such as computer name, TCP/ IP settings, user name, and other configuration settings. Click OK. The imported computers appear in the Computers pane of the Deployment console.

5.

You can also import a computer to be placed in a sub-folder in the Computers pane and create a job to be associated with the imported computer. See the sample import file for additional information.

Referencing the Sample Import File


When creating an import file, use either the ImportComputers55.txt file or the ImportComputers55.xls file in the Samples folder of the Deployment Share. The ImportComputers55.txt file provides a sample import template you can access to test the Import feature. The ImportComputers55.xls file is a Microsoft Excel spreadsheet that lets you add values to each identified column and save the file as a delimited TXT file to import to the Deployment Database. The sample import file places a computer (DB Computer 1) in a computer group (Test Group) and adds a job (Test Job) that is associated with the imported computer. Note Altiris Deployment Solution 5.5 and later use the 5.5 format for importing computers. Previous versions of Deployment Solution use the 4.0 format.

Deploying New Computers on a Mass Scale


If you need to deploy large numbers of computers (100 to 5,000), consider using a barcode scanning system to collect user information (names, operating system, and application needs) and computer information (MAC address, serial numbers, asset tags). You can save this information to a file, which can be imported into the New Computers List View. Depending on the number of incoming computers, the amount of information you have about those computers, and the needs of individual users, you can use either the pre-configured computer account method (best for smaller numbers of new computers) or the Initial Deployment job (best when deploying generic setups by departments or groups). If you are using an import file, ensure you know the primary lookup key. This is the piece of information that Deployment Server needs to set up a unique computer. The primary lookup key can be the Serial Number, Asset Tag, UUID, or MAC address.

Computer Configuration Properties


These computer property settings can be viewed, set, and modified when performing the following computer management operations: Adding New Computers (page 100). Modifying Configuration (page 182). Create or edit property settings in a deployment job.

Altiris Deployment Solution 6.8 SP2

103

Sample Jobs in Deployment Solution (page 195) configuration settings. Click the configuration group icons to set additional computer property values. After you edit these computer property settings, the computer restarts so that the changes can take effect.

General Configuration Settings

Set the most important value from this property sheet. It includes the name of the computer in Deployment Solution, the NetBIOS name of the computer, the MAC address and other settings. Set the Windows name of the computer and the Workgroup or Domain settings. Set the TCP/IP addresses for one or more network adapters. Set Novell Directory Services client logon options. Set the registered user name and view the hashed installation license key for the installed operating system. Set the local Windows user account values.

Microsoft Networking Configuration Settings TCP/IP Configuration Settings NetWare Client Configuration Settings Operating System Licensing Configuration Settings User Account Configuration Settings

General Configuration Settings


The General category provides access to important property settings that are also listed in other configuration categories. Click other category icons to view and set additional configuration properties.

Field
Name

Description
Provides a name that appears in the Deployment console (not the BIOS name of the computer). Note The Name box is disabled for multiple computer configuration.

MAC address Serial Number Asset Tag Computer Name IP Address Registered User

The unique identification address of the network adapter. The serial number of the computers motherboard. The asset tag of the computer, if available. The Windows name of the computer. Current IP address of the computer. Multiple IP addresses are listed in this box. The name of the user who registered the operating system software

Altiris Deployment Solution 6.8 SP2

104

Field
License key User name Full name. Password

Description
The hash value rendered from the OEM key or 25-digit license key required when installing the operating system. The user name for the local Windows user account. The full name for the local Windows user account. The password for the local Windows user account. See also Computer Configuration Properties (page 103).

Microsoft Networking Configuration Settings


Enter the computer name and workgroup or domain property settings for the managed computer. If you are using Active Directory, you can add computers to a domain and a specified organizational unit (OU).

Use Sysprep to generate unique SIDs. This can be done by manually running the utility or selecting this feature while installing the Deployment Agent.

Field
Computer Name

Description
This is the NetBIOS name for the computer. The name must be unique in the network and is limited to 15 characters. Note The Computer Name box is disabled for multiple computer configuration.

Altiris Deployment Solution 6.8 SP2

105

Field
Use Token for computer name

Description
Select the check box to specify the computer name using tokens. Selecting this option enables the Select Token option and disables the Define Range option. Note This option is applicable for multiple computers and not for single computers.

Select Token: You can select one of the six tokens from the drop-down list. %NAME%- Complete computer name. %NICyMACADDR%- MAC address of the computer with NIC specific number. Selecting this option enables the NIC Number option. You need to specify the NIC number, which ranges from 1-8. %SERIALNUM%- Serial number from SMBIOS. %NODENAME%- First 8 characters of actual computer name. The NIC Number textbox is visible for NIC number input; the default value is 1. Define Range Click to create a sequential range of computer names. The Computer Name Range dialog appears. For new computers, set a range of names for multiple new computers: Fixed text. Enter the text portion of the name which you want associated with each computer, for example:

Marketing.
Range start. Enter a whole number to add to the fixed text, for example: 1. Append. Select this check box to add the range after the fixed text in the computer name. If you clear this box the number is added as a prefix to the fixed text. Result. View an example of the selected names that is assigned to each computer. Example: Marketing...Marketing6. Note When setting name ranges, do not set names using multiple Modifying Configuration tasks and assigning the names by Setting Conditions for Task Sets. If you set up two separate name ranges to be assigned by separate conditions, the computer names increment irrespective to the base name. See also Computer Configuration Properties on page 103. Workgroup Click and enter the name of the workgroup to place the managed computer.

Altiris Deployment Solution 6.8 SP2

106

Field
Domain

Description
Enter either the fully qualified domain name, the DNS domain name, or the WINS domain name. You can enter the fully qualified domain name (example: mjones.yourcompany.com), and specify the organizational unit (OU) using this format: OU/ newOU/users. The complete entry to place the computer in the users OU is the following:

mjones.yourcompany.com/OU/newOU/users internal.myServer.org/New Corporate Computer OU/ Mail Room/Express Mail Servers

TCP/IP Configuration Settings


Enter TCP/IP settings for one or more network adapters. Click Advanced to setup IP interfaces, DNS, and WINS. For computer groups, click Associate to assign a range of pre-defined IP addresses.

Field
Host name Network Adapter

Description
The DNS name of a device on a network. The name is used to locate a computer on the network. A list of all network adapters installed in the selected computer. The network adapter with the lowest bus, device, and function number is the first listed (NIC0 - zero based). If the bus, device, and function information cannot be determined for a network adapter, it is enumerated in the order it is detected. When configuring multiple network adapters, ensure that one network adapter is not using an Intel Universal NIC driver (commonly called UNDI driver) to connect to Deployment Server. If one network adapter uses the native driver and one uses an UNDI driver, your computer appears twice in the console. Add. Enter new settings for additional network adapters installed on the client computer. You can add virtual network adapter settings to send a job to a computer group containing computers with varying numbers of network adapters. If a computer in the group has only one network adapter, it is configured only with the IP settings listed first. If IP settings are provided for additional network adapters not present in the computer, they are disregarded. If you add a new network adapter, the Remove button is populated. You can remove the new network adapter by clicking Remove. See also Computer Configuration Properties (page 103).

Altiris Deployment Solution 6.8 SP2

107

Field
Description

Description
MAC Address. The MAC address is a unique number assigned to the network adapter by the manufacturer. You are unable to change this number. The MAC address appears in this box when viewing computer configuration settings. This box is disabled when creating a Modify Configuration task. DNS connection Suffix. Enter this to add domain suffixes to the root address. Obtain an IP Address automatically. Use the following IP address. Obtain DNS server address automatically. Obtain the following DNS server addresses. Reboot After Configuration. To restart the computer after configuration, select this option.

TCP/IP Advanced Options - IP interfaces


IP Interfaces (Linux and Windows type only). Click Add to set named interfaces for this network adapter. Use this tab to add TCP/IP addresses to an existing network adapter card on Linux or a Windows operating system.

Field
IP Address Subnet mask

Description
Add or modify an IP address common to all interfaces. Enter the appropriate subnet mask.

Field
Interface Name

Description
Establish Linux-specific IP interface settings. Ensure you use the eth syntax when naming new interfaces, for example: eth0:1 or eth0:new interface. Enter the Broadcast address for the specified IP interface. The default value of the interface state is Up, which denotes that the named interface is operating. You can shut down the named interface by selecting Down. See also Computer Configuration Properties (page 103).

Broadcast Address Interface State

Altiris Deployment Solution 6.8 SP2

108

TCP/IP Advanced Options - Gateway


View Gateway addresses. Click Modify to edit an existing IP address. Use the up and down arrows to move an address to the top of the list, which acts as primary address. Review all selection by clicking the TCP/IP option on the Configuration page.

Field
Gateway DNS

Description
Add additional gateways for this network adapter. DNS Server Address: Add additional Domain Naming Servers (DNS) for this network adapter. Append these DNS Suffixes (in order): Add the name of the Domain Suffix, and use the up and down arrows to set the DNS suffix search order.

WINS

Add additional WINS settings for this network adapter. Select Enable or Disable NetBIOS over TCP/IP, or Use NetBIOS settings from DHCP server for this network adapter. Note You cannot edit this information in the Windows 98 operating systems. The Deployment Console disables the edit feature on those types of clients. See also Computer Configuration Properties (page 103).

Static Routes

This displays the static route information for the computer you are viewing. See also TCP/IP Advanced Options - Static Routes (page 110).

TCP/IP Advanced Options - DNS


Click Add to set a new DNS address. DNS Server Address: Add additional Domain Naming Servers (DNS) for this network adapter. Append these DNS Suffixes (in order): Add the name of the Domain Suffix and use the up and down arrows to set the DNS suffix search order.

TCP/IP Advanced Options - WINS


Click Add to set a new WINS address. Add additional WINS settings for this network adapter. Select the Enable NetBIOS over TCP/IP, Disable NetBIOS over TCP/IP, or Use NetBIOS settings from DHCP server option for this network adapter. Note You cannot edit this information in the Windows 98 operating systems. The Deployment Console disables the edit feature on those types of clients.

Altiris Deployment Solution 6.8 SP2

109

TCP/IP Advanced Options - Static Routes


Field
Destination Netmask Gateway Interface Metric Flags (Linux)

Description
IP address of the destination Deployment Server. Subnet mask. Additional gateways required to reach the destination server. IP address for the interface over which the destination can be reached. Cost associated with the route Enter the flag associated with a linux specific operating system. Possible flags include: U (route is up) H (target is a host) G (use gateway) R (reinstate route for dynamic routing) D (dynamically installed by daemon or redirect) M (modified from routing daemon or redirect) A (installed by addrconf) C (cache entry) ! (reject route)

NetWare Client Configuration Settings


Set Novell NetWare client values for a new or existing computer. Select whether you want to log in directly to a NetWare server or to a NetWare tree in the Novell Directory Service (NDS). You can specify the preferred tree, server name, and NDS context.

Field
Ignore NetWare settings Preferred server

Description
Select to disregard all Novell NetWare client settings for this computer. Clear to specify the required information. Click and enter the name of the NetWare server, for example:

\\OneServer. This is the primary login server for the NetWare


client. Preferred tree NDS User name NDS Context Click and enter the name of the NDS tree. Click and enter the name of the user object for the NetWare client. Click and enter the organizational unit context for the user.

Altiris Deployment Solution 6.8 SP2

110

Field
Run login scripts

Description
Select this option to run the NetWare client login scripts. See also Computer Configuration Properties (page 103).

Operating System Licensing Configuration Settings


Enter or view the license information for your Windows operating system software (Windows 98, 2000, XP, and 2003 Servers).

Field
Registered user Organization License key

Description
Enter the name of the registered user. Enter the name of the organization. Enter the alpha-numeric license key. This is the hash value rendered from the OEM key or 25-digit license key required when installing the operating system. See also Computer Configuration Properties on page 103.

User Account Configuration Settings


Set up local user accounts for the newly imaged computer or when running a configuration task. Enter a user name, full name, and password; and set standard Windows login options.

Field
User name Full name Password Confirm Password Groups

Description
The user name for this local Windows user account. The full name for this local Windows user account. The password for this local Windows user account. Confirm the password for the local Windows user account. Specify the Windows groups that this user belongs to as a comma-delimited list, for example: Administrators,

Marketing, Management

Altiris Deployment Solution 6.8 SP2

111

Field
User must change password at next logon User cannot change password Password never expires

Description
Select to force the user to change the password after setting the configuration properties.

Prohibit the user from changing the password at any time.

Select to maintain the user password. See also Computer Configuration Properties on page 103.

Deployment Agents
To remotely manage computers from a Deployment console, a Deployment Agent is installed on each computer in the Deployment Server system. Deployment Agents are provided for various computer types, including Windows, Linux, DOS, and PPC Handhelds.

To set or modify Deployment Agent settings from the Deployment Server Console, right-click a computer or group and select Change Agent Settings and click Production or Automation. To set or modify agent settings for new computers, click Tools > Options, click Agent Settings.

The following Deployment Agents reside on the client computer and communicate with the Deployment Server.

Deployment Agent on Windows Deployment Agent on Linux

The Deployment Agent runs on Windows computers, including desktops, notebooks, and servers. See Deployment Agent Settings (page 113). This Deployment Agent runs on Linux workstations and servers. See Deployment Agent Settings (page 113). The Automation Agent is used when you create configurations to boot client computer to automation. This is done through Boot Disk Creator. See Boot Disk Creator Help and Install Automation Partition (page 137). This agent runs on the HP T5000 computer devices running the CE .NET 4.2 operating system. See Deployment Agent for CE .NET (page 122).

Automation Agent

Deployment Agent on CE .NET

Altiris Deployment Solution 6.8 SP2

112

Notification Server Client

The NS client is an Altiris agent that runs on computers supported by Notification Server. This agent runs on the Deployment Server computer when running Deployment Solution on Notification Server. This agent runs on the Deployment Server computer when running Deployment on Notification Server.

Deployment Server Agent

Install Deployment Agent to add a managed computer


When a Deployment Agent is installed on a computer, it searches across the network for a Deployment Server to attach to. When a Deployment Server is located by the Deployment Agent, the client computer is added as a record to the Deployment Database.

When the Deployment Agent for Windows is running on a computer, the user sees a small icon in the system tray. When the icon is blue, the client computer running the Deployment Agent is connected to the Deployment Solution system. When the Deployment Agent for Windows icon is clear, it shows that the client computer is not connected to the Deployment Solution system. The agent may be configured incorrectly, the Deployment Server is down, or other network problems exist.

Automatically update to newer version of Deployment Agent


At times, Altiris may update versions of the Deployment Agent to enhance features. For best performance, we recommend that all managed computers run the latest version of the Deployment Agent. When a new version of the Deployment Agent is saved to the Deployment Share file server, the managed computers automatically update the Deployment Agent. 1. From the computer where Deployment Server is installed, click Start > Programs > Altiris > Deployment Solution > Configuration. The Deployment Server Configuration utility appears. Click Options. Click Transport. Select the Automatically update clients option.

2. 3. 4.

Deployment Agent Settings


You can set the default agent settings for when new client computers are added to the system that the Deployment Server will manage.

Altiris Deployment Solution 6.8 SP2

113

You can also modify the properties settings for the Production or Automation Agent through the Automation Agent. To set or modify agent settings in the Deployment Server Console for Windows or Linux clients, right-click the computer and select Change Agent Settings > Production Agent Settings. To set or modify agent settings for the Deployment Agent, click Tools > Options. Click the Agent Settings tab. Select the Force new agents to take these default settings check box to set the Deployment Agent settings for all new computers. Click each agent setting tab to set properties. Click OK. To view or modify settings from the Windows client, right-click the Deployment Agent icon in the system tray (or double-click the client icon in the system tray and click Properties).

When the client agent is first started, the agent establishes a connection to the Deployment Server using the following general steps: 1. 2. 3. 4. 5. The agent service is started and initialized. A TCP socket is created. A connection is made to the Deployment server. The agent is updated, if required. A basic inventory of the client is sent to the Deployment Server.

After the initial connection process is complete, no additional data needs to be sent to or from the Deployment Server for the client agent to remain connected. Note If no Deployment Solution traffic is sent to the Deployment System agent, the TCP/IP protocols send an occasional watchdog packet (approximately every 24 hours) to ensure that the connection is still valid.

Deployment Agent Properties


Right-clicking the Deployment Agent icon gives you access to the following options: View status. Brings up the Altiris Client Service box to observe the current status of the Deployment Agent. You can also see the computer name, deployment server connected to, IP address, multicast address, and MAC address. You can also watch Deployment Agent communicate with the Deployment Server. Clicking Properties lets you edit the Deployment Agent properties. Passwords protect this option. About. Displays the version and licensing statement for Deployment Agent. Passwords have no effect on this option. View log file. View the Deployment Agent log file, if you have chosen the option to create a log file. Passwords have no effect on this option. Clear log file. Clear the log file that has been created.

Altiris Deployment Solution 6.8 SP2

114

Shutdown for imaging. Make an image of a computer without using a job. This makes the required preparatory changes to the computer before an image is made. Failure to do this breaks the reconfiguration phase when deploying the image using a job. Passwords protect this option. Change Name in Console. Change how this computer is listed in the deployment server console. This option does not change the NetBios name of the computer or the name of the computer in the database, but only changes the name of the computer displayed in the Computers window. Passwords protect this option. Remove. Uninstall Deployment Agent from the computer. Passwords protect this option. Exit. Stops all Deployment Agent services from running but does not uninstall Deployment Agent. Deployment Agent loads normally the next time you boot the computer. Passwords protect this option. User Properties. Quickly go to the User Properties page to view or make changes. Passwords protect this option. Admin Properties. Quickly go to the Admin Properties page to view or make changes. Passwords protect this option. Show Network Interfaces. View what network cards are in your computer. Passwords protect this option. The following configuration properties (organized using tabs in the dialog) are included in the Production Agent Settings dialog.

Server Connection Access Security

Log File Proxy Startup/Shutdown

Server Connection
Connect directly to this Deployment Sever. Select this option so that the client receiving the Deployment Agent connects to the Deployment Server you selected to configure. Address/Hostname. Enter the IP address or NetBIOS name of the Deployment Server computer. Port. Enter the port number communicating with the Deployment Server. Enable key-based authentication to Deployment Server. Select this option to require that the client computers that are trying to connect to the Deployment Server. This helps keep rogue computers from connecting to unauthorized Deployment Servers. Discover Deployment Server using TCP/IP multicast. Managed computers can use the multicast address if they are on the same segment as the Deployment Server or if multicast is enabled on the network routers. Ensure that the multicast address and port match those set up on the Deployment Server. Try using defaults on both the client and Deployment Server if you are having problems connecting. Managed computers should use the Deployment Server IP address if multicasting is disabled on the network routers or if they are not on the same network segment as the Deployment Server. The port number must match the number set on the Deployment Server. Otherwise, your clients cannot connect.

Altiris Deployment Solution 6.8 SP2

115

Server Name. Enter the NetBIOS name of the computer running the Deployment Server. Port. Enter the port number distributing the multicast address. Multicast Address. Enter the group multicast address. TTL. Specifies the number of routers the multicast request can pass through. Change this setting if you need to find a Deployment Server that is more than 32 routers away (default setting) or if to restrict the search to a smaller number of routers, making it easier to find the closest Deployment Server. Refresh connection after idle. Select the Refresh Connection after idle check box and set the refresh time by hours or days. The Deployment Server closes the connection after the specified time and immediately tries to re-open the connection. This forces clients to realize the network is down. The default checking is of 28800 seconds or 8 hours. We recommend keeping this setting above 28800. Do not set this option too lowreconnecting to the Deployment Server increases bandwidth when connecting. If this option is set too low you can run into problems where it takes longer for your clients to connect than to refresh their connections. Abort files transfers if the rate is slower than. Preserve bandwidth on slower connections by selecting this option, which saves bandwidth when running deployment tasks on slower connections.

Access
Set these commands to control how the client handles requests from the server. Allow this computer to be remote controlled. Select to let the administrator to remote control the selected computer. The default setting is to NOT allow the computer to be remote controlled. Prompt the user before performing actions. Shutdown and Restart. Select for the user to be prompted before shutting down or restarting the computer. This feature overrides the Power Control option from the Deployment Server to Force applications to shut down without a message. Copy file and Run command. Select for the user to be prompted before running a program or executing file copy commands Remote Control. Select for the user to be prompted before running the Remote Control commands. You can set a default time before running or aborting the commands. Select the time for the user to respond and either continue with the operation or abort the operation. Time to wait for user response. If one of the Prompt the user before perform actions is selected and the user is not at the computer to respond, you need to decide whether to continue or abort. Select the amount of time you want to wait for a response, and select one of the following: Continue the operation. Click to continue without receiving a response from the user. Abort the operation. Click to not continue without receiving a response from the user.

Altiris Deployment Solution 6.8 SP2

116

Select when the Deployment Server is denied access to the Deployment Agent. Select the days and set the start and end times when access to the Deployment Agent is denied.

Security
This page lets you secure data between the Deployment Server and the Deployment Agent, or to set a password so that the user on the client computer can only view and modify the User Properties of the Altiris Client Settings on the managed computer. Encrypt session communication with Deployment Server. Select to ALLOW encryption from this managed client computer to the Deployment Server. This lets encrypted data transmissions between the Deployment Server and the Deployment Agent on the client computer. If selected, the client computer can connect (but is not required to connect) using encryption. To enable encryption protocols, you must open the Deployment Configuration tool and select the Transport tab. Select the Allow encrypted sessions with the servers check box to let Deployment Server transmit using encryption protocols. Require encrypted session with any servers. Select to require encryption between the managed client computer and the Deployment Server. If this option is selected and the option to allow encryption in the Deployment Configuration tool is not selected, the Deployment Server does not communicate with the Altiris Client on the managed client computer. Note Selecting encryption options slows down the communication path between the agent and the Deployment Server. Password protect Admin properties from user. Select to let users on the managed computer to access the Admin properties only if they enter the set password. If the box is selected and the user does not know the password, they will have rights only to open the User Properties, which includes only the User Prompts and Remote Control tabs on the Altiris Client Settings dialog. Enter the password in the Password field and reenter the password for confirmation in the Confirm Password field. Hide client tray icon. Select to hide the Altiris Client icon in the system tray of the managed computer. If you hide the icon, you are required to run AClient.exe -admin to view and modify the complete administration properties from the managed client computer.

Log File
The Log File property page controls how data is logged and saved in a Deployment Server system, letting you save different types and levels of information to the log files. You can save a text file with log errors, informational errors, and debugging data using this dialog. If the log exceeds the specified size, the older data is dropped from the files. You can maximize the size of the log file to save all selected data. Save log information to a text file. Click to save information to a log file. File name. Enter the name and path of the log file. The default is to save the log file to the \Program Files\Altiris\AClient\AClient.log file.

Altiris Deployment Solution 6.8 SP2

117

Maximum size. Enter the maximum number of bytes for each log file. Log errors. Select this option to save only the errors returned when running a job or operation between the Deployment Server and the Deployment Agent. Log informational messages. Select this option to save a list of procedural steps run on the client computer. Log debugging information. Select this option to list comprehensive debugging information in the text file. Use this tab to save the Deployment Agent log file. By default, the option Save log information to a text file is cleared. Select it to enter a file name for the log and the maximum size for the log file. Note If the log exceeds the specified size, the older data is dropped from the files, so it is recommended to provide maximum file size.

Proxy
Typically, remote networks on the other side of a router or switch cannot receive multicast or Wake On LAN packets from the Deployment Server. Setting the managed computer as a proxy client computer forwards or re-creates the multicast packets. A managed client computer setup as a multicast proxy simply acts as a Deployment Server and advertises the servers name and IP address through multicasting. Or you can set the managed computer as a proxy to send Wake On LAN packets. Set these options to control how the managed computer acts as a proxy agent, identifying the type of traffic this managed computer forwards from the server. Forward Wake-On-LAN packets. Select if you want the managed computer to forward Wake on LAN packages. Forward Deployment Server discovery multicast packets. Select if you want to advertise the Deployment Server to client computers on another LAN segment or if the client computer is on the other side of the router. Send multicast advertisement every. Set the time by seconds, minutes, hours, or days for managed computers send multicast advertisement.

Startup/Shutdown
Delay starting jobs after system startup. Set the time by seconds, minutes, hours, or days for managed computers to delay jobs until after system startup. Specify the Windows boot drive. Specify the drive that the client computer boots from. The default is the C drive. Force all programs to close when shutting down. Select this option to shut down applications when using Power Control features. The user is still prompted to Abort or Continue the shutdown. Synchronize date/time with Deployment Server. Select this option to synchronize the system clock of managed computers with the time of the Deployment Server. Prompt for a boot disk when performing automation jobs. Select this option to prompt for a boot disk while doing any automation jobs. Advanced

Altiris Deployment Solution 6.8 SP2

118

Disabled direct disk access for Deployment Agent for DOS (BootWorks) communication. Select this option to disable the direct disk access for Automation communication.

Deployment Agent for Linux


The Deployment Agent for Linux is an agent software that runs on managed Linux computers. The agent collects and sends data from the managed computer to the Deployment Server system, executes deployment tasks sent from the server, installs packages, and runs management processes as directed from a Deployment console. See Installing Deployment Agent on Linux (page 350) for additional information. A Linux managed computer is identified in the Deployment console by unique Linux icons reflecting deployment and process status, letting you deploy and manage computers just like the Deployment Agent for Windows, with the following exceptions: Deployment Task Create Disk Image Distribute Disk Image Scripted OS Install Distribute Software Capture Personality Distribute Personality Change Configuration Run Script Copy File Shutdown/Restart Deployment Agent for Windows Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Deployment Agent for Linux Yes Yes Yes Yes No No Yes Yes Yes Yes

Deployment Agent Settings for DOS


You can configure property settings for the Automation Agent for specified computers or computer groups. You can remotely maintain important agent settings and update settings as required from the console.

To set or modify agent settings for a specific computer, right-click the computer icon and select Change Agent Settings > Automation Agent in the Deployment Server Console. To set or modify agent settings for ALL computers, click Tools > Options, click Agent Settings > Change Default Settings.

When a new client computer connects, it receives the default agent settings from Deployment Server for drive mappings, authentication, and LMHost entries. Each client computer still has the capability to maintain its unique settings for the Deployment Agent for DOS as set in the Boot Disk Creator. Automation Agent Settings include the following property settings:

Altiris Deployment Solution 6.8 SP2

119

Drive Mappings (page 120) Authentication (page 120) Network (page 120)

Drive Mappings
Set drive mappings used by the Deployment Agent for DOS to access hard disk image files and other packages from a specified network drive. It is required that the F Drive be mapped to the Deployment Share. You can also map other file server directories when storing large numbers of image files or deployment packages. Drive Mapping. Enter the drive letter and volume of a shared folder, for example:

F: \\WebDeploy\Image files.
Note You must select a shared folder in this field. From the browse window you can select any type of folder, but the Deployment Agent for DOS only maps to and accesses files from a shared folder. Path. Enter a UNC path. See also Deployment Agents (page 112).

Authentication
Provide the login credentials that Deployment Agent for DOS requires to map network drives. The associated credentials for each network drive must have the rights that the Deployment Agent for DOS requires administrative rights to access files. Domain/Workgroup. Enter the name of the Domain or Workgroup of the user that the Deployment Agent for DOS uses to log on as to map the network drives. User name. Enter the name of the user that the Deployment Agent for DOS logs on as to map the network drives. Password. Enter the password. Confirm Password. Retype the password for confirmation. See also Deployment Agents (page 112).

Network
These settings let you match the IP address with the computer name, as maintained in the LMHosts file in the Deployment Agent for DOS partition. 1. 2. 3. Click Add. The Add LMHosts Entry dialog appears. Enter the Computer Name. Enter the name of a computer to associate with an IP address. Enter the IP Address. or Click Lookup IP. This automatically populates the field with the IP address of the entered computer name. 4. Click OK.

Altiris Deployment Solution 6.8 SP2

120

See also Deployment Agents (page 112).

Remote Desktop Connection Client


The option to remotely connect to a Vista computer using the Remote Control option has been disabled. You cannot use the Remote Control option for a Vista computer. However, a new option has been added. You can connect remotely using the Remote Desktop option for a Vista computer.

To remotely connect to a Vista computer


1. 2. Open the Deployment Console and right-click the Vista computer you want to remotely connect. Click Remote Desktop. The remote desktop window for the computer appears. The remote desktop connection is established to the Vista computer.

To remotely connect to multiple computers using the Remote Desktop option


1. 2. Open the Deployment Console and right-click the computer you want to remotely connect. Click Remote Desktop. The remote desktop window for the computer appears. The remote desktop connection is established to the computer.

To remotely connect to multiple computers


1. 2. 3. Open the Deployment Console and right-click the computers you want to remotely connect. Click Remote Control. The Remote Control Options dialog appears. Select Control each client separately in its own window to remote control each computer separately. or Select Control all clients together, in the same window, using the following master to remote control the selected computers together and select the master computer. 4. Click OK. The remote control connection is established for the computers.

Agent for Macintosh Management


The Agent for Macintosh management can be installed on Macintosh Platforms 10.2 and later. It lets the running of scripts, configuration changes and basic Deployment Solution inventory. The agent is installed on Macintosh platforms by the Deployment Console through an Agent Installer. The agent can also be removed through a script or a remote agent install/uninstall mechanism. Macintosh computers have the operating system already installed. You can install the agent on the Macintosh computers through the Deployment Console and the remote agent installer. After the agent is installed, you can schedule a job to copy files from the Macintosh computers to a remote file share.

Altiris Deployment Solution 6.8 SP2

121

You can run a script that makes a configuration change to the Macintosh operating system. You can also run a script that copies an install file from a remote share and another script that installs the package to that computer.

Deployment Agent for CE .NET


Deployment Solution manages Hewlett-Packard T5000 computer devices running the Windows CE .NET 4.2 operating system. These computer devices ship with the Deployment Agent for CE .NET already installed and appear in the Deployment Console as managed computers when attached to the network. The Deployment Agent performs the following limited tasks on the Windows CE .NET platform: Modify Computer Configuration (the computer name and TCP/IP Setting only) Distribute software (.cab and .exe files) Execute and run scripts (DOS and WIN batch files) *no VBS support Copy files and directories Create disk images Distribute disk images Remote Control clients (24-bit color depth only. No chat or send file features) Power Control (restart/shutdown/wake up jobs) Set computer properties Create conditions to run jobs and filter computers Modify client properties through Windows and Linux agent settings Additional features included with other Deployment Agents are not supported in the Deployment Agent for CE .NET.

To install the Deployment Agent for CE .NET if deleted


If the Deployment Agent for CE .NET is deleted on the managed computer, it can be installed from the Deployment Server \ Agents \ CEAgent folder in the Deployment Share. From the managed computer you can access the Deployment Share and launch the file to install the agent. Example: type this command from the client computer:

\\<computer name>\express\Agents\CEAgent\CEClient_6.1.xxx.exe install Notes for Deployment Agent for CE.NET


The default image on a CE .NET Thin Client with 32 MB of flash RAM leaves 4 MB free disk space. When trying to install an embedded automation package using the Distributing Software task, you may get the following Error 112: Not enough disk space for package. If you select Start > Settings > Control Panel > System > Memory tab and move the slider to let more than half of the memory to be allocated to Storage Memory, you can execute a job that copies an embedded automation package to the \Temp folder on the CE .NET device and execute a Windows Run Script task containing Start \Temp\<Embedded BootWorks Package.exe>. This installs the Automation Agent and leaves 1 MB of free disk space on the device. If the slider shows less than half the memory available allocated to Storage Memory, Windows CE may not restart.

Altiris Deployment Solution 6.8 SP2

122

Another option for freeing up additional disk space is to uninstall the pre-installed HP applications, letting you free up to as much as 10 MB of disk space. This lets you install an embedded automation package through a Distribute Software task. Again, if the slider is not placed around the middle of the Memory tab, an Error 112 may occur. See also Deployment Agents (page 112).

Managing Client Connections


The following utilities are provided for managing transmissions between the Deployment Server and Deployment Agents running on the managed client computers.

Reset a Client Connection


Resetting the connection that a managed computer has with the Server simply disconnects and reconnects the computer. This is useful for troubleshooting or if you suspect there is a bad connection. To reset a client connection, right-click a computer and click Advanced > Reset connection. When the computer disconnects, its icon turns gray. The computer should reconnect and its icon color returns to its original active status color.

Reject or Retrieve a Rejected Computer


If a computer you do not want to manage connects to your Deployment Server, you can reject it. This removes the unwanted computer from the Computers pane in the console. Further attempts by the computer to connect are denied. Although the computer is not deleted, any history or schedule information associated with the computer is deleted. 1. 2. 3. Right-click the computer you want to reject from connecting to the Deployment Server. Click Advanced > Reject Connection. Click OK.

Rejected computers are stored in a Rejected Computers list. Select View > Rejected Computers to view this list.

Accept a Previously Rejected Computer


If you now want to accept a previously rejected computer, you can retrieve it and reconnect it to the Deployment Server. 1. 2. 3. 4. Click View > Rejected Computers. From the list, select the computer you want to retrieve. Click Accept Computer(s) to remove the computer from the rejected list (this doesnt delete the computer, just removes it from the list of rejected computers). Click Yes to confirm the action, click Close.

This client computer may now be managed from within the Computers pane. Connection requests from this client computer are now allowed. See also Deployment Agents (page 112).

Altiris Deployment Solution 6.8 SP2

123

Computer Properties
View and edit the computer properties for each managed computer.

View and edit computer properties by double-clicking a computer icon in the Computers pane, or right-clicking and selecting Properties, or clicking the icon in the toolbar.

General

Services Devices Location Bay Lights-Out

Hardware Drives Network Configuration TCP/IP Applications

General
View or change the name of the computer as it appears in the console. You can view the following: logged in user names, operating system installed, name of the Deployment Server, whether or not an automation partition is installed, version of the Altiris Windows Client, and other client information.

See also Computer Configuration Properties (page 103).

Hardware
View processor make and type, processor count, RAM installed on the computer, display configuration, manufacturer, model, product name, MAC address of each network adapter installed, serial number, asset tag, UUID, and whether or not Wake On LAN and PXE are installed and configured.

See also Computer Configuration Properties (page 103).

Drives
View information about each drive on the computer. If you have multiple drives, you can select a drive from the list to view its settings, such as the capacity, serial number, file system, volume label, and number of drives installed.

Altiris Deployment Solution 6.8 SP2

124

See also Computer Configuration Properties (page 103).

Network Configuration
View Microsoft Networking, Novell Netware settings, and user information for the selected managed client computer.

See also Computer Configuration Properties (page 103).

TCP/IP
View TCP/IP information, including a list of all installed network adapter cards (up to eight) for the selected computer. Click Change to open the configuration window to modify settings (see Configuring Computers on page 130).

See also Computer Configuration Properties (page 103).

Applications
View the applications that are installed on the computer, including description, publisher, version number, product ID, and systems components.

See also Computer Configuration Properties (page 103).

Services
View the services installed on the computer as well a description, start type, and path for each service.

See also Computer Configuration Properties (page 103).

Devices
View the devices installed on the computer, including display adapters, disk drives, ports, storage volumes, keyboards, and other system devices.

Altiris Deployment Solution 6.8 SP2

125

See also Computer Configuration Properties (page 103).

Location
View and edit user-specific properties such as contact name, phone number, e-mail address, department, mail stop, and site name. As the administrator, you can enter this information manually or you can let the user populate this screen using Prompt User for Properties.

See also Computer Configuration Properties (page 103).

Bay
View location information and other properties for Rack / Enclosure / Bay components for high-density and blade servers. Set rules for automatic re-deployment of blade servers based on physical location changes. This property is available only to systems using blade servers.

Server Deployment Rules


From the Bay property page, you can select rules to govern actions taken when a new blade server is detected in a selected bay. These rules are described below:

Rule
Re-Deploy Computer

Action
Restore a blade server using deployment tasks and configuration settings saved from the previous server blade in the bay. This lets you replace new blades in the bay and automatically run deployment tasks from its deployment history. (See Restoring a Computer from its Deployment History on page 129.) All deployment tasks in the bay's history are executed starting from the last Distributing a Disk Image task or Scripted OS Install task, or from any script (in a Run Script task) with this command: rem deployment start.

Run Predefined Job Ignore the Change

The server processes any specified job. Select a job to run automatically when a new server is detected in the bay. This option lets you move blades to different bays without automatically running jobs. The server blade placed in the bay is not identified as a new server and no jobs are initiated. If the server existed in a previous bay, the history and parameters for the server are moved or associated with the new bay. If the server blade is a new server (never before identified), the established process for managing new computers is executed. (default) No job or tasks are performed (the Deployment Agent on the server blade is instructed to wait). The icon on the console changes to reflect that the server is waiting.

Wait for User Interaction

Altiris Deployment Solution 6.8 SP2

126

See also Computer Configuration Properties (page 103).

Lights-Out
View information about the remote management hardware installed on the selected computer (most often a server) used to power up, power down and restart the computer remotely, or to check server status. You can also enter the password for the remote management hardware by clicking Password.

Note This feature is currently only available for selected HP Integrated Lights Out (ILO) and Remote Insight Lights-Out Edition (RILOE) features. See also Computer Configuration Properties (page 103).

Remote Operations Using Deployment Solution


The Operations menu in the Deployment console provides a variety of commands to remotely manage all computers in your site or network segment. Some operation commands, such as Restore, automatically create and schedule deployment jobs and place them in the Systems Jobs folder in the Jobs pane. Other commands, like Chat or Remote Control, open utility programs to access and remotely manage computers.

Open the computer operations menu by right-clicking a computer icon in the Computers pane, clicking Operations on the menu bar, or clicking the icons in the toolbar.

Restore

Reconfigure your computer to a former state. Select from a list of previous deployment tasks and select to restore only the ones you want. See Restoring a Computer from its Deployment History (page 129). View, print, delete, and save to file a history of deployment tasks. See Viewing a Computers History (page 129). Set network and local configuration properties for each computer, including computer name, IP address, domains, Active Directory context. See Configuring Computers (page 130). Select a computer and image its hard disk. This creates and stores the image to distribute now or later. See Quick Disk Image (page 130). Wake up, restart, shut down, and log off remotely. See Power Control (page 130).

History Configure

Quick Disk Image Power Control

Altiris Deployment Solution 6.8 SP2

127

Remote Control

Open a remote control window directly to a selected client computer. Investigate problems directly from your console. See Remote Control (page 131). Type and run commands remotely. See Execute (page 135). Copy selected files, directories, or entire directory structures and send them to the selected computer(s). See Copy File to (page 187). Start an individual chat session with one or more selected client computers. Communicate actions or query for symptoms during administration. See Chat on page 136.

Execute Copy File to

Chat

ADVANCED >
Clear Status Prompt User for Properties Reset Connection Install Automations Get Inventory Clear computer status as shown in the title bar of the List View. Query the user for personal information. This feature sends a form to the user to fill out. See Prompt User for Properties on page 136. Disconnect and reset the connection between Deployment Server and the Deployment Agent on the selected computer. Embed automation partitions onto the selected computers hard disk to enable a managed computer to run automation tasks. Update property settings for a selected computer. These inventory settings can be viewed in Computer Properties on page 124. Select it to ensure that you have the latest inventory of the computer. Set the timeout value in the General tab of the Deployment Server Configuration utility (in the Control Panel). Reject Connection Install BIS Certificate Remove BIS Certificate Apply Regular License New Job Wizard New Group New Computer Rename Delete Change Agent Settings Refuse communication with the selected computer. Install a BIS certificate for the selected computer. Remove a BIS certificate from the selected computer. Apply a permanent license if a client computer is using a timelimited license or requires an updated license. Open this to schedule deployment jobs for the selected computer. See New Job Wizard on page 148. Click to create a new computer group in the Computers pane. Create a new computer account. See Adding New Computers on page 100. Assign the computer or group a new name in the console. Rightclick a computer or group to edit in the Computer pane. Delete a computer, a computer group, or any combination of computers and groups from the database. Update property settings for the Deployment Agent running on selected computer(s). See Deployment Agents on page 112.

Altiris Deployment Solution 6.8 SP2

128

Security Properties

View security settings for the selected computer(s). See Security in Deployment Solution on page 89. View computer configuration and network properties. See Computer Properties on page 124.

Restoring a Computer from its Deployment History


Occasionally it is necessary to restore a computer to its original settings based on operations or deployment jobs previously executed on the computer. A computers past deployment history appears in the Restore Computer dialog, where you can restore a computer by selecting the tasks from its history file. You can rerun the deployment tasks to restore the computer.

Restore a computer by right-clicking a computer icon in the Computers pane and selecting Restore, clicking Operations > Restore on the menu bar, or clicking the icon in the toolbar. You can restore a computer using Remote Operations Using Deployment Solution or by creating and scheduling a job using the New Job Wizard.

1.

Right-click a computer and click Restore. The Restore Computer dialog appears with a list of previous tasks with check boxes.

2. 3. 4. 5.

Click the Show only list box and select the type of tasks to be displayed. Click the Since list box to filter tasks by date. This is optional. Click Next to view a summary of tasks selected to reschedule. Click Next to schedule the job (See Scheduling Jobs on page 155). Click Finish.

When you finish this computer operation, a new job appears in the Jobs pane of the Deployment console under the System Jobs > Restoration Jobs folder. The job name has a generic format of Restore: <computer name>.

Viewing a Computers History


You can view a history of deployment tasks for a specific computer. Users who do not have administrative privileges or the permissions to delete a computers history, cannot access this option. 1. Right-click a computer and click History. The History of <Computer Name> dialog appears with a list of previous tasks, including when the task was scheduled, its deployment status and other deployment information. 2. 3. 4. 5. Click Save As to save the file as a .TXT or .LOG file. This is optional. Click Print to print the History file. This is optional. Click Delete to delete the History file. Click Yes to the confirmation message. Click Close.

See also Remote Operations Using Deployment Solution (page 127).

Altiris Deployment Solution 6.8 SP2

129

Configuring Computers
From the Operations menu you can enter and modify configuration settings for computers. See Computer Configuration Properties (page 103) for complete information about configuration settings. 1. Right-click a computer and click Configure. The Computer Configuration Properties dialog appears. 2. 3. 4. Set basic configuration values in the General configuration group (default view). Click other configuration group icons in the left pane to set additional values. Click OK.

See also Remote Operations Using Deployment Solution (page 127).

Quick Disk Image


This computer operation creates a disk image of the selected computer. This option is a quick and easy way to create a disk image of a selected managed computer from the Deployment console. To run a disk image job you must have an automation partition installed on the client computer, or it is PXE-enabled and can boot to automation by connecting to an Altiris PXE Server. 1. Right-click a computer and click Quick Disk Image. The Schedule Computers dialog appears. See Scheduling Jobs (page 155). 2. Schedule the job to run immediately or at a later time. You can also click the option to not schedule the job (this option places the job in the working area and does not run until you manually drag it to a selected computer and reschedule it). Click OK. When you finish this computer operation, a new job appears in the Jobs pane of the Deployment console under the System Jobs > Image Jobs folder. The job name has a generic format of Create Image: <computer name>. See also Remote Operations Using Deployment Solution (page 127).

3.

Power Control
This computer operation lets you wake up a computer, restart a computer, shut down, or log off as the current user for a selected managed computer. You can also power a computer on if Wake-On-Lan is supported.

Restore a computer by right-clicking a computer icon in the Computers pane and selecting Power Control, clicking Operations > Power Control on the menu bar, or clicking the icon on the toolbar.

1.

Right-click a computer and select Power Control. A secondary menu appears with these options:

Altiris Deployment Solution 6.8 SP2

130

Wake up

The Wake Up feature is hardware-dependent and is only available for inactive computers. Select this command to start a computer that has been turned off. Notes Your operating system and network adapter must be capable of recognizing and processing the Wake on LAN packets. Nonembedded network adapters must be properly configured. Example: 3Com NICs have an extra header cable that enables Wake on LAN. Check the documentation that came with your network adapter for more information about Wake on LAN. For NICs and operating systems that support Wake on LAN Power Management features, you need to go to Properties of the network adapter driver and select the Power Management tab. Click the Allow this device to bring the computer out of standby option for this device to bring the computer out of standby status. You have to enable this feature for some computers in their BIOS.

Restart

Click to reboot the selected managed computer. Select Force Applications to close without a message box to restart immediately without prompting the user. Click to shut down the selected managed computer. Select Force Applications to close without a message box to shut down immediately without prompting the user. Click to log off the selected managed computer. Select Force Applications to close without a message box to log off immediately.

Shut down

Log off

2.

Select a Power Control option. A Confirm Operation dialog appears. Select the Force application to close without a message option to shut down users without a warning. If you do not select Force application to close without a message, the user is prompted to save work before the power operation is continued. Click Yes.

3.

See also Remote Operations Using Deployment Solution (page 127).

Remote Control
Remote Control is a computer management feature built in to the Deployment Server Console. It lets you control all types of computers to view problems or make immediate changes as if you were sitting at the managed computers screen and using its keyboard and mouse.

Altiris Deployment Solution 6.8 SP2

131

When a managed computer is being remote controlled, the Deployment Agent icon in the managed computers system tray flashes alternate icons. Remote Control also provides Chat, Copy File to, and CTRL+ALT+DEL features to assist in administrating managed computers from the console.

Note You cannot disable the flashing eye icon while the computer is being remote controlled. Before you can remote control a managed computer: The managed computer must have the Altiris Agent for Windows installed and properly set up. The client must have the appropriate Proxy option checked in Altiris client properties. The client and Deployment Server Console must be able to communicate to each other through TCP/IP.

To remote control a managed computer


1. Right-click a computer and click Remote Control. This opens the Remote Control window displaying the managed computers screen. Note If you cannot perform a remote control operation from the selected managed computer, you can change this client setting by using the Remote Control options in the Change Agent Settings command. The default setting is to not allow remote control of the managed computer. See Deployment Agent Proxy (page 118) options. 2. From the Remote Control window you can execute the following commands:

Toolbar Chat Click to open a chat session with the selected managed computer. This starts a chat session between the console computer and the managed computer. The chat session opens a chat window that lets you send messages back and forth between the Console and the managed computer. If you are controlling multiple computers in a single window and start a chat session, the chat session is only between the Console and the master client. Click to update the screen view of the managed computer. Click to select restart or logon options for the managed computer. Note The managed computer must be running Windows 2000/XP/2003 and have the keyboard and mouse driver installed for this feature to be available. Send File See Send Files during Remote Control (page 133).

Refresh CTRL+ALT+DE L

Altiris Deployment Solution 6.8 SP2

132

Toggle Control Control menu Disable Input from the Client Close Window View menu Refresh Fit to Window

Click to change between control access of the managed computer (default) or view access only of the managed computer.

Click to prohibit the user of the managed computer from using the keyboard or mouse during the remote control session. Click to close the remote control window of the managed computer.

Click to refresh the view of the screen. If this option is selected, the client display image becomes the same size as the Remote Control window. If this option is not selected, the image retains the size of the client display. See Remote Control Properties (page 133). See Remote Control Properties (page 133).

Color Depth Properties 3.

To end a Remote Control session, click Control > Close Window in the Remote Control window.

Send Files during Remote Control


Click to send files to the managed computer being remotely controlled. Enter the name of the source file to be copied and the destination path on the managed computer. Select required compression and encryption options. If you are controlling multiple clients within a single window, this dialog sends a file to the master client only. Source filename. Enter the name of the file to be sent. Destination path. Enter the path where you want the file to reside on the managed computer. Compress Data. Select to compress the file during the copy process to decrease network traffic. Encrypt Data. Select to encrypt data package for security. You can also drag entire folders from the Console computer to the remote control window, which copies the files to the remote client computer.

Remote Control Properties


Color Depth. Click to specify the color depth (number of colors) used by the Remote Control window. This setting applies only to the Remote Control window at the console, not the display of the managed computer. There is no benefit to setting a color depth on the Remote Control window greater than that of the managed computer. The benefit of lower colors is improvement in speed. Use specific image resolution. Click to specify the width and height of the image that represents the client display.

Altiris Deployment Solution 6.8 SP2

133

Update interval. Select to specify how often the image in the Remote Control window is updated (in milliseconds). The more frequently the display is updated, the more bandwidth is required. Only update foreground window. Select to refresh only the selected window in the remote control session.

Set Remote Control Permissions


Deployment Solution provides multiple features for ensuring privacy and security when a managed computer is remotely controlled. Before a managed computer can be remotely controlled, the Remote Control preferences on the Deployment Agent for Windows must be set to allow remote control access. You can also lock the keyboard and mouse of the managed computer or provide a message to the user asking for permission to initiate a remote session. This provides an opportunity for the user to allow or reject the request. In certain environments, such as a lab or classroom, using a prompt to ask for permission might not be preferred. To remotely set security options on each managed computer, use Change Agent Settings from the console or open Properties on the Deployment Agent on the client computer (you must access Admin properties). 1. 2. 3. After opening the Deployment Agent property page, select the Remote Control tab. Select Allow this computer to be remote controlled to provide access from the Deployment Server Console. To lock the keyboard and mouse during a remote control session, select the Enable keyboard and mouse driver box. This is optional. This option works only on Windows 2000/XP/2003. Note After selecting this option (either enabling or disabling the keyboard and mouse) you must restart the managed computer. This can be done using a Power Control operation. 4. If you want the user to be prompted before a remote control session begins, click the User Prompts tab. a. b. Under the Choose the commands you would like to be prompted before executing options, select the Remote Control commands option. Specify the number of seconds you want the prompt to wait. Also, specify what will happen after the prompt time is up. Click either Continue the operation or Abort the operation.

5.

Click OK.

Start Multiple Sessions


You can manage multiple computers using the Remote Control feature. However, the more computers you include in the session the larger the bandwidth over the network. Open a separate Remote Control window for each managed computer. Right-click each computer and select Remote Control. A new window appears for each selected computer.

Altiris Deployment Solution 6.8 SP2

134

Open a Remote Control window for a group of managed computers. Right-click a computer group icon and select Remote Control. The Remote Control Options dialog appears with options to Control each client separately in its own window or to Control all clients together. If you select to control clients separately, individual windows appear for each computer. If you select to control clients together, you are asked to select a master computer. The master computer is the computer that appears in the Remote Control window, however all actions taken from the console also run on the other computers in the group. All computers in the group should be similar in configuration to work properly. Note If you are controlling multiple computers in a single window, you can send a file only between the console and the master client. If you want to send a file to multiple clients at the same time, use the Copy File to feature. See Copy File to (page 187). To end a Remote Control session, click Control > Close Window. See also Remote Operations Using Deployment Solution (page 127).

Execute
Send a command from the Deployment console as if you were entering a command from the command-line prompt on the client computer.

Execute a command to a client computer by right-clicking a computer icon in the Computers pane and selecting Execute, clicking Operations > Execute from the menu, or clicking the icon in the toolbar.

1.

Type a command you would like executed on the selected remote computer(s), or select from a list of previously run commands. Example: type regedit to open the Registry on the computer. To run the command as another user on the managed computer, click User and enter the user name and password.

2.

User Account
Use this dialog to run a script using another local user account. You can log in with another user name and password with rights to run an execute command. Run with default security credentials. This option runs with the current user credentials. This is the default option. Run with the following credentials. Click this option to log on with another user name and password. See also Remote Operations Using Deployment Solution (page 127).

Altiris Deployment Solution 6.8 SP2

135

Chat
You can communicate with managed computers using the Chat text messaging system. From the Deployment Server Console, select an individual computer or a group of computers to open an individual chat session with each logged-in user.

Open text messaging with a user by right-clicking the computer icon in the Computers pane and selecting Chat, or clicking the icon in the Remote Control window.

1. 2. 3.

Open a chat session. The Chat with <computer name> window appears identifying the computer you are sending messages to. Type a message in the lower text box. Click Send or press <Enter>. The exchange of text messages appears in the upper text box.

See also Remote Operations Using Deployment Solution (page 127).

Prompt User for Properties


This feature lets an administrator prompt a user for computer location and user information. The information supplied in this form appears in the Location properties in the Computer Properties dialog.

To prompt a user for location properties


1. In the Computers pane of the Deployment Server Console, right-click a computer and click Advanced > Prompt User for Properties. You can also select a computer and click on the Prompt User for Properties icon in the toolbar or click on Operations > Prompt User for Properties. A dialog appears in the Deployment Server Console with a list of properties. 2. Select the properties to prompt the user. The properties selected in this dialog are active on the property form sent to the user, letting the user type information for the selected properties. Note All properties are selected by default; you must deselect the properties you dont want included when the client is prompted. 3. Click OK. The properties form appears for the logged-on user of the computer, asking for location properties.

Altiris Deployment Solution 6.8 SP2

136

When the user enters information and selects OK, the Location properties in the computer properties fields is updated for the selected computer. If the user changed the computer name, the name in the Computers pane of the Deployment Console also changes. These settings are stored directly to the Deployment Database. See also Chat (page 136) and Remote Operations Using Deployment Solution (page 127).

Install Automation Partition


When the Deployment Server sends a deployment job to client computers, tasks within the job can be assigned the default automation pre-boot environment, or one of DOS, Linux, or Windows PE. With an embedded (recommended) or hidden automation partition installed on the client computers hard disk, deployment jobs can run automatically. You can have multiple tasks within a deployment job, and each task can be assigned to run in a different automation environment, depending on the task and end result you want. The following are the automation tasks you can add to the deployment jobs. Run script Create disk image Distribute disk image Scripted OS install

During the Deployment Server installation, the Pre-boot Operating System page appears for you to select a default pre-boot operating system, which is used by Boot Disk Creator to create the configurations that boot client computers to automation. You can install additional pre-boot operating system files through Boot Disk Creator. See Boot Disk Creator Help. If you are running Altiris PXE Servers, you do not need to install an automation partition on each client computers hard disk. When the Deployment Server sends a deployment job, PXE-enabled client computers search for an Altiris PXE Server to receive the boot menu options and the boot menu files that are required to boot to automation. See Automation Pre-boot Environment in the Deployment Server Reference Guide.

Altiris Deployment Solution 6.8 SP2

137

To install an automation partition


1. 2. 3. Right-click a computer and click Advanced > Install Automation Partition. Select the pre-boot operating system environment you want to install from the drop-down list. Click OK. The Automation Agent you selected installs as an embedded partition on the client computers hard disk. After the installation completes, the client computer reboots automatically. You can now run automation-specific deployment tasks this computer.

Change Agent Settings


This feature lets you modify most of the agent settings for a selected computer or computer group. You can set properties for the Production Agent (Deployment Agent), or for an Automation Agent.

To change agent settings


1. 2. 3. 4. From the Computers pane, right-click a computer and select Change Agent Settings. Select either Production Agent or Automation Agent. Edit the properties settings. Click OK.

Deploying and Managing Servers


Deployment Solution provides additional features to remotely install, deploy and manage network and Web servers. From the Deployment Server Console, you can configure new server hardware, install operating systems and applications, and manage servers throughout their life cycle. And because servers are mission-critical, you can set up a system to quickly deploy new servers or automatically re-deploy servers that have failed. Features like rules-based deployment, support for remote management cards, and quick server restoration from a deployment history give you new tools to manage all servers throughout your organization.

Servers are identified in the Computer pane with distinctive server icons. Like all managed computer icons, the icons change to identify the status and state of the computer, such as user logged on or Server Waiting. Note Servers are recognized by their operating system (such as Windows 2000 Advanced Server, Windows Server 2003, or any Linux operating system), multiple processors, and specific vendor server models.

Manage Servers from the Console. The Deployment Server Console includes features specifically designed for deploying and managing servers, such as enhanced task logging and history tracking features to let you recall administrative actions and quickly redeploy mission-critical servers.

Altiris Deployment Solution 6.8 SP2

138

Set Server-specific options. Servers are essential to any organization and require special planning and management strategies. Deployment Server provides serverspecific features to automatically deploy new servers and maintain existing servers. See Server Deployment Options (page 139).

Server Management Features


Deployment Server provides various features for deploying and managing servers. These features are supported for client and handheld computers as well, but are essential in deploying servers. Server icons. The Deployment consoles shows the icons to identify servers across the network. Like other computer icons in the console, server icons can be selected to view server properties or assign specific jobs and management tasks

Icon

Description

Indicates a server is active and a user is logged on.

Indicates a server is disconnected from the console.

Indicates a server is in a waiting state.

Run Scripted Installs. Execute scripted, unattended installs across the network for both Microsoft Windows and Linux servers. Follow steps to create answer files and set up operating system install files using a wizard. See Scripted OS Install (page 168). Support for multiple network adapter cards. Because servers may require more than one network interface card, Deployment Server provides property pages to access and configure multiple network adapters remotely from the console. See TCP/IP Configuration Settings (page 107). Synchronized server date and time. Deployment Server automatically sets the servers date and time after installing or imaging (as part of the configuration process). Deployment Agents include an option to disable this feature (it is off by default). Enhanced scripting capabilities. You can deploy multiple tasks per deployment job and boot to DOS multiple times when configuring and deploying a clean server. Deployment Server also lets you view and debug each step in the deployment script, and track each job to provide a history of tasks for redeploying a server.

Server Deployment Options


Deployment Server includes features to automatically reconfigure and redeploy new servers. If you are using Initial Deployment to automatically re-image new servers or run installation scripts, you can (1) safeguard against mistaken disk overwrites, or (2) run automatically for every server not identified as a managed computer in the database. These contrasting settings are based on polices you define for managing servers in your organization.

Altiris Deployment Solution 6.8 SP2

139

Example: if you rely on PXE to boot the new server and you want to deploy new servers automatically without halting the process, you must change the default settings in the PXE Configuration Utility. In contrast, if you want to ensure that the server waits before being deployed (or waits a set time before proceeding) to avoid erroneous redeployment, you need to set the options in the Advanced section of Initial Deployment.

Halt the Initial Deployment of Servers


When a server boots from the Altiris PXE server or from Automation (if the option is set), Deployment Server recognizes it as a new computer and attempts to configure the computer with Sample Jobs in Deployment Solution. Initial Deployment includes a feature to prohibit servers from being deployed automatically. 1. 2. 3. Click Initial Deployment and select Properties. Click the Advanced tab. Click the Servers check box and click OK.

Initial Deployment does not run for any computer identified in the console as a server.

Change PXE Options for Initial Deployment


If installing a server using an Altiris PXE Server, the server attempts to install but does not run automatically using default settings. It waits until a boot option is selected from the client computer. You can change the default setting in the PXE Configuration Utility to allow Initial Deployment to run automatically and not sit at the prompt. 1. 2. 3. 4. Click on Start > Programs > Altiris > PXE Services > PXE Configuration Utility. Click the DS tab. Select a pre-boot operating system from the Initial Deploy boot option dropdown list. Click Execute Immediately. Initial Deployment runs automatically for every identified server. 5. 6. Click Save. Click OK.

Clear BootWorks Prompt for Remote Install


When you run a deployment job on a computer where the Deployment Agent has been remotely installed, a message appears stating that no BootWorks partition or PXE stamp is found. The message remains open until the user clicks OK on the message dialog, which delays executing the scheduled job as part of an automated redeployment process. To fix this delay: 1. 2. 3. 4. 5. 6. Select Tools > Options.The Altiris Program Options dialog appears. Select the Agent Settings tab. Select Change Default Settings. Select the BootWorks tab. In the lower section, select Never prompt me from the list. Click OK.

Altiris Deployment Solution 6.8 SP2

140

Following these steps ensures that the BootWorks message does not appear and things move forward when a job is scheduled.

Managing Server Blades


Deployment Solution lets you manage high-density server blades with Rack/Enclosure/ Bay (R/E/B) hardware and properties. From the Deployment Console you can deploy and manage these space-efficient server blades using the physical view to assign jobs to the Rack, Enclosure, or Bay level of the server cluster, or you can manage each server blade directly from the logical view. See Bay (page 126) for properties and rules to deploy Rack/Enclosure/Bay servers.

Using Deployment Solution, you can employ rip and replace technology that lets you insert a new server blade and automatically configure and deploy it exactly like the previously installed server blade, letting you replace any downed server and get it back on line quickly. Altiris provides fail-safe features to ensure that no server is mistakenly overwritten and ensures that all disk images, software, data, and patches are applied to the new server from the history of jobs assigned to the previous server blade.

Managing New Server Blades


Deployment Solution lets you automatically deploy, configure and provision new server blades using a variety of features, including Sample Jobs in Deployment Solution, and Server Deployment Rules.

New Server Blades in Newly Identified Bays


When new blades are identified in a Bay that has not been used previously (if it has been used previously, the Bay object is identified in the physical view), both the Initial Deployment and Virtual Bays features can be set up to automatically run configuration tasks and deployment jobs. To Create Virtual Bays: Set up Virtual Rack/Enclosure/Bays for Hewlett-Packard Rapid Deployment Pack installations of Deployment Solution. Initial Deployment setup: Clear the Servers check box in the Advanced dialog. If both new computer features are set up and a new server blade is installed in a Bay not previously identified by the Deployment Server, the Create Virtual Bay feature executes and Initial Deployment does not execute.

New Server Blades in Identified Bays


If a new HP server blade is installed in an identified Bay (one that has already had a server blade installed and is visible from the Deployment Console), both Sample Jobs in Deployment Solution and Server Deployment Rules can be set up. However, when both are set up the Server Deployment Rules executes and Initial Deployment does not execute.

Virtual Bays
Hewlett-Packard blade servers now have a Virtual Bay feature that lets you pre-assign deployment jobs to the Rack, the Enclosure, or to a specific blade server in the Bay. Any

Altiris Deployment Solution 6.8 SP2

141

HP blade server can have predefined deployment jobs and configuration tasks associated with it to execute automatically upon installation. (This feature requires that the Hewlett-Packard Rapid Deployment Pack is installed.) The Virtual Rack/Enclosure/ Bay icons change from virtual icons to managed server icons in the Deployment console as live blade servers are inserted and identified by Deployment Solution. Rack name. Enter or edit the name of the Rack. Enclosure name. Enter or edit the name of the Enclosure. Enclosure type. Select the type of HP server blade from the list. Initial Job. Select an existing job to run when the pre-configured computer account is associated with a new server blade. Server Change rule. Select the Server Deployment Rules to run on the Bay when a new server blade is installed. Note If you create Virtual Bays for an enclosure (such as the BLe-class with 20 bays) and if another model of server blade with an enclosure containing fewer bays is connected (such as the BLp-class with 8 bays), the excess virtual bays are truncated automatically. Conversely, if you create Virtual Bays with fewer bays (8) and install an enclosure with additional bays (20), you need to recreate the virtual bays in the enclosure (right-click the enclosure name in the physical view and click New Virtual Bays). See also Managing New Server Blades (page 141).

Hewlett-Packard Server Blades


Hewlett-Packard high-density blade servers can be deployed and managed from the Deployment console. The following HP server blades are supported:

HP Proliant BL e-Class
Proliant BL 10e Proliant BL 10e G2

HP Proliant BL p-class
Proliant BL 20p Proliant BL 20p G2 Proliant BL 40p

HP blade servers let you employ all features provided in the Deployment Console when you install the HP Proliant Essentials Rapid Deployment Pack (see www.hp.com/servers/ rdp), including the Virtual Blade Server feature. The name of each Rack for an HP Server appears along with the assigned name for the Enclosure and Bay. These names are collected from the SMBIOS of the server blade and appear in both the physical and server views within the Computers pane of the Deployment console. For HP blade servers in the physical view the Rack name can be a custom name in the console, with all subordinate Enclosures and Bays also identified. Example: <rackName> <enclosureName> <bayNumber> See also Server Management Features (page 139) and Server Deployment Options (page 139).

Altiris Deployment Solution 6.8 SP2

142

Dell Server Blades


Dell high-density blade servers can be deployed and managed from the Deployment console. All Dell Rack Servers are supported by Deployment Solution, but the server blades can also be managed from the physical view in the Rack/Enclosure/Bay view. The following servers are supported:

Dell Rack Servers


All PowerEdge rack servers

Dell Server Blades


PowerEdge 1655MC

For Dell blade servers in the physical view, the Rack name is always Dell. All subordinate Enclosures and Bays are identified with custom names under the Dell rack name. Example: Dell <enclosureName> <bayName> See also Server Management Features (page 139) and Server Deployment Options (page 139).

Fujitsu-Siemens Server Blades


Fujitsu-Siemens high-density blade servers can be deployed and managed from the Deployment console. All Fujitsu-Siemens Rack Servers are supported by Deployment Solution, but the server blades can also be managed from the physical view in the Rack/ Enclosure/Bay view. The following servers are supported:

Fujitsu-Siemens Rack Servers


All Primergy rack servers

Fujitsu-Siemens Server Blades


Primergy BX300 blade servers

For Fujitsu-Siemens blade servers in the physical view, the Rack name is always Fujitsu-Siemens. All subordinate Enclosures and Bays are identified with custom names under the Fujitsu-Siemens rack name. Example: Fujitsu-Siemens <enclosureName> <bayName> See also Server Management Features (page 139) and Server Deployment Options (page 139). Note If you have Fujitsu-Siemens Server blades managed by the Deployment Server, ensure that the SNMP service is running on the Deployment Server. Also, if the Deployment Server is installed on a Windows 2003 server, ensure that the security is set correctly to receive traps from remote computers. By default, Deployment Servers cannot receive traps from remote computers.

Altiris Deployment Solution 6.8 SP2

143

IBM Server Blades


IBM high-density Blade Centers can be deployed and managed from the Deployment console. All IBM blade servers are supported by Deployment Solution, but the server blades can also be managed from the physical view in the Rack/Enclosure/Bay view. For IBM blade servers in the physical view, the Rack name is always IBM. All subordinate Enclosures are identified with custom names under the IBM rack name and Bays are identified by number. Example: IBM <enclosureName> <baynumber> See also Server Management Features (page 139) and Server Deployment Options (page 139).

Find a Computer in the Database


This search filter lets you type a string and query specified database fields for specific computer properties. You can search for user or computer names, licensing or location information, or primary lookup keys: MAC address, serial number, asset number, or UUID. This search filter queries property values appear in the Computer Properties (page 124) pages.

Click <CTRL> F or click Find Computer on the console toolbar to search the Deployment Database for computers by property settings. The search begins at the top of the computer list and highlights the computer name in the Computers pane when a match is found. Press F3 to find the next computer that matches the search criteria until there are no more results, or the end of the computer list is reached.

1.

In the Search For field, type all or part of the computers property values you would like to search for. This alpha-numeric string is compared with specified database fields. From the In Field drop-down list, select the field you want to search in the Deployment Database. Example: to find a computer by searching for its IP address, type the address in Search For field and select IP Address from the In Field drop down list.

2.

Name Computer Name MAC Address IP Address ID Serial Number

BIOS name of the computer. Deployment Solution name of the computer. 0080C6E983E8, for example. 192.168.1.1, for example. The computer ID. 5000001, for example. Serial number installed in BIOS. A primary lookup key.

Altiris Deployment Solution 6.8 SP2

144

Asset Tag UUID Registered User Product Key Logged On User Physical Bay Name

Asset number in BIOS. A primary lookup key. A primary lookup key. Name entered when the operating system was installed. Product Key for the operating system. Name of the user currently at the computer. The actual bay number: 7x, for example.

The computer you are looking for appears highlighted in the Computers window in the console. Note This search is not case-sensitive and lets wildcard searches using the *. See also Computer Filters and Job Conditions (page 83).

Using Lab Builder


Use the Lab Builder to set up jobs under the Lab folder in the Jobs pane to set up a classroom or lab environment.

Click Lab Builder on the console toolbar or click File > New > Lab Builder to set up jobs specifically created for managing multiple computers in a lab environment.

You can set up jobs to:


Create Disk Image Deploy Lab Restore Lab Update Configuration Upload Registries Each of these jobs contains a default list of tasks. Lab Builder places these five new jobs under a folder (which you name) located under the Lab folder. All tasks in the jobs have been assigned default paths and file names that let them to use the same images and configuration information, registry data, and so on. We suggest that you do not change the file names and paths. If you change the default settings (example: changing the image name), you must change it in all jobs where the image is used.

To use Lab Builder


1. 2. Click the Lab Builder icon on the toolbar, or choose File > New > Lab Builder. Enter the name of the lab setup.

Altiris Deployment Solution 6.8 SP2

145

Note The lab name must be unique because the program creates a default image file name based on the name, and the image file name must be unique. The default image name is synchronized in all lab jobs, so if you change the name later you must change it in all the jobs that use the image. 3. 4. 5. Enter a lab description to help you differentiate the lab from others (optional). Click OK. This is also optional. Identify an image in the Create Disk Image job. Set computer names and addresses in the Update Configuration job.

The following information describes the default jobs. To run one of these jobs, simply drag it to the computer or computer group you want it applied to. Create Disk Image. This job uploads an image of a computer to the server and an image name is created automatically based on the lab name. However, there is no actual image in the job until you drag the image source computer to this job. Deploy Lab. This job has three default tasks: Deploy image, Apply configuration settings, and Back up registry files. The image that is uploaded using the Create Disk Image job is deployed when you use this job. The configuration settings you specify in the Update Configuration job are applied to the computers, and the computer registry files are uploaded to the Deployment Server. Restore Lab. This job restores the image and registry files to a computer where a lab was previously deployed. You can quickly get a computer running again by restoring the lab on that computer. Update Configuration. This job lets you set unique configuration information (such as computer names and network addresses) for client computers. When a lab is deployed, each computer has an identical image, but not the same configuration settings. This means you don't have to visit each computer to reset the IP addresses and other settings when you deploy an image. Upload Registries. This job backs up computer registry files to the Deployment Server.

Altiris Deployment Solution 6.8 SP2

146

Building and Scheduling Jobs


A job represents a collection of predefined or custom deployment tasks that are scheduled and executed remotely on selected client computers. You can build jobs with tasks to automatically create and deploy hard disk images, back up and distribute software or personality settings, add printers, configure computer settings, and perform all aspects of IT administration. Jobs can be run immediately for a specific computer, or stored and scheduled for daily or long-term administrative duties on multiple computer groups.

Job icons appear in the Jobs pane of the Deployment console. To assign and schedule a job in the Deployment Console, drag the job icon to selected computer icons. Job status icons also appear in the Details pane of the Deployment Console to indicate various deployment states. See Viewing Job Details (page 147).

The New Job Wizard guides you through common deployment and management jobs. It is an easy way to set up new users or migrate users to new computers, create and distribute images of computers on the network, distribute software packages, restore computers, and more. Jobs include one or more Deployment Tasks. You build jobs by adding tasks to a job and customizing the task for your specific needs. You can add tasks to capture and distribute images, software packages, and personality settings. Or you can write and run a script task, or run scripted installs, configure settings, copy files and back up registry settings. You can also modify existing jobs by adding, modifying, copy and pasting, or deleting tasks to fit your needs. See Building New Jobs (page 152). Set conditions on jobs to run only on computers with properties that match the criteria you specify. You can build one job to run on different computer types for different needs, and avoid mistakes by ensuring that the right job runs on the right managed computer. See Setting Conditions for Task Sets (page 153). Initial Deployment lets you run predefined jobs and configuration tasks on new computers when they start up. You can automatically deploy new computers by imaging and configuring TCP/IP, SIDs, and other network settings and installing basic software packages. See Sample Jobs in Deployment Solution (page 195). Sample jobs are installed with Deployment Solution and appear in the Samples folder of the Jobs pane. You can run many sample jobs as they are, or you can set environmental variables. See Sample Jobs in Deployment Solution (page 195).

Viewing Job Details


As jobs are assigned, scheduled and executed, it is helpful to know specific details about their status and assignments. The Deployment Console provides job icons to show state and status of the job in the Details pane:

Altiris Deployment Solution 6.8 SP2

147

Job status icons that update the state of the job in running deployment tasks. These icons are graphical symbols in the Deployment console used to identify the status of an assigned job. .

Indicates that a job is scheduled to run on a computer or computer group.

Indicates that a job is in progress.

In the Details pane, indicates that a job has executed successfully.

Indicates that a job is associated with a computer or group of computers but is not scheduled. Indicates error conditions when individual tasks run.

A description of the job, if available. You can also use Add or Modify in the main window to edit the description as well. If a job defines error conditions when individual tasks run, the Status field displays any errors incurred and the tasks that completed successfully. Job Schedule details. This is the job's run time, beginning when the job started and ending when it completed successfully. The currently applied conditions appear in a list box with a Setup option to add conditions to different task sets for different computer properties within a job. Conditions specify characteristics that a computer must have before the job will execute. See Setting Conditions for Task Sets (page 153). A list of tasks assigned to the job and task descriptions also appears. Change the order of the task execution with the up and down arrows. Tasks are executed in the order they are listed. See Deployment Tasks (page 156). Features to add, modify, and delete tasks for each job. A list of assigned computers and its deployment history. To sort jobs or computer details, just point and click on the category in the Details bar. Example: click the Status column heading to organize and display the progress status of the job. See also Viewing Computer Details (page 98).

New Job Wizard


The New Job Wizard provides integrated features to build, assign, and schedule common deployment jobs. It helps you build the most common jobs, and guides you through additional steps to assign and schedule the jobs to selected computers. It lets you quickly build image files and deploy new computers, distribute software packages, migrate users, and more.

Altiris Deployment Solution 6.8 SP2

148

Note When a software package or deployment job is scheduled to run on client computers, the Altiris Client Service Message dialog appears, warning them that a job is about to execute. If a user clicks Abort when the message appears, an event is logged to the client's history so that Deployment Solution administrators know when users abort a scheduled event.

Create a new job by clicking New Job Wizard on the Deployment Console, clicking File > New > Job Wizard, or right-clicking in the Jobs pane of the Deployment Console and selecting New Job Wizard. The New Job Wizard appears to guide you through basic deployment jobs.

1.

Select a job option: Create an image. This wizard guides you through the steps required to create an image of a computers hard disk and schedule the job. See Creating a Disk Image (page 158). Deploy and configure computers. This wizard guides you through the steps required to lay down a new disk image on a selected computer and install software and personality settings. See Distributing a Disk Image (page 163). Deploy software packages. This wizard guides you through steps required to install software packages. You can set conditions, select packages, assign to computers, and schedule the job. See Distributing Software (page 175). Restore a computer. This wizard guides you through the steps required to restore a computer to a known working state by re-imaging the hard drive and reinstalling software packages, personality settings, and defining configuration values. This option reschedules jobs saved in each managed computers history record, which contains all deployment tasks previously processed. See Restoring a Computer from its Deployment History (page 129). Migrate computers. This wizard guides you through the steps required to move a computer hard disk image, applications, and personality settings from a source computer to a destination computer. You can perform one or more migration operations using provided options.

2. 3.

Give the job a unique name. You can type a name with up to 64 characters. Follow the steps in each wizard to create a job (some New Job wizards build multiple jobs). After creating a job, the job appears in the Jobs pane of the Deployment console with deployment tasks listed in the Tasks list for each job selected.

Note You cannot define return codes when using the New Job Wizard. See Building New Jobs (page 152) to build customized jobs and set up return codes. See also Modifying Tasks in a Deployment Job (page 189).

Altiris Deployment Solution 6.8 SP2

149

Migrating Computers
From the New Job Wizard you can select Migrate computers to quickly distribute hard disk images, software, and settings from a users current computer to a new computer. You can image a new computers hard disk with a new operating system and install software and personality settings. Or perform different levels of migration to distribute only software or to simply capture and distribute personality settings to the new computer.

Migrate one computer to another separate computer


Click this option to migrate a user from a source computer (old computer) to another destination computer (new computer). Capture personality settings, distribute a new hard disk image, distribute software and redistribute the saved personality settings from the source computer to the new destination computer. Click the option to migrate only personality settings to one or more computers. Additionally, select Prepare destination computer with a disk image to distribute a disk image to the new computer and select Install software packages prior to applying the personality on the destination computer to install software packages on the new computer. Note This option creates two jobs that appear in the Jobs pane: Job (Capture) and Job (Distribute). Job (Capture) includes a Capture Personality Settings task (see Capturing Personality Settings on page 179) to capture the personality of the source computer and a Modify Configuration task to rename the source computer to avoid naming conflicts (see Modifying Configuration on page 182). The source computer is named computerName (Old). Job (Distribute) includes a Deploy Image task (see Distributing a Disk Image on page 163) if selected, a Modify Configuration task to update settings to the destination computer, and one or more Install Package tasks to update software (if selected) and migrate personality settings. See Distributing Software (page 175).

Migrate the same computer to another operating system


Click this option to upgrade the operating system on a computer and reinstall personality settings and software packages on the same computer. It creates jobs and tasks to capture the personality settings, distribute a new disk image, distribute software packages, and migrate the personality settings. Click the option to deploy a disk image and migrate the personality settings to the computer. Select Install software packages prior to applying the personality on the destination computer to install software packages on the computer. Note This option creates two jobs that appear in the Jobs pane: Job (Capture) and Job (Distribute). Job (Capture) includes a Capture Personality Settings task (see Capturing Personality Settings on page 179) to capture the personality of the source computer.

Altiris Deployment Solution 6.8 SP2

150

Job (Distribute) includes a Deploy Image task (see Distributing a Disk Image on page 163) and one or more Install Package tasks to update software, if selected (see Distributing Software on page 175).

Simply capture the personality of the computers


Click this option to capture and save, but not distribute, the personality settings of the selected computer(s). You can select a personality template and save Personality Packages to the Deployment Share, letting you distribute these personality settings later to new computers. Note This option creates a single job with a Capture Personality Settings task (see Capturing Personality Settings on page 179). See also New Job Wizard (page 148).

Selecting Computers in the New Job Wizard


The New Job Wizard provides steps to select and assign computers to the jobs created in the wizard, rather than requiring you to create a job and assign it to computers when Building New Jobs. The jobs created in the New Job Wizard appear in the Jobs pane, and can be saved and assigned to other computers at a later time. You can also schedule jobs for the specified computers in the wizard. See Scheduling Jobs (page 155).

Apply Computers to a Job


When deploying software in the New Job Wizard, you can select computers to assign the Distributing Software job created in the wizard. You can also select an option to simply store the job and use it at another time without scheduling the job. Regardless of the scheduling option selected, the job appears in the Jobs pane to use at another time. New Computers. Open an Adding New Computers dialog to create new user accounts to assign the job. See also Scheduling Jobs (page 155).

Associating Destination Computers


Use this dialog to associate source computers with destination computers when migrating personality settings. Depending on the computers selected in the previous Select Computers dialog, you can migrate personality settings captured from the source computers to new destination computers. Right-click a computer in the Source column to replace it with another source computer. Right-click a computer in the Destination column to replace it with another destination computer and assign it to a new source computer. To automatically assign multiple computers, click Automatic to assign source computers with destination computers using an alpha-numeric order. The associated computers share personality settings after running the jobs. See also Migrating Computers (page 150).

Altiris Deployment Solution 6.8 SP2

151

Setting up Conditions in the New Job Wizard


The New Job Wizard also provides steps to set up conditions, a step usually performed independently for each job during its build phase. Setting conditions lets you run selected tasks only on computers matching defined criteria. See Setting Conditions for Task Sets (page 153). Click Setup conditions for this set of tasks to open the Define Conditions dialog from the New Job Wizard.

Install Software Packages


The New Job Wizard provides steps to install software packages to the selected computer(s). You can install any type of software to the managed client computer, including .MSIs, .RIPs, and Personality Packages. If the selected package is not a .RIP or Personality Package, a message appears asking if you want to continue. See Distributing Software (page 175) for additional information.

Summary of Options
After selecting the options in the New Job Wizard, you can view a summary of the job names, assigned computers, conditions, and other selected choices. To change any options, click Back to return to the previous dialog. Click Finish to complete the steps in the wizard. See also New Job Wizard (page 148) and Job Scheduling Wizard (page 153).

Building New Jobs


A job can be a single task to distribute software or change computer property settings, or a job can be a series of tasks sequenced to migrate hard disk images, set postinstallation TCP/IP and SID values, and install software packages and personality settings.

Create a new job by clicking New Job on the Deployment Console. Click File > New > Job, or right-click in the Jobs pane of the Deployment Console, and select New Job. You can modify jobs by double-clicking the job or right-clicking, and selecting Properties. Add tasks to each job by clicking Add.

1.

Create a new job. Enter a unique name and description for the job. You can type a name with up to 64 characters. A new job is added to the Jobs pane in the Deployment console. You can group and organize jobs, and access and apply them to computers or computer groups from an index of prebuilt jobs.

2.

Set conditions to apply the job to specified computers meeting defined criteria. Order multiple conditions to run jobs on computers that match the first applicable condition. See Setting Conditions for Task Sets (page 153). This is optional. Click Add to open a list of possible deployment tasks to add to each job. See Deployment Tasks (page 156).

3.

Altiris Deployment Solution 6.8 SP2

152

4.

Set task options using the provided wizards. After you complete the steps to create a task, it is added to the task list box. Click Add to add another task. Use the up and down arrows to change the order of execution of the tasks in the Task list box. Tasks are executed in the order that they appear in the task list. As a result, ensure you do not run a task that overrides the previous tasks. Example: list Distribute Disk Image above Distribute Software or Distribute Personality, letting the hard disk to be imaged before installing applications and settings.

5. 6. 7.

Set Return Codes. The last action in each task wizard lets you set return codes for each deployment task. See Setting Up Return Codes (page 193). This is optional. After adding tasks, click OK. To schedule the job, drag it to a computer or computer group. The Schedule Jobs dialog appears. See Scheduling Jobs (page 155).

See also Importing and Exporting Jobs (page 192).

Job Scheduling Wizard


The Job Scheduling Wizard provides features to assign jobs to selected computers and computer groups, and to schedule the jobs to run without using a mouse. This new feature meets Section 508 requirements to improve disability access and lets integration of voice activation software and other user interface features.

Select Job(s)
Select the job(s) or group(s) of jobs to assign to computers or computer groups. Use the SHIFT and CTRL keys to select multiple jobs or job folders. Click Next.

Select Computer(s) or Computer Groups


Select the computer(s) or group(s) of computers to assign the jobs selected in the previous dialog. Use the SHIFT and CTRL keys to select multiple computers or groups. Click Next. New Computers. Click when Adding New Computers.

Setting Conditions for Task Sets


Setting conditions on a job lets you run selected tasks only on computers that match defined criteria. As a result, you can create a single job with tasks defined for computers with varying properties, including operating system types, network adapters, processors, free drive space and other computer properties. You can create task sets for each job that apply only to the computers matching those conditions. Note The default condition (named default) has no parameters or values associated with it. If this is the only condition that a job contains, the tasks associated with the default condition will always work on all computers to which the job is assigned. Default condition is like having no conditions.

Altiris Deployment Solution 6.8 SP2

153

In addition, if a task is associated with the default condition the task always executes when a computer does not meet any other conditions associated with this job. 1. 2. Select a job in the Jobs pane of the Deployment Console. The Job Properties dialog appears. Click Setup next to the Condition field. A menu appears with options to create a New condition, Modify a condition, or Delete a condition. To reorder conditions, click Order and reorder them using up or down. See Order Condition Sets (page 154). 3. 4. Click New in the menu to open the Condition Settings dialog. Enter a name for the condition up to 64 characters. Click Add to open the Condition dialog. Click the Field list and select a data field heading from the list. You can define conditions based on common client features such as operating system, software and hardware version, hard drive space, operating system language, RAM, and other characteristics. Click Operation and select a compare statement. In the Value box, type a string to search for in the selected database field. You can set conditions based on computer properties stored in fields in the Deployment Database. Example: you can set a condition to match a particular asset tag, Altiris agent version, or IP address. You can use wildcard characters and AND/OR operators. 5. 6. To set up custom conditions based on custom tokens, select User Defined Tokens from the Field list. Click OK.

The task set you create appears in the Task list for each condition. When you select a new condition, the tasks for that condition appear. You can set Condition A to distribute the XPImage.img file to Windows XP computers using a Deploy Image task. You can set Condition B to distribute the W2KImage.img file to Windows 2000 computers using another Deploy Image task. When the job is applied to a computer group, the conditions are evaluated for each computer and the appropriate task executes on the appropriate computer. Note When using User Defined Tokens to set conditions for some client property values, you may be required to use the decimal value rather than the hex value. Example: when setting conditions based on the NICS table on the nic_device_id and nic_vendor_id columns, you are required to use decimal values. See also Deployment Tasks (page 156).

Order Condition Sets


By specifying and ordering different sets of conditions, you can determine when a task executes based on defined computer properties. Each condition is processed in sequence until the computer matches the condition defined within a set. If the computer does not meet any of the defined conditions, it runs the default condition. Once a match is found, the set of tasks for this condition set is processed. See also Setting Conditions for Task Sets (page 153).

Altiris Deployment Solution 6.8 SP2

154

Scheduling Jobs
After a job has been created, and it has been assigned to multiple computers or computer groups, the Schedule Job dialog appears, letting you schedule the job to run immediately, at a scheduled interval, or assigned but not scheduled. Job and job folders selected from the Jobs pane of the Deployment Console are scheduled in the order they were selected, even across multiple Deployment Servers.

To schedule a job
1. 2. Drag a job to a computer or computer group. The Schedule Job dialog appears. In the Schedule Job dialog, click the Job Schedule tab. The following options are available: Do not schedule. This option lets you apply jobs to computers but does not run the job until you return to the Schedule Job dialog and set a run time. Run this Job immediately. This option lets you run the job now. Schedule this Job. This option lets you type the date and time to run the job at a specified time and date. To run it at regular intervals, specify a time and date to repeat. Repeat this job every x. A job can be scheduled to execute by minute(s), day(s), hour(s), week(s). Allow this job to be deferred for up to x. A job can be deferred when the server is busy executing other jobs, setting a lower priority for particular jobs. By default all jobs are deferred up to five minutes. Schedule in batches of x computers at y minute intervals. This option lets you schedule computers in batches to maximize efficiency. 3. 4. 5. Click the Computer(s) Selected tab. This is a list of computers, their associated group, and IP address that the job is scheduled to run. Click the Job(s) Selected tab. The job name and folder located in the Jobs pane appear. Use the up and down arrows to change the order of the scheduled jobs. Click OK.

Note The Schedule Job dialog is the same for Rescheduling Jobs, New Job Wizard, and Job Scheduling Wizard.

To reschedule a job
1. From either the Computers or Jobs panes in the Deployment console, select a job or computer that has been previously scheduled. A job icon appears in the Details pane identifying the computers assigned or the name of the job. 2. Select the job icon, click the scheduled computers in the Details pane, right-click and click Reschedule. If you selected a computer icon, click the job icon in the Details pane, right-click and click Reschedule. The Schedule Jobs dialog appears. 3. To immediately start a scheduled job that has not yet run, right-click the job icon and select Start Now.

Altiris Deployment Solution 6.8 SP2

155

4.

To stop a repeating job, right-click the job in the Details pane and click Discontinue Repeat. At this point you need to schedule a new time to run the job or click the Do not schedule option.

To remove computers from a scheduled job


You can complete this task by removing a job assigned to a computer or removing a computer assigned to a job. 1. 2. Click a job in the Jobs pane. Click a computer in the Details view and press Delete or right click the job(s) and select Delete.

To remove tasks from a job


You can remove tasks assigned to a job by double-clicking the job and opening the Job Properties dialog. (Edit features also open in the Details view of the Deployment Console when you select the job from the Jobs pane). 1. 2. Select one of the assigned tasks in the Task list. Click Delete.

To remove scheduled jobs from a computer


1. 2. Click the computer. Select the scheduled job in the Details window, and press Delete or right click the job(s) and select Delete. To remove multiple jobs, hold down the SHIFT or CTRL key while you select the job(s), press Delete or right click the job(s) and select Delete. The icon for a scheduled job is yellow.

To run a job immediately from the Resources view


If you have a batch file, image file, .RIP, .MSI, or executable file assigned to a job or stored in the Deployment Share, these files and packages appear in the Resources view (see Shortcuts and Resources View on page 75). You can drag these files and packages from the Resources view to a computer or computer group to automatically create and run a job (or you can drag computers to a file or package in the Resources view). A job is created automatically for each assigned package in the Systems Jobs > Drag-n-Drop folder. See also Building New Jobs (page 152) and Modifying Tasks in a Deployment Job (page 189).

Deployment Tasks
A task is an action of a job. Jobs are built with tasks. Each task is executed according to its order in the task list contained in a job. You can resize the task pane by dragging the bottom pane (horizontal bar) that separates the task list and the scheduled computer list of the Deployment Console. This lets you view a greater number of tasks in a deployment job without using the scroll bar to navigate up and down. The Deployment Console has multiple tasks available from the Add menu, including:

Altiris Deployment Solution 6.8 SP2

156

Create Disk Image. Create a disk image from a reference computer and save the image file (.IMG or .EXE files) for later distribution. See Creating a Disk Image (page 158). Distribute Disk Image. Distribute previously created disk images (.IMG or .EXE files) or create a disk image from a reference computer on the network and simultaneously distribute it (.IMG or .EXE) to other managed computers on the network. See Distributing a Disk Image (page 163). Scripted OS Install. Run scripted (unattended) installs using answer files to install computers remotely over the network. See Scripted OS Install (page 168). Distribute Software. Distribute .RIPs, .MSI files, scripts, personality settings and other package files to computers or groups. See Distributing Software (page 175). Manage the SVS Layer. Instantly activate, deactivate or reset layers and completely avoid conflicts between applications, without altering the base Windows application. See Managing the SVS Layer (page 177). Capture Personality. Capture the personality settings of a selected computer on the network using the PC Transplant software. PC Transplant ships as a part of Deployment Server. See Capturing Personality Settings (page 179). Distribute Personality Package. Send a Personality Package to computer or groups. It identifies valid Altiris packages and assign passwords and command-line options to Personality Packages. See Distributing Personality Settings (page 180). Modify Configuration. Modify the IP address, computer and user name, domains and Active Directory organizational units, and other network information and computer properties. See Modifying Configuration (page 182). Get Inventory. This lets you gather inventory information from client computers to ensure that the deployment database is up-to-date with the latest computer properties. See Get Inventory (page 183). Run Script. Create custom commands using scripts to perform jobs outside the bounds of the pre configured tasks. Use the Run Script dialog to select or define a script file to run on specified computers or groups. See Run Script (page 183). Copy File to. Copy a file from the Deployment Share or another source computer to a destination computer. See Copy File to (page 187). Power Control. Perform power control options to restart, shutdown, power off, and log off. See Power Control (page 189). Wait. Use the Wait dialog to retain a computer in automation mode after a task is performed. See Wait (page 189). Tasks are listed for each job in the task list box. Each task executes according to its order in the list. You can change the order using the up and down arrow keys.

Supported Live Task Types


Following is the list of the live tasks supported for the x64, IA64, and SPARC platforms.

Task
Restore Computer History

x64
Yes Yes

IA64
Yes Yes

SPARC
Yes Yes

Altiris Deployment Solution 6.8 SP2

157

Task
Configure Quick Disk Image Power Control: Wake Up Power Control: Restart Power Control: Shutdown Power Control: Log off Remote Control Execute Copy File Chat Advanced: Clear Computer Status Advanced: Prompt User for Properties Advanced: Reset Connection Advanced: Install Automation Partition Advanced: Get Inventory Advanced: Reject Connection Advanced: Uninstall Windows Agent Advanced: Install BIS Certificate Advanced: Remove BIS Certificate Advanced: Apply Regular License New Job Wizard New Group New Computer Rename Delete Change Agent Setting Permissions Job Scheduling Wizard

x64
Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes No No Yes Yes Yes Yes Yes Yes Yes Yes Yes

IA64
Yes Yes Yes Yes Yes Yes No Yes Yes No Yes Yes Yes

SPARC
Yes Yes Yes Yes Yes No No Yes Yes No Yes No Yes

Yes Yes Yes No No Yes Yes Yes Yes Yes Yes Yes Yes Yes

Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

Creating a Disk Image


This task creates an image of a computers hard disk. You can save the disk image as an .IMG file, .EXE file, .WIM file, .DMG file, or as a .GHO file

Create an image file using the New Job Wizard or adding the task when Building New Jobs. You can distribute the disk image file using the Distributing a Disk Image task. This task will run Altiris RDeploy.exe from the console to capture and migrate hard disk images.

Altiris Deployment Solution 6.8 SP2

158

Note To create an image of a computer, you must boot to DOS, Linux, or Windows PE. This requires that you set up an Altiris PXE Server or install an automation partition.

To create a disk image


1. Select an imaging tool from the drop-down list. You can select RapiDeploy (Text mode), RapiDeploy (Graphics mode), RapiDeploy (Linux mode), ImageX, Mac Image or Ghost. The following are the RapiDeploy options for imaging. RDeploy Options RDeployT is the default imaging executable. This facilitates the imaging of thin client computers. Graphical Mode (RDeploy). Select this option to run the RDeploy in a GUI mode. Text Mode (RDeployT). Select this option to run the RDeploy in a text mode. Linux (RDeploy). Select this option to run the RDeploy in Linux mode. You can select the ImageX or Mac Image option for imaging. If you select ImageX, the image is created as a .WIM file. If you select Mac Image, the image is created as a .DMG file. For information on creating and deploying a Mac Image, see Creating a Mac Image (page 160). You can also select the Ghost option for imaging. If you select Ghost, the image is created as a .GHO file. For information on creating and deploying a Ghost Image, see Creating a Ghost Image (page 161). Important Linux (RDeploy) and Ghost options are available only when the ImageTools.ini file is stored in the eXpress folder. 2. Enter any additional parameters in the Additional Parameters field. You can add command-line options specifically for the RapiDeploy program to execute imaging tasks. See the Command-line Switches in the Deployment and Migration Guide. 3. Enter a path and file name to store the disk image file. You can store image files to access later when a managed computer is assigned a job that includes the image file. The default file name extension is .IMG. Saving image files with an .EXE extension makes them into self-extracting executable files (the run-time version of RapiDeploy is added in the file). You can also save ImageX files with a .WIM extension, a Mac image with a .DMG extension, and a Ghost image with a .GHO extension. 4. Select Disable image path validation if you want to store the image file outside of the Deployment Share file structure. If you do not select this option and do not specify a Deployment Share path, you can see a warning message indicating this and reminding you that your automation process must be configured to use the path indicated in the Name field. You can still save your image to a location outside of the Deployment Share file structure even when you do not select this option. This option only eliminates the warning message. You can use this option to store images locally on the managed computer's hard drive or to an additional server used to store images.

Altiris Deployment Solution 6.8 SP2

159

When storing images locally on the managed computer's hard drive, be sure to enter the path relative to the managed computer (Example: C:\myimage.img). When you store an image locally on a managed computer instead of a file server, you save server disk space and reduce network traffic. Prerequisite: To store images locally on the managed computers hard drive, you must have a hidden automation partition installed on the managed computer's hard disk with the required disk space to hold the images you want to store. Caution When imaging computers where images are stored on the managed computers hidden automation partition, use the option to remove the automation partition only when you want to clear all images from the computer. 5. Select Prepare using Sysprep to use Sysprep to prepare system for imaging and click Sysprep Advanced Settings. See Advanced Sysprep Settings for Creating a Disk Image (page 162). From the Operating System drop-down list, select the operating system. Note Click Add new to go to the Sysprep Settings dialog and select the OS Information. 7. 8. From the Product Key drop-down list, select the product key. From the Automation pre-boot environment (DOS/Windows PE/Linux) dropdown list, select the required pre-boot environment to perform the Create Disk Image task in the selected pre-boot environment. By default, the DOSManaged Boot Option type is selected. Note ImageX requires a Windows PE x86 pre-boot environment. 9. (Optional) To select Media Spanning and additional options, click Advanced. See Create Disk Image Advanced (page 162).

6.

10. Click OK (if you are using the New Job Wizard) or click Next. 11. (Optional) Set Return Codes. See Setting Up Return Codes (page 193). 12. Click Finish. The task appears in the Task list for the job. Tip If an imaging Job fails on a managed computer, the Deployment agent configuration page appears on the client. This screen displays a prompt to confirm if the user wants to configure the client or restore the original settings. On the client screen, select Cancel > Restore Original Settings. See also Deployment Tasks (page 156).

Creating a Mac Image


You can create a Mac Image using the Create Disk Image job.

To create a Mac Image


1. From the Imaging Tool drop-down list, select Mac Image (.dmg).

Altiris Deployment Solution 6.8 SP2

160

2.

Provide the disk number in the Additional Parameters field using the following format: -d[disk#] By default, all partitions of disk 1 are imaged. To image a different disk, provide the disk number in the Additional Parameters field using the same format.

3.

Enter the path and file name to store the disk image. Caution The captured disk image must be stored on an AppleTalk Filing Protocol (AFP) share.

4.

Specify the share using the following format: //server/sharepoint/path/filename.dmg If no credentials for this server are provided in the automation configuration, the guest account is used by default.

5.

Provide the account credentials as part of the path using the following format: //username:password@server/sharepoint/path/filename.dmg

6. 7. 8.

Click Next. The Return Codes dialog appears. (Optional) Set Return Codes. See Setting Up Return Codes (page 193). Click Finish. The Mac image is created.

Note The Sysprep settings option is disabled if you select Mac Image as the Imaging Tool. The Automation pre-boot Environment for Mac Image is the Default Automation when capturing Mac images. This option uses the PXE functionality of the operating system of the specified server. For more information on configuring PXE, see the PXE Configuration Utility Help.

Creating a Ghost Image


Symantec Ghost Solution Suite is a corporate imaging and deployment solution. It also provides operating system migration, software distribution, computer personality migration, hardware and software inventory, and secure system retirement. You can create a Ghost Image using the Create Disk Image job. Important To use the Ghost Solution for creating a disk image, you have to store the ghost.exe and ImageTools.ini files in the Program Files\Altiris\eXpress\Deployment Server directory.

To create a Ghost Image


1. 2. 3. 4. From the Imaging Tool drop-down list, select Ghost Image (.gho). Add any additional parameters in the Additional Parameters field. Enter the path and file name to store the disk image. (Optional) To disable the validation of the image path, select the Disable image path validation check box. This is useful if the image is stored locally, or if you are retrieving the image from a remote server.

Altiris Deployment Solution 6.8 SP2

161

5. 6.

To use Microsoft Sysprep, select the Prepare using Sysprep check box and specify the operating system and product key. From the Automation pre-boot environment (DOS/Windows PE/Linux) dropdown list, select the required pre-boot environment to create the disk in the selected pre-boot environment. By default, the Default Automation (Auto-select) type is selected.

7.

Click Next. The Return Codes dialog appears.

8. 9.

(Optional) Set Return Codes. See Setting Up Return Codes (page 193). Click Finish. The Ghost image is created.

Advanced Sysprep Settings for Creating a Disk Image


You can use the Advanced Sysprep Settings dialog to specify Sysprep mass storage device support. By default, the Enable mass storage device support using built-in drivers option is selected. Disable mass storage device support. When this option is selected, the Sysprep.inf file contains the section [Sysprep] with the key value pair as BuildMassStorageSection = No. Enable mass storage device support using built-in drivers. When this option is selected, the Sysprep.inf file contains the section [Sysprep] with the key value pair as BuildMassStorageSection = Yes. Enable mass storage device support using the following: When this option is selected, the Sysprep.inf file contains the section [SysprepMassStorage] and is appended by contents of the file mentioned in the Mass storage section file field. You can also copy the drivers directory mentioned in the Mass storage drivers field.

Advanced Sysprep Settings for Creating a Disk Image in Windows Vista


You can use the Sysprep advanced settings dialog to specify the settings for any Windows Vista operating system. If you select Windows Vista as the operating system under Sysprep settings on the Create Disk Image dialog and click Advanced Settings, the Sysprep advanced settings dialog for Windows Vista appears. This dialog lets you select Plug-n-Play (PnP) drivers options, as well as Sysprep options, such as command-line options.

Create Disk Image Advanced


Media Spanning Maximum file size. The Maximum file size supported is 2 GB. To save an image larger than 2 GB, Deployment Server automatically breaks it into separate files regardless of your storage capacity. From the Maximum file size list, select a media type. Specify ___ MB. If the preferred type is not on the list, enter the file size you want in the field.

Altiris Deployment Solution 6.8 SP2

162

Additional Options Do not boot to Production. Select this option to create an image of the hard disk while booted to DOS without first booting to Windows to save network settings (TCP/IP settings, SID, computer name, and so on). If you select this option, these network settings are not reapplied to the computer after the imaging task, resulting in network conflicts when the computer starts up. Compression. Compressing an image is a trade-off between size and speed. Uncompressed images are faster to create, but use more disk space. Select Optimize for Size to compress the image to the smallest file size. Select Optimize for Speed to create a larger compressed image file with a faster imaging time. The default setting is Optimize for Speed. Note Configuration restoration after imaging a compressed drive is not supported for this release. Enter an image description (optional) in the Description field to help identify the image.

Distributing a Disk Image


Distribute an RDeploy, ImageX, or Mac image file to managed computers to lay down a previously created hard disk image.

Distribute a hard disk image using the New Job Wizard or adding the Distribute Disk Image task when Building New Jobs. You can create the disk image file using the Creating a Disk Image task.

Note If you deploy a Windows image over a Linux computer or a Linux image over a Windows computer, you must change the path of the Deployment Agent for the Windows log file.

To distribute a disk image


1. 2. 3. Open the New Job Wizard (page 148). From the job wizard, click Add > Distribute Disk Image. The Distribute Disk Image dialog appears. Click Select a disk image file to select a stored image file. This lets you set down a new image file from a previously imaged computer. Enter the name of an existing image file. If you do not want the Deployment Server to validate the selected path, select Disable image path validation. This is useful if the image is stored locally, or if you are retrieving the image from a remote server. 4. Click Select a computer on the network to image a source computer on the network. Enter the name and location of the source computer to both create an image and distribute the newly created image file.

Altiris Deployment Solution 6.8 SP2

163

This option saves an image of a selected computers hard disk in its current state each time the job executes. You can schedule the job to image a specified computer every time it runs, which updates the image each time. Select the Save the disk image as a file while distributing option to save the newly created image file to a specified disk drive. If you use a reference computer as the image source, you can also choose to save the image as a file for later use. Select the check box to save the image and type in or browse for the location where you want to store the file. 5. Select Prepared using Sysprep to use Sysprep to prepare the system for imaging. Then, click Advanced Sysprep Settings. See Advanced Sysprep Settings for Distributing a Disk Image (page 166). From the Operating System drop-down list, select the operating system. Note Click Add New to go to the Sysprep Settings dialog and select the OS Information. 7. 8. From the Product Key drop-down list, select the product key. Click Automatically perform configuration tasks after completing this imaging task to restart the computer and push the configuration settings to the imaged computer. (Optional) Click Advanced to resize partitions and set additional options. See Distribute Disk Image-Resizing (page 166). Click OK.

6.

9.

10. From the Automation pre-boot environment drop-down list, select the required pre-boot environment to perform the Distribute Disk Image task. The option reported by the PXE Manager is the default pre-boot environment option. 11. If you are using the New Job Wizard, click OK. Otherwise, click Next. 12. (Optional) Set Return Codes. See Setting Up Return Codes (page 193). 13. Click Finish. See also Deployment Tasks (page 156).

Distributing a Mac Image


You can deploy a Mac Image using the Distribute Disk Image job.

To deploy a Mac Image


1. 2. Select the Select a disk image file option. In the Name field, provide the path to the Mac (.DMG) image stored on an AppleTalk Filing Protocol (AFP) share by using the following format: //server/sharepoint/path/filename.dmg If no credentials for this server are provided in the automation configuration, the guest account is used by default. 3. Provide the credentials as part of the path using the following format: //username:password@server/sharepoint/path/filename.dmg 4. Select Automatically perform configuration task after completing this imaging task to run the configuration task after the imaging task is complete.

Altiris Deployment Solution 6.8 SP2

164

5. 6. 7.

Click Next. The Return Codes dialog appears. (Optional) Set Return Codes. See Setting Up Return Codes (page 193). Click Finish. The Mac image is deployed.

Note The Image is stored locally on the client and the Sysprep settings options are disabled when you select a Mac image. The Select a computer on the network feature is not supported when using Mac Imaging. The Automation pre-boot Environment for Mac Image is Default Automation when deploying Mac images. This option uses the PXE functionality of the operating system of the specified server. For more information on configuring PXE, see the PXE Configuration Utility Help.

Distributing a Ghost Image


You can distribute a Ghost (.GHO) image using the Distribute Disk Image task.

To distribute a Ghost image


1. 2. On the Distribute Disk Image dialog, select the Select a disk image file option. Browse and select a .GHO image. If you do not want the Deployment Server to validate a selected path, select Disable image path validation. This is useful if the image is stored locally, or if you are retrieving the image from a remote server. 3. 4. To use Sysprep to distribute the image, select Prepared using Sysprep. From the Operating System drop-down list, select the operating system. Note Click Add New. From the Sysprep Settings dialog, select the operating system information. 5. 6. 7. From the Product Key drop-down list, select the product key. Add any additional parameters in the Additional Parameters field. To restart the computer and push the configuration settings to the imaged computer, select Automatically perform configuration tasks after completing this imaging task. From the Automation pre-boot environment drop-down list, select the required pre-boot environment to perform the Distribute Disk Image task. By default, the Default Automation (Auto-select) type is selected. 9. Click Next.

8.

10. (Optional) Set Return Codes. See Setting Up Return Codes (page 193). 11. Click Finish. The Ghost image is deployed.

Altiris Deployment Solution 6.8 SP2

165

Advanced Sysprep Settings for Distributing a Disk Image


You can generate the Sysprep.inf file for the Distribute Disk Image task, depending on the option selected in the Advanced Sysprep Settings dialog. Use default answer file. When this option is selected, the Deployment Server generates the Sysprep.inf file depending on the data present in the database. Use the following answer file. When this option is selected, the Deployment Server picks up the contents of the file mentioned in the Sysprep answer file textbox and prepares the Sysprep.inf file from it.

Advanced Sysprep Settings for Distributing a Disk Image in Windows Vista


You can use the Sysprep advanced settings dialog to specify the settings for any Windows Vista operating system. If you select Windows Vista as the operating system under Sysprep settings on the Distribute Disk Image dialog and click Advanced Settings, the Sysprep advanced settings dialog for Windows Vista appears. This dialog lets you select Sysprep answer file options.

Distribute Disk Image-Resizing


By default, whenever you deploy an image, you have the option to resize the partition to take advantage of the available disk space. Drive Size gives you information about the size of the image, so you can determine if you need to change partition sizes. Minimum indicates the amount of space the image will use on the target computers. Original indicates the image source disk size. Fixed Size. Select this option and enter the desired partition size. Percentage. Select this option and enter the percentage of free space you want the partition to occupy. Min. View the minimum size of the partition. Max. View the maximum size of the partition. Note FAT16 file systems have a 2 GB limit and cannot be resized larger than that (although it can be sized smaller than the minimum value). HP partitions remain a fixed size.

Distribute Disk Image-Additional Options


This option lets you specify operations for existing Automation Agents and OEM disk partitions. The options are as follows: leave the partition as it is, remove, or replace the existing partitions. If the image file does not contain any information for an automation or OEM partition, the option defaults to Leave the clients existing Automation or OEM partition as it is. RDeploy Options: Graphical Mode[RDeploy]. Click this option to choose the imaging executable as RDeploy.

Altiris Deployment Solution 6.8 SP2

166

Text Mode[RDeployT]. Click this option to choose the imaging executable as RDeployT. Text Mode or RDeployT is the default choice. Automation Partition:
Leave the client's existing BW partition as it is. If the image file contains no automation

partition information, by default, this option is selected. The automation partition remains unchanged when distributing disk images.
Delete the client's Automation partition [-nobw]. Select this option to delete the existing Automation partition from client computers. Replace the client's existing BW partition from image file [-forcebw]. Select this option to replace

the existing automation partition on the client computer with the automation partition from the image file. OEM Partition:
Leave the client's existing OEM partition as it is. If the image file contains no OEM partition information, by default, this option is selected. The OEM partion remains unchanged when distributing disk images. Delete the client's OEM partition [-nooem]. Select this option to delete the existing OEM

partition from client computers.


Replace the client's existing OEM partition from image file [-forceoem]. Select this option to replace the existing OEM partitions on the client computer with the OEM partition from the image file. Additional Command line switches. You can add command-line options specifically for the RapiDeploy program that runs imaging tasks.

Note The checkdisk command-line option should not be used from a Deployment console. The post-configuration task fails after an image restore. See also Deployment Tasks (page 156).

Imaging Computers from USB Disk on Key (DOK) Devices (JumpDrives)


Deployment Solution supports imaging clients from bootable USB Disk on Key (DOK) devices.

To image computers from USB Disk on Key Devices


1. 2. 3. 4. Format the USB DOK using HPs USB Disk Storage Format tool as FAT and make it a DOS startup disk. In Boot Disk Creator, create a new automation boot disk while creating a new configuration. Select Bootable disk-Removable disk to install on the USB Disk on Key. Copy HIMEM.SYS to the device.

Copy RDeployT.exe from the <InstallPath>\eXpress\Deployment Server\RDeploy\DOS directory to the device. 5. Copy the <Filename>.img file to the device.

Altiris Deployment Solution 6.8 SP2

167

6.

Create an Autoexec.bat with the script and command-line option, rdeployt -md -

fc:\IMAGE.img -d2
Note The -d2 switch is the most important part of the script, as it specifies the flash drive. 7. Create a Config.sys with the following:

DEVICE=C:\HIMEM.SYS switches = /f DOS=HIGH,UMB SHELL=command.com /p /E:1024 BUFFERS=20 FILES=20 STACKS=0,0 FCBS=1,0 LASTDRIVE=Z
8. Boot from the USB Disk on Key (recognized as C:) and rdeployt executes and images correctly.

Scripted OS Install
The Scripted OS Install task performs remote, automated, and unattended operating system installations over the network using answer files to input configuration and installation-specific values. Scripted installs let you deploy server and client computers across the network from installation files and perform post-installation configuration tasks. You can run scripted installs for Windows or Linux computers. Note Scripted Install requires either an automation boot disk or an Altiris PXE Server. Using embedded automations causes the selected image (DOS, Linux, Windows PE) to load and halt. It does not let the scripted install to run. When running a Scripted OS Install task, you can identify the type of operating system to install for supported languages, run the scripted install, and update with service pack installations. This task provides easy-to-use features to create an answer file for each scripted installation. Scripted installs are flexible in performing post-configuring tasks, but much slower and bandwidth intensive. Complete network and Web server installation and configuration tasks profit most from scripted installs. Windows. Use complete unattended install features to copy Windows operating system source files quickly to the Deployment Share and easily create an answer file. Configured operating system install sets can be reused to build and run scripted install jobs as needed. See Scripted Install for Windows on page 169. Linux. Run scripted install jobs to remotely install different versions of Linux. You can customize sample scripted install jobs installed with the Deployment Server system and

Altiris Deployment Solution 6.8 SP2

168

create a kickstart answer file to remotely run a scripted install. See Scripted Install for Linux (page 174).

Scripted Install for Windows


1. 2. 3. After selecting Add > Scripted OS Install, click the Windows option. Select the type of Windows operating system to install. See Select Operating System Version and Language (page 170). Click Next. Select the required pre-boot environment from the Automation - PXE or BootWorks environments (DOS/Windows PE/Linux) drop-down list to perform the Distribute Disk Image task in selected pre-boot environment. The option reported by the PXE Manager is the default pre-boot environment option. Select source files. Click the list to select the Windows operating system source files already copied to your Deployment Share. See Installation Source Files (page 171). Click Add New from the list to set up the new operating system installation files. See Operating System-Source Files (page 171). Click OK after entering a unique name and the path to the operating system installation source files. The source files will be copied over to the Deploy folder in the Deployment Share directory. The first source files added are given a generic name of WinOS001, with additional operating system source folders named to WinOS002, WinOS003 and so on. Service Pack source files are also stored as an WinSP00x.img file. This process could take a few minutes. Because the installation source files are copied over to the Deployment Share, when running subsequent scripted installs you do not need to add new source files for this version of Windows. They can be selected from the list of installation source files. See Installation Source Files (page 171). Note When importing Scripted Install jobs, you must edit the job files to point to the installation source files on the new Deployment Server system. This requires you to run the Scripted Install for Windows wizard and modify the path and name of the folder for the Installation Source Files for the exported jobs. This is required for both the main installation and service pack installation files. See also Importing and Exporting Jobs (page 192). 6. 7. After the source files are copied, select the newly created operating system source name from the Installation Source Files list. Click Next. Click to distribute a DOS disk image (default), or continue without distributing a DOS image and partition and format the hard disk of the destination computer using custom scripts or setup utilities. Click Advanced to set partition size, delete hidden partitions or set RapiDeploy command-line parameters. Click Next. See Operating System-Source Files (page 171). Note Before running a scripted install, you must install DOS. However, DOS is not required if you are using your own scripts or utilities to partition and format the client computer.

4. 5.

Altiris Deployment Solution 6.8 SP2

169

8. 9.

Import an answer file to the Deployment Database. See Import an Answer File (page 172). Click Next. Create the Answer file. See Answer File Setup (page 172). Click Next.

10. Set command-line options for cmdlines.txt files and for the WINNT installation program. See Command-line Switches for Scripted Install (page 173). Click Next. 11. View and modify the Deployment Agent for Windows configuration file from the dialog. See Deployment Agent Settings for Scripted Install (page 173). Click Next. 12. View the summary of the selected options. See Scripted Install Summary (page 174). Click Next. 13. Set up return codes for the Scripted Install task. See Setting Up Return Codes (page 193). Click Finish. See also Scripted OS Install (page 168).

Select Operating System Version and Language


Identify the operating system version to run in a scripted install. The selected version and language must correspond to your Windows installation files. We support multiple languages for the following Deployment Solution utilities. Boot Disk creator Image Explorer PXE Configuration Utility Remote Client Installer Control Panel Applet DS Info PW Util (Password utility) Switch Management Select the operating system version. Select the Windows operating system you want to install from the list. Click Template if you want to install another version or language of a Windows operating system not provided in the list. Select the operating system language. Select the language version of the operating system to install. The language must correspond to the operating system source files. If you selected the Template option, only the Multilingual language option can be selected (this is a generic language option). Automation (Pre-boot Environment). Select the required pre-boot environment from the Automation (Pre-boot Environment) drop-down list. The option reported by the PXE Manager is the default pre-boot environment option. List of supported multiple languages German French Spanish Japanese Simplified Chinese

Altiris Deployment Solution 6.8 SP2

170

See also Scripted Install for Windows (page 169).

Installation Source Files


If you copied installation files to the Deployment Share for previous scripted installs, the name of this install source configuration appears in the list box for each operating system type and language. To create new source configuration sets for additional operating system installs, select Add new source files from the list box. Select or add new operating system source files. Select the assigned name for each operating system source configuration in the list, or select Add new source files from the list to create a new install task. Previous scripted install jobs will create a WinOS00x.img file in the Deploy directory of the Deployment Share. The Operating System-Source Files dialog lets you identify the version of Windows install files and enter the path to the files (on the CD or other medium). Select or add new service pack source files. Run service pack updates immediately after installing the operating system during the scripted install process. Previous scripted install jobs will create a WinSP00x.img file. See also Scripted Install for Windows (page 169).

Operating System-Source Files


Name operating system source configuration, identify path and automatically copy Windows installation files to the Deployment Share. Enter a unique name for the operating system source files. Enter a name for the operating system source configuration files to assign an alias to associate with the install files for a specific operating system version and language. Enter path to operating system source files. Enter the path to the I386 folder on the CD where the Windows installation programs and support files are stored. Example: browse to the CD drive and select I386\WINNT.exe. Click Open. The Windows operating system identified previously in the Installation Source Files dialog must match the source files selected here. If the name and language of the operating system does not match the installation files, you receive an error. Click OK and the files will copy from the source CD (or other volume) to the Deployment Server\Deploy directory in the Deployment Share. This process will take a few minutes. Enter a short description. Enter a description of the Windows operating system source configuration, for example: W2K Advanced Server SP3 English. This is optional. See also Scripted Install for Windows (page 169).

Partition and Format Disk


Select a DOS disk image to distribute to the client computers before starting the Windows scripted install. A DOS image is provided in the Images directory in the Deployment Share (default path in the Name field). Select a DOS disk image. Click this option to distribute a DOS image from the Deployment Share. The Deployment Server system includes a DR DOS image file that is

Altiris Deployment Solution 6.8 SP2

171

selected by default. You can create your own MS DOS image from your Windows 98 CD and build a job. Advanced. Select advanced options to set the size of the partitions, or to remove hidden partitions and add command-line options. See Create Disk Image Advanced (page 162) and Distribute Disk Image-Resizing (page 166). Continue without distributing DOS image. Click this option to not install a DOS image from Deployment Server. Skip this step if you are installing DOS using custom procedures for your environment. See also Scripted Install for Windows (page 169).

Import an Answer File


Reference a previously created answer file for a Windows scripted install. You can also view a summary of the operating system source configuration. Import existing unattend.txt. Select to import a previously created answer file to the Deployment Database. The values for the answer file are imported from the delimited text file and appear in the Answer File Setup dialog. You can enter a path and select an answer file with any name. The answer file is imported to the database, edited in the console (if required), and distributed as an unattend.txt file to the client computer. See also Scripted Install for Windows (page 169).

Answer File Setup


Use these dialogs to enter values to create an answer file for a scripted install. These values are stored in the Deployment Database. An answer file is generated from the database (unattend.txt) and distributed to each managed computer when the job executes. In the Answer File Setup, select a value (a row) in the table. A list appears in the Values column to change values for each entry. You can add new variables to each section by selecting the bottom row named Add new Variable. To add a new section to the answer file, click the right arrow until the Add new Section tab appears (the last tab on the right). Required answer file values are selected automatically in the dialog with a gray check (you cannot clear these variables). Optional but selected values have a green check. Other optional values will be cleared. Select these optional values if you want to add them to the answer file when it is generated. The various tabs in the Answer File Setup dialog correspond to the general answer file sections. See the Microsoft Windows Unattended Setup Guide for specific values for an unattended setup file. See also Scripted Install for Windows (page 169).

Add a New Variable Value or Section


Use this dialog to add new values to each variable or to add new variable sections to the answer file.

Altiris Deployment Solution 6.8 SP2

172

Enter a name for the value or section. If you add a value, this name appears in the list and entered in the cell if selected. If you are adding a section, this name appears in the new tab in the Answer File setup dialog. Enter a value to be displayed instead of the real value. Enter an alias that appears in the cell or on the tab. See the Microsoft Windows Unattended Setup Guide for your specific operating system values for an unattended setup file. See also Scripted Install for Windows (page 169).

Add a New Variable


Use this dialog to add new variables to the answer file. This variable appears as a row in the Answer File Setup dialog. Name of the variable. Select a variable name. Type of new variable. Select a variable data type. The Default value and Displayed value boxes are enabled depending on the variable type selected. Default value of the variable. Enter values for a list, text, password, or IP address types. Displayed value of the variable. Enter an alias for list item types to appear instead of the real variable value. Description. Enter comments to describe the new variable. It appears in the Description column of the Answer File Setup dialog. See also Scripted Install for Windows (page 169).

Command-line Switches for Scripted Install


Use this dialog to enter Windows commands that are executed from the cmdlines.txt file. You can also add scripted install command-line options. Switches. Add or edit switch commands to this line for the install program for the scripted install. Additional commands in the cmdlines.txt file. Enter additional Windows scripted install commands in this dialog. The commands execute in the order they are listed. The provided command installs the Deployment Agent for Windows during the Install Component phase of the installation. You can view and edit Deployment Agent settings in the next dialog. See also Scripted Install for Windows (page 169).

Deployment Agent Settings for Scripted Install


View or edit Deployment Agent for Windows settings in this dialog. You can change agent settings using this text-edit dialog. See Deployment Agent Settings (page 113) for a list of the Deployment Agent properties. Save these settings globally. Select this option to apply these settings globally. This is to maintain consistency in the way agent settings are applied. See also Scripted Install for Windows (page 169).

Altiris Deployment Solution 6.8 SP2

173

Scripted Install Summary


View a summary of the selected options for the scripted install. Click Back to change any of these settings or click Finish to complete the Scripted Install task. See also Scripted Install for Windows (page 169).

Scripted Install for Windows Vista


The Scripted OS install for Windows Vista provides a wizard to help set up Vista installation files and run sample jobs. Follow the steps in the wizard to identify the type of scripted install as Vista. You can gather all the files for Vista for the job, but the server does not build any answer file. Instead, you are asked for the location of the answer file. Also, a sample answer file is provided.

To perform a Scripted Install for Windows Vista


1. 2. On the Answer File Setup screen of the Scripted OS Install dialog, select the Modify Product Key check box. Enter the product key. Click Next. From the drop-down list on the Scripted Operating System Installation screen of the Scripted OS Install dialog, select the following options: Windows Vista as the operating system Operating system language Automation pre-boot environment Click Next. 3. 4. From the Select or add new source files drop-down list on the Installation Source Files screen of the Scripted OS Install dialog, select Vista. From the Select or add new service pack source files drop-down list on the Installation Source Files screen of the Scripted OS Install dialog, select the none option. Click Next. Select the Select a DOS disk image\Diskpart tool option on the Partition and Format Disk screen of the Scripted OS Install dialog to partition and format the disk. Click Next. Note You can select the Continue without selecting DOS image\Diskpart Tool option to partition and format the hard disk using your own scripts and setup utilities. 6. The answer file is prepared using the information entered so far. On the Scripted Operating System Installation screen of the Scripted OS Install dialog, browse to select the path of the unattended .XML file. On the Scripted OS Install Commands screen of the Scripted OS Install dialog, set the command-line options for the cmdlines.txt files and enter the additional commands in the cmdlines.txt file. Click Finish.

5.

7.

Scripted Install for Linux


The Scripted OS install for Linux provides a wizard to help set up Linux installation files and run Sample jobs. Follow steps in the wizard to identify the type of scripted install

Altiris Deployment Solution 6.8 SP2

174

and locate the answer files. You can also modify and run Sample deployment jobs to remotely run a scripted install on Linux servers and workstations. Directory. Browse to or enter the path and name of the Linux answer file (Kickstart file). Command-line. Enter the command-line options. Automation - PXE or Bootworks environment (DOS/Windows PE/Linux). Select the required pre-boot environment from the Default Automation drop-down list to perform the Backup and Restore task in selected pre-boot environment. The option reported by the PXE Manager is the default pre-boot environment option. By default the DOSManaged Boot Option type is selected. See also Scripted OS Install (page 168) and Scripted Install for Windows (page 169).

Scripted Install Summary


View a summary of the selected options for the scripted install. Click Back to change any of these settings or click Finish to complete the Scripted Install task.

Distributing Software
Send .MSI Packages, .CAB, .EXE, and other package files to selected computers or computer groups, including EBS, and .RPM files for Linux computers. This task identifies valid Altiris packages and assigns passwords and command-line options.

Distribute software packages to managed computers using the New Job Wizard or adding the Distribute Software task when Building New Jobs.

1.

Enter the name and location of the package to distribute in the Name field. Note Information about the package appears in the Description area for valid packages. If no description appears, the file is not a .RIP or a Personality Package.

2. 3. 4.

For .RIPs, if you set the password option when you created the .RIP, you must enter the password for the package to run. Select Run in quiet mode to install the package without requiring user interaction. Specify the users to associate with the .RIP or the Personality Package. Click Apply to all users to run the package for all users with accounts on the computer. If you want to send the package to a managed computer with multiple users and to install it for certain users with a unique password, clear the Apply to all users box. Example: to install a .RIP for a specific user accounts on a computer add values to the Additional command-line switches field:

-cu:JDoe;TMaya;Domain\BLee

Altiris Deployment Solution 6.8 SP2

175

Note The command-line switches are specific to any package you are distributing that supports command-line options, such as .MSI and Personality Packages. For a complete list of command-line options, see the Wise MSI Product Guide and the Altiris PC Transplant Pro Product Guide. 5. If distributing an install package or other types of packages with associated support files, you can click Copy all directory files to install all peer files in the directory. Click Copy subdirectories to distribute peer files in the directory and all files in associated subdirectories. Note Some clients may have software installed on the client computer that, for protection against harmful software, only lets software programs on a list of "well-known" executables to run. Therefore, whenever the system administrator wanted to install a patch on client computers, he or she would have to update the well-knownexecutable list on all the client computers, which could be a lot of work. To save the work of updating that list, or of manually renaming distribution packages, the "RenameDistPkg" feature was added. Now, the system administrator may update the well-known-executable list once with a filename of their choosing. The well-known filename may be entered into the Windows registry of the Deployment Server computer (the computer running axengine.exe), as the "Value data" of a string value named "RenameDistPkg" under the "HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris eXpress\Options" key. If the RenameDistPkg registry entry is set, Deployment Server renames the installation files that are copied to the client computers. This feature only affects files that are temporarily copied to the client computer as part of a "Distribute Software" task. The file that is to be executed only during the installation, sometimes referred to as the "package", is the file that gets renamed, not the files that actually get installed to various locations on the target computer. If the Copy all directory files option is enabled task, only the main (installable) file is renamed. 6. Click Advanced to specify how files are distributed to the managed computer. You can copy through Deployment Server, or copy and run directly from the Deployment Share or from another file server. See Distribute Software Advanced (page 177). Click Next. Provide additional command-line options for distributing software. (Optional) Set Return Codes. See Setting Up Return Codes (page 193). Click Finish.

7. 8. 9.

Notes When a .RIP or Personality Package is executed through Deployment Server, the quiet mode command-line option is applied. This means the user cannot interact with the user interface on the managed computer.

Altiris Deployment Solution 6.8 SP2

176

If the Personality Package is configured to run only if a particular user is logged in and only if the user has an account on the managed computer, the package runs the next time that user logs in. If the user does not have an account, the package aborts and sends an error back to the console through the Deployment Agent. If the package is not run through Deployment Server, a message appears on the managed computer and the user is prompted to abort or continue.

See also Modifying Tasks in a Deployment Job (page 189).

Distribute Software Advanced


Copy files using Deployment Server then execute. Click this option to distribute packages through Deployment Server to the managed computer, requiring two file copy transactions if the Deployment Share is on another file server. This option is run for Simple installs and is the default option. Copy directly from file source then execute. Click this option to copy packages directly from the Deployment Share if this data store is located on another server (a Custom install). It copies the file and runs it, avoiding running through Deployment Server and diminishing processor output. Execute directly from file source. Click this option to run files remotely from the Deployment Share or another selected file server. File source access and credentials. Enter the user name and password for the client computer and the Deployment Share. Both must have the same user name and password (this is not an issue if both are on the same domain). Note Windows 98 computers have security limitations when copying files directly from the source to the Deployment Agent using the UNC path name. We recommend that you use the Copy files using Deployment Server option for these types of computers or plan a proper security strategy for direct copying.

Managing the SVS Layer


The Manage SVS Layer task lets you instantly activate, deactivate or reset SVS layers. This task helps in avoiding conflicts between applications, without altering the base Windows application. You can reduce the testing time for applications, as you can install different versions of an application on the layers at the same time, and activate or deactivate the layers as required. For more information on SVS Help, refer to the Software Virtualization Solution (page 81)section. Note This task runs only on Windows computers.

Manage the SVS Layer using the New Job Wizard or adding the Manage SVS Layer task when Building New Jobs.

Altiris Deployment Solution 6.8 SP2

177

1. 2.

After creating a job, click Add > Manage SVS Layer. Enter the .VSA file name in the Layer name drop-down list, or browse and select a .VSA file. You can also enter a .VSA file path in the Layer name drop-down list. The Console checks if the path entered is correct. If it finds that the file path is correct and it is a valid .VSA file, it replaces the path name with the layer name in the .VSA file. Note The console displays a list of the previously selected layers in the Layer name drop-down list. This makes it easier for you to select a layer from the list, instead of browsing or typing the .VSA file name again.

3.

Select Import Package to import the selected layer and apply the actions present in the Action drop-down list. The actions are:

Action Name
(none) Activate Activate on startup Activate and Activate on startup

Description
Only import package. Import package and immediately activate it. Import package and activate it on startup. Import package, and immediately activate it and activate it whenever the computer starts up.

4. 5.

Click Advanced to copy files using the Deployment Server or copy files directly from the file source. SeeImport Package Advanced (page 179). Select Manage Layer to manage the selected layer using actions present in the Action drop-down list. The actions are:

Action Name
Activate Activate on startup Activate and Activate on startup Deactivate Deactivate on startup Deactivate and Deactivate on startup Delete Reset

Description
Activate layer. Activate layer on startup. Activate layer and activate it whenever the computer starts up.

Deactivate layer. Deactivate layer on startup. Deactivate layer and deactivate it on startup.

Delete layer. Reset layer.

Altiris Deployment Solution 6.8 SP2

178

Action Name
Reset and Activate Reset and Deactivate 6. 7.

Description
Reset and activate layer. Reset and deactivate layer.

Select User defined action to enter a command line. Set Return Codes. See Setting Up Return Codes (page 193). This is optional.

Note SVS clients have an automatic 120-day license. To purchase a permanent license, please visit the Altiris Sales Web site (www.altiris.com/sales.aspx).

Import Package Advanced


Copy files using Deployment Server. Select this option to copy files using the Deployment Server. Copy directly from file source. Select this option to copy files directly from their source. If you select this option, you need to enter the following File source logon details: User name. Enter the user name in this field. Password. Enter the password in this field. Confirm Password. Reenter the password in this field. Click OK.

Capturing Personality Settings


The Capture Personality task lets you save personal display and user interface settings defined in the operating system for each user. You can create a Personality Package that can be saved and distributed when migrating users. This task runs Altiris PC Transplant from the console to capture and distribute settings.

Capture personality settings using the New Job Wizard or adding the Capturing Personality task when Building New Jobs. See Distributing Personality Settings to migrate settings to another user.

1. 2.

After creating a job, click Add > Capture Personality. Enter the name of a personality template, or browse and select a template. A default personality template is included in the PCT folder of the Deployment Share (DEFAULT.PBT). Enter the name of the folder where you want to store the package. The personality template lets you define the settings, files, and options to be captured during run time. Click Template Builder to open a wizard to build a custom template.

Altiris Deployment Solution 6.8 SP2

179

3.

In User account and folder login, enter the login credentials for the managed computer from which the personality settings are captured, and the file server where the Personality Package is stored. In Package login, enter a password for the Personality Package. This is a run time password that is required when the Personality Package runs on the destination computer. Click Advanced to specify additional features. Set the Advanced options and click OK. Click Next. Set Return Codes. See Setting Up Return Codes (page 193). This is optional. Click Finish. You have now captured a personality setting and saved it as a PCT file in the selected location (most often in the PCT folder on the Deployment Server shared directory on the Deployment Share). The Capture Personality task appears in the Task list. See Distributing Personality Settings (page 180). Notes To capture a personality on a Windows 98 computer, ensure that all users have Write access to the Deployment Server share (by default at C: Program Files\Altiris\eXpress\Deployment Server in a Simple install). Also, ensure that the User account and folder login fields are blank. A user must also be logged on at the client computer to capture the client profiles. An error is returned if you attempt to capture personality settings on Windows 9x computers that are not authenticated. We recommend that you don't capture personalities for mixed groups of Windows 98 and Windows 2000/XP/2003 computers. Set the conditions on the job for either Windows 98 or Windows 2000/XP/2003 computers to ensure that the appropriate Capture Personality task runs on the appropriate computers.

4.

5. 6. 7. 8.

Capture Personality Advanced


Domain users. Select this option to capture personality settings for all domain users on the computer. Local Users. Select this option to capture personality settings for all local users on the computer. Custom. Specify users or groups to capture personality settings. Select the Custom check box and enter the Users or Groups you want to capture personality settings. Also, instead of specifying names, you can also select users that have been either created or last accessed in a specified number of days. Additional command-line switches. You can add command-line options specifically for the PC Transplant program that migrates personality settings. See the Altiris PC Transplant Reference Guide in the docs folder of the Deployment Share.

Distributing Personality Settings


The Distribute Personality task lets you save personal display and user interface settings defined in the operating system for each user. You can distribute Personality Packages to migrate personality settings. This task runs Altiris PC Transplant from the console to capture and distribute settings.

Altiris Deployment Solution 6.8 SP2

180

Distribute personality settings using the New Job Wizard or adding the Distribute Personality task when Building New Jobs. See Capturing Personality Settings to create a Personality Package.

1.

In the Name field, enter the file name and location of the PCT file. Note The information about the Personality Package appears in the Description area for valid Personality Packages (PCT files). If no description appears, the file is not a valid package. If you use a token, such as %COMPNAME% in this field, and you proceed with the job, when you apply the job to a Windows XP computer, the user must enter input before the job completes. Altiris recommends you enter a valid Personality Package name and use the Additional command-line switches fields for token values. See the Altiris PC Transplant Reference Guide for a complete list of valid commandline options.

2. 3. 4.

In the Password field, type the password set for the PCT file when created. Select Run in quiet mode to install the package without displaying the PC Transplant screens. Specify the users to associate with the Personality Package. Click Apply to all users to run the package for all users with accounts on the specified computer. If you want to send the package to a managed computer with multiple users and to install it for certain users with a unique password, clear the Apply to all users box. Example: to install a Personality Packages for a specific user accounts on a computer, add values to the Additional command-line switches field:

-user: JDoe; TMaya; BLee


Note The command-line options are specifically for Personality Packages. For a complete list of command-line options, see the Altiris PC Transplant Reference Guide. 5. Click Advanced to specify how Personality Packages are copied to the managed computer. You can copy through Deployment Server, or copy and run directly from the Deployment Share or from another file server. See Distribute Personality Advanced (page 182). This is optional. Set Advanced options and click OK. Click OK (if you are using the New Job Wizard). or Click Next. 8. 9. Set Return Codes. See Setting Up Return Codes (page 193). This is optional. Click Finish.

6. 7.

Altiris Deployment Solution 6.8 SP2

181

For more information about capturing a computer's personality settings, see the Altiris PC Transplant Help. See also Distributing Software (page 175) and Modifying Tasks in a Deployment Job (page 189).

Distribute Personality Advanced


Copy files using Deployment Server. Click this option to distribute software packages through Deployment Server to the managed computer, requiring two file copy transactions if the Deployment Share is on another file server. Use this option for Simple installs to take advantage of security rights defined by Deployment Server. This is the default option. Copy directly from file source. Click this option to copy packages directly from the Deployment Share, sending only one copy across the network. It copies the file and runs it and avoids running through Deployment Server and diminishing processor output. Because the Deployment Agent doesn't recognize shared rights and is not guaranteed to have a mapped drive to the data source, you need to identify a user name and password for the data share computer from the target computer. This option also requires a full UNC path name in the Source Path field in the Copy File dialog. Run directly from file source. Click this option to run files remotely from the Deployment Share or another selected file server. File Source Credentials. Enter the user name and password for the client computer and the Deployment Share. Both must have the same user name and password (this is not an issue if both are on the same domain).

Modifying Configuration
You can add a task to configure or modify the configuration of computer property settings using the Modify Configuration dialog. The Deployment Agent updates the property settings and restarts the computer for changes to take effect. 1. 2. After creating a job, double-click the job, and click Add > Modify Configuration. Select the Reboot after Configuration check box to restart client computer after the configuration changes are complete. By default, the check box for Reboot after Configuration is selected. Enter or edit the property settings in the Configuration dialog. Click the category icons in the left pane to set additional values for each property setting group. See Computer Configuration Properties (page 103). Click Next. Set Return Codes. See Setting Up Return Codes (page 193). This is optional. Click Finish.

3.

4. 5. 6.

See also Modifying Tasks in a Deployment Job (page 189).

Backing up and Restoring Registry Files


Note This feature has been deprecated and removed from the product in a later release.

Altiris Deployment Solution 6.8 SP2

182

Copy registry files of selected computers using the Back up Registry task and save the registry file settings to a selected directory. You can also create a Restore Registry task to copy the registry settings to a managed computer.

Copy registry settings by adding the Back up Registry task when Building New Jobs. Restore registry settings by adding the Restore Registry task.

1. 2.

Enter the directory path to back up or restore registry files. Select the required pre-boot environment from the Automation - PXE or Bootworks environment (DOS/Windows PE/Linux) drop-down list to perform the Backup and Restore task in the selected pre-boot environment. The option reported by the PXE Manager is the default pre-boot environment option. Select the required pre-boot environment from the Automation - PXE or lets you environments (DOS/Windows PE/Linux) drop-down list to perform the Backup and Restore task in selected pre-boot environment. The option reported by the PXE Manager is the default pre-boot environment option. By default the DOSManaged Boot Option type is selected. Click Advanced if Windows was installed on client computers in a directory other than the default. Enter the correct path to the root of the Windows directory. Select Include registry information for all users to back up registry keys for all user accounts. Note If you clear this check box, only the Administrator and Guest user accounts are backed up or restored.

3.

4.

5. 6. 7.

Click Next. Set Return Codes. See Setting Up Return Codes (page 193). This is optional. Click Finish.

See also Modifying Tasks in a Deployment Job (page 189).

Get Inventory
Use this task to gather inventory from an individual or group of client computers. This ensures that the Deployment database is up-to-date with the latest computer properties information. You can view the history of the Get Inventory task in the Computers History pane. See Viewing a Computers History (page 129). Click Add, and select Get Inventory from the list.

Run Script
Select an existing script or write a new script file to run on selected managed client computers.

Altiris Deployment Solution 6.8 SP2

183

Run script files on client computers by adding the New Script task when Building New Jobs. See Script Information to identify how the script appears, script security, and an option for server-side execution of the script.

1.

If you have a script file defined, click Run the script from file and browse from the folder icon to select the file. To read or edit the script file, click Modify. Note To run scripts that call an executable, use the start command. Example: start C:\windows\notepad.exe opens the Notepad application on the client computer.

2.

To create a new script, click Run this script. Type the script in the provided text box, or click Import and select a script file to import. When a script is imported you can modify it in the text box. Specify whether the script should be run from DOS, Windows, or Linux. Click Next. Set Script Information. See Script Information (page 184). Click Next. Set Return Codes. See Setting Up Return Codes (page 193). This is optional. Click Finish.

3. 4. 5. 6. 7. 8.

Notes When a computer is in an automation mode using a DOS configuration, it does not see DOS partitions. To run a script using the DOS Automation Agent, use FIRM (Filesystem Independent Resource Manager) commands. FIRM can only copy files and delete files; it cannot run code on a drive. Deployment Server assumes a return code of zero (0) as a successful script execution. Some programs return a code of one (1) to denote a successful script execution. If a program returns a one (1), you see an error message at the Deployment console even though the script ran correctly. To modify the return codes, you can edit the script file to return a code that the console interprets correctly. See also Modifying Tasks in a Deployment Job (page 189).

Script Information
Click an option to run the script on a selected managed computer or to run the script on the Deployment Server computer. Script Run Location On the client computer. The option runs the script on the managed computer to which you assign the job. Locally on the Deployment Server. This option runs a server-side script on the Deployment Server of the managed computer. In most cases you can create a serverside script task that runs in context with other tasks. Example: you can add a task to

Altiris Deployment Solution 6.8 SP2

184

image a computer and add a task to execute a server-side script to post the imaging return codes to a log file stored on the Deployment Server computer. Use the -id option for running scripts on Deployment Server when using the WLogEvent and LogEvent utilities. See Using LogEvent and WLogEvent in Scripts (page 186). Note Scripts requiring user intervention do not execute using this feature. The script runs on the Deployment Server of the managed computer, but is not visible. Example: if you run a DOS command locally on the Deployment Server, the Command Prompt window does not open on the Deployment Server computer when the script executes. When running the script on the Deployment Server, it executes specifically for the assigned managed computer. Example: if you create a job with a script to run locally on the Deployment Server and assign the job to 500 computers, the script runs on the Deployment Server 500 times. Client Run Environment Select the environment for your client. You can run in either production or automation mode. Production - Client-installed OS (Windows/Linux) This is the type of Security Context. This identifies the security options for running scripts. Default (local system account). Use the network security account established to administrate all managed computers. Specific user. If you have selected to run the task on the local Deployment Server, you are required to enter an administrator user name and password for that Deployment Server account. (In most cases Deployment Server does not have the Deployment Agent installed, prohibiting it from using a network security account.) Script Window. Select how you want the script window to appear: minimized, normal, maximized, or hidden. Script Options - (Windows/Linux) Additional command-line switches. Enter in commands to execute when the script runs in Windows or Linux. Automation - PXE or Bootworks environment (DOS/Windows PE/Linux). Click to run the script in the automation environment. Select a pre-boot automation environment from the drop-down list. If you select Linux as the operating system type, the Locally on the Deployment Server option is disabled and only the Additional command-line switches under the Production Client installed OS (Windows/Linux) is enabled. If you select DOS as the operating system type, the Locally on the Deployment Server option and the Production - Client-installed OS (Windows/Linux) option is disabled. Example Script The process to convert NT4 from FAT16 to NTFS normally returns a 1 after a successful completion. Here is an example of the file that is modified to return a code of 0 (which is the success code recognized by the Altiris Console and utilities). You can make similar changes to your script files as needed. CONVERT /FS:NTFS

Altiris Deployment Solution 6.8 SP2

185

if ERRORLEVEL 1 goto success goto failure :success set ERRORLEVEL = 0 goto end :failure echo Failed set ERRORLEVEL = 1 goto end :end

Using LogEvent and WLogEvent in Scripts


The logging features, LogEvent and WLogEvent, accommodates detailed logging to help debug complex scripts. These utilities include the following features: Logging is stored in the database instead of a log file. A DOS-based tool can be called from any script file to log status and error codes. The console displays and works with the new status messages. LogEvent posts status messages back to the Deployment Console, letting you view the status of the script. It is a light-weight reporting tool that can log both status strings and status codes to the history file and the console. LogEvent Use the LogEvent utility for DOS and Linux scripts. WLogEvent Use the WLogEvent utility for Windows scripts. The LogEvent and WLogEvent utilities are command-line driven only there is no user interface. Use both utilities with the following switches. LOGEVENT -c:code -id:%ID% -l:level -ss:message code is any number for a return code level. id is used for server-side scripting only. For server-side scripts you must add the id:%ID% switch. See the Locally on the Deployment Server option on Script Information to select a server-side script. level is the severity level. The following levels are used: 1 = Information message 2 =Warning message 3 = Critical failure message. Only this level can be used to set up a return code. See Setting Up Return Codes (page 193). The response does not execute for a return code unless a level 3 is specified when using the LogEvent and WLogEvent command in a script. message is the status string. If spaces exist in the message, the string must be contained in quotes. Specifying a severity level of 3 causes the script job to fail.

Altiris Deployment Solution 6.8 SP2

186

Example Scripts REM Bootwork unload Set ImageName=F:\Images\XPIntel.img rdeploy -mu -f%ImageName% -p1 logevent -l:1 -ss:Created %ImageName.

REM Execute WLogEvent.exe from CMD script REM This script requires WLogevent.exe to reside on the client REM in the temp directory .\WLogevent.exe -c:0 -l:1 -ss:Running Dir on %NAME%" dir .\WLogevent.exe -c:0 -l:1 -ss:Finished with the DIR command on %NAME%"

Copy File to
Copy all types of files to managed computers. You can send selected files or directories to a computer or computer group.

Send files to client computers by adding the Copy File to task when Building New Jobs. Use the Copy File to operation (see the Remote Operations Using Deployment Solution menu) to copy files quickly from Computers pane in the console.

1. 2.

Click either the Copy File or Copy Directory option. Click Copy Subdirectories to copy all subdirectories. Enter the directory path and name of the file or directory. The Source path defaults to the Deployment Share, but you can type or browse to a file or directory. To copy files or directories through Deployment Server from the Deployment Share, you can enter a relative path in this field. To copy files or directories directly from the Deployment Share to the managed computer, you must enter the full UNC path name. See Copy File to Advanced (page 188). Note When entering the source path for copying files through the Deployment Server, you can only access the shared directories through an established user account. Specifically, you can only use UNC paths when you have sufficient authentication rights established.

3.

Select the Allow to run in automation check box to run this task in automation mode.

Altiris Deployment Solution 6.8 SP2

187

Note This option is only applicable for Linux and WinPE automation. 4. Type the destination path. The Destination path field automatically enters a sample path, but you can enter the directory path you require. If the destination path does not exist on the destination computer it is created. Click Advanced to specify additional features to copy files through Deployment Server or directly from a file server. See Copy File to Advanced (page 188). Click Next. Set Return Codes. See Setting Up Return Codes (page 193) (Optional). Click Finish.

5. 6. 7. 8.

See also Modifying Tasks in a Deployment Job (page 189).

Using Location Variables


Location variables are being added to Deployment Server for the Copy Files feature, letting you enter a token variable rather than requiring a complete location path when copying files to a managed computer (a client computer running the Deployment Agent). The current variables include: Temp. Enter Temp in the Destination path to set the Temp directory (identified in the system path) for the managed computer. Example: instead of entering C:\windows\temp\setup.exe in the Destination path, just enter temp:setup.exe.

Copy File to Advanced


Select options to copy files directly from the Deployment Share. This option is for files stored on another network server in a distributed Deployment Server installation. Copy files using Deployment Server. This option distributes software packages through Deployment Server to the managed computer, requiring two file copy transactions if the Deployment Share is on another file server. Use this option for Simple installs to take advantage of security rights defined by Deployment Server. You can use a relative path name entered in the Source Path field in the Copy Files dialog. This is the default option. Copy directly from file source. Click this option to copy packages directly from the Deployment Share, sending only one copy across the network. It copies the file directly to avoid running through Deployment Server and diminishes processor output. Because the Deployment Agent doesn't recognize shared rights and is not guaranteed to have a mapped drive to the data source, you need to identify a user name and password for the data share computer from the target computer. This option also requires a full UNC path name in the Source Path field in the Copy File dialog. File Source logon. Enter the user name and password for the client computer and the Deployment Share. Both must have the same user name and password (this is not an issue if both are on the same domain). Note Windows 98 computers have security limitations when copying files directly from the source to the Deployment Agent using the UNC path name. We recommend that you use the Copy files using Deployment Server option for these types of computers or plan a proper security strategy for direct copying.

Altiris Deployment Solution 6.8 SP2

188

Power Control
Start the computer using Wake on LAN or run standard power control options to restart the computer, shut down, or log off the current user.

Wake up, shut down or log off client computers by adding the Power Control task when Building New Jobs. See the Power Control operation to send commands quickly from the console.

1. 2. 3. 4. 5. 6. 7.

Create a job. Click Add > Power Control. Select an option: Restart, Shut down (if available), Log off or Wake up (Send Wake-On-LAN). Select Force application to close without message, if applicable. Click Next. Set Return Codes. See Setting Up Return Codes (page 193) (Optional). Click Finish.

Wait
Use the Wait task to boot a computer in the automation mode and wait for user interaction. 1. 2. Create a job. Click Add > Wait. The Wait Information dialog appears. 3. 4. 5. 6. From the Select automation pre-boot environment (DOS/Windows PE/Linux), select the appropriate pre-boot environment. Click Next. (Optional) Set Return Codes. See Setting Up Return Codes (page 193). Click Finish.

Modifying Tasks in a Deployment Job


You can build jobs by adding or modifying deployment tasks. When you modify the tasks in a job, any computer already scheduled to run the job runs the modified job.

To add a task to a job immediately


If the task (image, batch file, executable, and so on) is saved in the product directory, it appears on your Resources list in the Shortcuts pane. Simply drag it to an existing job and it is added.

To add a task to a job


1. Double-click the job you want to modify in the Jobs pane.

Altiris Deployment Solution 6.8 SP2

189

2. 3. 4. 5.

Click Add and select another task from the menu. Follow the basic instructions on each dialog provided for each task. Select the type of task you want to add and follow the directions. After finishing task configuration, a new task appears in the Jobs list. Change the order of the tasks using the up and down arrows. The tasks execute in the order listed.

To copy and paste a task


Use the steps below to copy and paste tasks within the same job, or from one job to another. You can use CTRL+C and CTRL+V to copy and paste tasks. 1. 2. Click the job that contains the task you want to copy in the Jobs pane. In the Details pane, right-click the task, and select Copy Task. (To copy multiple tasks, press the CTRL key and select the desired tasks. The tasks that are highlighted are copied when you select Copy Task.) In the Jobs pane, click the destination Job where you want to paste the task. Right-click in the Details pane and select Paste Task. The tasks appear at the bottom of the task list, and use the condition settings of the current job. Change the order of the task using the up and down arrows. The tasks execute in the order listed.

3. 4. 5.

To modify a task in a job


1. 2. 3. Double-click the job you want to modify in the Jobs pane. Select the desired task from the list. Click Modify and follow the directions to make your changes. Click OK.

To remove a task from a job


1. 2. 3. Double-click the job you want to modify in the Jobs pane. Select the task you want to remove from the task list. Click Delete. Click OK.

To copy and paste tasks


Use the steps below to copy and paste tasks within the same job or from one job to another. You can also use CTRL+C and CTRL+V to copy and paste tasks. 1. 2. Click the job that contains the task you want to copy in the Jobs pane. In the Details pane, right-click the task, and select Copy. (To copy multiple tasks, press the CTRL key and select the desired tasks. The tasks that are highlighted are copied when you select Copy.) In the Jobs pane, click the destination Job where you want to paste the task. Right-click in the Details pane and select Paste. The tasks appear at the bottom of the task list and use the current condition settings of the destination job. Change the order of the task using the up and down arrows. The tasks execute in the order listed.

3. 4. 5.

Altiris Deployment Solution 6.8 SP2

190

To add a new task to an existing task list


1. 2. 3. Select a job from the Jobs pane. Click on one of the tasks within the job and add a new task. The new task is inserted above the task you highlighted, and all other jobs shift down one position. Use the up and down arrows to change the order of the tasks within the job.

Modifying Multiple Change Configuration Tasks


If you have scheduled multiple Modifying Configuration tasks to a computer group, you can double-click Change Configuration in the task list of the Details pane to modify each computers configuration settings independently. 1. Click the job in the Jobs pane with a Change Configuration task. Double-click the Change Configuration task. A message appears. Click YES to modify configuration settings individually for each scheduled computer. Click NO to modify the Change Configuration task when the job is scheduled again (the current job sends modified configuration files already created). If you click YES, a Modify Job wizard appears with a list of each managed computer scheduled to change configuration settings. Select one or more computers and click Next. 2. 3. 4. In the Computer Configuration Properties property page, modify settings. Click Next. Set Return Codes. See Setting Up Return Codes (page 193). Click Finish.

Creating New Script Files


You can create script files and directly schedule the script file to run scripts on any computer or computer groups.

To create new script files


1. 2. 3. Go to View > Shortcuts View. Click Resources in the Shortcuts view to move the focus to the Resources view. Go to File > New > Script File. Note The Script File option is activated only if the focus is on the Resources view. A script file is created by default at the root of the resources. The default file name is Batch.bat. 4. Right-click the Batch.bat file, and select Modify. Note You can rename the batch file, by right-clicking the file, and selecting Rename. 5. Type the script in the open file, and save it.

Altiris Deployment Solution 6.8 SP2

191

6. 7.

Drag the Batch.bat file to a computer or computer group where you want to schedule the job. Specify the scheduling options, and click OK. See Scheduling Jobs (page 155).

Copy and Paste Jobs and Job Folders


Jobs or job folders (including their subfolders) can be copied to any other job folder in the left pane of the Jobs pane of the Deployment Console. A Job folder can only be copied to a root level folder, which has a limit of 30 subfolders, and cannot be copied to a child level folder. If you copy a job or folder with the same name as the destination job or folder, the copied job or folder is automatically named Copy of <job or folder name>. This feature can only be performed by administrators or users who have been granted permissions to create jobs, or job folders.

To copy jobs and job folders


1. 2. In the Jobs pane, right-click a job or job folder you want to copy, and click Copy. Right-click the destination job folder in the Jobs pane and click Paste.

Importing and Exporting Jobs


Jobs can be exported to back up Deployment Server data or to share jobs between Deployment Server installations.

To import jobs
1. Right-click in the Job pane, and select Import or Click File > Import/Export > Import Jobs. 2. 3. 4. 5. Browse to or type the path and name of an existing import file (a .BIN file). Select Import to Job Folder to import the jobs to an existing folder in the Jobs pane. If you have a folder already selected, it appears in the edit field. Select Overwrite existing Jobs and Folders with the same name to replace identical jobs and folders. Select Delete existing jobs in folder to overwrite and replace all jobs in the selected Jobs folder. Click OK to import the job(s).

To export jobs
1. Right-click the job or Jobs folder you want to export and select Export. or Click File > Import/Export > Export Jobs. 2. 3. 4. Select the destination folder and enter a file name. Click Export subfolders to export all folders subordinate to the selected job folder. Click OK.

Altiris Deployment Solution 6.8 SP2

192

Setting Up Return Codes


When you create a task in a job, you can define a response to specific return codes generated from that task after it runs. You can determine the response if the task runs successfully or if the task fails. You can also set up custom return codes generated from scripts or batch files that are unique to your environment or deployment system. Note Return code handling cannot be set up for jobs created in the New Job Wizard. When creating a task, the Return Codes dialog appears so you can set a response if the task was successful or to determine a default response if the task failed. Because Deployment Server returns a 0 (zero) if the task runs successfully, any other return code value denotes some type of failure in running the task. As a result, in the Success field you can select an action if the return code is 0 (zero), or select an action in the Default field if the return code is not a 0 (zero). Return codes are first evaluated to be successful (zero) or failed (non-zero). If the task returns as successful, it runs the action in the Success box. If it is not successful, it determines if the return code has been assigned a custom code value. If the return code is defined as a custom code, the selected action for that custom code is executed. If no custom code is assigned to the return code, the action set in the Default is executed. Note If you are using LogEvent and WlogEvent in Scripts, you can generate return codes only when the level 3 message is specified. Specifying a severity level 3 causes the script job to fail and lets you respond using this return code feature.

Return Code Actions


For both successful tasks (in the Success field) and failed tasks (in the Default field), you can determine these specific actions: Stop. This action stops the job after the task runs. Subsequent tasks do not run. Continue. This action continues with subsequent tasks in the job after the task runs. Select a job. This action lets you select existing jobs to run after the task completes. These actions also apply to custom return codes designed specifically for your system.

Custom Return Codes


In the Other return codes area, you can view custom return codes set specifically for your system. You can add return codes by clicking Add below the Other return codes area, or by clicking Master Return Code. Type a custom code in the Code field, select a response action from the Response list, select the status from the Status list to specify the interpretation of this return code as Success or Failure, and provide a message in the Message field. These custom codes can respond to any return codes set up in scripts or batch files in the Run Scripts task, or these custom codes can respond to system return codes thrown from Deployment Server or external codes generated when distributing applications, personality settings, or disk images. Any task can have custom codes that respond to different return code values.

Altiris Deployment Solution 6.8 SP2

193

Master Return Codes. This is a list of all the return codes existing in the Deployment database. You can add, modify, and delete the codes and their values so that setting codes for other tasks is easier. Add. This lets you add a new custom return code for the task. You can also add the return code to the Master Return Codes list. Modify. This lets you modify the return codes listed in the Other return codes area. The changes you make do not update the Master Return Codes list. Delete. This lets you delete return codes listed in the Other return codes area, but not from the Master Return Codes list.

To set up Master Return Codes


The Master Return Code List dialog lets you: Add, modify, and remove return codes in the master list. Select return codes for the current job from the drop-down list. To add Master Return Codes 1. 2. Select a job from the Jobs pane. Click Add in the right pane to add a task. Select the task. The task dialog appears. Note You can add Master Return Codes for all tasks except Get Inventory. 3. 4. 5. 6. Click Next until the Return codes page appears. Click Master Return Codes. The Master Return Codes List dialog appears. Click Add. The Add Return Code dialog appears. Enter the return code in the Code field and click OK. The code is added to the master list.

To modify Master Return Codes


1. 2. Click Modify. The Modify Return Code dialog appears. Enter data in the Response, Result, and Status fields and click OK. The code is modified.

To delete Master Return Codes


1. 2. Click Delete. A warning message appears to confirm the deletion. Click OK to delete the return code from the Master list. Click OK.

Note The OK and Cancel options apply to the return codes selected. If no return codes are selected, or none exist in the list, OK is disabled. Click OK on the Master Return Codes List dialog to add the selected return codes to the current job.

To set up return codes


To set up return codes, you need to determine how to respond to the Deployment Server success return code (zero) in the Success box, how to respond to a failure

Altiris Deployment Solution 6.8 SP2

194

return code (a non-zero) in the Default box, and how to respond to a custom or externally generated return code defined in the Other return codes box. The example below describes how to set up a simple process to deal with custom and system return codes, and how to interpret the status of user defined return codes: 1. 2. 3. 4. 5. In the Success list box, keep the default value Continue. This lets the job continue running additional tasks in the job after successfully completing this task. Click Add to add custom return codes. The Add Return Code dialog appears. In the Code field, enter a value of 10 (ten). Click the Response drop-down arrow and select Continue from the list. Click the Result drop-down arrow and select Success from the list. Even if the return code was not zero, which is success by default, the task is considered a success as per the users choice. Enter a description for the return code in the Status field. This is the message that appears when the task within a selected job, executes. Select the Add to Master return code list check box to add the custom code to the master return code list. The code is listed in both, the Other return code and Master Return Codes list. This is helpful if you want to use the return code again. Click OK. The return code is added to the list of Other Return Codes. If the code you added already exists, a message dialog displays the return code and asks if you want to replace it. Click Yes to replace the return code, and click No to return to the Add Return Code dialog.

6. 7.

8. 9.

10. Select Select a job from the Default box to select a job to be executed when a default condition is reached. The Select a Job dialog opens, letting you select an existing job that runs if the task returns a failed system return code (non-zero) or a return code not defined as a custom return code. Note The status of the tasks executed in a job also appears in the history of a computer.

Sample Jobs in Deployment Solution


Sample jobs are installed with each Deployment Server system, letting you quickly modify or add parameters, or to run the sample jobs as they are. During installation, jobs are automatically imported from the samples.bin file to the Deployment Server system where they can be viewed in the Samples folder in the Jobs area of the Deployment console. Click each job and identify its features in the Description field of the Details pane. Jobs in each folder marked with an asterisk (*) require input parameters or other minor modifications added before running on your system. These modifications let you add parameters to the job, such as user name and password or other required data for the job to be functional. Jobs requiring input parameters or customizing do not function properly if you do not edit the job with the information specific to your environment. All files without an asterisk (*) can be used to perform the identified functions without modification. However, if the job conditions are not met or are not consistent with the computer type, you may get an error. Example: if the Repair Office XP job runs on a computer without MSOffice XP, you get an error when running the job.

Altiris Deployment Solution 6.8 SP2

195

Note When upgrading versions of Deployment Solution, we recommend that you copy and rename modified sample jobs to avoid overwriting by new sample jobs.

Initial Deployment
Initial Deployment is a default job designed to help in the process of setting up computers that do not exist in the Deployment Database. Initial Deployment lets you define how computers are initially set up after being identified by the Deployment Server. You can define various computer configuration sets and deployment jobs for the user during startup, letting the user select the computer settings and hard disk images, software, and personality settings for their specific needs and environment. New computers appear in the New Computers group in the Computers pane of the Deployment Console.

To access Initial Deployment, double-click Initial Deployment from the Jobs pane or right-click Initial Deployment and click Properties. The Properties of Initial Deployment dialog appears.

Notes Initial Deployment is ideal for small-scale deployments, from 1 to 10 computers. We do not recommend this feature for large deployments -- from 10 to 100 computers - or mass deployments -- from 100 to 5000 computers. We also do not recommend this feature where you use virtual computers, customized jobs, and the computer import feature. Although Initial Deployment is commonly used on computers that support PXE, you can also configure a boot disk to run Initial Deployment. In this case, the image you deploy must include automation pre-boot environment so that post imaging tasks can run successfully. Installing an Automation Partition on the client computers hard disk ensures that future imaging deployment jobs run successfully. Note To completely deploy and configure a computer using Initial Deployment, you must define at least one Configuration and one Job. Initial Deployment consists of a dialog with three tabs with separate features to deploy new computers: Configurations Jobs Advanced

Configurations
Click the Configurations tab on the Initial Deployment dialog to configure different sets of computer properties. Each configuration set is presented to the user as a menu. The

Altiris Deployment Solution 6.8 SP2

196

user can select the configuration set designed for their environment. Compare the Configuration tab with the Jobs tab. Note If you do not create any configuration sets, the deployment process automatically sets TCP/IP information to use DHCP and names the computer to match the computers asset tag, serial number or MAC address -- in that order, depending on what is available. 1. 2. 3. 4. Double-click Initial Deployment in the Jobs pane drop-down list. The Properties of Initial Deployment dialog appears. Click the Configurations tab. Click Add. Enter values to set computer and network properties for new computers. See Modifying Configuration (page 182) for a list of property categories. Click Add again to configure another set of property settings. You can add multiple configuration sets for the user to select from a menu after connecting to Deployment Server. After setting the properties, click Apply. Click the Default Menu choice drop-down list and choose a configuration set as the default configuration. Click the Timeout after ___ seconds and proceed check box to specify that the default job runs automatically after a specified time. Click OK, or click the Jobs tab to define a task.

5. 6. 7. 8.

Advanced Configuration
Click Advanced on the Configurations tab to open the Advanced Configuration dialog. This dialog lets you set advanced configuration settings for client computers and provides different options for processing jobs for client computers. Select Process this job as each client becomes active. This job is processed only when clients become active. Select Process this job in batch mode. This job is processed for a batch of clients after specifying Minimum clients and the Timeout in minutes. Select Hold all clients until this time. You can specify the Start time for this job, which runs for all clients at the specified time. Click OK.

Jobs
Click the Jobs tab on the Initial Deployment dialog to add existing jobs or create new jobs to run on the new computer. The jobs you add or build using this dialog are listed in a menu and presented to the user during startup. The user can select the deployment jobs to image the computer and install applications and personality settings. Compare the Jobs tab with the Configurations tab. The conditions on jobs are limited to the data that can be accessed at the DOS level (Example: serial number, manufacturing number, NIC information, manufacturing name). 1. Double-click Initial Deployment in the Jobs pane drop-down list. The Initial Deployment dialog appears.

Altiris Deployment Solution 6.8 SP2

197

2. 3. 4. 5. 6.

Click the Jobs tab. Click New to build a new job. See Building New Jobs (page 152). Click Add Existing to add an existing job. Click the Default menu choice drop-down list to select the job as a default. Select Timeout after ___ seconds and proceed and type the number of seconds to wait before the computer automatically starts the default job. The default setting is 60 seconds. Click OK, or click the Advanced tab to stop servers or workstations from running configuration task sets and jobs automatically.

7.

See also Sample Jobs in Deployment Solution (page 195).

Advanced
Click the Advanced tab to set options to stop Initial Deployment from running the default configuration task sets and jobs automatically. This avoids accidental re-imaging or overwriting of data and applications for either workstations, such as desktop, laptop, handheld computers, or servers, such as Web and network servers identified by Deployment Server. When a computer not yet identified by the Deployment Database is first detected, it is placed in the New Computers group and run an Initial Deployment configuration set and job. However, in many cases you do not want Web or network servers to be automatically re-imaged without confirmation from IT personnel. Select Servers. Stops servers from automatically running Initial Deployment configuration jobs. Servers are identified as the managed computers running multiple processors or identified as a specific server model from specific manufacturers. Example: both an HP Proliant and a Dell computer with multiple processors are identified as servers. Identifying a computer as a server by the operating system cannot be accomplished for new computers until the server operating system has been installed. Select Workstations/Clients to force desktop, laptop, and handheld computers to stop before automatically running Initial Deployment.

Altiris Deployment Solution 6.8 SP2

198

Part IV

Best Practices
This section provides details on many of the management tasks available in Altiris Deployment Solution software.

Altiris Deployment Solution 6.8 SP2

199

Chapter 12

Securing Deployment Solution


To effectively manage computers, Altiris Deployment Solution software requires access beyond the files and database owned by the application. Example: Deployment Solution requires rights to install software on managed computers and rights to join computers to a domain during configuration. The broad range of tasks performed by Deployment Solution enables simplified management but also introduces a greater need for strong security policies. This guide walks you through the phases of security planning, including setting access rights, database security, and securing communications. This guide is divided into the following parts: Deployment Server Accounts Administrator Accounts and Role and Scopebased security Database Security Securing Communication Appendix A: Agent Installation Rights Appendix B: Managing Task Passwords Appendix C: Managing Key-based Authentication Contains instructions to set up the accounts you use to run Deployment Server services, join domains, and connect to the Deployment Share in automation. These security policies control administrator access to computers, jobs, and settings within the Deployment Console. Provides the information you need to secure and control database access. Explains how to secure communication between your Deployment Server and Agent. Explains the privileges needed to rollout the Deployment Agent. Explains how to manage the passwords associated with specific tasks. Contains information on backing up authentication keys and enabling server redirection when using key-based authentication.

Part 1: Deployment Server Accounts


To run the Deployment services, perform domain tasks, and provide automation access to the Deployment Share, we recommend creating separate accounts with minimal privileges to perform each of these tasks. This minimizes security risks while still allowing Deployment Solution to manage computers. We recommend creating the following accounts:

Account
Service

Description
The main account used to run the Deployment services, manage the database, and mange the Deployment Share.

Altiris Deployment Solution 6.8 SP2

200

Account
Domain Join Deployment Share Read/Write

Description
Used to join computers to a domain during configuration. Provides access to the Deployment Share in the automation environment.

These accounts should not be part of any group, and should not posses interactive login privileges. The following sections outline each Deployment Server account: Service Account (page 201) Domain Join Accounts (page 202) Deployment Share Read/Write Account (page 202)

Service Account
This account executes the Deployment Server software and manages the Deployment Database. This is the account provided when you install Deployment Solution:

If your Deployment Database, Server, and Share are on the same computer, create a local account or optionally use the local system account. If your Deployment Database or Share is on a different computer than your Deployment Server, create a domain-level account, or create local accounts with the same credentials on each computer hosting a Deployment Solution component. This account requires the following rights:

Rights
Services

Description
This account executes the following services: Altiris Deployment Server Console Manager Altiris Deployment Server Data Manager Altiris Deployment Server DB Management Altiris eXpress Server Altiris PXE Manager If this account is provided during installation, these services are already configured with the proper credentials. If not, this can be changed using the Services applet.

Altiris Deployment Solution 6.8 SP2

201

Rights
File System

Description
This account requires full control of your Deployment Share, and does not require administrative privileges on the computer hosting your Deployment Share. This account requires the db_owner role on your Deployment Database. See Part 3: Database Security (page 205) for more information.

Database

Domain Join Accounts


These accounts provide the privileges required to join computers to a domain during configuration. You need a separate account for each domain in which you manage computers. Grant the rights recommended in the following table:

Rights
Domain

Description
Grant privileges to add computer to domain.

After these accounts are created in Active Directory, complete the following procedure to add them using the Deployment Console.

To add domain join accounts


1. 2. In the Deployment Console, click Tools > Options > Domain Accounts. Provide the accounts you created:

Deployment Share Read/Write Account


This account provides read/write access to the Deployment Share. This account is used to access files in the automation environment, and optionally in some tasks if it is more

Altiris Deployment Solution 6.8 SP2

202

efficient to access the Deployment Share directly rather than accessing it through the Deployment Server. Grant the rights recommended in the following table:

Rights
File System

Description
Grant read/write privileges to your Deployment Share.

This account is provided when creating boot configuration using Boot Disk Creator:

Part 2: Deployment Administrator Accounts


Deployment administrators are the people who perform day-to-day work in Deployment Solution. These accounts are tied to people, have interactive login, and usually have additional rights across your network. You should select a group of administrators to grant full administrator rights and determine how to grant rights and privileges to other administrators as necessary. We recommend creating groups in Active Directory to manage these rights, adding and removing accounts from these groups as necessary. Note Each Deployment administrator needs to be granted public access to your Deployment Database. See Rights Required for Deployment Administrators (page 207).

Role and Scope Based Security


Role and Scope-based security controls who has access to what in the Deployment Console.

Altiris Deployment Solution 6.8 SP2

203

One major advantage of the Deployment Solution security model is that administrators do not need to be granted explicit rights on any managed computers. All access is filtered through the integrated role-and-scope based security in the Deployment Console. Example: if you grant an administrator rights to install software on a managed computer in the Deployment Console, it does not allow him to log in to that computer and install software. All actions must go through the Deployment Console. Implementing a strong policy to manage the access granted to your Deployment administrators protects managed computers from unauthorized access.

Deployment Console Security


By default, the Deployment Console can be used on your Deployment Server by any user who possesses rights to log in and run applications. This works well in situations where you already have policies in place to control server access, and you have a group of administrators who will have full access to deployment functionality. If you want to provide more granular access to configuration options, jobs, and computers, you can enable security.

To enable security
You must add at least one user or group to enable security. 1. 2. In the Deployment Console, click Tools > Security. Add a new user or group. We recommend clicking AD Import and importing Active Directory groups, as this simplifies rights management. The first user or group added is granted administrator rights. Each additional user or group after the first are granted no rights and must be assigned rights explicitly. Security is automatically enabled after a user or group is added.

3.

Additional users or groups can be added using this same method.

Manage By Exception
The Deployment Solution role and scope-based security model uses the concept of managing by exception. To manage permissions, you make an assignment at a container level that applies to most of the members of the container and you manually add exceptions where needed. We recommend planning administrator, computer, and job groups so that all permission assignments can be made at the group level.

Rights and Permissions


The Deployment Console separates privileges into two categories: Rights Provide access to console settings, database connections, domain accounts, and other options. Typically, you restrict most rights to one or more main administrators. Controls access to jobs and managed computers. These permissions are usually distributed across all administrators who perform work in Deployment Solution.

Permissions

Altiris Deployment Solution 6.8 SP2

204

Grant Rights to Administrators


1. 2. 3. In the Deployment Console, click Tools > Security. Select a user or Group and click Rights. Enable the rights you want granted.

Grant Permissions to Administrators


1. 2. Right click a Computer, Computer Group, or Job and select Permissions. Select a user or group and enable or disable the permissions you want granted.

Permission Rules
Permissions received through different sources may conflict with each other. The following permission rules determine which permissions are enforced: Permissions cannot be used to deny the user with administrator console rights access to use any console objects or features. User permissions take precedence over Group permissions. Deny overrides Allow. When a user is associated with multiple groups, one group could be allowed a permission at a particular level while the other group is denied the same permission. In this scenario, the permission to deny the privilege is enforced. Permissions do not flow down an object tree. Instead, the object in question looks in the current location and up the tree for the first permission it can find and uses the same. If a console user does not have permissions to run all tasks the job contains, the user is not allowed to run the job.

Part 3: Database Security


Securing your Deployment Database is tied directly to securing the account you use to connect to the database. Deployment Server requires only one account to have non-public access to the database (the Service Account (page 201)). This account should be secured by a central Deployment or domain administrator. If you follow this process outlined in this document to create accounts and separate privileges, you can greatly reduce the risk of your database being compromised.

Example
Your domain or central Deployment administrator creates a new domain-level account with no interactive login, file system ownership of a single folder (Deployment Share), and ownership of the Deployment Database. The password is provided to run the Deployment Solution services and is stored securely. No additional Deployment administrators need this password, and an intruder would need to compromise a higher level administrator account in order to access these credentials.

Altiris Deployment Solution 6.8 SP2

205

Required Database Rights


This section contains a list of the database rights that need to be granted to use Deployment Solution, and covers: Rights Required to Install (page 206) Rights Required for the Services Account (page 207) Rights Required for Deployment Administrators (page 207)

Rights Required to Install


To create the Deployment Database during the Deployment Solution installation, you need to grant the System Administrators database role to the administrator installing Deployment Solution. These rights can be revoked after the installation completes. 1. 2. Open Enterprise Manager and connect to your SQL Server. Browse to Security > Logins:

3. 4.

Select the Administrator account you are using to install Deployment Solution. If it does not exist, add it. Click the Server Roles tab, and enable System Administrators:

5.

Click OK and verify that the role was added.

Altiris Deployment Solution 6.8 SP2

206

Rights Required for the Services Account


The account used to run your Deployment Services needs to have database owner rights: 1. 2. Open Enterprise Manager and connect to your SQL Server. Browse to Security > Logins:

3. 4.

Double-click the account you are using to run the Deployment services. If the login is not listed, add it. Click the Database Access tab, select the eXpress database, and enable the db_owner role:

5.

Click OK and verify that the change was successful.

Rights Required for Deployment Administrators


Each Administrator with console access must be granted public rights to your Deployment Database. The best way to do this is by assigning public access to the Active Directory groups containing your Deployment administrators.

Altiris Deployment Solution 6.8 SP2

207

This prevents you from manually granting this access to individual administrators as they are added or removed from Deployment management responsibilities. 1. 2. 3. 4. Open Enterprise Manager and connect to your SQL Server. Browse to Security > Logins. Add each user or group that will manage computers using Deployment Solution. For each user or group, on the Database Access tab, grant the public role for the eXpress database:

Part 4: Securing Communication


This section contains guidelines to secure Deployment Solution communication between the Deployment Server and Deployment Agent, and discusses the following: Deployment Agent Authentication (page 208) Additional Agent Security (page 210) Keyboard Locks in Automation (page 210)

Deployment Agent Authentication


We recommend providing a Deployment Server hostname rather than using multicast, and implementing key-based authentication if additional security is needed. Key-based authentication prevents agents from connection to un-trusted Deployment Servers if hostname resolution is somehow compromised.

Key Authentication
Key authentication is enabled on the Server Connection agent configuration page. After you enable this option, you are prompted to provide the server.key file containing the server public key for your trusted Deployment Server. This key is located on your Deployment Share. After enabling this option the Agent connects only to the trusted Deployment Server.

Altiris Deployment Solution 6.8 SP2

208

To enable server connection security


1. 2. 3. In the Deployment Console, right-click a computer or group and select Change Agent Settings > Production Agent. Select Connect directly to this Deployment Server and provide the hostname. Select to Enable key based authentication to Deployment Server and provide the path to your server.key file on your Deployment Share:

Altiris Deployment Solution 6.8 SP2

209

Additional Agent Security


The Security tab on the Agent Settings screen provides additional security options, including the ability to encrypt communication and password protecting admin settings on the managed computer:

Keyboard Locks in Automation


Lock the keyboard whenever possible in automation. This prevents the session from being broken manually on the managed computer. If you set up your account according to the instructions in this document, this risk is greatly reduced as the account you are using has only read/write access to the Deployment Share. However, if you are using an account with broad network privileges this could potentially introduce a large security risk.

Altiris Deployment Solution 6.8 SP2

210

To lock the keyboard, enable the lock option when creating boot configurations in Boot Disk Creator:

Appendix A: Remote Agent Installer Rights


To initially install the agent on managed computers using the Remote Agent Installer, you need an account with Local User rights. You only need access to this account when performing the one-time agent installation, so either use your domain administrator, a domain account with local user rights, or any other account with local rights. After the agent is deployed, you no longer need access to this account. To determine whether you have sufficient rights, browse to:

\\hostname\admin$
Replacing hostname with the name of the computer where you want to install the Deployment Agent. If you can access this share you have sufficient rights.

Appendix B: Managing Task Passwords


When a task executes, it remembers information about the administrator who executed it as part of the history. Next time the job executes, these credentials are used. If the password for the account used to execute the job changes, you need to update the jobs for a specific account: 1. 2. 3. In the Deployment Console, click Tools > Options. Select the Task Password Tab. Provide the username and old and new passwords for the administrator who executed the task.

Altiris Deployment Solution 6.8 SP2

211

4.

Click Update.

Appendix C: Managing Key-Based Agent Authentication


Key authentication is configured and ready to be enabled after installation. This appendix contains information on backing up your authentication keys and enabling redirection to another Deployment Server.

Backing up the Server Private Key


During installation, a private key is generated on the Deployment Server and stored in the registry at the following location:

HKLM\Software\Altiris\Altiris eXpress\Options\Security\ServerSecurity
This security key should be backed up to a secure location in case this Deployment Server needs to be re-installed. If you re-install without this key, each agent using key authentication needs to be updated to use the newly generated server.key file. The public key is located on your Deployment Share and should be backed up as well.

Enabling Key-based Authentication with Redirection


If your Deployment Server is set up to redirect Agents to another Deployment Server, you need to import the server.key from each additional Deployment Server to the server which clients initially connect. 1. 2. In the Deployment Configuration tool, select Options > Authentication. Copy the public key file from each additional Deployment Server and use the Add Key to add each server to the list.

Altiris Deployment Solution 6.8 SP2

212

Chapter 13

Migrating Application Data and User Settings


To perform migration, Deployment Solution uses an integrated technology called Altiris PC Transplant. A complete guide to PC transplant can be viewed by launching the PC Transplant Editor (Deployment Console > Tools > PC Transplant Editor).

Altiris Deployment Solution 6.8 SP2

213

Chapter 14

Capturing and Deploying Disk Images


What is a Disk Image?
A disk image is a file containing the complete contents and structure of a hard drive, or one or more of the partitions on the hard drive. This file can be used to restore the structure and contents of the imaged hard drive.

Imaging in Deployment Solution


Deployment Solution provides several tools to simplify the imaging process, including tools to perform hardware independent imaging using sysprep. Tokens Database tokens are used throughout the imaging process. When you schedule an imaging job using the sample imaging job (Jobs > Samples > Imaging > Create Disk Image), the image is stored as %COMPNAME%.img, and the image description contains the name of the operating system. File Systems RapiDeploy, the imaging engine used by Deployment Solution, understands the Windows file system and captures just the data. So, an image of an 80 GB hard drive only requires as much space as the data on the disk.

How Imaging Works


1. Computer boots to automation. 2. The rapideploy executable creates the disk image and transfers it to a remote location or reads the disk image and restores the target partition or hard drive.

File Systems
Hard disks are imaged differently depending on the file system that is used. The source disk or partition is not changed. FAT, NTFS, EXT2, and EXT3. Imaging is file-based. RapiDeploy copies real data file by file, resulting in a clean, defragmented image that can be resized and restored to a disk of a different size. Other File Formats. For other file systems, the disk is read sector by sector regardless of which sectors are in use. The image mirrors the contents of the disk. These formats are not resizable.

Altiris Deployment Solution 6.8 SP2

214

Partitions
When you create an image, you can image a partition, a group of partitions, or an entire hard disk. Any partition on a hard disk can be imaged. When a computer receives an image, you can select which partitions to download. The default setting is to restore all partitions, which would overwrite any existing partitions. To keep an existing partition, you can specify which partitions to download and which to ignore. You can also use command-line switches to keep existing partitions. Partition slots on the target computer will be, by default, the same as the image source PC. A partition occupying slot 3 in the image file will be by default in slot 3 on the target computer. By default, the following partition types will not be overwritten: Automation partitions OEM system partitions The default behavior can be overridden.

Partition Size
When you are restoring an image to a computer, the destination hard disk may be a different size than the disk imaged. If there are multiple partitions, the partition size percentage of the Client PCs will, by default, be the same as the image source. Example: If you image a 100 GB hard disk where 40% (40 GB) of the disk is a Windows XP partition and 60% (60 GB) is a data partition, a Client PC with a 200 Gigabyte disk will use the same percentages. The size of the Windows XP partition will be 80 GB and the data partition will be 120 GB. RapiDeploy also offers a partition resize feature that allows you to manually resize the partitions to a size you specify.

Spanning Media
The maximum size for a single image file is 2 GB. Images which exceed this amount are automatically split into multiple files. Example: If you named your image file basepc.img, and the image is split into four files, the following files are created: basepc.img basepc.002 basepc.003 basepc.004 You can set the split image file size to be between 1-2040 MB.

Altiris Deployment Solution 6.8 SP2

215

Multicasting
How Multicasting Works
The Master PC manages the multicast session. The multicast transmission is synchronized by the Master PC, so it will only go as fast as the slowest computer in the group. If a single computer fails, it will drop out of the session and the session will continue. The Master PC can multicast images to Client PCs in the following three ways: While the Master PC downloads an image from a file server and manages the simultaneous imaging of the Client PCs While the Master PC creates an image on a file server and manages the simultaneous imaging of the Client PCs While using its own hard disk as the source and sending the contents to Client PCs

HTTP Imaging
When capturing or deploying an image, you have the option of providing a URL as the path to an image file. This is non-typical interaction, and requires some configuration on your Web server. Your Web server needs the following: Unlimited keep alives enabled. Upload access if you want to upload images In Apache 2, enable unlimited MaxKeepAliveRequests in your httpd.conf file. You also need to obtain and install mod_put module to enable image uploading. In IIS, consult your documentation for information on enabling keep alives and uploads. Basic authentication is supported, Windows digest authentication is not supported. You might also need to specify a file type of application/octet-stream for your images to prevent errors.

Capturing Images
See Creating a Disk Image on page 158.

Deploying Images
Distributing a Disk Image on page 163.

Post-Imaging Configuration
Because images contain a generic operating system, you will probably want to set up unique configurations such as operating system license, networking, TCP/IP, and user account settings on each computer that receives an image. This section briefly describes the options that are available in the Post-Imaging Configuration wizard page.

Altiris Deployment Solution 6.8 SP2

216

Important To use this feature, you must ensure that the Deployment Agent is installed on the computer you will create the image from. After a computer has received an image, the Deployment Agent applies the configurations you set, and reboots the computer so the changes take effect.

Managing Images
You can view and make changes to RapiDeploy image files (*.img) using the Altiris ImageExplorer. For more information, see Altiris ImageExplorer on page 313.

Altiris Deployment Solution 6.8 SP2

217

Chapter 15

ImageX Imaging
Deployment Solution provides native support for imaging computers using ImageX. Windows Vista and Windows XP are currently supported.

Obtaining and Installing ImageX


Before using ImageX, you must download and install the Microsoft Windows Automated Installation (WAIK) toolkit. This is available as part of the Business Desktop Deployment (BDD) Workbench. After installation, copy the following directory:

C:\Program Files\Windows AIK\Tools


to the WAIK directory on your Deployment Share. After copying, the WAIK directory will contain a Tools subdirectory. WinPE must be used in automation for for all ImageX jobs.

Capturing and Distributing ImageX Images


As ImageX is a 3rd party tool, limited support is provided in the imaging wizard. To access the full functionality of ImageX, customize the ImageX Imaging sample jobs for your environment. When using the Create Disk Image task, the following restrictions apply: Only the C drive is imaged. The default capture mode is fast. When using the Distribute Disk Image task, the following restrictions apply: The target disk is formatted before the image is deployed. If there is a problem with the deployed image, the computer might be left in an unusable state. See the release notes for additional information.

Altiris Deployment Solution 6.8 SP2

218

Mac Imaging
Deployment Solution supports native imaging of Mac PowerPC and Intel-based computers. Using an OS X Server to provide the boot image, Deployment Solution can capture and deploy images to most Mac computers.

Requirements:
A Mac computer running OS 10.4 to provide the source for the automation image. Instructions for creating this image are contained in Creating an Automation Image (page 219). A separate image is required for PowerPC and Intel-based computers. OS X Server. Instructions for enabling NetBoot to provide the boot image are contained in Configuring NetBoot (page 221). One or more AppleTalk Filing Protocol (AFP) shares to host disk images. Mac PowerPCs. Intel-based Macintosh computers are not currently supported. Use of OS X is subject to the Apple license agreements, see your operating system documentation for information.

Process Overview
The following provides a basic overview of the Mac imaging configuration process: 1. Create an automation image. This image is a standard OS X operating system with the Deployment Agent installed and configured for automation. 2. Enable NetBoot. This is an OS X Server feature that enables network booting similar to PXE Server. 3. Add your automation image as the default NetBoot image. When an imaging job is assigned to a Mac computer, the Mac agent in the production operating system shuts the computer down and instructs it to restart and contact your NetBoot server. When the NetBoot server is contacted, the automation image is loaded, and then the Deployment Agent inside this image starts and contacts your Deployment Server. The computer then receives any automation jobs assigned.

Creating an Automation Image


The automation operating system is a basic OS X image with the Deployment Agent installed. To create an automation image, complete the following procedures: Step 1: Configure a Source Computer (page 219) Step 4: Image the Source Computer (page 221)

Step 1: Configure a Source Computer


In this step, a basic OS X system is prepared to provide the source for your automation boot image.

Altiris Deployment Solution 6.8 SP2

219

1. 2. 3.

Configure a computer with OS 10.3.x. Optionally, you can create an additional volume on an existing computer to store this operating system. Start the operating system you installed in the previous step, and then log in using the Administrator account you created during installation. Change any settings that might require user interaction. For example: Enable automatic login (System Preferences > Accounts). Disable the Sleep option (System Preferences > Energy Saver). Disable software updates (System Preferences > Software Update).

4. 5.

In network options select Using DHCP. Verify Apple Remote Desktop 2.2 is installed by browsing to /System/Library/ CoreServices/RemoteManagement. If this folder is not present, download and install from apple.com/support/downloads/appleremotedesktop22client.html. Install the Altiris Agent. For instructions see Installing The Mac Deployment Agent (page 260). After the installation completes, open /etc/altiris/deployment/agentinstall.conf in a text editor. Change the following:

6. 7.

export OS_TOOLBOX=darwin
To:

export OS_TOOLBOX=automation
8. Re-install the Deployment Agent.

Continue to Step 2: Provide Root Password for Automation (page 220).

Step 2: Provide Root Password for Automation


1. From the source computer you are configuring, connect to the Deployment Share using Finder > Go > Network > domain > Express, replacing domain with the domain containing your Deployment Server. Browse to the techsup/macintosh folder. Extract and run the program contained in AutomationImageEssentials, providing the password for the Administrator account you created during installation.

2. 3.

Continue to Step 3: Provide Credentials to Access Images (page 220).

Step 3: Provide Credentials to Access Images


Images are retrieved and stored on AFP Servers. (see Configuring AppleTalk Filing Protocol Shares to Host Disk Images (page 222).) Complete the following procedure to store the credentials required to access these servers. Credentials can also be provided directly in imaging tasks. 1. From the source computer you are configuring, connect to the Deployment Share using Finder > Go > Network > domain > Express, replacing domain with the domain containing your Deployment Server. Browse to the techsup/macintosh folder.

2.

Altiris Deployment Solution 6.8 SP2

220

3.

Extract and run the program contained in AddCredentialstoKeyChain, providing the username, password, and hostname for each AFP share hosting images.

This computer is ready to be imaged. In Step 4: Image the Source Computer (page 221), we use the imaging utility, hdiutil, to capture and store an image of this computer.

Step 4: Image the Source Computer


1. Connect to your NetBoot Server and mount a NetBoot share, typically NetBootSP0. (If using a different share, replace NetBootSP0 with the share you are using in these instructions). Connect (command + K) using a command similar to the following:

afp:\\server_ip\NetBootSP0
Replacing server_ip with the IP address of your server. 2. From the terminal on the source computer, run the following command to capture and store the disk image:

hdiutil create -srcfolder / /Volumes/NetBootSP0/SystemRO.dmg


3. Convert the existing read-only image to read-write using the following command:

hdiutil convert /Volumes/NetBootSP0/SystemRO.dmg -format UDRW o /Volumes/NetBootSP0/System.dmg


When this operation completes, you can delete SystemRO.dmg 4. Add an additional 1 GB padding to the image using the following command:

hdiutil resize -size newsize /Volumes/NetBootSP0/System.dmg


Replacing newsize with the current size of your image plus 1 GB. You are now ready to configure NetBoot.

Configuring NetBoot
NetBoot provides Mac computers with the automation operating system. To configure NetBoot complete the following procedures: Step 1: Configure the NetBoot Image (page 221) Step 2: Start the NetBoot Service (page 222)

Step 1: Configure the NetBoot Image


1. 2. 3. 4. 5. On your NetBoot server, double-click /Volumes/NetBootSP0/System.dmg to mount the captured image as a volume. Run the System Image utility (Applications > Server > Network (OS 10.3) or System (OS 10.4) Image Utility). In the upper pane, select New Boot. Provide Automation as the image name. Provide an image ID. Example: 1300

Altiris Deployment Solution 6.8 SP2

221

6. 7. 8. 9.

Leave the default NFS option selected. On the Contents tab, select disk image, then browse to the image file volume you mounted in step 1. Click Create. Provide Automation as the folder name and save it to the /Library/netboot/ NeBootSP0 folder. If that location is unavailable, save the folder to a different location and then copy it to the correct location after the operation completes.

Your NetBoot server should now have a folder at /Library/netboot/NetBootSP0/

Automation.nbi containing the following:


System.dmg booter mach.macosx (10.3 only) mach.macosx.mkext NBImageInfo.plist You are now ready to start the NetBoot service.

Step 2: Start the NetBoot Service


1. 2. 3. 4. On your OS X Server, open the Server Admin utility. Expand the services on the localhost. Start the AFP service (if not already started). Start the DHCP service. It is not necessary to click enable. Running the service but not enabling any adapters prevents your NetBoot server from responding to DHCP requests on your network, but allows your NetBoot server to provide IP address when booting clients. 5. 6. 7. Select the NetBoot service. On the General tab, select the volume containing your images. On the Images tab, select the Automation image and: Enable the image. Enable the diskless option. Select it as default. NetBoot is now configured. Continue to the next section to configure network shares to host disk images.

Configuring AppleTalk Filing Protocol Shares to Host Disk Images


Images captured and deployed to Mac computers must be stored on an AppleTalk Filing Protocol (AFP) share. Follow the instructions provided with your OS X Server to create AFP shares to host images.

Altiris Deployment Solution 6.8 SP2

222

Chapter 16

Symantec Ghost Imaging


Important Deployment Solution does not include the Ghost executable or a license to use Symantec Ghost. You must provide a copy of the ghost.exe and/or ghost32.exe imaging executable to enable this support. Customers currently using Ghost imaging solutions have the option of copying the Ghost executable to the Deployment Server to enable Ghost imaging from the Create Disk Image and Distribute Disk Image tasks.

To add support for Symantec Ghost


1. On the Deployment Share, create a folder called ghost. Copy ghost.exe (for DOS support) and/or ghost32.exe (for WinPE support) to this folder.

Symantec Ghost is now available for selection in the Create Disk Image and Distribute Disk Image tasks. A configuration file called ImageTools.ini, located in the root of your Deployment Share, contains settings you can change to customize the behavior of Ghost. For example, the default command-line in DOS is:

CreateImageCommandLine=clone,MODE=create,SRC=1,DST=%IMAGE_FILENAME% -sure
This setting and others can be customized by modifying ImageTools.ini.

Altiris Deployment Solution 6.8 SP2

223

Chapter 17

Software Packaging
Deployment Solution includes the robust Wise Packager for Altiris Deployment Solution. This article presents an overview of the Wise Packager, including a walk-through of the software capture and distribution process. Information for users migrating from RapidInstall to the Wise tools is provided as well.

Why Use Software Packaging?


Installing and managing software is a major part of successful computer management. Often, a software package you require does not provide options for remote or automated installation, and might require additional configuration after installation. These situations can require you to manually install and configure software, or include a large number of programs in your standard images which can require frequent updates. The Wise Packager repackages and customizes your existing installations to create consistent, flexible software installation packages. These packages use the Windows Installer format (MSI), which provides many benefits over traditional installations. This format is explained in Appendix B: Windows Installer Format Explained (page 226). Other reasons you might want to repackage include: Supporting corporate standards by customizing the way applications are installed. Creating silent installations or limit the options available to end users. Creating transforms for the repackaged installations. Changing the source paths in the installation to UNC paths. Building complex launch conditions using Windows Installer runtime properties that test aspects of the destination computer. These software packages can be as simple as a single file copy or a registry change, all the way up to a pre-configured, silent installation of a complete application.

Overview of the Software Packaging Process


The software packaging process uses the tools that compromise the Wise Packager: Wise SetupCapture, and Wise MSI Editor. Wise SetupCapture records changes made to a computer by an installation program, bundles these changes into a Windows Installer package (.MSI). Wise MSI Editor lets you customize and create MSI installation programs. To repackage software, you use Wise SetupCapture to create a snapshot of the files and settings on a computer execute an existing installation. SetupCapture records the changes made by the installation and compares these changes to the initial snapshot. Any changes detected are added to an installation package. You can use Wise MSI Editor to customize the installation.

Altiris Deployment Solution 6.8 SP2

224

The following sections provide additional details on this process:

Step
Setting up a Reference Computer (page 225) Capturing a Software Package (page 225) Customizing a Software Package (page 226) Distributing a Software Package (page 226)

Description
This computer hosts the capture process. Using Wise Setup Capture to capture changes to the reference computer. Adding and removing files, registry settings, and other installation options. Getting your package to the right managed computers.

Setting up a Reference Computer


To host the capture process, we recommend setting up a computer with just the basic operating system and no additional software. This helps prevent situations where the necessary changes are not captured due to pre-existing software or other conflicts. The capture process is not resource intensive, so any recent desktop computer should work fine as the reference computer.

Accessing Wise SetupCapture


After the operating system is installed, you need to provide the reference computer access to Wise Setup Capture. This tool does not need to be installed; in fact, it can be executed directly from the Deployment Share. The easiest way is to first install AClient and use the Create Wise Packager Shortcuts sample job to add shortcuts to execute the software from the Deployment Share. (Shortcuts are placed at Start > All Programs > Altiris > Deployment Solution.) You could also copy the Wise Packager folder from your Deployment Share to the reference computer, or create the shortcut manually (use the sample job as a starting point). After you have a way to execute Wise Setup Capture on the reference computer, continue to the next section, Capturing a Software Package (page 225).

Capturing a Software Package


What Can I Capture?
Depending on the complexity of the installation, certain programs are better candidates for repackaging than others. Installations that perform simple file copies and registry changes, such as WinZip, Adobe Reader, and others, are simple to repackage. As the complexity of the installation increases, additional customization is often required. Client/server applications, and applications that make API calls (such as antivirus software) can be very difficult to repackage. Fortunately, many of these applications already provide their own tools for automated and remote installations. Installations already using the MSI format should not be repackaged because remote installation and other advanced features are already supported. Making modifications to

Altiris Deployment Solution 6.8 SP2

225

vendor-supplied MSIs is not recommended since it could introduce incompatibilities with future updates. Hardware drivers, operating systems and updates should not be captured, due to their complexity and Windows File Protection.

The Capture Process


Before you begin, review the guidelines in Appendix C: SetupCapture Guidelines (page 229). Copy the installation programs you want to repackage to the reference computer or to an accessible share and launch Wise SetupCapture. (If you added shortcuts, Start > All Programs > Altiris > Deployment Solution > Wise SetupCapture. Ensure you run it on the reference computer, not the server.) After providing a name, select options for this capture. The default options should work fine, though if you want to capture file and registry deletions you need to select these options. Complete details on these options are in the Wise Packager\Help\WisePackager.chm help file on your Deployment Share. The remaining on-screen prompts guide you through performing an initial scan, capturing changes, and completing the process. After this process completes, review the captured changes and add stand-alone files and registry settings in the next section, Customizing a Software Package (page 226).

Customizing a Software Package


Open the Wise MSI Editor and open the MSI you captured. (If you added shortcuts, Start > All Programs > Altiris > Deployment Solution > Wise MSI Editor.) Complete details on using Wise MSI Editor are in the Wise Packager\Help\WisePackager.chm help file on your Deployment Share. At a minimum, you should review and update the properties on the Installation Expert pages.

Distributing a Software Package


After you have created a software package, use the powerful automation tools provided by Deployment Solution or Software Delivery Solution to distribute this package to managed computers.

Appendix A: Migrating From RapidInstall


We recommend migrating from RapidInstall to the Wise Packager to leverage the benefits of the MSI format, including self-healing, automatic uninstall and rollback. To convert existing RIP packages to MSI format, use the RiptoMSI.exe migration utility. This utility is in the RInstall folder on your Deployment Share.

Appendix B: Windows Installer Format Explained


To create a streamlined process for installing and managing applications, Microsoft developed the Windows Installer service. It consists of the following:

Altiris Deployment Solution 6.8 SP2

226

A set of guidelines. An Application Programming Interface (API). A runtime service that makes application installation and management part of Windows services. Windows Installer is not a installation authoring tool, but rather an installation engine and rule set. The Windows Installer engine resides on the destination computer as part of the operating system. Instead of an installation executable (such as setup.exe), the Windows Installer executable (msiexec.exe) reads the installation database (.MSI) which contains instructions and installation files. The .MSI uses highly structured, uniform data tables. There is 100% accountability of where each file installs and a thorough log of which files belong to which applications, so individual files are restored to repair damaged applications. Each table contains different installation information such as Class, Components, Features, Files, Execution Sequence, and Registry. Logic built into the Windows Installer engine prompts for a reboot, checks disk space, and follows file-version-replacement rules. When opening an .MSI, msiexec.exe reads the database and builds a transaction list that it follows to complete the installation. If the installation fails, Windows Installer performs a rollback, which returns the computer to its previous state.

Advantages of Windows Installer


Before Windows Installer, every software application had its own setup executable file (usually setup.exe or install.exe). Although many software manufacturers used common installation tools like Wise Installation System, others used highly proprietary installation technologies. This made the users experience inconsistent from one installation to the next, and the operating system had to contend with redundant code in different applications. Applications could not be administered after installation, except to rerun the setup program. Windows Installer implements a single built-in execution engine and replaces the installation executable with a database file (.MSI). The database stores the applications program files and setup instructions and can readily access this information if the application requires maintenance. Using Windows Installer results in a solid, robust installation that reduces the total cost of ownership and enables compliance with the Microsoft rules for software installation. Because Windows Installer is part of the operating system, it provides benefits that are unavailable in traditional installation technology.

Altiris Deployment Solution 6.8 SP2

227

Windows Installer Benefits


Self-healing

Description
With self-healing (also called automatic repair and selfrepair), the application repairs missing components. When an application starts, Windows Installer checks a list of key files and registry entries. If it detects any problems, Windows Installer repairs the application using a cached database that contains key paths to application components. Applications appear in the Add/Remove Programs applet and can be installed to the destination computer by the user. When the installation fails, the installation reverts to the previously installed state. This prevents having an incomplete or broken application. Also called install-on-demand, advertised features do not install but appear installed to the user. When the user selects an advertised feature, the installation occurs. Components group resources together so they move as a unit, which gives you more control during installation. Applies rules to installed application files that look at a files version and its shared .DLLs to prevent conflicts between applications. Decides whether to install a file to a directory by looking at a files date, language, version, and the modified date on a non-versioned file. Tracks which applications have installed every file and registry key on the computer on the component level, so the Windows Installer service always knows exactly what is needed for an application to run, and what is no longer used during uninstall. Transforms customize an .MSI to a particular user groups needs. Runs an installation using administrative rights. This invokes the systems security rights, restricts data and commands, and enforces rules when running the installation. Msiexec.exe and the Windows Installer service approve the elevated privileges request. Assigns advertised or installed applications to a users profile so when the user logs in, these applications appear on the destination computer. Lets you choose from a variety of authoring software and allows you to customize previously created installations. Windows Installer makes installations easier to install, maintain, and support.

Publishing

Rollback

Advertisement

Componentization Standardization

Version Rules

Reference Counting

Customization Elevated Privileges

Assignment

Open Architecture Total Cost of Ownership

Altiris Deployment Solution 6.8 SP2

228

Windows Installer Benefits


Dynamic Source List

Description
Provides sources for the MSI to repair from and enable advertising. Multiple possible locations for the MSI package are listed, ensuring access even between different networks. Sets privileges to control the user and application rights, and provides a more secure environment. Defines a users privileges. Lets you set policies on a per-computer basis, which lets you run an entire installation in elevated privileges and define only those rights users have while an installation runs.

Group Policy and Security User Policy System Policy

Appendix C: SetupCapture Guidelines


Run SetupCapture on a clean reference computer. Do not run SetupCapture from the Deployment Solution Console; run it on a client computer. During a capture, SetupCapture attempts to convert computer- and user-specific data in the registry to generic data that will work on any computer. It does this by searching for standard paths (example: C:\Winnt) and replacing them with Windows Installer properties (example: [WindowsFolder]). Part of this process includes searching for the computer name and currently loggedon user name. To make the search for computer and user names as accurate as possible, ensure the computer name and user name on the capture computer are set to unique names 4 or more characters in length. Avoid having the user name or computer name set to any common file or folder names. An example of a unique user name is: repackage-1-user. Before you run SetupCapture, exit all other applications, including background services or applications. (Example: Norton AntiVirus.) During SetupCapture, changes to an .INI file are recorded as changes to an .INI file only if the .INI file follows standard .INI file format. Otherwise, the changes are recorded as a file change. Do not capture an .MSI-based installation. Instead, open the .MSI directly in Wise MSI Editor. To customize it for specific workgroups, create a transform. SetupCapture does not monitor any internal logic within the installation and it does not replicate the user interface of the original installation. SetupCapture creates a separate feature for each .EXE that's installed that has a shortcut. Isolating .EXE components into features results in more efficient repairs, because if there is a problem with a component, only the problem component and the .EXE are reinstalled instead of the entire feature containing the problem component. To capture an uninstall, you must mark Include files deleted during capture and Include registry keys deleted during capture in SetupCapture Configuration General Settings. In Wise MSI Editor, deleted items are located in the RemoveFile and RemoveRegistry tables in Setup Editor > Tables tab.

Altiris Deployment Solution 6.8 SP2

229

Registry keys that define an environment variable are converted to an environment variable in the repackaged installation.

Altiris Deployment Solution 6.8 SP2

230

Chapter 18

Deploying Scripts
Altiris Deployment Solution provides a number of pre-defined tasks you can combine to create complex management jobs. When you need to perform a management task that isnt covered effectively by the predefined tasks, DS provides an environment to pre-process, deliver, and execute VBScripts, batch files, and shell scrips. These scripts have access to the full processing capability of the operating system command processor, as well as several additional features provided by Deployment Server: Access to your eXpress share and any other network resources available in the production or automation environment. Intelligent access to values stored in your DS database. DS retrieves values based on the computer currently running the script, so a single script can provide unique values for 1000s of computers. Firm, logevent, and other Altiris tools. The following diagram illustrates how scripts are processed by DS. Each step of this process is discussed in greater detail in this section:

When creating a script, you target it for the automation or production environment, and specify the operating system for the script. When a scripting task runs, the server preprocesses the script for database tokens, delivers and executes the script, returns any error messages generated by the script.

Altiris Deployment Solution 6.8 SP2

231

Using the flexibility of tokens and the processing power of the command processor of your OS, you can develop and deploy scripts ranging from a simple file search to a full system customization. This chapter discusses how to effectively create and deploy scripts in your DS environment.

Writing a Script
Scripts can be deployed to the DOS, WinPE, and Linux automation environment, or to the Windows or Linux production environment. Unlike other tasks, the scripts you write vary greatly depending on the target environment and OS. The core of each script you write uses the functionality provided by the command processor of your OS. There are utilities and commands for each environment to perform a broad range of management tasks. One of the biggest advantages to deploying scripts using DS is that a script is processed independently for each computer. Database values specific to each computer can be retrieved using the same token in your script, saving you from polling the computer and executing a database query before you can perform a task. The same %COMPNAME% token can provide a unique value for each computer that runs this script. When a script is processed, DS first parses each script for two things: tokens, and predefined server scripting commands. Tokens are replaced, additional action might be taken based on the commands found before the script is delivered to the target. The predefined server scripting commands are keywords defined for replacing tokens in other files, running vbscripts, performing scripted installs, unloading BootWorks, and a special deployment command for Blade servers. These additional keywords are discussed in the Server Scripting Commands section.

Server Scripting Commands


DS provides several predefined commands you can use when deploying scripts. These commands are processed before a script is deployed to a client. Each of these scripting commands must be marked by the correct comment flag to prevent them from being processed by the OS: The following table contains the comment flags for each scripting environment:

Comment Flags Flag Location Used


Batch files.

REM

REM [servercommand] #
Linux shell scripts.

# [servercommand]
Visual Basic scripts.

[servercommand]

Altiris Deployment Solution 6.8 SP2

232

The following table contains the predefined server scripting commands:

Server Scripting Commands Command Description


Unloads BootWorks to provide additional memory for complex scripts. BootWorks is unloaded automatically when you specify ScriptedInstall.

BootWorks Unload

BootWorks Unload ReplaceTokens


Tokens are replaced automatically in your scripts. This command replaces tokens in additional files, such as those used when configuring a computer. Source represents the source file containing the tokens you want replace, and destination represents the output file after tokens are replaced.

ReplaceTokens [source] [destination] ScriptedInstall Indicates that this script is launching a scripted install. 394k of free
memory is required for the Windows scripted install to run. BootWorks is automatically unloaded for scripted installs.

ScriptedInstall Deployment Start


When using blade servers, this option places a note in the history to mark a starting point. If a redeployment is later executed on this computer, the computer is restored from the deployment start mark in the history.

Deployment Start vbscript


Indicates that this script contains vbscript. If this appears anywhere in your script, the entire script is executed as a vbscript (you cannot execute batch commands and vbs commands in the same script). The comment flag is always used with the vbscript server command when writing Visual Basic scripts to ensure that it is ignored by the VB processor.

vbscript

Retrieving Database Values Using Tokens


Any tokens contained in a script are replaced automatically. A server command is also provided to replace tokens in other files, called ReplaceTokens. Example: to deploy a custom sysprep.inf file to several computers, the ReplaceTokens command could be contained in a script to replace tokens in sysprep.inf, this file could be copied with the correct database values to the production drive of the computer. A script to perform this task might look similar to the following:

REM ReplaceTokens .\temp\sysprep.inf .\temp\%COMPNAME%.txt Firm Copy f:\temp\%COMPNAME%.txt PROD:\sysprep.inf


When replacing tokens, the server creates a temporary file in the \tmp folder, named machinename with the same extension as the original script. This file contains a copy of the script with all token replacements made by the server, and is a valuable tool for troubleshooting.

Altiris Deployment Solution 6.8 SP2

233

After replacing tokens in the script itself, the server processes the next command in this script: ReplaceTokens. Since the token replacement process already replaced the compname token, the ReplaceTokens command works as expected and creates a unique system.inf file for each computer, containing values unique to that computer. The script is delivered to the client, and the Firm utility finds the correct file on the eXpress share to copy to the production drive. A similar process can be used to deploy configuration files to Linux computers, as a large number of Linux configuration files are text-based. If you perform Linux configuration often, you might want to set up an additional database containing common configuration values you can retrieve using tokens.

Running Scripts on the Server


Scripts can optionally execute on the server on behalf of the client. This is very important to understand, because token replacement and other commands are based on the client assigned the job, not the server. Example: consider the script we reviewed in the previous section:

REM ReplaceTokens .\temp\sysprep.inf .\temp\%COMPNAME%.txt


Firm Copy f:\temp\%COMPNAME%.txt PROD:\sysprep.inf If we marked this script to execute on the server, the initial token replacement still contains the name of the computer targeted by the scripting task. However, the command in the second line fails because the server looks for the paths specified by Firm on the server, not the client. This is valuable when you want to retrieve tokens specific to a number of computers, but the script can execute successfully on the server. This can relieve network traffic and prevent interruptions on managed computers. However, when a script runs server-side, the script is executed separately for each computer assigned to the task. A task assigned to 500 computers causes any serverside scripts in the task to execute 500 times on the server. If you have processor intensive commands, you might want to avoid server-side execution to prevent disruptions on your server, or perform the task during off-hours. Also, when running scripts server-side, avoid commands that require interaction. The DS service does not have interaction with the desktop, so there is no way to provide even simple feedback in scripts that run server-side.

Reporting Errors
One of the biggest challenges when running scripts is implementing effective error reporting and feedback. In DS, every task has the ability to handle error codes returned from a job, and take action based on this code. By default, a scripting task returns a 0 for success, and a 1 if the script fails to execute. This might be sufficient for a simple script, but scripts can often execute successfully yet still fail to perform the intended tasks. Additionally, if you create a batch file with three commands, the status reported on completion is the status of the final command in the script. The first two commands might return errors, but if the final command is successful you receive a status of success.

Altiris Deployment Solution 6.8 SP2

234

To provide additional feedback when running scripts, Altiris provides an error logging utility, called logevent, for DOS, Windows, and Linux. This utility lets you send error, warning, and informational messages back to your server from within scripts, and job execution can be stopped based on the messages you return. When executing scripts, it is important to note that DS cannot stop script execution directly; DS delivers the script and returns the execution status, but the operating sytem handles the actual execution. DS does not automatically stop script processing when an error is encountered, you must provide that logic in your script.

Usage:

LOGEVENT

[-c:#] [-l:#] [-ss:Msg] [-n:Prog]

Logevent Parameter
[-c:#] [-l:#] [-ss:Msg] [-n:Prog]

Description
A ReturnCode between -32768 and +32767. Default = 0 Additional indicator of type of message.Where # = 0-3; 0 = Unknown, 1 = Information, 2 = Warning, Any string enclosed in double quotes. Default = "No Message" Name of the program that was executed. Default = "User Defined"

DOS/CMD Error Handling


In the DOS automation environment, the logevent utility is called LOGEVENT, and is available on your eXpress share. Since this is the default directory in the automation environment, LOGEVENT can be executed directly in your scripts. In the Windows production environment, the logevent utility is called WLogevent.exe. In order to use WLogevent.exe, you must make the executable available to the Windows client, either by providing it with an image, a software deployment, or by simply copying the file directly before your script executes. On DOS, events are queued until the script completes and they are returned to the server. The Windows and Linux utilities return messages as soon as they are encountered. The following script uses GOTO commands to control how a script is processed based on the outcome of executed commands, and uses logevent to return the script status:

@ECHO OFF REM Call requestNewHardware.exe. This fails and returns an error.

requestNewHardware.exe

IF ERRORLEVEL 2 GOTO TWO IF ERRORLEVEL 1 GOTO ONE GOTO END

:TWO

Altiris Deployment Solution 6.8 SP2

235

LOGEVENT -c:2 -l:3 -ss:Bad command or file not found. GOTO END

:ONE LOGEVENT -c:1 -l:1 -ss:Error 1.

:END

Visual Basic Error Handling


By including the 'vbscript server command in a script deployed to a Windows or DOS environment, DS executes the script using Visual Basic. Visual Basic has a powerful, integrated method to handle errors. In these scripts, use WLogevent.exe to report script status to the server after you have used the built-in mechanisms to retrieve errors. The following script contains an example of error handling in Visual Basic script:

On Error Resume Next Set WSHShell = Wscript.CreateObject("Wscript.shell")

' look on the local computer strComputer = "." Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") ErrNum = Err.Number If ErrNum = 0 Then Set colNetCards = objWMIService.ExecQuery _ ("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True") 'cycle through all of the nics For Each objNetCard in colNetCards ' if it is the nic we are looking for change the dns For Each objAddress in objNetCard.IPAddress If objAddress = "%NIC1IPADDR%" Then ' Set up the array of DNS entries for the NIC arrDNSServers = Array("172.17.0.202", "172.17.0.201") objNetCard.SetDNSServerSearchOrder(arrDNSServers) WSHShell.Run ".\WLogevent.exe -c:0 -l:1 -ss:""Changing DNS for NIC1""", 1, true

Altiris Deployment Solution 6.8 SP2

236

End If Next Next Else WSHShell.Run ".\WLogevent.exe -c:" & ErrNum & " -l:3 ss:""Error:" & _ Err.Description & """" , 1, true Err.Clear End If

Linux Shell Error Handling


The logevent command is provided in the Linux agent, so any Linux computer with the agent installed has local access to logevent. Similar to Visual Basic script, Linux provides a powerful method to track error values. When running scripts on Linux, use logevent to report the status to the server after you have used the built-in mechanisms to retrieve errors. The following script contains an example of error handling on Linux:

#!/bin/sh export PATH=$PATH:/opt/altiris/deployment/adlagent/bin grep foo foo.txt ERRVAL = $? if [ $ERRVAL -ne 0 ]; then logevent -c:$ERRVAL -l:3 -ss:error executing grep" fi;

Altiris Deployment Solution 6.8 SP2

237

Chapter 19

Creating an Image Distribution Framework


Why Use an Image Distribution Framework?
In distributed networks, your ability to effectively manage computers is often limited by the speed of your network link to remote locations. In Deployment Solution, computer imaging can often require file transfers in excess of several gigabytes, even when multicasting. This can cause centralized management to become a major bottleneck, limiting your ability to manage computers at these remote locations. The following diagram outlines a typical network topology that can benefit by implementing an image distribution framework. It consists of a distributed network with several remote locations and subnets connected using routers over permanent, reliablebut-slow WAN links:

Typically, managed computers at remote locations would be required to access image files often over several gigabytes over this LAN link. Implementing an image distribution framework enables you to replicate your images to a local image store for use during imaging tasks.

Altiris Deployment Solution 6.8 SP2

238

PXE Redirection
PXE solves this problem by enabling you to redirect a shared PXE configuration to a configuration on a local PXE server. This lets you assign a job across multiple locations, and have computers at each location boot using a local PXE server with configuration specific to this location. Within this configuration, you can map local file shares containing disk images. Important: If PXE is available, we recommend using up PXE redirection instead of following the process outlined in this document.

What if I Am Not Using PXE?


If you are not using PXE, Deployment Solution provides a set of tools to let computers automatically retrieve the correct image file locally. Using these tools is described in this document.

Tools
The tools referenced in this document, such as getsrv.bat and server.lst, are available on your Deployment share in the TechSup\DOS\getsrv folder.

Creating a Distribution Framework


The following provides a basic outline of an image distribution framework: Each subnet has a file server to host a local image store. All managed computers, regardless of location, connect to the local image store to retrieve images. This eliminates downloading an image over the WAN link before an imaging operation. The location of each managed computer is determined automatically based on IP address using a custom utility. Using this method, the same distribute image task can be used to image one or more computers regardless of location. Complete the following tasks to implement an image distribution framework: Step One: Set Up Local Image Stores (page 239) Step Two: Replicate Images (page 240) Step Three: Configure the Server Lookup Utility (page 240) Step Four: Create a Boot Disk Creator Configuration (page 241) Step Five: Distribute an Image (page 242)

Step One: Set Up Local Image Stores


A local image store should be set up on a file share at each remote location. Each share hosting an image store should have the same name and folder structure. In other words, the path to your images must be identical with the exception of the server name. To control access to these shares, we recommend creating a domain-level account with read/write access to each share, or alternately, a local account with the same username

Altiris Deployment Solution 6.8 SP2

239

and password on each server. This account should not possess group membership, interactive login privileges, or any additional rights. This account is specified when creating the boot configuration in Boot Disk Creator, and the username and password must be the same for each share.

Step Two: Replicate Images


Before an image can be used, it must be replicated to the image store file share at each location. There are a number of file replication solutions available, and most companies already have a process in place for replicating data between remote sites. Before attempting an imaging job, ensure the necessary image files have been replicated to the local image store.

Step Three: Configure the Server Lookup Utility


To simplify the process of accessing images at remote locations, a tool called getsrv.exe was developed to retrieve the IP address of each managed computer and compare it to a lookup file to find the local image store.

Create a Configuration
Open getsrv.bat in a text editor. This batch file calls getsrv.exe to populate the server name variable. Getsrv.bat should look similar to the following:

copy F:\server.lst c:\tools\server.lst C:\tools\getsrv.exe /s c:\tools\server.lst /v SERVERNAME > call C:\tools\srvenv.bat

c:\tools\srvenv.bat

This example copies the server lookup file, server.lst, from the Deployment Share to the automation drive. Getsrv.exe is called with these parameters set correctly. To use this example in your environment, place your server lookup file in a tools folder on your deployment share and name it server.lst. If you are using PXE, change the drive references from C: to A:, since PXE uses a virtual boot floppy represented by A:. This modified file is added to your boot configuration in a later section.

Create a Server Lookup File


Each server in the lookup file consists of two entries: the IP address/subnet entry and the corresponding server name. The IP address and subnet are separated by a slash ( / ), and the corresponding server name is separated by a comma (,). For example:

172.16.0.0/255.255.0.0,SERVER1 192.168.1.0/255.255.255.0, SERVER 2 192.168.2.0/255.255.255.0, SERVER 3


Create entries in this file for each IP segment to which you might deploy images.

Altiris Deployment Solution 6.8 SP2

240

GetSRV.EXE Parameter Descriptions


The following table contains descriptions of the getsrv.exe parameters:

Parameter
/s [filename]

Description
File containing the list of servers hosting local image stores. This file is typically placed in the deployment share. See Create a Server Lookup File (page 240). Environment variable containing the selected server. This token is used when creating the boot configuration, and is set to SERVERNAME in these examples.

/v [variablename]

Step Four: Create a Boot Disk Creator Configuration


After you have configured getsrv.bat, you need to create and modify a boot configuration. This configuration is used to boot managed computers to the automation environment for imaging. 1. 2. In Boot Disk Creator, create a new boot configuration using your selected automation boot method and environment. Create a drive mapping for your image share, using the %SERVERNAME% variable rather than an actual servername. (The name of this environment variable is specified using the /v flag of getsrv.exe. We recommend using SERVERNAME). This drive mapping should look similar to the following:

\\%SERVERNAME%\[share]
Replace [share] with the share name of your local image stores. 3. Managed computers must be able to resolve the name of the central Deployment Server. If using DOS automation, NetBIOS is used to resolve names, so we recommend adding your Deployment Server to the lmhosts file. We also recommend adding the name and IP address of each server hosting an image store. After the wizard completes, within the configuration, create a folder named Tools and copy the following files: getsrv.exe getsrv.bat

4.

Altiris Deployment Solution 6.8 SP2

241

Modify Mapdrv.bat to call Getsrv.bat


Mapdrv.bat is called to map drives in the automation environment. This file is modified to call the getsrv.bat file you modified in a previous step. After this executes, the server name variable is available to map the drive to your local image store. 1. 2. 3. Launch Boot Disk Creator. Expand the configuration you created in the previous section. Modify mapdrv.bat to add the following line after the first line of the file:

call c:\tools\getsrv.bat
The completed file should look similar to the following:

net use F: \\[your_ds_servername]\eXpress /yes call \tools\getsrv.bat net use [drive]: \\%SERVERNAME%\[share] /yes

Deploy the Boot Configuration


This configuration is now ready to be deployed using PXE, installed to an automation partition, or copied to boot media. Computers must boot this configuration when performing imaging tasks.

Step Five: Distribute an Image


You are now ready to test your configuration by deploying an image. Use the standard deploy image task in the Deployment Console, keeping in mind the following: Images must be replicated before the task executes. The path to the image file specified in the Deploy Image task should be based on the image store drive you mapped when creating your boot configuration. Example: if you selected G and mapped \\%SERVERNAME%\ds_images, and your images are located in the root folder of that share, the path is G:\imagename.img. The server lookup file must be accessible.

Altiris Deployment Solution 6.8 SP2

242

Chapter 20

Deploying and Managing Servers


Deployment Solution provides additional features to remotely install, deploy and manage network and web servers. From the Deployment Server Console, you can configure new server hardware, install operating systems and applications, and manage servers throughout their life cycle. And because servers are mission-critical, you can set up a system to quickly deploy new servers or automatically re-deploy servers that have failed. Features like rules-based deployment, support for remote management cards, and quick server restoration from a deployment history give you new tools to manage all servers throughout your organization.

Servers are identified in the Computer pane with distinctive server icons. Like all managed computer icons, the icons change to identify the status and state of the computer, such as user logged on or Server Waiting. Note Servers are recognized by their operating system (such as Windows 2000 Advanced Server, Windows Server 2003, or any Linux OS), multiple processors, and specific vendor server models. Manage Servers from the Console. The Deployment Server Console includes features specifically designed for deploying and managing servers, such as enhanced task logging and history tracking features to let you recall administrative actions and quickly redeploy mission-critical servers. See Server Management Features on page 243. Set Server-specific options. Servers are essential to any organization and require special planning and management strategies. Deployment Server provides serverspecific features to automatically deploy new servers and maintain existing servers. See Server Deployment Options on page 244.

Server Management Features


Deployment Server provides various features for deploying and managing servers. These features are supported for client and handheld computers as well, but are essential in deploying servers.

Altiris Deployment Solution 6.8 SP2

243

Server icons. The Deployment consoles display icons to identify servers across the network. Like other computer icons in the console, server icons can be selected to view server properties or assign specific jobs and management tasks

Icon

Description

Indicates a server is active and a user is logged on.

Indicates a server is disconnected from the console.

Indicates a server is in a waiting state.

Run Scripted Installs. Execute scripted, unattended installs across the network for both Microsoft Windows and Linux servers. Follow steps to create answer files and set up the operating system install files using a wizard. See Scripted OS Install on page 168. Support for multiple network adapter cards. Because servers may require more than one network interface card, Deployment Server provides property pages to access and configure multiple network adapters remotely from the console. See TCP/IP Configuration Settings on page 107. Synchronized server date and time. Deployment Server automatically sets the servers date and time after installing or imaging (as part of the configuration process). Deployment Agents include an option to disable this feature (it is off by default). Enhanced scripting capabilities. You can deploy multiple tasks per deployment job and boot to DOS multiple times when configuring and deploying a clean server. Deployment Server also lets you view and debug each step in the deployment script, and track each job to provide a history of tasks for redeploying a server.

Server Deployment Options


Deployment Server includes features to automatically reconfigure and redeploy new servers. If you are using Initial Deployment to automatically re-image new servers or run installation scripts, you can (1) safeguard against mistaken disk overwrites, or (2) run automatically for every server not identified as a managed computer in the database. These contrasting settings are based on polices you define for managing servers in your organization. Example: if you rely on PXE to boot the new server and you want to deploy new servers automatically without halting the process, you must change the default settings in the PXE Configuration Utility. In contrast, if you want to ensure that the server waits before being deployed (or waits a set time before proceeding) to avoid erroneous redeployment, you need to set the options in the Advanced section of Initial Deployment.

Halt the Initial Deployment of Servers


When a server boots from the PXE server or from BootDisk (if the option is set), Deployment Server recognizes it as a new computer and will attempt to configure the

Altiris Deployment Solution 6.8 SP2

244

computer with Sample Jobs in Deployment Solution. Initial Deployment includes a feature to prohibit servers from being deployed automatically. 1. 2. 3. Click Initial Deployment and select Properties. Click the Advanced tab. Click the Servers check box and click OK.

Initial Deployment will not run for any computer identified in the console as a server.

Change PXE Options for Initial Deployment


If installing a server using a PXE Server, the server will attempt to install but will not run automatically using default settings. It will wait until a boot option is selected from the client computer. You can change the default setting in the PXE Configuration Utility to allow Initial Deployment to run automatically and not sit at the prompt. 1. 2. 3. Click on Start > Programs > Altiris > PXE Services > PXE Configuration Utility. Click Altiris BootWorks (Initial Deployment). Click Edit. Select Execute Immediately. Initial Deployment will run automatically for every identified server. 4. Click OK.

Clear BootWorks Prompt for Remote Install


When you run a deployment job on a computer where the Deployment Agent has been remotely installed, a message will appear stating that no BootWorks partition or PXE stamp is found. The message will stay open until the user clicks OK on the message dialog, which delays executing the scheduled job as part of an automated redeployment process. To fix this delay: 1. 2. 3. 4. 5. 6. Select Tools > Options.The Altiris Program Options dialog appears. Select the Agent Settings tab. Select Change Default Settings. Select the BootWorks tab. In the lower section, select Never prompt me from the list. Click OK.

Following these steps will assure that the BootWorks message will not come up and things will move forward when a job is scheduled.

Managing Server Blades


Deployment Solution allows you to manage high-density server blades with Rack/ Enclosure/Bay (R/E/B) hardware and properties. From the Deployment Console you can deploy and manage these space-efficient server blades using the physical view to assign jobs to the Rack, Enclosure, or Bay level of the server cluster, or you can manage each server blade directly from the logical view. See Bay on page 126 for properties and rules to deploy Rack/Enclosure/Bay servers.

Altiris Deployment Solution 6.8 SP2

245

Using Deployment Solution, you can employ rip and replace technology that allows you to insert a new server blade and automatically configure and deploy it exactly like the previously installed server blade, allowing you to replace any downed server and get it back on line quickly. Altiris provides fail-safe features to ensure that no server is mistakenly overwritten and ensures that all disk images, software, data, and patches are applied to the new server from the history of jobs assigned to the previous server blade.

Managing New Server Blades


Deployment Solution allows you to automatically deploy, configure and provision new server blades using a variety of features, including Sample Jobs in Deployment Solution, Virtual Bays, and Server Deployment Rules.

New Server Blades in Newly Identified Bays


When new blades are identified in a Bay that has not been used previously (if it has been used previously, the Bay object will be identified in the physical view), both the Sample Jobs in Deployment Solution and Virtual Bays features can be set up to automatically run configuration tasks and deployment jobs. To Create Virtual Bays: Set up Virtual Rack/Enclosure/Bays for Hewlett-Packard Rapid Deployment Pack installations of Deployment Solution. Initial Deployment set up: Clear the Servers check box in the Advanced dialog. If both new computer features are set up and a new server blade is installed in a Bay not previously identified by the Deployment Server, the Create Virtual Bay feature will execute and Initial Deployment will not execute.

New Server Blades in Identified Bays


If a new HP server blade is installed in an identified Bay (one that has already had a server blade installed and is visible from the Deployment Console), both Sample Jobs in Deployment Solution and Server Deployment Rules can be set up. However, when both are set up, the Server Deployment Rules execute and Initial Deployment does not execute.

Hewlett-Packard Server Blades


Hewlett-Packard high-density blade servers can be deployed and managed from the Deployment console. The following HP server blades are supported:

HP Proliant BL e-Class
Proliant BL 10e Proliant BL 10e G2

HP Proliant BL p-class
Proliant BL 20p Proliant BL 20p G2 Proliant BL 40p

HP blade servers allow you to employ all features provided in the Deployment Console when you install the HP Proliant Essentials Rapid Deployment Pack (see www.hp.com/ servers/rdp), including the Virtual Blade Server feature. The name of each Rack for an HP Server is displayed along with the assigned name for the Enclosure and Bay. These names are collected from the SMBIOS of the server blade and displayed in both the physical and server views within the Computers pane of the Deployment console.

Altiris Deployment Solution 6.8 SP2

246

For HP blade servers in the physical view the Rack name can be a custom name in the console, with all subordinate Enclosures and Bays also identified. Example: <rackName> <enclosureName> <bayNumber> See also Server Management Features on page 243 and Server Deployment Options on page 244.

Virtual Bays
Blade servers now have a Virtual Bay feature that allows you to pre-assign deployment jobs to the rack, the enclosure, or to a specific server blade in the bay. Any blade server can have predefined deployment jobs and configuration tasks associated with it to execute automatically upon installation. The Virtual Rack/Enclosure/Bay icons will change from virtual icons to managed server icons in the Deployment console as live blade servers are inserted and identified by Deployment Solution. Rack name. Enter or edit the name of the Rack. Enclosure name. Enter or edit the name of the Enclosure. Enclosure type. Select the type of HP server blade from the list. Initial Job. Select an existing job to run when the virtual computer is associated with a new server blade. Server Change rule. Select the Server Deployment Rules to run on the Bay when a new server blade is installed. Note If you create Virtual Bays for an enclosure (such as the BLe-class with 20 bays) and if another model of server blade with an enclosure containing fewer bays is connected (such as the BLp-class with 8 bays), the excess virtual bays will be truncated automatically. Conversely, if you create Virtual Bays with fewer bays (8) and install an enclosure with additional bays (20), you will need to recreate the virtual bays in the enclosure (right-click the enclosure name in the physical view and click New Virtual Bays). See also Managing New Server Blades on page 246.

Dell Server Blades


Dell high-density blade servers can be deployed and managed from the Deployment console. All Dell Rack Servers are supported by Deployment Solution, but the server blades can also be managed from the physical view in the Rack/Enclosure/Bay view. The following servers are supported:

Dell Rack Servers


All PowerEdge rack servers

Dell Server Blades


PowerEdge 1655MC

For Dell blade servers in the physical view, the Rack name will always be Dell. All subordinate Enclosures and Bays are identified with custom names under the Dell rack name. Example:

Altiris Deployment Solution 6.8 SP2

247

Dell <enclosureName> <bayName> See also Server Management Features on page 243 and Server Deployment Options on page 244.

Fujitsu-Siemens Server Blades


Fujitsu-Siemens high-density blade servers can be deployed and managed from the Deployment console. All Fujitsu-Siemens Rack Servers are supported by Deployment Solution, but the server blades can also be managed from the physical view in the Rack/ Enclosure/Bay view. The following servers are supported:

Fujitsu-Siemens Rack Servers


All Primergy rack servers

Fujitsu-Siemens Server Blades


Primergy BX300 blade servers

For Fujitsu-Siemens blade servers in the physical view, the Rack name will always be Fujitsu-Siemens. All subordinate Enclosures and Bays are identified with custom names under the Fujitsu-Siemens rack name. Example: Fujitsu-Siemens <enclosureName> <bayName> See also Server Management Features on page 243 and Server Deployment Options on page 244.

IBM Server Blades


IBM high-density Blade Centers can be deployed and managed from the Deployment console. All IBM blade servers are supported by Deployment Solution, but the server blades can also be managed from the physical view in the Rack/Enclosure/Bay view. For IBM blade servers in the physical view, the Rack name will always be IBM. All subordinate Enclosures are identified with custom names under the IBM rack name and Bays are identified by number. Example: IBM <enclosureName> <baynumber> See also Server Management Features on page 243 and Server Deployment Options on page 244.

Altiris Deployment Solution 6.8 SP2

248

Part V

Operating System and Platform Reference


This section contains operating system and platform-specific information you need to consider when managing computers.

Altiris Deployment Solution 6.8 SP2

249

Chapter 21

64-bit Platforms
Deployment Solution has been designed to make managing different platforms as seemless as possible. This section walks you through the enhancements added to support 64-bit, and includes tips to more effectively manage these computers.

64-bit Job Conditions and Filters


Functionality has been added to let you set conditions and filters based on the computer architecture. These conditions and filters let you set up your jobs to make decisions based on the architecture so you dont have to re-organize your tree around architecture. Example: when distributing software, you can have 32- and 64-bit comptuters in the same group and use conditions to ensure each receives a different version.

64-bit PXE Boot Images & Configurations


Deployment Server 6.8 uses the same process to create automation boot configurations as Deployment Server 6.5. There are two differences for 64-bit: When you create a PXE boot configuration (example: an item on the PXE boot screen), you select the architectures you want to include when you create the configuration. When a managed computer boots this configuration, PXE automatically detects the architecture and sends the correct boot image. If you attempt to boot an x64 computer without an x64 boot image, it will use the x86 version. An Itanium will attempt to boot only an Itanium boot image. When you create an automation partition or boot disk from a Boot Disk Creator configuration, you are asked which architecture you want to use. Boot Disk Creator automatically gathers the correct files for that architecture.

Adding Files to a Boot Disk Creator Configuration for 64-bit


For the most part, Boot Disk Creator configurations are independent of architecture. However, if you manually add executables to a configuration which supports multiple processor types, you need to ensure you provide a version of the file for each architecture you have included. Example: if you have x86 and x64 versions of the Linux preboot environment selected for a configuration, and you add an executable, Boot Disk Creator checks the file header to see which architectures the executable supports. If not all architectures you have installed are supported by the file you added, this screen appears prompting you to add additional files or ignore the warning.

Altiris Deployment Solution 6.8 SP2

250

Chapter 22

Linux and Unix Systems


Altiris Deployment Solution has several tools to effectively manage Linux and Unix computers, including: A native Linux and Unix agent, called ADLAgent, in the Linux production and automation environments. Fedora Linux automation environment Support for deploying KickStart scripted installs Native imaging support for ext 2 and 3 filesystems Native imaging support for LVM This section contains considerations you must be aware of when managing Linux and Unix systems, and contains the following topics:

ADLAgent
ADLAgent is the client software which provides connectivity to Deployment Server from Linux, Unix, and Solaris.

Installing and Configuring ADLAgent


For basic instructions on installing ADLAgent, see Installing Deployment Agent on Linux on page 350. Installing ADLAgent on your Linux and Unix computers involves copying the necessary binaries to the client and running the installation script. You can configure the agent using the configuration script, modifying the configuration file directly, or by modifying the configuration directly in the Deployment Console. If you need to install ADLAgent on multiple computers, you can copy the installation files to an NFS or other share on your network, use standard remote access tools to run the installer. This might involve using ssh to log in remotely, or adding a line to a standard script. You might also modify the ADLAgent configuration file once and copy it to each computer.

Distributing Software
The software distribution task now supports a number of Linux and Unix file types. When using this task with these formats, the file is copied to the system, extracted, The configure script is executed (./configure) and the make install command is executed. A large number of software packages can be installed using this process. If you have software which requires configuration beyond this, or if you are using a package management system, use a file copy task along with a shell script to install the software.

Altiris Deployment Solution 6.8 SP2

251

Imaging Linux and Unix Filesystems


RapiDeploy provides native imaging support for EXT2 and EXT3 file systems. Other file systems can be imaged, but you need to use the -raw switch.

Linux Bootloaders
There are a few considerations you must use to preserve the functionality of Linux bootloaders. First, if your bootloader is located on a reiserfs partition, you must use the -raw switch when imaging this partition to preserve the structure. Second, if you are using an automation partition, your MBR is modified to boot this partition. If you install a new version of a bootloader, your MBR is modified and you might not be able to access your automation partition. If this occurs, you can reinstall the automation partition. To prevent this, do not update any software which modifies your MBR without uninstalling the automation partition first. The automation partition can be reinstalled after the software update.

Altiris Deployment Solution 6.8 SP2

252

Chapter 23

Managing Thin Clients


Thin clients are a low cost, low maintenance solution for organizations that want to perform tasks or access programs such as: Web browsing, Java-based applications and terminal emulation, or line of business (LOB) applications. Example: users can range from receptionists and data entry workers to users accessing systems from kiosk locations commonly found in call centers or health care environments. Thin clients provide users a reliable server-based environment without the complexity or maintenance of a PC. Thin clients connect to any current or legacy network and can be managed from a centralized location. Thin clients do not contain any moving parts and data is stored in RAM, which increases their manageability, security, and reliability.

Thin client operating systems


The Deployment Agent is the Production Agent and can be installed to thin clients running Windows XP Embedded from the Deployment Console. However, if you have thin clients running either CE. NET, or the proprietary version of Linux from HP or Neoware, you cannot remote install (push) the Deployment Agent from the Deployment Console. Rather, you must install the Deployment Agent on the thin clients (pull) directly. See Thin Client Operating Systems (page 254).

Production versus Automation Agent


Deployment Solution requires that a Production Agent be installed to each thin client you want to manage from the Deployment Console. Thin client computers come pre-installed with the Deployment Agent so when they are added to a Deployment Server system, communications between the server and client are established right away. The client computers MAC and IP addresses are added to the Deployment database, which lets you begin managing the device. See Installing Deployment Solution Agents (page 344), Deployment Agents (page 112). The Automation Agent boots thin clients to automation mode so they can run deployment jobs, such as run script, create and distribute disk images, and more. Altiris recommends using a PXE Server to boot thin clients to automation, instead of installing an embedded automation partition. See Automation Agent Settings (page 379).

Supported Deployment Solution Functionality


Deployment Solution supports full functionality for thin client running XPe and Linux. However the there is limited functionality for thin clients running CE .NET. The following is a list of the supported functions for thin clients running CE .NET. Modify Computer Configuration (the computer name and TCP/IP Setting only) Distribute software (.CAB and .EXE files) Execute and run scripts (DOS and WIN batch files) *no VBS support Copy files and directories Create disk images

Altiris Deployment Solution 6.8 SP2

253

Distribute disk images Remote Control clients (24 bit color depth only. No chat or send file features) Power Control (restart/shutdown/wake up jobs) Set computer properties Create conditions to run jobs and filter computers Modify client properties via Windows and Linux agent settings

Supported Thin Client Manufacturers


Currently, Altiris supports Fujitsu-Siemens, HP, and Neoware thin clients.

Manufacturer
Fujitsu-Siemens

Model
Futro B, S, and C series thin clients running the Windows XP Embedded operating system. Currently, Deployment Solution does not support Futro thin clients running Linux. Futro S series thin clients come pre-installed with the Deployment Agent and a license for Deployment Solution. However, the Futro B series requires that you install the Deployment Agent before obtaining a Deployment Solution license from Altiris. See Managing Licenses (page 352)or the Altiris Getting Started Guide for more information.

HP

HP t5000 thin client series, which includes the t5300, t5500, and t5700 clients. Thin clients come pre-installed with Windows XP Embedded, Windows CE .NET, or Linux, depending on the model of the device. All HP thin clients come pre-installed with the Deployment Agent. CapioOne G150 and Eon E100 series thin client models. The thin clients come pre-installed with Windows XP Embedded, CE. Net 4.2 or 5.0, or NeoLinux. All Neoware thin clients come pre-installed with the Deployment Agent, but if your device is missing the agent, contact Neoware for a Snap-In.

Neoware

Thin Client Operating Systems


Thin clients come pre-installed with an operating system and the Altiris Deployment Agent. This lets you easily add new devices to the network and establish communications with the Deployment Server. See Windows XP Embedded (XPe) (page 254), Windows CE .NET (page 257), and Linux (page 257).

Windows XP Embedded (XPe)


Microsoft Windows XP Embedded (XPe) is a powerful, rapid, and reliable operating system that runs on PC architecture hardware with x86 processors. Windows XP Embedded is a componentized technology based on the Windows XP Professional operating system, with full Win32 Application Program Interface (API) capabilities.

Altiris Deployment Solution 6.8 SP2

254

Because application developers can choose from over 10,000 individual feature components, the image footprint is smaller and can boot basic images as small as 8MB. The Deployment Agent used for computers running 2003\XP\2000 is the same agent that is installed on thin clients running the Windows XP Embedded operating system. There are no limitations when installing the Deployment Agent to thin clients from the Deployment Console. However, you must turn off The Enhanced Write Filter on the thin client before installing the Deployment Agent, so that the agent will be saved to the clients memory. See also: Installing Deployment Solution Agents (page 344)and Deployment Agents (page 112).

The Enhanced Write Filter


The Enhanced Write Filter (EWF) is a unique feature of the Windows XP Embedded operating system that protects data from being written to the Hard Disk (RAM) storage area on a thin client. With EWF enabled, any data writes will be redirected to an alternate storage area called an overlay. The data stored in the overlay gives users the appearance that files, programs, or any other data installed to the thin client, will be permanently saved. However, all data written to the overlay storage area will be deleted when the thin client reboots. The Enhanced Write Filter is an IT managing feature that helps control the data stored on a thin clients hard drive. Some of the tasks Deployment Solution tasks that are impacted by the Enhanced Write Filter are certain deployment jobs, and installing the Deployment Agent for Windows. Other tasks such as, creating and distributing images, and modifying the configuration (computer name or IP address) already have scripts to handle EWF. These jobs disable EWF first, run other scripts or tasks, and re-enable EWF as the last step of the deployment job. This ensures that data written to thin clients during the deployment job will not be lost when clients reboots. Example: from the Deployment Console in the Jobs pane, located in Samples > Windows XP Embedded, is a job called Create Disk Image. The script reads as follow:

Notice that the first line item disables the Enhanced Write Filter, and the second line item checks to verify that EWF is disabled. The Create Image task creates a copy of the thin clients image and stores it in the Images folder on the Deployment Share. When the image task completes, the Enhanced Write Filter is re-enabled, and the thin client reboots. Because this script handles EWF automatically, thin clients can be managed from the Deployment Console without concern that data tasks will not be saved to managed thin clients. When creating your own Deployment jobs, use the Samples in the Job pane of the Deployment Console to help you create your own scripts to handle EWF automatically. If

Altiris Deployment Solution 6.8 SP2

255

EWF is not disabled and enabled properly, after you run a Deployment job, the next time a thin client reboots, data will be lost. See also: Building and Scheduling Jobs (page 147), Deployment Agents (page 112).

Using the EWFMGR Utility


HP and Fujitsu-Siemens thin clients can enable or disable the Enhanced Write Filter, using a Windows XP Embedded utility named ewfmgr.exe, which is stored in the C:\Windows\System32 folder. Although there are many switches that can be used with this utility; however, you typically will only use the following three or four. Note Neoware thin clients use a different method of enabling and disabling the Enhanced Write Filter. See the Sample Jobs folder in the Jobs pane in the Deployment Console for examples, or contact Neoware.

Switch
-all

Description
Performs a specified command (such as disable or enable) on all protected volumes. The default command is to display protected volume information. Disables the overlay on the specified protected volume.

-disable

-enable

Enables the write filter so that data written to the protected media is cached in the overlays. The current overlay level becomes 1 as soon as EWF is started, and a new overlay is created at level 1.

-commitanddisable

Commits all current level data in the overlay to the protected volume and disables the overlay.

The following are a few examples of how to use the ewfmgr.exe program.

Altiris Deployment Solution 6.8 SP2

256

Example
ewfmgr -all

Description
This displays the current Enhanced Write Filter settings.

ewfmgr c: -disable ewfmgr c: -enable

This disables the Enhanced Write Filter on the C: volume. This enables the Enhanced Write Filter on the C: volume.

Although the enhanced Write Filter manager can be run from a thin client, it is more efficient to include it as part of your Deployment Job.

Windows CE .NET
Microsoft Windows CE .NET is designed for a broad range of intelligent hardware devices that require a small-sized operating system, and usually run disconnected from other computers. Window CE .NET can run on multiple processors, supports Win32 Application Program Interface (API), and runs in Realtime right out of the box. Application developers can choose from a wide range of modules and components, creating small image footprints booting the basic image from 350KB. Deployment Solution lets you mange thin clients running Windows CE .NET from a centralized location, but the Deployment Agent for Windows CE .NET must be installed on each device. Many of the thin clients supported by Deployment Solution come preinstalled with the Deployment Agent and can be managed after they are connected to the network. However, due to limitations of the Deployment Console, you cannot push the Deployment Agent for CE .NET to thin clients running the Windows CE .NET operating system. Rather, you must run the Deployment Agent installation from the thin client directly. See Deployment Agent for CE .NET (page 122).

Linux
HP and Fujitsu-Siemens distribute their own proprietary versions of Linux for thin clients supported by Altiris. Contact the manufacturer for more information.

Licensing Thin Clients


HP and Fujitsu-Siemens thin clients do not require a license, but Neoware thin clients must purchase a standard license. See Managing Licenses (page 352).

Altiris Deployment Solution 6.8 SP2

257

Chapter 24

Windows Vista
Installing the Deployment Agent on Vista
The installation program is contained in the Agents folder on the Deployment Share. To install, launch the installation MSI on the computer using and admininstrator account and complete the prompts. To perform a silent installation, use a command similar to the following:

DAgent.msi -qn server_tcp_addr= 172.19.17.180 server_tcp_port=402.


To remotely install combine the above instructions for a silent installation with a login script or group policy object.

Vista Remote Control


Deployment Solution uses the Remote Desktop feature of Vista to perform remote control. Remote Desktop must be enabled on the remote computer and you must have the required credentials to use remote control.

Vista Software Distribution


Due to increased security in Vista, software must meet the following criteria before it can be distributed using Deployment Solution: The software you are distributing must be Vista compliant. The installation is set to run as completely silent. No user input is required by the installation prcess. If the package requires additional files, the "copy all directory files" and/or "copy all subdirectories" options are selected to provide these files. If you are attempting an installation from a remote location or UNC path, only one setup executable is required to complete the installation. In the Distribute Software Task, you have left the advanced option on the default selection, "Copy files using Deployment Server then Execute," or you have provided appropriate domain credentials to perform a remote installation. See the release notes for additional information.

Vista Run Script Tasks


Due to increased restrictions placed on services in Vista, scripts executed by Deployment Solution cannot display anything to the user. Scripts requiring user interaction, including pause statements, will not execute correctly.

Altiris Deployment Solution 6.8 SP2

258

Deployment Agent UI on Vista


When installing the Deployment Agent on Vista computers, you now have the option of installing a client-side agent configuration utility. This interface is similar to the configuration interface for the Deployment Agent on other Windows operating systems. To install, select the Control panel applet & UI component option during the DAgent installation. The configuration utility is launched by selecting Start > Altiris > Deployment Solution > DAgent Configuration.

Vista Imaging
RDeploy fully supports imaging Vista computers similar to other Windows operating systems. Additionally, support is provided for the WIM format using ImageX. See ImageX Imaging (page 218).

Altiris Deployment Solution 6.8 SP2

259

Chapter 25

Power Mac
Installing The Mac Deployment Agent
1. 2. 3. 4. Connect to the Deployment Share using Finder > Go > Network > domain > Express, replacing domain with the domain containing your Deployment Server. Browse to the Agents/ADLAgent folder. Extract and run the program contained in altiris-adlagent-x-darwin.zip. Complete the prompts, providing the IP address of your Deployment Server and the IP address of your NetBoot Server.

When the installation completes the computer appears in the Deployment Console.

Removing the Mac Deployment Agent


An uninstall script is contained in the /opt/altiris/deployment/adlagent/bin folder.

Altiris Deployment Solution 6.8 SP2

260

Part VI

Reference: Deployment Solution Help Files


This section contains the help files that are launched from the Deployment Console, Web Console, and other Deployment Solution utilities. Translated versions of these help files are available in the product.

Altiris Deployment Solution 6.8 SP2

261

Deployment Server Configuration Utility


The Altiris Deployment Server Configuration Utility provides general preferences for the Deployment Server. You can use the Deployment Server Configuration Utility to: Set up an account for Deployment Server. See Logon Account (page 263). Stop, start, and restart Deployment Server. View server activity and statistics. Map drives to file servers in your Deployment Server system (if you have images stored in more than one place). See Drive Mappings Option (page 264). Set the communications protocol (multicast or TCP) and set the imaging multicast threshold. See Transport Option (page 265). Filter connections from the Deployment Server by IP addresses or network adapter interface. Connections Option (page 268). Set debug and log file options in the Debug Option (page 269).

Log in to the Deployment Server you want to manage. Open the Deployment Server Configuration Utility by clicking Start > Programs > Altiris > Deployment Server > Configuration.

From the main view of the Deployment Server Configuration Utility, you can view Deployment Server statistics, start and stop the Deployment Server, access Deployment Server configuration options, and more.

Item
Server activity and statistics Start Stop Restart

Description
Lists the number of Deployment Server sessions (clients) and Deployment Server Consoles currently running on the network. Starts the Deployment Server on the local computer. Stops the Deployment Server on the local computer. Restarts the Deployment Server on the local computer.

Altiris Deployment Solution 6.8 SP2

262

Account

Opens the Server Login Account dialog, which lets you specify the account used by the Deployment Server service. The LocalSystem account requires a simple install that runs Deployment Server services on the local computer, prohibiting access to network shares or components. With the LocalSystem account selected, you can click the Allow service to interact with desktop box to place an icon in your system tray. This icon lets you quickly shut down the Deployment Server services or to view server statistics (just as you can do from the Manage > Services and Applications > Services > Altiris eXpress Server service). The default setting is to provide a user name and password during installation. With this option you can install the service on different computers and access components across the network.

Options

Opens the Deployment Server Options dialog, which lets you specify Deployment Server options.

Logon Account
This Service Logon Account dialog is used to set up the user account used by Deployment Server.

Item
Use the Local System account

Description
Specifies that the LocalSystem account should be used by the Deployment Server service. You can use this option if your Deployment Server directory is located on the same computer as the Deployment Server and if you don't need to access any other file servers. Specifies that a user-defined account should be used by the Deployment Server service. If this option is selected, you must supply the appropriate username and password. The account must have Administrator equivalent rights on the Deployment Server computer. You must use this option if your Deployment Server directory is located on a different server than the Deployment Server.

Use the following account and password

To specify or change the Deployment Server service account


1. 2. 3. Open the Deployment Server Configuration Utility in the Control Panel of the Deployment Server computer. Click Account. Choose whether you want to use the LocalSystem account or a user-defined account. If you choose a user-defined account, you must enter the username and password. Click OK.

4.

Altiris Deployment Solution 6.8 SP2

263

General Option
Update Inventory on active computers. Inventory provides software and hardware information about a client computer. You can update inventory on active computers at specified intervals. The Deployment Agent or any other agent sends the inventory when it connects to the server for the first time. It also updates the inventory according to a specified schedule. Click Schedule to schedule updated inventory. Update active client connections. Due to network glitches, the console may show the client active, when it is inactive. The Deployment Server sends a CACK (Client Acknowledgement) request to client computers. It waits for a response from the client for a specified timeout value. If it does not receive a response from the client within that specified time, it terminates the connection. Click Schedule to schedule updated active client connections. Reset inactive client connections. Due to network glitches, the console may show the client inactive, whereas the client is active. If this option is selected, inactive client connections are reset according to a specified schedule. Click Schedule to schedule the resetting of the inactive client connections. Encrypt communication between IIS and Data Manager. Select this option to encrypt all communication between IIS and the Data Manager. Send Wake on LAN to inactive computers when scheduling. Select this option to send a Wake on LAN request to the client computer. You can retry sending this request through the Retry every _______ minutes option.

Drive Mappings Option


The Drive Mappings tab is used to add, edit, and delete drive mappings used by the Deployment Server. Any drive mappings used to reference files need to be duplicated here. Example: if you create a job that distributes software packages from a drive on another file server using a mapped G: drive, you need to create a G: drive mapping on the Deployment Server using this dialog.

Item
Drive Letter and UNC Path Add

Description
Displays the drive mappings with the mapped drive letters and the corresponding UNC paths. Opens the Map Drive dialog, which lets you create a drive mapping. Driver Letter. Drive letter to which the drive mapping is mapped. UNC path. UNC path to which the mapped drive points.

Modify Remove

Opens the Map Drive dialog, which lets you edit the drive letter or UNC path of the selected drive mapping. Removes the selected drive mapping.

Altiris Deployment Solution 6.8 SP2

264

Data store path

Specifies the path to stored packages and files and other DS functions (such as license verification). The default path is

C:\Program files\Altiris\express\Deployment Server.


Note Do not use this setting to change the path to the Client Access Point. Modifying this setting does not automatically let you use another shared directory other than the express share. To change the Client Access Point shared directory, run a Custom install to establish another location for the Client Access Point.

To create a drive mapping


1. 2. 3. 4. 5. 6. Open the Deployment Server Configuration Utility in the Control Panel of the Deployment Server computer. Click Options and click the Drive Mappings tab. Click Add. Specify the Drive Letter and UNC Path. Click OK.Click OK. Click Yes to restart the service.

To edit a drive mapping


1. 2. 3. 4. 5. 6. Open the Deployment Server Configuration Utility in the Control Panel of the Deployment Server computer. Click Options and click the Drive Mappings tab. Select the drive mapping you want to edit and click Edit. Modify the Drive Letter and UNC Path as desired. Click OK.Click OK. Click Yes to restart the service.

To remove a drive mapping


1. 2. 3. 4. 5. Open the Deployment Server Configuration Utility in the Control Panel of the Deployment Server computer. Click Options and click the Drive Mappings tab. Select the drive mapping you want to remove and click Remove. Click Yes to confirm your decision. Click OK. Click Yes to restart the service.

Transport Option
The Transport tab lets you specify settings for the Deployment Server transport protocols.

Altiris Deployment Solution 6.8 SP2

265

Item
Disable multicast support (agents must connect using TCP) Multicast Address Multicast Port Multicast TTL

Description
Disables multicast support, which means clients must connect to the Deployment Server using TCP.

The multicast address. This is used only if multicast is not disabled. Port used for the multicast. This is used only if multicast is not disabled. Specifies the number of "hops" or hubs that the client can go through to multicast. This is used only if multicast is enabled. The TCP port. This is used whether multicast is enabled or disabled. Automatically updates the Altiris Client for Windows on managed computers if there is a difference (older or newer) between the client available in the Deployment Server directory and the managed client. Note If any agent is upgraded to the Deployment Solution 6.8 version, this agent does not downgrade automatically if it connects to a Deployment Server of an earlier version. To downgrade any agent, install the older version of the agent manually.

TCP Port Automatically update clients

Allow Encrypted Sessions

Allows encrypted sessions between the Deployment Agent and Deployment Server. If the Deployment Agent data encryption is turned on, this Deployment Server option must also be turned on to pass encrypted data between client and server.

To specify the Deployment Server transport


1. 2. 3. Open the Deployment Server Configuration Utility in the Control Panel of the Deployment Server computer. Click Options, and click the Transport tab. Do one of the following, depending on the transport you want to use: If you want to use multicast, do not select the Disable multicast support check box. If you want to use TCP, select Disable multicast support and supply the Multicast Address, Multicast Port, Multicast TTL, and TCP Port. 4. Click OK.

Altiris Deployment Solution 6.8 SP2

266

Disk Imaging Option


The Disk Imaging tab lets you specify when image multicasting is used and how much bandwidth is used during multicasting. Note When multicasting a disk image using the PXE Server, the boot disk on the PXE Server cannot be configured with an Intel Universal NIC driver (also known as an UNDI driver). The multicasting feature is disabled for multicasting because of continued data corruption problems inherent with the Intel Universal NIC driver. This unreliability results in random files being corrupted in the image file, a problem that may appear immediately or go undetected until accessing the files later. As a result, if the computers being imaged are booting to PXE boot files configured with an Intel universal driver, multicasting is disabled and all computers are imaged using direct connections.

Item
Use disk image multicast threshold of n clients

Description
Specifies the number of clients that must be involved in a job before image multicasting is used. If the number of clients is less than or equal to the number specified, multicasting is not used. Set this value to 0 to disable multicasting. If this option is not selected, multicasting is used whenever there are two or more clients. When multicasting is not used, all clients become Masters and read from the image server independently. This option can be used if your clients can read an image file from the server faster than trying to coordinate masters and clients. Limits the bandwidth used in a multicasting session to a user-defined number of Mbps. This option prevents the multicasting operation from using all available bandwidth on a network, so other network traffic can take place at a reasonable rate.

Limit each disk image multicast to n Mbps

To set when multicasting is used


1. 2. 3. Open the Deployment Server Configuration Utility in the Control Panel of the Deployment Server computer. Click Options and click the Disk Imaging tab. Select one of the following depending on when you want to use multicasting: If you do not want to use multicasting, select the Use disk image multicast threshold of n clients check box and set n to 0. If you want to use multicasting whenever there is more than one client, do NOT select the Use disk image multicast threshold of n clients check box. If you want to use multicasting only when there are more than a specific number of clients, select the Use disk image multicast threshold of n clients check box and set n to the number of clients there must be more than before multicasting is used. 4. Click OK.

Altiris Deployment Solution 6.8 SP2

267

To set the maximum bandwidth used during multicasting


1. 2. 3. 4. Open the Deployment Server Configuration Utility in the Control Panel of the Deployment Server computer. Click Options and click the Disk Imaging tab. Select the Limit each disk image multicast to n Mbps check box and set n to the maximum bandwidth you want a multicasting operation to use. Click OK.

Authentication Option
The Authentications tab lets you authenticate to an existing SQL Server database, to the NetWare Server as a file access point, and to Deployment Solution.

Database Authentication To access and authenticate to a specified Microsoft SQL Server database
1. 2. 3. Click the Use SQL Server account authentication check box. Enter the username for the specified database. Enter the password.

NetWare Server Authentication To access and authenticate to a Novell NetWare Server


1. 2. Enter the username for the selected server. Enter the password.

DS Authentication To access and authenticate to Deployment Solution


1. 2. 3. Click Add Key. You can add a security key for the server to which you want to connect. Click Delete Key. You can delete the security key for a Deployment Server. Click Export Key. You can export and save the security key for your Deployment Server to a file.

Connections Option
The Connections tab lets you allow or reject connections from the Deployment Agents based on the IP subnet, IP address, and local interfaces.

Define Subnets
Select the Allow/reject agents based on their IP subnet box and click Define Subnets. Click Add or Modify to enter or edit a network IP address and the corresponding mask.

Altiris Deployment Solution 6.8 SP2

268

Define IP Addresses
Select the Allow/reject agents based on their IP address box and click Define IP Addresses. Click either the Allow or Reject option. Click Add or Modify to enter or edit a specific a range of IP addresses to connect to the Deployment Server.

Define Interfaces
Select the Allow/reject agents based on their IP address box and click Define IP Addresses. Select from the list of network adapter cards to allow or reject when connecting to Deployment Server.

Debug Option
The Debug tab lets you set debug options for Deployment Server and communication between managed computers. Engine Debug Logging. Select this option to set the name and location of the logging report and the logging level for Deployment Server. The Engine Debug Log is a single report that captures debug information for Altiris support personnel. Log File Name: Set the path and name for the log text file. The default name is axengine.log in the Deployment Server shared directory. Max File Size: Set the size of the text file by entering the maximum file size allowed. Logging Level: Enter the logging level. This number can be from 1 to 9, with nine the deepest logging level and one the most cursory logging level. Altiris support can instruct you on the required logging level for your issue. Log Agent Communication with Engine. Select the directory path and name to log error messages between managed computers and the Deployment Server. Log Directory. Set the path of the folder to collect the client error messages. Each managed computer has its own log file in this directory named <the computer ID of the managed computer>.log. Max File Size. Set the size of each log file by entering the maximum file size allowed.

Altiris Deployment Solution 6.8 SP2

269

Introduction to Altiris Boot Disk Creator


Altiris Boot Disk Creator (BDC) is a utility that comes with Deployment Solution and lets you create configurations for pre-boot environments. You can create DOS, Linux, and Windows Preinstallation Environment (Windows PE) configurations, which gives you greater flexibility in managing client computers. The configurations you create can be assigned to automation tasks within deployment jobs that boots client computers to the automation environments. The Deployment Solution automation tasks include the following: Run Script Create Disk Image Distribute Disk Image Scripted OS Install Backup Registry Restore Registry The Deployment Server sends a message to the client computer that the type of task within a deployment job requires an automation environment. The client computer boots to the automation environment you created using Boot Disk Creator and connects with the Deployment Server to run the tasks that have been assigned by the deployment job. This feature lets you create a single deployment job with multiple tasks that boots to the automation environment you want when each task runs. The Boot Disk Creator Utility gathers data as you create new configurations. The base pre-boot operating system files, disk drivers, files you add to the Additional Files folder (in the treeview of Boot Disk Creator), and all the settings you selected in the New Configuration Wizard are added to the boot image. Based on the type of preboot environment you are creating, the appropriate Automation Agent is also added. Boot Disk Creator creates the type of bootable media you want to use when booting client computers to automation. Boot Disk Creator supports the following bootable media: Floppy disks Bootable CDs and DVDs with an ISO image, or with network connectivity to retrieve an image from the Deployment Server USB flash drives Windows installation packages See Create Boot Disk (page 280), Automation Partitions, Network and Automation Boot Disks (page 280). Before creating configurations, you must first install the pre-boot operating system files for the types of pre-boot configurations you want to create. When the Deployment Solution gets installed, you have the option to install the pre-boot operating system files at that time. If there are no files installed, you can use the Install Pre-boot Operating System Files feature within Boot Disk Creator to install the necessary pre-boot operating system files.

Altiris Deployment Solution 6.8 SP2

270

Example: You can install DOS, Linux, or Windows PE operating system files so you can create any type of configuration any time you want. Or, you can install only DOS and Windows PE system files and install Linux later. You can only create configurations for the type of pre-boot operating system files you have installed. This feature also lets you update pre-boot operating system files when you receive new releases of software and makes it easy to install system files any time you want. See Install Pre-boot Operating System Files (page 285). The New Configuration Wizard is the main process of Boot Disk Creator. This is how you select the type of pre-boot environment configuration you want to create, along with other settings such as, the type of network adapter, network server information, TCP/IP information, and more. After the wizard completes, the Create Boot Disk Wizard automatically appears. This is the production process of Boot Disk Creator that lets you select the boot disk creation method for how you want to implement the configuration you created. You can create floppy boot disks, which are use for DOS configurations since Linux and Windows PE system files are too large to fit on a floppy. Network and automation boot disks can create ISO images, which you can save to bootable CDs using your own third party CD burning software, or you can select a flash drive from the Bootable drive drop-down list. You can also create a Windows Installation package to run in a Windows production environment, which installs an embedded (recommended) or hidden automation partition on the client computers hard drive. See Automation Partitions, Network and Automation Boot Disks (page 280). If you create an Automation boot disk, the Automation Agent is added to the configuration so that when you boot client computers, they try to connect to the Deployment Server. If you select Network boot disk, client computers boot to the network server you specified in the New Configuration Wizard, displaying only a users prompt. See New Configuration Wizard (page 272). Boot Disk Creator can also be accessed from the PXE Configuration Utility, so that you can create boot menu options using the New Configuration Wizard. You can also create boot configurations directly from Boot Disk Creator, and import the boot images into the PXE Configuration Utility. The PXE Configuration Import feature lets you import images that have been created by Boot Disk Creator or any other third party imaging software, but you cannot edit the boot images after they have been imported. See PXE Configuration Utility Help. To help you manage the configurations you create, Boot Disk Creator uses colors to inform you which type of pre-boot configuration you are editing. The colors on the display change when you select a configuration in the treeview of the utility. The colors indicate the following: Black: No configuration has been selected or there are no configurations to select. Blue: DOS configuration Green: Linux configuration Red: Windows PE configuration See Edit Configurations (page 278). The Boot Disk Creator Utility is easy to use because each process guides you through the settings and options you can select to create pre-boot environment configurations to help manage automation tasks used by the Deployment Server.

Altiris Deployment Solution 6.8 SP2

271

To start the Boot Disk Creator tool, open the Deployment Console and click the icon on the toolbar, or click Tools > Boot Disk Creator.

Toolbar Description
The icons on the toolbar help you navigate to the tasks you want to perform within Boot Disk Creator in one click. The options are:

Buttons

Description
New Configuration Wizard (page 272): Creates new configurations that is used when booting client computers to automation or a network prompt. Create an Automation Install Package (page 281): Creates and installs an embedded automation partition to a client computers hard disk, using an installer package. Remove Automation Partition (page 283): Removes an automation partition from a client computers hard disk. Create Automation Boot Disk (page 282): Creates automation boot disks to manually boot client computers to automation. Create Network Boot Disk (page 283): Creates network boot disks to manually boot client computers to a specified network server.

New Configuration Wizard


You can create as many configurations as needed to support varying types of computer environments. Before you begin, you must install the pre-boot operating system files that Boot Disk Creator uses to create new configurations. See Install Pre-boot Operating System Files (page 285).

To start the New Configuration Wizard, click the icon on the toolbar of the Boot Disk Creator tool, click Ctrl+N, or click File > New Configuration.

Configuration Name
This is the first page of the New Configuration Wizard, which is the same for DOS, Linux, or Windows PE. You must enter a name of for the configuration to make the Pre-boot Operating System for this Configuration fields active. The description field is optional but helps you to know what the configuration contains, such as the file server type, NIC drivers, and any additional files you want to add.

Altiris Deployment Solution 6.8 SP2

272

Field Definitions
Name: The configuration name you enter appears in the Configurations treeview after the wizard is completed. Description: Enter a description for the configuration. (Example: enter the type of computer, operating system, network adapter, and any other characteristics that help you identify this particular configuration.) After the Create Configuration and Create Boot Disk wizards complete, if you select the configuration from the treeview, the description you entered for this field appears at the top of the right pane. Pre-boot Operating System for this Configuration: Boot Disk Creator supports DOS, Linux, and Windows PE operating systems to create pre-boot environments. Select the pre-boot operating system and click Install Pre-boot Operating System Files (page 285) to install pre-boot operating system files.

File Server Type (DOS)


The Deployment Share stores image files, packages, and data files. By default, the Deployment Share is installed to the Deployment Server, but it can be on another server, depending on the whether you selected a Simple or Custom Deployment Solution installation. Field Definitions Microsoft Windows: Select this option to store images on a Microsoft server using TCP/IP network communications (recommended). However, if you use IPX to communicate with a Microsoft server, select the IPX check box at the bottom of the page. Create multi-network adapter configuration: Select this option to add multiple network adapter drivers to a single PXE boot file configuration. This feature lets you build configuration files to boot multiple computers that contain different types of network adapter cards. See Multi-Network Adapter Configurations (page 273). Novell NetWare (VLM): Select this option to store images on a NetWare server with VLM clients, using IPX network communications. Novell NetWare (Client32): Select this option to store images on a NetWare server with 32-bit clients. Use IPX to communicate with Netware: Select this check box if IPX is the network protocol for the Novel NetWare (Client32) server.

Multi-Network Adapter Configurations


If you are creating a DOS configuration, when you select Multi-NIC configurations, a list of supported drivers appears. You can select Multi-NIC drivers to be included in the configuration by pressing Shift-Click or Ctrl-Click. After a client computer boots using a multi-network adapter configuration, Boot Disk Creator applies the driver that matches the first network adapter card that it detects. Example: If you are going to use the multi-network adapter configuration for several different client computers, this option can save you time and effort in booting different computers. However, if a client computer has 2 NIC cards and you use the multinetwork adapter configuration to boot the computer, the first NIC card is detected and can potentially be the wrong network adapter required to connect to the Deployment Server.

Altiris Deployment Solution 6.8 SP2

273

Advanced Features
The network adapters you select must support DOS, Linux, or Windows PE so that client computers can connect to a network or Deployment Server, depending on whether you create automation partitions, or network or automation boot disks. The Have Disk (page 274) button lets you install network adapter drivers from a disk, CD, or network folder. The Internet (page 275) button lets you connects to an Altiris supported Web site to download and install network adapter drivers. The Advanced (page 275) button lets you further define network adapters and their drivers.

Multiple Network Adapters Load Order


This option is for DOS and Windows PE configurations only. This lets you specify which order the physical network adapters can be detected when the client computer boots. Example: If most client computers have a Broadcom Ethernet adapter, but some computers have a 3Com10/100 LAN PC Card Fast Ethernet card, you can use Up and Down to move the Broadcom Ethernet adapter to the top of the list. See Also: Network Adapter (page 274)

Network Adapter
The drivers listed in the Network Adapters window vary depending on the type of configuration you are creating. You can install pre-boot operating system files for DOS, Linux, or Windows Preinstallation Environment (Windows PE). See Install Pre-boot Operating System Files (page 285). Example: After installing the pre-boot operating system files for Windows PE, the Windows NIC drivers that are available to create a Windows PE configuration appear, and are automatically added to the new configuration. If you select Auto-detect network adapter, Windows PE determines which network adapter driver to use. Select a driver from the network adapters driver list. You must create a new configuration for each type of network adapter that is installed on client computers, unless you want to create a Multi-NIC configuration. See Multi-Network Adapter Configurations (page 273). If you want to add or change adapter settings (such as I/O Memory, IRQ, and PCMCIA for DOS configurations) click Advanced. See Advanced (page 275). If the network adapter you want; does not appear in the list, you can click Have Disk, Internet, or Advanced (if they are available for the type of configuration you are creating) to add additional drivers. See Have Disk (page 274), Internet (page 275), Advanced (page 275). Field Definitions Auto-detect network adapter: Select this to have Windows PE auto-detect the type of adapter that is in a client computers when the boot image runs.

Have Disk
You can add network adapter drivers by using any disk media or navigating to a folder. Network adapters can be downloaded from the manufacturers Web site and saved to a folder or a disk to be installed later. New network adapters come with a floppy disk or CD to install the appropriate drivers.

Altiris Deployment Solution 6.8 SP2

274

Internet
Altiris supports many manufacturer network adapters and supports a Web site for you to download the latest NIC drivers. From the Network Adapter page, click Internet to launch the Web browser and connect to ftp://support.altiris.com/support/NIC_drivers/. Download the driver you want and unzip the files it to a folder on the hard drive. Click Add Driver and the driver you downloaded is added to the Network Adapters list.

Advanced
This options lets you add or change settings for network adapter cards so they work correctly when using DOS configurations. If you are creating a Linux or Windows PE configuration, this option is not available. From the Network Adapter page, click Advanced. Refer to the following properties and values.

Microsoft clients
EMM386 Memory (config.sys): Append memory address information to this line in the config.sys file. Advanced settings (protocol.ini): Add parameters to the NIC section of the protocol.ini file. Memory (protocol.ini): Add parameters to the network setup section of the protocol.ini file. IRQ (protocol.ini): Add parameters to the network setup section of the protocol.ini file.

Novell VLM clients


Emm386 memory (config.sys): Append memory address information to this line in the config.sys file. Advanced settings (config.sys): Add parameters to the NIC section of the net.cfg file.

Novell Client 32
Emm386 Memory (config.sys): Append memory address information to this line in the config.sys file. Advanced settings (driver command line): Add driver command-line entries to the landrv.bat file.

TCP/IP Protocol Settings


This page lets you set up TCP/IP protocol settings for boot configurations. TCP/IP is the default protocol when client computers boot to automation on a Windows network. If you are using the IPX protocol, Deployment Server uses its own IP stack to work on IPX networks. Field Definitions Obtain an IP address from a DHCP server: Select this option if you want client computers to obtain an IP address from a DHCP server. Use a static IP address: Select this option if you want a client computer, using this configuration, to be assigned a specific IP address. Enter an IP address, Subnet mask, and default gateway. You can also enter a primary and secondary WINS address if you

Altiris Deployment Solution 6.8 SP2

275

need to resolve IP addresses and naming conventions. This option also requires that you create a configuration for each client computer, so that the IP address is not the same for all computers.

Altiris Deployment Server Communication


This option lets you set communication properties for the Deployment Server. The Deployment Server IP address, and Port fields are critical because they define how client computers establish communications with the Deployment Server. Example: The TCP port on the Deployment Server is set to 402 and the Port field in the Boot Disk configuration is set to 502. This would result in client computers not being able to communicate with the Deployment Server, because the port numbers do not match. To establish communications between client computers and the Deployment Server, change the Port field in the Boot Disk configuration to 402. Note The settings on this page are only used if you create an automation boot image where the Automation Agent needs to know how to find the Deployment Server. If you intend to create a network boot disk, you can ignore this page by clicking Next, as none of the properties are used to create a network boot image.

To set the TCP port on the Deployment Server


1. 2. 3. From the Deployment Server, click Start > Control Panel > Deployment Solution Configuration applet > Options > Transport tab. Enter the TCP port number. Click OK.

Use TCP/IP multicasting to find the Altiris Deployment Server: Select this option to use TCP/IP multicasting to find the Deployment Server. When client computers boot to automation using this configuration, a multicast packet is broadcast across the network to find where the Deployment Server is located. Multicast IP address: Enter a multicast IP address for client computers to send a broadcast packet across the network to find the Deployment Server. Port: This option defines which port client computers can use to communicate with the Deployment Server Engine, which manages the Deployment Database, sends job commands to the Deployment Agent, and more. Server name: When you select Use TCP/IP multicasting to find the Altiris Deployment Server, a multicast packet is broadcast to the server you specify. If you leave this field blank, the client computer connects to any server responding to the multicast packet. Use TCP/IP to connect to the Altiris Deployment Server: Select this option to connect to a specific Deployment Server. You must select this option if your network adapter or network does not support multicasting. See your network adapter documentation or call the manufacturer or consult with your IT department for information. Server IP address: Enter the IP address of the Deployment Server to access information stored in the Deployment Share. If you are using the Intel Universal NIC driver (UNDI), the IP address is required.

Altiris Deployment Solution 6.8 SP2

276

Port: This option defines which port client computers can use to communicate with the Deployment Server Engine, which manages the Deployment Database, sends job commands to the Deployment Agent, and more.

Lock Keyboard
Select this option for additional security. This prevents someone on the remote computer from ending the automation session and possibly accessing your network.

Network Configuration
This option lets you define how client computers connect to the Deployment Share or a file server where image files are stored.

Window
Workgroup: Enter the workgroup for the Deployment Share or file server.

NetWare
Server name: Enter the server name for the Deployment Share or file server. Click Advanced to enter a NetWare context for the server and select a Frame type if it is different than the default value of 802.2. User name: Enter the authorized user name that was set up when the Deployment Share directory was created. If you did not assign a User name and Password when for the Deployment Share or file server was created, leave this and the Password field blank. Password: Enter the password for the user name. Confirm password: Enter the password for the user name as confirmation that you entered the proper password in the Password field.

Network Drive Mappings and Mount Points


This option lets you set up drive mappings (for DOS and Windows PE) or mount points (for Linux) so that when client computers boot to automation or a network prompt, they connect to the appropriate server. You can create multiple drive mappings or mount points. However, if you are creating a DOS configuration, the first mapped drive you specify must connect to the Deployment Share. Field Definitions Manually create drive mapping: Select this option if you want the drive mappings to be included in the autoexec.bat file when client computers boot to automation. Drive: By default, the mapped drive that appears is F: \\<Deployment Share server>\eXpress. Click the drop-down arrow and select a different drive letter if F: is already in use. Path: Enter the path for the Deployment Share. The path you enter maps to the drive letter you selected in the Drive field. You can also click Browse to navigate to the Deployment Share if you are unsure of the directory path or if the image files are store on a file server. Example: Windows users: \\server\share

Altiris Deployment Solution 6.8 SP2

277

NetWare users: server\volume:directory Linux users: //server/mount point Create and entry in the LMHOSTS file for the Deployment Server file store (other entries must be added manually): Select this option if your network does not support NetBIOS name resolution for IP addresses. Enter a Server name and IP address so that client computers can find the Deployment Share where image files are stored. Use NetWare login scripts to create drive mappings: Select this option if you use NetWare and you want login scripts to create the drive mappings.

WinPE Boot Option Settings


Select the boot model and optional components to include with this configuration. Typically, you can use the default boot model unless you are experiencing driver detection problems. If you plan on executing VB scripts, running HTML applications, or connecting to an SQL Server database using ActiveX, select the necessary components.

Configuration Summary
This page lets you review all the options you selected throughout the New Configuration Wizard. If you find a setting mis-entered or not what you want, click Back to re-select the option. When you click Finish, the Create Boot Disk Wizard automatically appears for the next process to begin. See Automation Partitions, Network and Automation Boot Disks (page 280) and Edit Configurations (page 278). If you are using Boot Disk Creator from within the PXE Configuration Utility, the Edit Configuration page appears. See Edit Configurations (page 278).

Edit Configurations
This is the main Boot Disk Creator page that appears when you start the utility. If you are using Boot Disk Creator from within the PXE Configuration Utility, this page appears at the end of the New Configuration Wizard. This feature lets you modify configurations that have already been created. As you select files and folders from the treeview in the left pane, the configuration information appears in the right pane. The display color changes to help you know the type of configuration you selected to view, edit, or delete. The colors displayed are: Black: You have not selected or created any configurations. Blue: The configuration you selected or created is based on the DOS pre-boot environment. Green: The configuration you selected or created is based on the Linux preboot environment. Red: The configuration you selected or created is based on the Windows PE pre-boot environment. To change configuration settings, right-click on a configuration folder and select Edit Configuration, and click Back until you find the page for the options you want to change. You can also make text edits to files (selected from the treeview) in the right pane.

Altiris Deployment Solution 6.8 SP2

278

All other files within a configuration can be edited as needed. However, after you edit a configuration, Boot Disk Creator rewrites certain files within the configuration so that drive mappings and mount points are always updated. The following files are rewritten after editing configurations: DOS - mapdrv.bat, unmapdrv.bat Linux - mounts.local WinPE - mapdrv.bat See also: New Configuration Wizard (page 272), Install Pre-boot Operating System Files (page 285)

Additional Files
Boot Disk Creator lets you add additional files to folders that either apply to a specific configuration or to all configurations of the same type of pre-boot operating system. However, any files you add to the global <OS> additional files folders are written to the boot image before the specific configuration files. If a file in the <OS> additional files folder is the same name as a file in a specific configuration folder, it is overwritten. Example: if a file named 5684_Drivers resides in the DOS additional files folder, and the same file 5684_Drivers exists in a specific configuration folder; when the files are written to a boot image, the file in the configuration folder overwrites the file in the DOS additional files folder. This may cause unexpected results. If you edit text files in a <OS> additional files folder, yet the specific configuration file is the one that is written to the boot image, the result is not as you expected. Add files to all configuration When you install a pre-boot operating system, a new folder is added to the bottom of the treeview on the main page of Boot Disk Creator. If you install pre-boot operating system files and the <OS> additional files folders do not appear, press F5 to refresh Boot Disk Creator. The folders that appear are as follows: DOS additional files Linux additional files WinPE additional files Boot Disk Creator copies the files from the <OS> additional files folders to all corresponding operating system configurations and is added to the boot images. These folders are considered global, since they can affect configurations of the same type. Example: using the Windows Copy and Paste command, you can add tracert.exe to the WinPE additional files folder. Each WinPE configuration you create adds the files in the WinPE additional files folder to the boot image.

Add files to a specific configuration


If you want to add files to a specific configuration only, and do not want to use the global feature of the <OS> additional files folders, do the following: 1. 2. 3. Right-click a configuration in the treeview and select New > Folder. A new subfolder is created in the treeview. Enter a name for the folder so that you know they are added files. To add files to the <OS> additional files folder, do one of the following methods: Copy files from a network folder and Paste them into the configuration folder.

Altiris Deployment Solution 6.8 SP2

279

Right-click a configuration and select Add File. A browser dialog appears to navigate to the file you want to add. Right-click on a configuration and select File > Text file. A new empty text file is added to the treeview. Enter a name for the file and write text as needed in the left pane.

Create PXE Boot Image Files (PXE)


This option is for Boot Disk Creator configurations created from within the PXE Configuration Utility. Because PXE Servers download boot image files to client computers, after you select all the properties for a New Configuration, Boot Disk Creator must know what type of image file to create. Field Definitions Automation PXE image: The automation agent for the type of pre-boot operating system configuration you created is added to the settings you selected throughout the New Configuration Wizard. Network PXE image: The configuration you created does not contain an automation agent. When client computers boot with this image file, they are mapped to a network server and are at a users prompt. Force 2.88 MB PXE image: Select this option to increase the size of PXE boot images.

PXE Boot Image Creation Complete


This page lets you know when the PXE boot image file is completed. Click Back to change the new configuration settings for the boot menu option. When you click Finish, the boot menu option appears in the Boot Menu tab.

Automation Partitions, Network and Automation Boot Disks


After you create a New Configuration, the Create Boot Disk (page 280) dialog automatically appears. This process lets you select and create the method of booting a client computer to the automation environment. If you install an automation partition on a client computers hard disk, deployment jobs can run automatically. However, you can create bootable media to manually boot client computers to automation, and run deployment jobs as needed. See New Configuration Wizard (page 272).

Create Boot Disk


This dialog lets you create 3 different types of bootable media: an automation partition install package, automation boot disks, or network boot disks. Each type of bootable media guides you through a wizard to gather specific information required for the type of media you want to create. The Create Boot Disk step numbers appearing at the top of the dialog page vary depending on: How the Create Boot Disk dialog was started The type of media you selected to create

Altiris Deployment Solution 6.8 SP2

280

The pre-boot environment you specified in the configuration you created However, based on your selections, Boot Disk Creator shows the appropriate dialog pages when creating bootable media. Example: if you right-click on a configuration in the treeview and select Install automation partition, the number of dialog pages thereafter are different than if you select the option, Create an automation partition install package, from this page. Both options achieve the same result even though the dialog steps may be different. Choose this dialog and return to the editor: Select this option to close the Create Boot Disk dialog without creating an automation boot disk, installer package, or network boot disk. You can select any of these options from the Boot Disk Creator toolbar or from the File menu. Create an automation partition install package: Select this option to create an automation install package that installs an embedded automation partition to any client computer on the network. See Create an Automation Install Package (page 281). Create an automation boot disk: Select this option to create automation boot disks so you can manually boot a client computer to automation. See Create Automation Boot Disk (page 282). Create a network boot disk: Select this option to create network boot disks so you can manually boot a client computer to a network server. See Create Network Boot Disk (page 283).

Create an Automation Install Package


This feature lets you create an automation installation setup package that installs an embedded automation partition on a client computer when it executes. The installer package runs in a production environment even though the New Configuration is based on the different pre-boot operating system. Example: You can create a DOS configuration but select to install the automation partition using an installation setup package that runs in a Windows production environment.

Field Definitions
DOS bootable disk: Select this option to install the automation partition using a DOS bootable disk. Linux bootable disk: Select this option to install the automation partition using a Linux bootable disk. Windows setup package: Select this option to install the automation partition using an installation setup package that runs in a Windows production environment. Windows CE .NET setup package: Select this option to install the automation partition using an installation setup package that runs in a Windows CE .NET production environment. Create an embedded DOS automation partition (recommended): Select this option to install an embedded partition to a client computers hard disk. Create a hidden DOS automation partition (for partitions greater than 50 MB): Select this option to install a hidden automation partition. Partition size in MB: The default partition size value changes, depending on the type of operating system you selected. Example: If you are creating an automation partition

Altiris Deployment Solution 6.8 SP2

281

for a Windows PE configuration, the partition size is 150-200 MB. However, the partition size for a DOS configuration would range is only 5-50 MB. Installer package file path: By default, installation packages are stored in the Deployment Share bwpkgs folder. The name of the configuration you selected before starting the Create Boot Disk process is the name of the setup package unless you define it otherwise. Click Browse to navigate to the folder where you want the setup package stored. Run silent install: Select this option to install the automation partition without user input. Install the Altiris Deployment Agent for Windows (Aclient): Select this option to install the Deployment Agent on client computers in the production environment after the automation partition is installed. Advanced: If you selected to install the Deployment Agent (above), click this button to set limited properties for the Deployment Agent. Creating automation partition installer: This is a progress page to display the automation installation package process. The process does the following: Copying files to production area, Creating the FRM files, Preparing install environment, Inserting into the installer package. The setup package is located at: After the automation partition installation package is created, the Boot Disk Creation Complete page appears, and confirms where the installer package is located.

Create Automation Boot Disk


This feature lets you create automation boot disks to manually boot a client computer to the automation environment so deployment jobs can run. Automation boot disks give you greater flexibility because you can physically go to any client computer on the network and boot to automation, so long as the client computer can connect to the Deployment Server.

Field Definitions
Bootable ISO CD Image: Select this option to create an ISO CD boot image. ISO image file path: Enter the path to the folder where ISO images are stored. You must use third party software to burn the ISO image to a CD. Bootable disk: Select this option to create a boot disk that can be used at client computers to manually boot to automation or manually install an automation partition. Click the drop-down arrow to select bootable media from the list. All the drives listed display the physical drive number instead of the logical drive letter. Rescan drives: If you attach a USB flash drive to the server, but it does not appear in the Bootable disk drop-down list, you can click this button to rescan the physical drives that are attached to the server. A list of available drives is updated in the drop-down list. Show fixed drives: If you try to select a USB flash drive from the Bootable disk dropdown list, but you cannot find it even after clicking Rescan drives, it is possible that the flash drive you are using appears in Windows as Fixed instead of Removable. Select this option to view all drives attached to the server.

Altiris Deployment Solution 6.8 SP2

282

Create Network Boot Disk


This feature lets you create a network boot disk you can use at any client computer on the network. The properties you defined when creating the New Configuration map a drive to a specified server when a client computer uses a network boot disk. You have access to the network servers system to execute and manipulate files manually.

Field Definitions
Bootable ISO CD Image: Select this option to create an ISO CD boot image. ISO image file path: Enter the path to the folder where ISO images are stored. You must use third party software to burn the ISO image to a CD. Bootable disk: Select this option to create a boot disk that can be used at client computers to manually boot to a network server. Click the drop-down arrow to select bootable media from the list. All the drives listed display the physical drive number instead of the logical drive letter. Rescan drives: If you attach a USB flash drive to the server, but it does not appear in the Bootable disk drop-down list, you can click this button to re-scan the physical drives that are attached to the server. The list of available drives is updated in the dropdown list. Show fixed drives: If you try to select a USB flash drive from the Bootable disk dropdown list, but you cannot find it even after clicking Rescan drives, it is possible that the flash drive you are using appears in Windows as Fixed instead of Removable. Select this option to view all drives attached to the server.

Remove Automation Partition


This feature lets you remove an automation partition on a client computers hard disk. You can create bootable CDs, flash drives, and floppy disks to use manually at the client computers, or you can create a Windows uninstall package that can be distributed to a client computer through a deployment job. You could also create a network boot disk, connect to a specific server where the Windows uninstall package is stored and run the executable from the client computer.

Field Definitions
DOS bootable disk: Select this option to remove an automation partition using a DOS bootable disk. Linux bootable disk: Select this option to remove an automation partition using a Linux bootable disk. Windows setup package: Select this option to remove an automation partition using an installation setup package that runs in a Windows production environment. Windows CE .NET setup package: Select this option to remove an automation partition using an installation setup package that runs in a Windows CE .NET production environment. Bootable ISO CD Image: Select this option to create an ISO CD boot image that removes an automation partition. ISO image file path: Enter the path to the folder where ISO images are stored. You must use third party software to burn the ISO image to a CD.

Altiris Deployment Solution 6.8 SP2

283

Bootable disk: Select this option to create a boot disk that removes an automation partition from a client computer. Click the drop-down arrow to select bootable media from the list. All the drives listed display the physical drive number instead of the logical drive letter. Rescan drives: If you attach a USB flash drive to the server, but it does not appear in the Bootable disk drop-down list, you can click this button to re-scan the physical drives that are attached to the server. The list of available drives is updated in the dropdown list. Show fixed drives: If you try to select a USB flash drive from the Bootable disk dropdown list, but you cannot find it even after clicking Rescan drives, it is possible that the flash drive you are using appears in Windows as Fixed instead of Removable. Select this option to view all drives attached to the server.

Import Configuration Files


The configuration format has changed from all previous versions of Boot Disk Creator. This is because of increased support and functionality that Boot Disk Creator now provides. However, you can save previously created configurations by using the Import Previous Version Configuration Files dialog to convert the configurations format to this release. Configuration files that are successfully imported can be used to support automation and imaging on client computers. Note There may be some instances when older configuration files cannot be converted to the new file format. Files that do not import successfully must be recreated configurations using the New Configuration Wizard in this version of Boot Disk Creator.

Field Definitions
Directory: Enter a path to where the configuration files you want to convert are located. Browse: Click to navigate to the directory path where configuration files are located. Config File Name: This is the name of the old configuration files you have selected to convert and import into this release of Boot Disk Creator. Description: This is the description for the old configuration files.

To import configuration files


1. 2. Open the Boot Disk Creator Utility. Click File > Import.

Missing Files for Processor Types


For the most part, Boot Disk Creator configurations are independent of architecture. However, if you manually add executables to a configuration which supports multiple processor types, you need to ensure you provide a version of the file for each architecture you have included. Example: If you have x86 and x64 versions of the Linux preboot environment selected for a configuration, and you add an executable, Boot Disk Creator checks the file header to see which architectures the executable supports. If not all architectures you have

Altiris Deployment Solution 6.8 SP2

284

installed are supported by the file you added, this screen appears prompting you to add additional files or ignore the warning.

Install Pre-boot Operating System Files


Boot Disk Creator requires that you install the pre-boot operating system files for at least one pre-boot environment before you can create new configurations. Boot Disk Creator uses these files when creating configurations and boot images. You can install all supported pre-boot operating system files at the same time, or you can select to install only those pre-boot environments you want to use. You can install FreeDOS and MS-DOS, but you must select which DOS version you want to run since you cannot run both versions at the same time. Example: You can install the DOS and Windows PE pre-boot operating system files to start creating configurations to support your infrastructure, which currently does not have a need for Linux boot images. After working with Deployment Server and Boot Disk Creator, you decide you want to create Linux configurations and Linux boot images. You can open the Install Pre-boot Operating System Files dialog at any time to install the Linux system files, or of the other pre-boot operating system files. When you install the pre-boot operating system files for DOS (page 285), Linux (page 286), or Windows PE (page 286), a checkmark next to the operating system name indicates that the files have been successfully installed. The operating system version number appears (except for MS-DOS), and the Install option changes to Update. If you acquire a newer version of DOS, Linux or Windows PE, click Update to install the new files. However, any existing operating system files are deleted before the newer files are installed. Example: If you installed Windows PE, and Altiris supports a newer version that becomes available, click Update to install the new files. All existing Windows PE files are deleted from the hard disk before the new files are installed. If you experience any problems with the new version of Windows PE, you must install the older version to restore Boot Disk Creator functionality for Windows PE.

To install pre-boot operating system files


Click Install next to the pre-boot operating system you want to install.

DOS
You can install FreeDOS (page 285), MS-DOS (page 286) or both. However, you can only run one version of DOS at a time. If both versions of DOS are installed, click either FreeDOS or MS-DOS to select the version you want to run as the default for creating configurations.

FreeDOS
Deployment Solution provides FreeDOS in a file named BDCgpl.frm. The BDCgpl.frm file can be downloaded from the Altiris Solution Center Web site and saved to any location on the network. When newer versions of FreeDOS become available, an updated .frm file is available online through Deployment Solution Hot Fixes or Service Pack releases.

Altiris Deployment Solution 6.8 SP2

285

Note FreeDOS may not support newer motherboard chip-sets.

MS-DOS
Using an original Microsoft Windows 98 installation CD, copy the appropriate files to a system formatted floppy disk, a folder that can be accessed from Boot Disk Creator, or use the CD directly. Use Microsoft Windows 98 installation CD: Select to install MS-DOS from an original Microsoft Windows 98 installation CD. Floppy Disk: Select to format a disk using the Format a: /s command. Copy the required files listed below from an original Microsoft Windows 98 installation CD to the floppy disk. Boot disk creator only installs DOS files from the A drive. If you select BFloppy Drive from the drop-down list, Boot Disk Creator still tries to read data from the A-Floppy Drive. Folder: Select to copy the required files to a folder that can be access from within Boot Disk Creator. Boot Disk Creator requires the following MS-DOS files.

Required
HIMEM.SYS EMM386.EXE SMARTDRV.EXE SYS.COM XCOPY32.MOD

Optional
EDIT.COM MEM.EXE ATTRIB.EXE MODE.COM FORMAT.COM FDISK.EXE

Note The SMARTDRV.EXE file is required for all computers running a scripted install in Windows 2003\XP.

Linux
Deployment Solution provides Linux RedHat Fedora in a file named BDCgpl.frm. The BDCgpl.frm file can be downloaded from the Altiris Solution Center Web site and saved to any location on the network. When newer versions of Linux become available, an updated .frm file is available online through Deployment Solution Hot Fixes or Service Pack releases.

Windows PE
Altiris supports Windows PE 2005 as a pre-boot environment for Boot Disk Creator. When you install Windows PE, you are asked to supply 2 CDs: Windows PE 2005 and Windows Server 2003 SP1.

Altiris Deployment Solution 6.8 SP2

286

In most instances, the Welcome to Microsoft Windows Server* 2003 page appears after inserting the Windows Server 2003 CD. Click Exit to avoid installing the full version of Windows Server. There are two dialog pages to complete the Windows PE installation. You first are asked to provide the Windows PE CD, followed by the Windows CD. The text on the page lists the operating system CD you need to enter for each of these pages. Example: On the Windows PE CD page, the text Windows PE 2005 (Windows Server 2003- SP1) appears, while the Windows CD page displays Windows Server 2003SP1 (Windows PE 2005). The first operating system listed on each page is the CD you want to use.

Altiris Deployment Solution 6.8 SP2

287

PXE Configuration Utility


Altiris PXE Configuration Utility integrates with Altiris Deployment Solution and lets you manage all PXE Servers across the network. PXE Configuration has been completely rewritten to give you more capability in working with Deployment Server, which allows administrators greater flexibility when performing the following tasks: Creating boot menu options Installing BIS Certificates Creating boot disks, and network PXE images Assigning pre-boot environments to tasks within deployment jobs Setting properties to customize specific PXE Server Setting the boot menu option order for client computers PXE Server has also been added to Role Based Security to ensure that only those users authorized can make changes to boot menu options. If you select Deployment Solution Simple Install and Install PXE Server, they both install to the same server. If you select Custom Install and Install PXE Server, you can choose to install them to separate servers. However, regardless of the PXE install options you select, PXE Manager always installs on the Deployment Server. See the Deployment Solution Product Guide.

PXE Manager
PXE Manager is a service that synchronizes Deployment Server and all PXE Servers installed and configured across the network. It keeps track of all PXE Server boot menu options, and whether they are Shared or Local. PXE Manager also gathers data from all PXE Servers and stores the information in the PXE Manager.ini file. Whether you are in Use Shared properties or select a server to Customize PXE Server (Shared Configuration), the changes you make to the properties settings are saved to the PXE Manager.ini file when you click Save. Then, when you close the PXE Configuration Utility, PXE Manager creates and distributes the appropriate PXE.ini file for each PXE Server on the network. See PXE Manager (page 309).

Shared or Local boot menu options


When you start the PXE Configuration Utility, you can select which properties you want to set. The Use Shared properties option lets you create Shared boot menu options that can be used by all PXE Servers on the network. When you select a specific PXE Server from the File menu, you can select the Customize PXE Server (Shared Configuration) option that lets you change any of the shared properties for that specific server. By default, PXE Configuration always starts in the Use Shared properties mode. See Boot Menu Tab (page 290). The boot menu options you create appear as a menu list on client computers when a PXE boot operation is performed. You can set the order of the boot menu options and select which menu option you want as the default. Previous users of Altiris PXE Server notice that Initial Deployment and ManagedPC are no longer boot menu options. You can still perform an Initial Deployment, but now you can select DOS, Linux, or Microsoft Windows Preinstallation Environment (Windows PE) as the pre-boot automation

Altiris Deployment Solution 6.8 SP2

288

environment. By default, the pre-boot operating system selected at install time is set for Initial Deployment. See DS Tab (page 306).

Boot Disk Creator and PXE Configuration


Boot Disk Creator is now integrated with the PXE Configuration Utility, so that you can keep track of the boot menu options you create, edit, and delete. When you select a boot menu option to edit or delete using the Boot Disk Creator method, the Summary page displays the MenuOption<number>, so you always know which boot menu option you are working with. See Boot Menu Tab (page 290) and Edit Shared Menu Option (page 293). Altiris PXE Server provides three different methods of creating boot menu options: the New Configuration Wizard from Boot Disk Creator, importing Direct from floppy, and User supplied, which is for more advanced users. For each boot menu option created, there is a boot image stored on the Altiris PXE Server. A boot image consists of a file or set of files. When client computers perform a PXE boot, a menu list appears for users to select a boot menu option. The Altiris PXE Server downloads the boot image that corresponds with the boot menu option that the user selects. See New Shared Menu Option (page 292). Automation Tasks Only Shared boot menu options can be assigned to a task in a deployment job. The tasks the can run in automation are: Run script Create Disk Image Distribute Disk Image Scripted OS Install Backup Registry Restore Registry. When a client computer performs a PXE boot, the Deployment Agent verifies if there is work to complete. If so, the client computer boots to automation and performs the deployment jobs that have been assigned. If there are no deployment jobs for the client computer, the Local Boot menu option is automatically selected. Example: if a deployment job contains the task Create Disk Image, and the Automation - PXE or Bootworks environment (DOS/Windows PE/Linux) field is assigned to DOS - Broadcom, when the client computer executes the task, it uses DOS - Broadband as the automation environment. Additional tasks within the same job can be assigned a different boot menu option, yet each task executes in the automation environment you want. See the Deployment Solution Product Guide.

See also: Boot Menu Tab (page 290), PXE Server Tab (page 304), DS Tab (page 306), MAC Filter Tab (page 307), Multicast Tab (page 308), BIS Tab (page 310), Data Logs Tab (page 310), Remote PXE Installation (page 311).

To open PXE Configuration


Option 1: From the Deployment Console, click the PXE Configuration icon on the toolbar. You can also click Tools > PXE Configuration. Option 2:

Altiris Deployment Solution 6.8 SP2

289

1. 2.

Click Start > Programs > Altiris > PXE Services > PXE Configuration Utility. Click each tab to set the category in the PXE Server properties.

Boot Menu Tab


This lets you create, edit, and delete boot menu options, set the boot menu order, define the prompt for users, append the server name to the prompt, and set the users time-out response when the boot menu list appears on client computers. PXE boot menu options can be either local or shared, depending on whether you select Use Shared properties or Customize PXE Server. When you manage all PXE Servers (Shared) across the network, Boot Menu Option for PXE Server: (Shared Configuration) appears at the top of the page and above the list of configurations. When you select a specific server (Local) from the File menu, Boot Menu Option for PXE Server: (name of Server) appears. This helps you identify which mode you are working in. By default, PXE Configuration Utility opens to the last saved action, which could be either Shared Configuration or Custom PXE Server mode. The boot menu options listed are for all Altiris PXE Servers, so the Scope is always Shared. The operating system field indicates the type of pre-boot operating system files used to create the boot menu option. If you select an Altiris PXE Server from the File menu, a window displays the boot menu option for the selected Altiris PXE Server. The Scope field displays both Shared and any new boot menu options you create displays Local. The operating system field is the same as in the Shared mode. If an existing DS job uses a boot menu item, Yes appears in the In use by DS field. The following colors are used to denote which automation operating system is used by each configuration: Blue: DOS configuration Green: Linux configuration Red: Windows PE configuration Note: When an item is in use by the Deployment Server, you cannot delete the item from the PXE Configuration Utility. You can delete an item only when it is not in use by the Deployment Server. To delete an item, you have to disable the boot menu item from the DS job. After the boot menu item is disabled, restart the PXE Config Utility. In the In use by DS field Yes does not appear, and you can delete the boot menu item. To identify the boot menu items used in the jobs 1. Double-click a task in the job. Example: Create Disk Image. The Create Disk Image dialog opens. 2. Click the Automation pre-boot environment (DOS/Windows PE/Linux) dropdown list. If a PXE boot menu item is used by the job, it appears in the drop-down list. You can perform the steps given above to view if the other boot menu items are used by the other jobs.

View Area
When you are in Shared Configuration mode, only configurations you create for all Altiris PXE Servers appear in the view area. When you are in Customize PXE Server <server

Altiris Deployment Solution 6.8 SP2

290

name> mode, both Shared and Local configurations appear. You cannot create a configuration named the same as any other configuration in the view area, regardless of the mode you are in. Example: if you are in Customize PXE Server <server name> mode, you can view both Shared and Local configuration. You can create a Local configuration named DOS Clients since there are no other configurations with the same name. Now, change to Shared Configuration mode and create a configuration named DOS Clients because the Local configuration of the same name does not appear in the view area. When you change back to Customize PXE Server <server name> mode, both DOS Clients configurations appear in the view area. When client computers perform a PXE boot, both configurations appear and users cannot know which boot menu option to select. See Redirect Shared Boot Menu Option (page 293).

Boot Menu Options for PXE Server: <Shared Configuration>


Name: This is the name of the PXE item that appears on client computers after a PXE boot operation is performed. Scope: Shared indicates that the configuration is available on multiple Altiris PXE Servers in an environment where they are all serviced by a single Deployment Server. Local indicates the configuration was created for a specific Altiris PXE Server. OS: The operating system that the configuration uses to boot on client computers. Up and Down: Select to order boot options. The top boot option is the default that runs automatically if no other option is selected from the Altiris PXE Server menu. New: Click to open a dialog to add a new boot menu option. See New Shared Menu Option (page 292). Edit: Click to modify properties for boot menu options. See Edit Shared Menu Option (page 293). Delete: Select a boot menu option from the list and click Delete. You cannot delete boot menu options if they are assigned to a task within a deployment job. Go to the Deployment Console, open the appropriate deployment job, and delete the task or change the Automation - PXE or Bootworks environment (DOS/Windows PE/ Linux) field before you delete the boot menu option.

Boot Menu Properties


Use Shared properties: You can select this option to set the properties for a Shared Configuration. You cannot change this selection on the other pages if you are setting the properties for the Shared Configuration. Customize PXE Server (Shared Configuration): This option is available when you select a specific server from the File menu. You can keep the settings on the page or customize the properties for the Altiris PXE Server you selected. Prompt: This is the user prompt for the PXE boot menu list when it appears on client computers. You can change the text message but not the <F8> command, as it is still required to perform a PXE boot option. Append server name: Select this option to have the Altiris PXE Server name listed following the prompt on client computers when the boot menu list appears. This helps users know which Altiris PXE Server is servicing their client computer. Time-out: This is the length of time the prompt appears before the boot process starts. If the user does not press the <F8> key within the time-out period, the default boot option runs.

Altiris Deployment Solution 6.8 SP2

291

Save: Click to save all changes you made to the PXE Manager.ini file. When you close the PXE Configuration Utility, PXE Manager creates and sends PXE.ini files to each Altiris PXE Server on the network. You can view the status of these updates on the Status tab.

New Shared Menu Option


The PXE Configuration Utility lets you create up to 23 boot menu options that can be selected from client computers. When a PXE-enabled client computer makes a request to an Altiris PXE Server, the Altiris PXE Server downloads a boot menu list for users to select a boot option. This dialog also integrates with Boot Disk Creator as it lets you create new automation configurations from within the PXE Configuration Utility. However, all the configurations you create from this dialog, are meant for the Altiris PXE Servers and the client computers that use PXE as their primary boot option.

Menu Item Properties


Name: This is the name of the PXE configuration that appears as a boot item when the PXE menu downloads to client computers after a PXE boot operation is performed. Allow as default PXE boot option: Select this option to move the configuration you are creating to the top of the boot menu, so that it becomes the default boot option on client computers. If you do not select this option, the Up is active to move the configuration up the menu list but becomes inactive if you try to move the configuration to the default boot position. Pre-boot Image Properties: Select the operating system and processor type for the configuration you are creating and select the method you want to use to create the configuration. If an operating system has an asterisk next to it, the pre-boot operating system files must be installed before Boot Disk Creator starts the New Configuration Wizard. See Install Pre-boot Operating System Files (page 294). Final Location on PXE Server: This field can help you identify which PXE item you are configuring. PXE configurations are stored in the default directory of C:\Program Files\Altiris\eXpress\Deployment Server\PXE\Images\MenuOption<number>. The MenuOption number increments each time you create a new configuration.

Image creation method


Boot Disk Creator: This lets you start the New Configuration Wizard from Boot Disk Creator. Any configurations you create or edit using this method are for PXE boot menu items only. New Configuration Wizard (page 296). Direct from floppy: Select this option if you want the Altiris PXE Server to read a configuration file from a floppy. See Import Boot Menu Options (page 294). User supplied: This is for advanced users. If you select this option, you must select Other in the Operating System area. The Location field shows the path where the new configuration is stored. The folder MenuOption<Number> is created as a subfolder of MasterImages, but no configuration files are stored there until advanced users add the configuration files manually. See Import Boot Menu Options (page 294). Create Boot Image: You must enter a descriptive name for the PXE configuration in the Name field before this option is enabled. The New Configuration Wizard from Boot Disk Creator starts unless you have not installed the pre-boot operating system files for the type of configuration you want to create. The Install Pre-boot Operating System Files dialog appears before the New Configuration Wizard starts if you need to install the

Altiris Deployment Solution 6.8 SP2

292

pre-boot operating system files. See Install Pre-boot Operating System Files (page 294) and New Configuration Wizard (page 296).

Edit Shared Menu Option


When you are in Shared Configuration mode, only Shared configuration appears in the view area of on the Boot Menu tab. The Edit option is enabled when you select any of the Shared boot menu options. However, if you are in Customize PXE Server: <server name> mode the Edit option is enabled when you select any Local boot menu options, but the Redirect option is enabled when you select a Shared boot menu option. See Redirect Shared Boot Menu Option (page 293).

To edit Shared or Local boot menu options


Select a boot menu option from the view area on the Boot Menu page, and click Edit. If you selected Boot Disk Creator as the Image Creation Method, click Edit Boot Image. The Edit Configuration page from the New Configuration Wizard only displays the MenuOption<number> you selected from the Boot Menu page. To make changes, right-click the MenuOption<number> and select Edit Configuration, or click Edit on the Edit Configuration page until you find the options you want to change. See also: Edit Configurations (page 302) and Boot Menu Tab (page 290).

Redirect Shared Boot Menu Option


This option lets you select a Shared configuration from the Customize PXE Server <server name> mode and redirect it to a Local configuration, which gives you greater flexibility in managing all deployment jobs. Example: your main office is in Utah and there are 2 satellite offices, one in Los Angeles and the other in New York, you can send a single deployment job to all client computers and have each satellite office use its own Local configuration to boot to automation and access images. Deployment Server lets you select the Automation - PXE or Bootworks environment (DOS/Windows PE/ Linux) configuration from the drop-down list when setting up imaging jobs. However, only Shared configurations appear in the list. When the Deployment Server sends the job to client computers, the Deployment Agent receives a message that it must boot to automation. Client computers that are PXEenabled find the nearest Altiris PXE Server and receive the boot image files needed to boot to automation. When Redirect is used, the Shared configuration selected for the automation task within the deployment job, can point to a Local configuration so that when client computers are booting to automation, the Local configuration is used to access local network servers and images.

To redirect a Shared boot menu option


1. 2. 3. 4. From the PXE Configuration Utility, click File. Select a PXE Server. (This is the Customize PXE Server <server name> mode.) Click on a Shared configuration, and click Redirect. Click the drop-down arrow and select a Local configuration from the list.

Altiris Deployment Solution 6.8 SP2

293

5.

Click OK. The Shared configuration displays the redirected configuration in the list.

Import Boot Menu Options


This option lets you import boot menu options that were created using Third Party imaging software, or previous versions of Altiris PXE Server.

Option 1:
1. 2. 3. 4. From the New Shared Menu Option dialog, select Direct from floppy and click Import Boot Image. Insert a floppy disk. The path and name of the new MenuOption<number> appears. Click Next. A progress bar displays the PXE boot file image being read as it is imported. Click Finish.

Option 2:
1. 2. 3. From the New Shared Menu Option dialog, select User Supplied. Copy the PXE files you want in the MenuOption<number> folder. Click OK.

Regenerate Boot Images


This lets you regenerate all PXE configurations which are using the selected operating system. If you make updates to the core automation operating system, such as installing a new version of Linux, this lets you apply those updates without re-creating the affected configurations.

Install Pre-boot Operating System Files


Boot Disk Creator requires that you install the pre-boot operating system files for at least one pre-boot environment before you can create new configurations. Boot Disk Creator uses these files when creating configurations and boot images. You can install all supported pre-boot operating system files at the same time, or you can select to install only those pre-boot environments you want to use. You can install FreeDOS and MS-DOS, but you must select which DOS version you want to run since you cannot run both versions at the same time. Example: you can install the DOS and Windows PE pre-boot operating system files to start creating configurations to support your infrastructure, which currently does not have a need for Linux boot images. After working with Deployment Server and Boot Disk Creator, you decide you want to create Linux configurations and Linux boot images. You can open the Install Pre-boot Operating System Files dialog any time to install the Linux system files, or of the other pre-boot operating system files. When you install the pre-boot operating system files for DOS (page 295), Linux (page 296), or Windows PE (page 296), a checkmark next to the operating system name indicates that the files have been successfully installed. The operating system version number appears (except for MS-DOS), and the Install option changes to Update.

Altiris Deployment Solution 6.8 SP2

294

If you acquire a newer version of DOS, Linux or Windows PE, click Update to install the new files. However, any existing operating system files are deleted before the newer files are installed. Example: if you installed Windows PE, and Altiris supports a newer version that is available, click Update to install the new files. All existing Windows PE files are deleted from the hard disk before the new files are installed. If you experience any problems with the new version of Windows PE, you must install the older version to restore Boot Disk Creator functionality for Windows PE.

To install pre-boot operating system files


1. 2. From the Boot Menu tab, click New. Click Add pre-boot and follow the prompts.

DOS
You can install FreeDOS (page 295), MS-DOS (page 295) or both. However, you can only run one version of DOS at a time. If both versions of DOS are installed, click either FreeDOS or MS-DOS to select the version you want to run as the default for creating configurations.

FreeDOS
Deployment Solution provides FreeDOS in a file named BDCgpl.frm. The BDCgpl.frm file can be downloaded from the Deployment Solution download site on altiris.com and saved to any location on the network. When newer versions of FreeDOS become available, an updated .FRM file is available online through Deployment Solution Hot Fixes or Service Pack releases. When you install a new version, use the regenerate Boot Images option on the Boot Menu to apply the new version to your existing configurations. Note: FreeDOS may not support newer motherboard chip-sets.

MS-DOS
Using an original Microsoft Windows 98 installation CD, copy the appropriate files to a system formatted floppy disk, a folder that can be accessed from Boot Disk Creator, or use the CD directly. Use Microsoft Windows 98 installation CD: Select to install MS-DOS from an original Microsoft Windows 98 installation CD. Floppy Disk: Select to format a disk using the Format a: /s command. Copy the required files listed below from an original Microsoft Windows 98 installation CD to the floppy disk. Boot disk creator only installs DOS files from the A drive. If you select BFloppy Drive from the drop-down list, Boot Disk Creator still tries to read data from the A-Floppy Drive. When you install a new version, use the regenerate Boot Images option on the Boot Menu to apply the new version to your existing configurations. Folder: Select to copy the required files to a folder that can be access from within Boot Disk Creator.

Altiris Deployment Solution 6.8 SP2

295

Boot Disk Creator requires the following MS-DOS files.

Required
HIMEM.SYS EMM386.EXE SMARTDRV.EXE SYS.COM XCOPY32.MOD

Optional
EDIT.COM MEM.EXE ATTRIB.EXE MODE.COM FORMAT.COM FDISK.EXE

Important: The SMARTDRV.EXE file is required for all computers running a scripted install in Windows 2003\XP.

Linux
Deployment Solution provides Linux RedHat Fedora in a file named BDCgpl.frm. The BDCgpl.frm file can be downloaded from the Deployment Solution download site on altiris.com and saved to any location on the network. When newer versions of Linux become available, an updated .frm file is available online through Deployment Solution Hot Fixes or Service Pack releases. When you install a new version, use the regenerate Boot Images option on the Boot Menu to apply the new version to your existing configurations.

Windows PE
Altiris supports Windows PE 2005 as a pre-boot environment for Boot Disk Creator. When you install Windows PE, you are asked to supply 2 CDs: Windows PE 2005 and Windows Server 2003 SP1. In most instances, the Welcome to Microsoft Windows Server 2003 page appears after inserting the Windows Server 2003 CD. Click Exit to avoid installing the full version of Windows Server. There are two dialog pages to complete the Windows PE installation. You are first asked to provide the Windows PE CD, followed by the Windows CD. The text on the page lists the operating system CD you need to enter for each of these pages. Example: on the Windows PE CD page, the text Windows PE 2005 (Windows Server 2003- SP1) appears, while on the Windows CD page Windows Server 2003-SP1 (Windows PE 2005) appears. The first operating system listed on each page is the CD you want to use. When you install a new version, use the regenerate Boot Images option on the Boot Menu to apply the new version to your existing configurations.

New Configuration Wizard


You can create as many configurations as needed to support varying types of computer environments. Before you begin, you must install the pre-boot operating system files that Boot Disk Creator uses to create new configurations. See Install Pre-boot Operating System Files (page 294).

Altiris Deployment Solution 6.8 SP2

296

To start the New Configuration Wizard, click the icon on the toolbar of the Boot Disk Creator tool, click Ctrl+N, or click File > New Configuration.

Configuration Name
This is the first page of the New Configuration Wizard, which is the same for DOS, Linux, or Windows PE. You must enter a name for the configuration to make the Pre-boot Operating System for this Configuration fields active. The description field is optional but helps you to know what the configuration contains, such as the file server type, NIC drivers, and any additional files you want to add.

Field Definitions
Name: The configuration name you enter appears in the Configurations pane after the wizard is completed. Description: Enter a description for the configuration. (Example: enter the type of computer, operating system, network adapter, and any other characteristics that can help you identify this particular configuration.) After the Create Configuration and Create Boot Disk wizards complete, if you select the configuration from the treeview, the description you entered for this field appears at the top of the right pane. Pre-boot Operating System for this Configuration: Boot Disk Creator supports DOS, Linux, and Windows PE operating systems to create pre-boot environments. Select the pre-boot operating system and click Install Pre-boot Operating System Files (page 294) to install pre-boot operating system files.

File Server Type (DOS)


The Deployment Share stores image files, packages, and data files. By default, the Deployment Share is installed to the Deployment Server, but it can be on another server, depending on whether you selected a Simple or Custom Deployment Solution installation.

Field Definitions
Microsoft Windows: Select this option to store images on a Microsoft server using TCP/IP network communications (recommended). However, if you use IPX to communicate with a Microsoft server, select the IPX check box at the bottom of the page. Create multi-network adapter configuration: Select this option to add multiple network adapter drivers to a single PXE boot file configuration. This feature lets you build configuration files to boot multiple computers that contain different types of network adapter cards. See Multi-Network Adapter Configurations (page 298). Novell NetWare (VLM): Select this option to store images on a NetWare server with VLM clients, using IPX network communications. Novell NetWare (Client32): Select this option to store images on a NetWare server with 32-bit clients. Use IPX to communicate with Netware: Select this check box if IPX is the network protocol for the Novel NetWare (Client32) server.

Altiris Deployment Solution 6.8 SP2

297

Multi-Network Adapter Configurations


If you are creating a DOS configuration, when you select Multi-NIC configurations, a list of supported drivers appears. You can select Multi-NIC drivers to be included in the configuration by pressing Shift-Click or Ctrl-Click. After a client computer boots using a multi-network adapter configuration, Boot Disk Creator applies the driver that matches the first network adapter card that it detects. Example: if you are going to use the multi-network adapter configuration for several different client computers, this option can save you time and effort in booting different computers. However, if a client computer has 2 NIC cards and you use the multinetwork adapter configuration to boot the computer, the first NIC card is detected and can potentially be the wrong network adapter required to connect to the Deployment Server.

Advanced Features
The network adapters you select must support DOS, Linux, or Windows PE so that client computers can connect to a network or Deployment Server, depending on whether you create automation partitions, or network or automation boot disks. The Have Disk (page 299) button lets you install network adapter drivers from a disk, CD, or network folder. The Internet (page 299) button lets you connects to an Altiris supported Web site to download and install network adapter drivers. The Advanced (page 299) button lets you further define network adapters and their drivers.

Multiple Network Adapters Load Order


This option is for DOS and Windows PE configurations only. This lets you specify which order the physical network adapters will be detected when the client computer boots. Example: if most client computers have a Broadcom Ethernet adapter, but some computers have a 3Com10/100 LAN PC Card Fast Ethernet card, you can use Up and Down to move the Broadcom Ethernet adapter to the top of the list.

See Also: Network Adapter (page 298)

Network Adapter
The drivers listed in the Network Adapters window vary depending on the type of configuration you are creating. You can install pre-boot operating system files for DOS, Linux, or Windows Preinstallation Environment (Windows PE). See Install Pre-boot Operating System Files (page 294). Example: after installing the pre-boot operating system files for Windows PE, the Windows NIC drivers that are available to create a Windows PE configuration appear, and are automatically added to the new configuration. If you select Auto-detect network adapter, Windows PE determines which network adapter driver to use. Select a driver from the network adapters driver list. You must create a new configuration for each type of network adapter that is installed on client computers, unless you want to create a Multi-NIC configuration. See Multi-Network Adapter Configurations (page 298). If you want to add or change adapter settings (such as I/O Memory, IRQ, and PCMCIA for DOS configurations) click Advanced. See Advanced (page 299). If the network adapter you want does not appear in the list, you can click Have Disk, Internet, or Advanced (if they are available for the type of configuration you are

Altiris Deployment Solution 6.8 SP2

298

creating) to add additional drivers. See Have Disk (page 299), Internet (page 299), Advanced (page 299).

Field Definitions
Auto-detect network adapter: Select this option to have Windows PE auto-detect the type of adapter that is in a client computers when the boot image runs.

Have Disk
You can add network adapter drivers by using any disk media or navigating to a folder. Network adapters can be downloaded from the manufacturers Web site and saved to a folder or a disk to be installed later. New network adapters come with a floppy disk or CD to install the appropriate drivers.

Internet
Altiris supports many manufacturer network adapters and supports a Web site for you to download the latest NIC drivers. From the Network Adapter page, click Internet to launch the Web browser and connect to ftp://support.altiris.com/support/NIC_drivers/. Download the driver you want and unzip the files it to a folder on the hard drive. Click Add Driver and the driver you downloaded is added to the Network Adapters list.

Advanced
This options lets you add or change settings for network adapter cards so they work correctly when using DOS configurations. If you are creating a Linux or Windows PE configuration, this option is not available. From the Network Adapter page, click Advanced. Refer to the following properties and values.

Microsoft clients
EMM386 Memory (config.sys): Append memory address information to this line in the config.sys file. Advanced settings (protocol.ini): Add parameters to the NIC section of the protocol.ini file. Memory (protocol.ini): Add parameters to the network setup section of the protocol.ini file. IRQ (protocol.ini): Add parameters to the network setup section of the protocol.ini file.

Novell VLM clients


Emm386 memory (config.sys): Append memory address information to this line in the config.sys file. Advanced settings (config.sys): Add parameters to the NIC section of the net.cfg file.

Novell Client 32
Emm386 Memory (config.sys): Append memory address information to this line in the config.sys file.

Altiris Deployment Solution 6.8 SP2

299

Advanced settings (driver command line): Add driver command-line entries to the landrv.bat file.

TCP/IP Protocol Settings


This page lets you set up TCP/IP protocol settings for boot configurations. TCP/IP is the default protocol when client computers boot to automation on a Windows network. If you are using the IPX protocol, Deployment Server uses its own IP stack to work on IPX networks.

Field Definitions
Obtain an IP address from a DHCP server: Select this option if you want client computers to obtain an IP address from a DHCP server. Use a static IP address: Select this option if you want a client computer, using this configuration, to be assigned a specific IP address. Enter an IP address, Subnet mask, and default gateway. You can also enter a primary and secondary WINS address if you need to resolve IP addresses and naming conventions. This option also requires that you create a configuration for each client computer, so that the IP address is not the same for all computers.

Altiris Deployment Server Communication


This option lets you set communication properties for the Deployment Server. The Deployment Server IP address, and Port fields are critical because they define how client computers establish communications with the Deployment Server. Example: the TCP port on the Deployment Server is set to 402 and the Port field in the Boot Disk configuration is set to 502. This would result in client computers not being able to communicate with the Deployment Server, because the port numbers do not match. To establish communications between client computers and the Deployment Server, change the Port field in the Boot Disk configuration to 402. Note The settings on this page are only used if you create an automation boot image where the Automation Agent needs to know how to find the Deployment Server. If you intend to create a network boot disk, you can ignore this page by clicking Next, as none of the properties are used to create a network boot image.

To set the TCP port on the Deployment Server


1. 2. 3. From the Deployment Server, click Start > Control Panel > Deployment Solution Configuration applet > Options > Transport tab. Enter the TCP port number. Click OK.

Use TCP/IP multicasting to find the Altiris Deployment Server: Select this option to use TCP/IP multicasting to find the Deployment Server. When client computers boot to automation using this configuration, a multicast packet broadcasts across the network to find where the Deployment Server is located. Multicast IP address: Enter a multicast IP address for client computers to send a broadcast packet across the network to find the Deployment Server.

Altiris Deployment Solution 6.8 SP2

300

Port: This option defines which port client computers use to communicate with the Deployment Server Engine, which manages the Deployment Database, sends job commands to the Deployment Agent, and more. Server name: When you select Use TCP/IP multicasting to find the Altiris Deployment Server, a multicast packet broadcasts to the server you specify. If you leave this field blank, the client computer connects to any server responding to the multicast packet. Use TCP/IP to connect to the Altiris Deployment Server: Select this option to connect to a specific Deployment Server. You must select this option if your network adapter or network does not support multicasting. See your network adapter documentation or call the manufacturer or consult with your IT department for information. Server IP address: Enter the IP address of the Deployment Server to access information stored in the Deployment Share. If you are using the Intel Universal NIC driver (UNDI), the IP address is required. Port: This option defines which port client computers will use to communicate with the Deployment Server Engine, which manages the Deployment Database, sends job commands to the Deployment Agent, and more.

Network Configuration
This option lets you define how client computers connect to the Deployment Share or a file server where image files are stored.

Window
Workgroup: Enter the workgroup for the Deployment Share or file server.

NetWare
Server name: Enter the server name for the Deployment Share or file server. Click Advanced to enter a NetWare context for the server and select a Frame type if it is different from the default value of 802.2. User name: Enter the authorized user name that was set up when the Deployment Share directory was created. If you did not assign a User name and Password when the Deployment Share or file server was created, leave this and the Password fields blank. Password: Enter the password for the user name. Confirm password: Enter the password for the user name as confirmation that you entered the proper password in the Password field.

Network Drive Mappings and Mount Points


This option lets you set up drive mappings (for DOS and Windows PE) or mount points (for Linux) so that when client computers boot to automation or a network prompt, they connect to the appropriate server. You can create multiple drive mappings or mount points. However, if you are creating a DOS configuration, the first mapped drive you specify must connect to the Deployment Share.

Altiris Deployment Solution 6.8 SP2

301

Field Definitions
Manually create drive mapping: Select this option if you want the drive mappings to be included in the autoexec.bat file when client computers boot to automation. Drive: By default, the mapped drive that appears is F: \\<Deployment Share server>\eXpress. Click the drop-down arrow and select a different drive letter if F: is already in use. Path: Enter the path for the Deployment Share. The path you enter maps to the drive letter you selected in the Drive field. You can also click Browse to navigate to the Deployment Share if you are unsure of the directory path or if the image files are store on a file server. Example: Windows users: \\server\share NetWare users: server\volume:directory Linux users: //server/mount point Create and entry in the LMHOSTS file for the Deployment Server file store (other entries must be added manually): Select this option if your network does not support NetBIOS name resolution for IP addresses. Enter a Server name and IP address so that client computers can find the Deployment Share where image files are stored. Use NetWare login scripts to create drive mappings: Select this option if you use NetWare and you want login scripts to create the drive mappings.

Configuration Summary
This page lets you review all the options you selected throughout the New Configuration Wizard. If you find a setting mis-entered or not what you want, click Back to re-select the option. When you click Finish, the Create Boot Disk Wizard automatically appears for the next process to begin. If you are using Boot Disk Creator from within the PXE Configuration Utility, the Edit Configuration page appears. See Edit Configurations (page 302).

Edit Configurations
This is the main Boot Disk Creator page that appears when you start the utility. If you are using Boot Disk Creator from within the PXE Configuration Utility, this page appears at the end of the New Configuration Wizard. This feature lets you modify configurations that have already been created. As you select files and folders from the left pane, the configuration information appears in the right pane. The display color changes to help you know the type of configuration you selected to view, edit, or delete. The colors displayed are: Blue: The configuration you selected or created is based on the DOS pre-boot environment. Green: The configuration you selected or created is based on the Linux pre-boot environment. Red: The configuration you selected or created is based on the Windows PE preboot environment.

Altiris Deployment Solution 6.8 SP2

302

To change the configuration settings, right-click a configuration folder and select Edit Configuration and click Edit until you find the page for the options you want to change. You can also make text edits to files (selected from the treeview) in the right pane. All other configuration files can be edited as needed. If PXE Config is launched and exited without any changes, no updates are made to the Altiris PXE Server. However, after you edit a configuration, Boot Disk Creator rewrites certain files within the configuration so that drive mappings and mount points are always updated. The following files are rewritten after editing configurations: DOS - mapdrv.bat, unmapdrv.bat Linux - mounts.local WinPE - mapdrv.bat The edited configuration settings are saved to the PXE Manager database. The PXE Server is updated in the background. To view the updated status of the Altiris PXE Server, go to the PXE Status Screen tab. See also: New Configuration Wizard (page 296), Install Pre-boot Operating System Files (page 294)

Additional Files
Boot Disk Creator lets you add additional files to folders that either apply to a specific configuration or to all configurations that are of the same type of pre-boot operating system. However, any files you add to the global <OS> additional files folders are written to the boot image before the specific configuration files. If a file in the <OS> additional files folder is the same name as a file in a specific configuration folder, it is overwritten. Example: if a file named 5684_Drivers resides in the DOS additional files folder, and the same file 5684_Drivers exists in a specific configuration folder; when the files are written to a boot image, the file in the configuration folder overwrites the file in the DOS additional files folder. This may cause unexpected results. If you edit text files in a <OS> additional files folder, yet the specific configuration file is the one that is written to the boot image, the result is not as you expected.

Add files to all configuration


When you install a pre-boot operating system, a new folder is added to the bottom of the left pane on the main page of Boot Disk Creator. If you install pre-boot operating system files and the <OS> additional files folders do not appear, press F5 to refresh Boot Disk Creator. The folders that appear are as follows: DOS additional files Linux additional files WinPE additional files Boot Disk Creator copies the files from the <OS> additional files folders to all corresponding operating system configurations and are added to the boot images. These folders are considered global, since they can affect configurations of the same type. Example: using the Windows Copy and Paste command, you can add tracert.exe to the WinPE additional files folder. Each WinPE configuration you create adds the files in the WinPE additional files folder to the boot image.

Altiris Deployment Solution 6.8 SP2

303

Add files to a specific configuration


If you want to add files to a specific configuration only, and do not want to use the global feature of the <OS> additional files folders, do the following: 1. 2. 3. Right-click a configuration in the left pane and select New > Folder. A new subfolder is created in the left pane. Enter a name for the folder so that you know they are added files. To add files to the <OS> additional files folder, do one of the following methods: Copy files from a network folder and Paste them into the configuration folder. Right-click a configuration and select Add File. A browser dialog appears to navigate to the file you want to add. Right-click on a configuration and select File > Text file. A new empty text file is added to the left pane. Enter a name for the file and write text as needed in the left pane.

Create PXE Boot Image Files (PXE)


This option is for Boot Disk Creator configurations created from within the PXE Configuration Utility. Because Altiris PXE Servers download boot image files to client computers, after you select all the properties for a New Configuration, Boot Disk Creator must know what type of image file to create.

Field Definitions
Automation PXE image: The automation agent for the type of pre-boot operating system configuration you created is added to the settings you selected throughout the New Configuration Wizard. Network PXE image: The configuration you created does not contain an automation agent. When client computers boot with this image file, they map to a network server and be at a users prompt. (This option is not available in Shared Configuration mode.) Force 2.88 MB PXE image: Select this option to increase the size of PXE boot images.

PXE Boot Image Creation Complete


This page lets you know when the PXE boot image file is completed. Click Back to change the new configuration settings for the boot menu option. When you click Finish, the boot menu option appears in the Boot Menu tab.

PXE Server Tab


This lets you set response times for the Altiris PXE Servers and specifies how the DHCP Server will be discovered. By default, Altiris PXE Servers inherit the shared properties from the Shared Configurations mode. Client computers use the information defined on this page to locate the Altiris PXE Server that provides their services.

Altiris PXE Server properties


PXE Server IP address: By default, the IP address for both Shared Configuration and Customize PXE Server modes are already entered. If, for some reason, you need to change the IP address on a PXE Server, enter the same IP address in this field.

Altiris Deployment Solution 6.8 SP2

304

Enter the IP address for the specific Altiris PXE Server you selected from the File menu. When client computers perform a PXE boot, the IP address helps them communicate with the Altiris PXE Server. Use Shared properties: This is selected when you are setting the properties for a Shared Configuration. You cannot change this selection on the other pages if you are setting properties for the Shared Configuration. Customize PXE Server (Shared Configuration): This option is available when you select a specific Server from the File menu. You can keep the settings on the page or customize the properties for the Altiris PXE Server you selected. Response Time: This lets you set the Altiris PXE Server response time for when client computers request a PXE boot. Example: if you have three Altiris PXE Servers, you can set the first Altiris PXE Server to Short delayed response (1/2 second), the second to Immediate response, and the third to a Delayed response of your choice. This helps control which Altiris PXE Servers will respond to client computers when they perform a PXE boot. In this example, the second Altiris PXE Server would respond to client computers before the first server. PXE Server image update: This lets you control options for how updated PXE boot images are distributed to your Altiris PXE servers. Limit bandwidth throttles the amount of network bandwidth consumed by the transfer, but might result in your images taking longer to update. Enable checkpoint restart enables the Altiris PXE server to resume a transfer if connectivity is lost. DHCP Server discovery: Auto detect Microsoft DHCP Server and configure for PXE: Select this option for an Altiris PXE Server to auto detect the ports used for DHCP when Deployment Server and the Altiris PXE Server are installed to the same server. Third party DHCP Server installed on PXE server (Do NOT use DHCP port): Select this option if you are not using a version of Microsoft DHCP Server. Note: If Microsoft DHCP Server is installed on the Altiris PXE server, but is not active and non-functioning, the Altiris PXE Server sets option 60. This can cause conflict with client computers. Select the No DHCP Server installed on PXE Server (Use DHCP port) instead. No DHCP Server installed on PXE Server (Use DHCP port): Select this option if DHCP is installed to a different server than the one where Altiris PXE Server is installed. The Altiris PXE Server uses only one port for DHCP. Enable Automation Only: This lets you send a selected PXE boot image to the managed computer that has a job actively assigned. You can do this by selecting the Only managed computers with active assignments will be processed check box. If this check box is selected, and Deployment Solution has reported to the Altiris PXE Server that a specific MAC address (a selected managed computer) should be put into Automation mode with a specific PXE Menu Option image. Only that specific MAC address PXE booting client is processed. Scenario: There are 1000 computers known to Deployment Solution as managed computers and only one of those computers has an active job assigned. Deployment Solution relays this information to the Altiris PXE Server. If all 1000 computers are restarted, 999 computers are not given any PXE boot instructions from the Altiris PXE Server. They are ignored and the one computer that has a job actively assigned is sent the selected PXE boot image.

Altiris Deployment Solution 6.8 SP2

305

DS Tab
This lets you set properties so that all Altiris PXE Servers can communicate with the Deployment Server. Altiris PXE Servers and the Deployment Server work together to perform tasks, such as creating and distributing an image, scripted OS installs, and more. The Altiris PXE Server must access the Deployment Server and the Deployment Database to retrieve the information required to carry out these tasks on client computers. The Deployment Server IP address, the Engine Port, and the Data Manager Port are critical fields because they define how the Altiris PXE Server establishes communication with the Deployment Server. Example: the TCP port on the Deployment Server is set to 402 and the Engine port on the Altiris PXE Server is set to 502. This would result in the Altiris PXE Server not communicating with the Deployment Server because the port numbers do not match. To establish communication between the two servers, change the Engine port field on the Altiris PXE Server to 402.

To set the TCP port on the Deployment Server


1. 2. 3. From the Deployment Server, click Start > Control Panel > Deployment Solution Configuration applet > Options > Transport tab. Enter the TCP port number. Click OK.

Deployment Server properties


Deployment Server IP address: This is the IP address of the Deployment Server that controls the Altiris PXE Servers. This value is automatically entered when Deployment Solution is installed. However, because the Deployment Server IP address can change, you have the option to edit this field. Engine port: This option defines which port the Altiris PXE Servers use to communicate with the Deployment Server Engine, which manages the Deployment Database, sends job commands to the Deployment Agent, and more. Data Manager port: This is the port that PXE Manager uses to communicate with the Deployment Server. Default boot option: This is the default boot menu item that Deployment Server uses to execute jobs. Disable Initial Deployment: By default, this option is enabled. Clear the check box if you do not want to use Initial Deployment. Initial Deploy boot option: The boot menu item that was set as the default pre-boot operating system at install time is selected. If no boot menu items were created, the first boot menu item (shared) is selected. Go to the Boot Menu Tab (page 290) and create a Shared Configuration if there are no items in the list. When the boot menu appears on client computers, the default boot option you select for Initial Deployment moves to the top of the boot menu, even if the boot option is not at the top of the list on the Boot Menu Options for PXE Server: (Shared Configuration) page. Execute immediately: Select this option for Initial Deployment to run on new client computers without any user interaction following a PXE boot. From the Deployment Console, in the Initial Deployment Advanced properties, there is a default time-out value

Altiris Deployment Solution 6.8 SP2

306

of 5 minutes. If you select this option, PXE responds immediately but Initial Deployment still waits 5 minutes before running. Wait indefinitely: Select this option so that a user must press <F8> to start the Initial deployment job. Use default timeout: Select this option to use the time-out value set in the Initial Deployment Advanced properties from the Deployment Console. Timeout: Select this option to enter a time-out value of your choice. The boot menu appears on new client computers for the length of time you set before booting to Initial Deployment.

MAC Filter Tab


This feature lets you control the service load of the Altiris PXE Servers by creating a list of MAC addresses you want to be serviced by either a specific Altiris PXE Server or by all Altiris PXE Servers associated to a Deployment Server. You can also select to not service the list of client computers. Example: if you had three Altiris PXE Servers that Deployment Server integrated with and you were setting properties for a Shared Configuration, you could create a list of MAC addresses, select Service listed addresses so that all three Altiris PXE Servers would respond to the listed client computers. Or, you could create a list of MAC addresses for a specific Altiris PXE Server configuration, select Do NOT service addresses so that the Altiris PXE Server you selected would not download a boot menu to any of the client computers listed. This allows you flexibility to select the Altiris PXE Servers that provide services for specific client computers across the network.

MAC addresses filter properties mode


Use Shared properties: This is selected when you are setting the properties for a Shared Configuration. You cannot change this selection on the other pages if you are setting properties for the Shared Configuration. Customize PXE Server (Shared Configuration): This option is available when you select a specific server from the File menu. You can keep the settings on the page or customize the properties for the Altiris PXE Server you selected. Use MAC Address Filtering: Select this option to use MAC filtering. If this check box is not selected, the entries in the MAC Address Patterns area are ignored. Service listed addresses: Select this option if you want the Altiris PXE Server to service the list of MAC addresses in the MAC Address Patterns area. Do NOT service addresses: Select this option if you do not want the Altiris PXE Server to service the list of MAC addresses in the MAC Address Patterns area.

MAC address patterns


MAC addresses are listed in this view box. Add, edit, or delete the addresses. You can also import or export MAC address text files. New: This lets you enter MAC addresses. When you click this button, the Define MAC Addresses dialog appears. See Define MAC Addresses (page 308). Edit: This lets you modify addresses previously added to the MAC address list. When you click this button, the Define MAC Addresses dialog appears. See Define MAC Addresses (page 308).

Altiris Deployment Solution 6.8 SP2

307

Delete: Select a MAC address from the list and click this button. Import: This option lets you import comma-separated text file MAC address list. You can create the import text file manually, or you can import a file that has previously been exported from any Altiris PXE Server on your network. When the Windows navigation dialog appears, go to the folder or disk drive where the text file is located and click OK. Export: This option lets you export the MAC address list to a comma-separated text file. You can use the export feature to save a large MAC address list and import the file to another Altiris PXE Server or to the same Altiris PXE Server in the event you need to uninstall and install Altiris PXE Server. You can export all or part of the list by selecting the MAC addresses. When the Windows navigation dialog appears, go to the folder or disk drive where you want to save the text file and click OK.

Define MAC Addresses


Add or edit MAC addresses to the MAC address patterns area of the MAC Filter tab. This determines whether Altiris PXE Servers will include or exclude the client computers listed. See MAC Filter Tab (page 307). Single address: Select this option and enter a single MAC address. This address appears in the MAC Address Pattern area. Address range: Select this option to enter a range of MAC addresses. Enter a MAC address to start the range in the From box and an end range MAC address in the To box.

Multicast Tab
This option lets you set properties for the way Altiris PXE Servers download the boot image to client computers. Altiris PXE Servers communicate with client computers using the Multicast Trivial File Transport Protocol (MTFTP) and support larger transport packets, which reduces the time it takes to download files. The PXE Manager multicast properties lets you set a beginning multicast address, the number of multicast addresses available, and the number of addresses available for a single Altiris PXE Server. A multicast address is automatically assigned to the files an Altiris PXE Server uses to download the boot menu to client computers. A PXE boot menu option consists of two files. The MenuOption<number>.0 file is the boot menu, and the MenuOption<number>.1 file is the additional file needed to execute whichever menu item is selected by the user. Example: the PXE.ini file consists of information gathered by PXE Manager and includes a section called MTFTP\Files. This section lists the MenuOption files and their assigned multicast addresses.

[MTFTPD\FILES]

BStrap\x86pc\BStrap.0=224.1.1.0 MenuOption128\x86pc\MenuOption128.0=224.1.1.1 MenuOption128\x86pc\MenuOption128.0.cr-1005309736=224.1.1.2 MenuOption128\x86pc\MenuOption128.1=224.1.1.3 MenuOption129\x86pc\MenuOption129.0=224.1.1.4

Altiris Deployment Solution 6.8 SP2

308

MenuOption129\x86pc\MenuOption129.0.cr-1005309736=224.1.1.5 MenuOption129\x86pc\MenuOption129.1=224.1.1.6
Notice that the multicast address increments by 1 for each file that is created when a new PXE configuration is added and the boot image is created. These are the files that an Altiris PXE Server downloads when a user selects a boot menu option from the menu list on a client computer.

PXE Manager
PXE Manager creates a PXE Manager.ini file, which gathers data from all Altiris PXE Servers on the network. The PXE Manager.ini file creates and sends a PXE.ini file specific to each Altiris PXE Server. PXE Manager.ini and PXE.ini are both used by the PXE Manager service to synchronize the boot images across all Altiris PXE Servers and Deployment Servers on the network. Important: Do not edit the PXE Manager.ini or PXE.ini files. If these files are edited, you lose the ability to access the boot images stored on all Altiris PXE Servers, and the PXE Manager service does not function properly. See PXE Manager in the Automation & Imaging section of the Deployment Solution Product Guide.

TFTP/MTFTP properties
Use Shared properties: This is selected when you are setting the properties for a Shared Configuration. You cannot change this selection on the other pages if you are setting properties for the Shared Configuration. Customize PXE Server (Shared Configuration): This option is available when you select a specific server from the File menu. You can keep the settings on the page or customize the properties for the Altiris PXE Server you selected. Enable MTFTP: Clear this option if you do not want to use MTFTP to download the boot menu from the Altiris PXE Server to client computers. If an Altiris PXE Server is going to service client computers on the same subnet, you can select this option to communicate. If you disable MTFTP, TFTP is used to communicate. PXE-enabled client computers listen for broadcast messages sent by the Altiris PXE Server through MTFTP. If an Altiris PXE Server is going to service client computers across subnets and this option is enabled, the Altiris PXE Server tries to communicate with clients using MTFTP. If the router is not configured to pass a multicast packet, an error message appears on client computers, stating that MTFTP is unavailable. The Altiris PXE Server tries to connect to client computers using TFTP. Enable larger packets for TFTP/MTFTP: Select this option to increase the packet size transport. Packet size: Enter the transport packet size if your infrastructure does not have the capability of handling the default packet size of 768. Do not allow IP fragmentation: Clear this option to use IP fragmentation. This is helpful if you have a narrow bandwidth on the network and want to Enable Larger packets for TFTP/MTFTP when downloading files from the Altiris PXE Server to client computers. IP fragmentation allows larger packets to be broken up into smaller packets during transport. However, you must use a Third Party application to reassemble the smaller packets into the original packet size.

Altiris Deployment Solution 6.8 SP2

309

PXE Manager multicast properties


Beginning Multicast address: Enter a multicast address between the range of 224.1.1.0 -- 225.255.255.255. Number of Multicast Addresses Available: Enter the number of addresses available for the Altiris PXE Server. Limit: 128,000. Maximum Addresses Available to Single PXE Server: Enter the maximum addresses available on a single Altiris PXE Server.

BIS Tab
PXE configurations always create a .0 and .1 file, which are an open source on the network when PXE downloads these boot items to client computers. With Boot Integrity Services (BIS), you can encrypt the files to ensure that the Altiris PXE Servers communicating with the client computers are secure. You can use BIS Certificates if you meet the following requirements: Client computers must be PXE and BIS compliant. PXE must be installed on your Deployment Server system. You must Enable BIS on this page first, go to the Deployment Console and right-click on a computer or group of computers, and select Advanced > Install BIS Certificate. The client computers receive their certificate from the Altiris PXE Server. The next time BIS installed client computers try to boot to the Altiris PXE Server, the BIS Certificates must validate before any files can be downloaded. Note: If you have BIS enabled in Deployment Server 6.1, you must remove all BIS certificates before upgrading to Deployment Server 6.8.

Boot Integrity Services (BIS) properties


Enable BIS: Select this option to use BIS Certificates. Certificate owner: The default owner is Altiris. New certificate password: Enter a password. Confirm certificate password: Re-enter the password.

Data Logs Tab


This option lets you enable data logs to help you troubleshoot incidents on the Altiris PXE Servers. You can enable log files to help isolate issues with the network traffic, communication protocol, the Altiris PXE Server, and more. You can specify a filename for each of the logs, and you can enter a directory path where you want the log files stored. Each log file lets you select a log level, such as errors, warnings, information, debug, or all. This is a valuable tool that should be used only for troubleshooting purposes as it could impact the network in a production environment due to the amount of data being written to the logs.

Altiris Deployment Solution 6.8 SP2

310

Data Log properties


Use Shared properties: This is selected when you are setting the properties for a Shared Configuration. You cannot change this selection on the other pages if you are setting properties for the Shared Configuration. Customize PXE Server (Shared Configuration): This option is available when you select a specific server from the File menu. You can keep the settings on the page or customize the properties for the Altiris PXE Server you selected. Log File Location: This is the folder where all log files are stored. If no directory path is entered, log files are stored in the default Deployment Share folder of C:\Program Files\Altiris\express\Deployment Server\PXE. Log Files: These log files are specific to Altiris PXE Servers and if enabled, log information to the filename you specify and store it in the PXE folder on each Altiris PXE Server across the network. PXE Server Log PXE MTFTP Log Packet Parser Log DS Traffic Log Config Service Log The PXE Manager Log writes data to the filename you specify and stores it in the PXE folder on the Deployment Server. Level: Select the type of data you want to write to the log files. Each level in the list writes out more details to the log files the previous level. Filename: Enter a name for the log file you enabled if you do not want to use the default name.

Status Tab
View the status of the Altiris PXE servers in your environment and track whether updates have been applied to each Altiris PXE server.

Remote PXE Installation


You can install an Altiris PXE Server to any remote location on your network using this feature. However, all remote installs must be pushed from the Deployment Server. Example: your business home office is in Washington and you have two smaller offices in Los Angeles and Australia. You can install an Altiris PXE Server to both locations from the Deployment Server in Washington using the Remote PXE Installation Wizard. Note: DHCP services is required on the network to make the Altiris PXE Server function correctly.

To install a remote Altiris PXE Server


1. Browse to the location where axInstall.exe is installed. The default location is C:\DSSetup.

Altiris Deployment Solution 6.8 SP2

311

2. 3. 4. 5. 6. 7. 8. 9.

Run axInstall.exe. Select Component Install, and click Install. Click Yes to accept the licensing agreement. Enter or Browse to the Deployment Share folder. Select Install an additional Altiris PXE Server. Select Yes, I want to install PXE Server on a remote computer. Enter the computer name or Browse the network to select a remote Altiris PXE Server. Enter the PXE Server IP address.

10. Enter the Altiris PXE Server install path, and click Next. 11. Click Install.

Altiris Deployment Solution 6.8 SP2

312

Altiris ImageExplorer
Altiris ImageExplorer provides features to view and edit image files. Image files are created using the RapiDeploy utility, a tool used most commonly in Deployment Solution to create and distribute hard disk image files, an .IMG or .EXE file containing a replication of the source computers hard disk. Using ImageExplorer, you can modify an image fileadd or delete data files, folders and applicationsbefore distributing and restoring its contents to a client computer. You can view properties and perform operations, such as extracting and saving files to another destination volume, or excluding files from being restored when distributing the image file to a client computer. You can also print the contents of a folder or edit a file using its associated application. See also: Using ImageExplorer (page 318)

ImageExplorer Features
Add new files and folders Command line mode Convert images Create image indexes Extract files and folders Exclude (or include) volumes, folders, and files from being restored Find files in an image Open a file with its associated program and edit Make self-extracting images Print image tree structure of files, folders, and volumes Replace files Revert back to original image file contents Split images View, add, or change the image description View properties of files, folders, and volumes in an image

ImageExplorer User Interface

Click the ImageExplorer icon on the toolbar or select Tools > ImageExplorer. This opens the ImgExpl.exe program located in the Deployment Share. You can open and edit image files in the native .IMG file type or image files with packaged rdeploy.exe runtime versions in an .EXE file type.

Altiris Deployment Solution 6.8 SP2

313

Altiris ImageExplorer provides the following features to view, manage, and modify the volume, folder, and file elements of an image file.

Feature
Add File

Description
Adds a new file to the image file. See Add New Files (page 320). Add File is available when you rightclick a volume, folder, or a file in the treeview. When you right-click a file and select Add File, the new file is added to the same folder.

Button

Access
Option 1: Ctrl-A

Option 2: Select Edit > Add File

Option 3: Rightclick an item and select Add File Option 1: Ctrl-D

Add Folder

Adds a new folder to the image file. Click any item to add a folder to the container object. Add Folder is available when you right-click a volume, folder, or a file in the treeview.

Option 2: Select Edit > Add Folder

Option 3: Rightclick an item and select Add Folder Convert Image Converts image files from file format 4 to the format most currently used by RapiDeploy. See Convert an Image (page 320). Option 1: Ctrl-T

Option 2: Select File > Convert Image Option 1: Ctrl-C

Copy

Copies a file or folder from one location and lets you paste it to a destination image file. Note Copying large amounts of data and large numbers of files between image files can take several minutes.

Option 2: Select Edit > Copy

Option 3: Rightclick an item and select Copy Option 1: Ctrl-I

Create Image Index

Creates an image index to make the process of restoring images easier. See Create an Image Index (page 321).

Option 2: Select File > Create Image Index

Altiris Deployment Solution 6.8 SP2

314

Feature
Exclude

Description
Marks volumes, folders, and files not to be included when deploying the image file to client computers. Note You can also exclude a file by clicking the check box next to the file in the Details pane. The the check box. icon replaces

Button

Access
Option 1: Del key

Option 2: Select Edit > Exclude

Option 3: Rightclick a file and select Exclude File(s) Option 1: Ctrl-E

Extract

Extracts a complete volume, a folder (with its sub-folders), or a file from the image file. It lets you select a destination volume or directory to save the folders or files. See Extract a Folder (page 322). Note Extracting large amounts of data and large numbers of files can take several minutes.

Option 2: Select Edit > Extract

Option 3: Rightclick an item and select Extract File(s) Option 1: Ctrl-F

Find

Search for files or folders within an image file using specific names or wildcard characters. You can use ? as a variable for a single character or * (asterisk) for multiple characters. See Find Files (page 322).

Option 2: Select Edit > Find

Option 3: Rightclick a container object and select Find Include Allows volumes, folders, and files that were previously marked Excluded to be included in the image file when it is deployed to a client computer. Note You can also include a previously excluded file by clicking the next to the file in the Details pane. A check box will reappear. Option 1: Insert key

Option 2: Select Edit > Include

Option 3: Rightclick an excluded item and select Include

Altiris Deployment Solution 6.8 SP2

315

Feature
Make SelfExtracting

Description
Creates a self-extracting file from an existing image file. See Make SelfExtracting Images (page 323).

Button

Access
Option 1: Ctrl-M

Option 2: Select File > Make Self-Extracting Open File (available for files) Opens a file using its associated application, if the application exists on the computer where ImageExplorer is being run. Option 1: Doubleclick

Option 2: Select Edit > Open

Option 3: Rightclick the file and select Open Open File with Lets you open a file with a selected program. If the file is already associated with a program you can simply double-click to open. Use Open file with to change the program or select the default Quick Open feature. Note Image files created with IBMaster 4.5 do not open. However, you can use the Convert an Image (page 320) feature to convert image files to the current RapiDeploy file format. Open Image File Opens image files created with RDeploy.exe or IBMaster.exe. Files created with IBMaster are Read-only; however these files can be viewed and extracted. You need an older version of ImageExplorer (Deployment Solution 5.5 or earlier, or RapiDeploy 4.5 or earlier) to edit files created with IBMaster.exe. Places a file or folder from one location to another. Option 1: Doubleclick (if not associated)

Option 2: Select Edit > Open with

Option 3: Rightclick the file and select Open with Option 1: Ctrl-O

Option 2: Select File > Open

Paste

Option 1: Ctrl-V

Option 2: Select Edit > Paste

Option 3: Rightclick an item and select Paste

Altiris Deployment Solution 6.8 SP2

316

Feature
Print

Description
Folders: Prints the folder structure. Includes sub-folders and files with their modification date, time, and size. Files: Prints the actual file. You must have the associated application program installed to print the file (example: MS Word to print DOC files). See Print Folder Contents (page 324) and Print a File (page 325).

Button

Access
Option 1: Ctrl-P

Option 2: Select File > Print

Option 3: Rightclick an item and select Print

Properties

Provides general information about the folder or file, such as size, modification dates, and attributes. Properties appear differently for images, volumes, folders, or files. See View Properties (page 318).

Option 1: AltEnter

Option 2: Select File > Properties

Option 3: Rightclick an item and select Properties Replace Files (available for files) Provides a way to update a file in the image with a file from another source. Both files must have the same name. Option 1: Ctrl-L

Option 2: Select Edit > Replace

Option 3: Rightclick a file and select Replace File(s) Revert (available for files) An undo feature for the Replace File option. This reverts a previously changed file to its original file. Option 1: Ctrl-R

Option 2: Select Edit > Revert

Option 3: Rightclick an item and select Revert File(s)

Altiris Deployment Solution 6.8 SP2

317

Feature
Split Image

Description
Splits an image file of one size to be the segment size of another. See Convert an Image (page 320).

Button

Access
Option 1: Ctrl-S

Option 2: Select File > Split Image

Using ImageExplorer
With the ImageExplorer running, open the image file you want to view or modify by selecting Files > Open from the program menu bar. Note Older image files created with IBMaster.exe instead of the current RDeploy.exe cannot be modified with the version of ImageExplorer that ships with Deployment Solution 5.6 or higher. However, image files created with IBMaster can be viewed and files can be extracted. The ImageExplorer always displays the files created with IBMaster as Readonly even when the file attributes are Read-write. To modify older image files you will need to use the version of Altiris ImageExplorer that ships with the earlier versions of Deployment Solution. See also: View Properties (page 318), Add New Files (page 320), and Extract a Folder (page 322).

View Properties
After opening an image file with ImageExplorer, basic information about the image file and its elements can be viewed by selecting a file or volume (partition) name and clicking Properties. You can open the properties page for an image file, volume, or file by right-clicking and selecting Properties, clicking File > Properties, or typing AltEnter. Depending on the type of image element, a property page opens with the appropriate tabs:

General Properties for an Image File


This page displays data for image files. After selecting Properties for a selected image, click the General tab to view the image items and additional property data, such as size, location, and attributes. The Image property page includes the name of the image file and its associated image data. Example: the Size field displays the amount of room that the image used on the hard drive of the source computer. The Size on disk field displays the actual size of the compressed image file before it is deployed. You can modify the password of the image file in this dialog.

General Properties for a Volume


This page displays data for a volume. After selecting Properties for a selected folder in an image file, click the General tab to view its property data, such as size, location, and attributes.

Altiris Deployment Solution 6.8 SP2

318

General Properties for a Folder


This page displays data for a folder. After selecting Properties for a selected file in an image, click the General tab to view its included files and additional property data, such as size, location, and attributes.

General Properties for Files


This page displays data for files. After selecting Properties for a selected folder in an image file, click the General tab to view its included files and additional property data, such as size, location, and attributes.

Description Properties for an Image


This page displays the constituent volumes within the image file. It provides a count of the volumes in the image and lists the name of each volume in the Volumes pane. If the image file has Read-write access, you can modify the image description.

Disk Partition Properties


The Miscellaneous property page provides a comprehensive list of system attributes for each volume in the image file. It includes volume data and statistics, including data imported from the partition table.

Open a File
To open a file in an image, double-click the file in the Details pane of the ImageExplorer or right-click and select Open. The file opens with its associated program. If no associated program is located, an Open with dialog appears, allowing the user to select and associate a program for the file. Note You can also associate a file with a program by right-clicking the file and selecting the Open with command. The Quick open feature lets you select a default program to open files without associated programs (Microsoft Notepad is the default program). You can change the default program for the Quick Open feature by clicking View > Settings and editing the Open with program box. See also: Print a File (page 325) and Settings (page 326).

Opening Split Image Files


If an image is too large or if you are trying to meet size restrictions to store an image (such as dividing image files to 600 MB to fit on multiple CDs), you can use the features in RapiDeploy to split the image file into multiple files. When editing, ImageExplorer keeps track of these split image files and prompts you to locate any additional linked image files not stored in the same directory.

Find Missing Split Image Files


If multiple files from a split image are kept in different folders or on separate CDs, this dialog appears to help you locate the missing split image files. Enter a path in the field

Altiris Deployment Solution 6.8 SP2

319

or browse to the missing files. ImageExplore keeps track of all files in a split image and prompts you for any missing split image files if they are not located in the same folder.

Add New Files


1. 2. 3. 4. Open Altiris ImageExplorer. Select File > Open. Select an image file. Click OK. Right-click the preferred volume or folder in the image and select Add File. The Select Files to add dialog appears. Option 1: Locate a file and click OK. The new file appears in the image. Option 2: Drag a file from Windows Explorer to the selected folder or volume in an image file displayed in ImageExplorer, or copy and paste the file. If the option is selected (see the Paste / Drop operations in the Settings (page 326) dialog), a message appears confirming your decision to copy a file to the image file. Note You can access and edit text files by double-clicking the file in the Details pane of the ImageExplorer dialog.

Convert an Image
The internal file format for images changed from file format 4 in Deployment Server version 5.5 and earlier, to file format 6 in Deployment Server 5.6 or later. File format 6 has remained the same since its release, but minor changes have been made to improve the overall format structure. This feature lets you select any previously created image file and convert it to the current file format that RapiDeploy uses today. If the file format changes in future releases of Deployment Server, when you convert an image file, it will always be to the most current file format. When converting image files, be aware of the following: If an old image has an image index (.IMX) file, a new image index file is created. If an old image file is a self-extracting image, the embedded RapiDeploy code is removed and the image is restored to a .IMG file. You do not receive a message warning that the embedded self-extracting code was removed. If an old image has a password, the new image file created does not have a password. However, the user receives a message indicating that the password has been removed. File conversions may vary in length of time because ImageExplorer reads each segment in the image before converting it to the new image file. If you have large files with many segments, this process takes longer.

Field Definitions
Image File to Convert: Select the image file you want to convert.

Altiris Deployment Solution 6.8 SP2

320

Current segment size: By default, the segment size for RapiDeploy images is 2 GB. Current segment count: The number of segments in the image file. New Output Image File: Select a folder and filename for the image file you want to convert, based on the new segment size. New segment size (MB): Select a size for image segments from the drop-down list. The list of options includes default sizes for CDs, zip drives, and more. When a file segment reaches this limit, a new segment is created until the entire image is converted. Estimated segment count: The estimated number of segments in the file you selected to convert.

To convert an image file


1. 2. 3. 4. 5. Click File, and select Convert Image File. Click Browse to navigate to a folder, and select an image file to convert. Click Browse to navigate to a folder. Enter a new filename for the converted image. Click the drop-down arrow and select a segment size from the list. Click OK.

Create an Image Index


This feature lets you create an index file for image files so that when you copy the images to CDs, the index file, along with the first segment of the image, can give the file information to RapiDeploy when restoring the image file. Example: if you have an image with multiple segments, such as .IMG, .002, .003, and .004, ImageExplorer creates a table of contents at the end of segment .004, which identifies the file information for each segment of the image. With this feature, a new index file named .IMX is created. Then, as you copy the segments to CDs, you can select .IMG and .IMG to be on the same CD. The other segments, .002, .003, and .004, can be copied to additional CDs as needed. When you use the CDs to restore an image, the first CD that contains the .IMG and .IMX files give RapiDeploy the information needed to restore the image. This makes restoring images easier because you are not required to insert the first CD, the last CD, back to the first CD just for RapiDeploy to restore the image. You can also index images as you create them by selecting the Make an image index (.imx) file option in RapiDeploy. See the RapiDeploy Reference Guide.

Field Definitions
Image File to Index: Select the image file you want to index. Output Folder for Index (optional): If you do not select a folder for the index output, the .IMX file is created in the same folder as the image you selected to index.

To create an index image


1. 2. 3. Click File, and select Create Image Index. Click Browse to navigate to a folder, and select an image file. Click Browse to navigate to a folder for the index file output.

Altiris Deployment Solution 6.8 SP2

321

4.

Click OK.

Extract a Folder
Use this feature to save a folder or file from an image to an external destination folder: 1. 2. 3. 4. 5. 6. Open Altiris ImageExplorer. Select File > Open. Select an image file. Click OK. Select a folder in the image, right-click, and select Extract Folder. The Browse dialog appears. Select a folder on your local disk or on the network to place the extracted folder. Click OK.

Note Extracting large amounts of data and large numbers of files can take several minutes.

Find Files
To search for files or folders in an image file, enter a string or characters (alpha and numeric) in the Find what box. You can use the ? (question mark) as a variable for a single character, or use the * (asterisk) for multiple characters. To search for a file, select the image file, volume name, or folder name from the treeview to set a search domain. You can change the search domain before clicking Find.

Field Definitions
Include folders: Select this option to include matching folders in the search results. Include files: Select this option to include matching files in the search results. Files and folders meeting specified search criteria are listed in the results box, organized by File Name and Location.

Filter Results
Click Filter on the Find Files dialog to open an advanced search for files based on associated system attributes (Read-only, Hidden, System) and ImageExplorer attributes (Added, Excluded, Replaced).

Field Definitions
Find What: Enter the string or characters to find a file based on system attributes or ImageExplorer attributes of the file or folder. Click Include matching files to select files. Click Include matching folders to select folders. Note To search in a specific directory, select that directory in the treeview pane and open the Find dialog. The following attributes use three-way check boxes with these features:

Altiris Deployment Solution 6.8 SP2

322

A solid checkmark means the item must contain the attribute. An empty box means the item must not contain the attribute. A dimmed checkmark means the value is NULL and the item can either have the value or not. Attributes: These are the system attributes of the files assigned by the operating system when the image was created. Flags: These are the attributes assigned by ImageExplorer.

Make Self-Extracting Images


This lets you create a self-extracting file for an existing image file so you can run the executable at a client computer. This is helpful when you need to restore an image to a computer that does not have access to the Deployment Server and RapiDeploy for imaging through the network. You can select image files that have been created with RapiDeploy, which was used to create images beginning with Deployment Server 5.6 or later. If you have images that were created with Altiris IBMaster 4.5 or earlier, you cannot use this feature. However, when you navigate to a folder to select an image, all .IMG files appear. You can use the Convert an Image (page 320) feature to convert the image to the latest RapiDeploy file format. The self-extracting file is comprised of a valid image file and RapiDeploy, which is embedded into the executable. You can copy the self-extracting file to a folder or removable media and manually run it on any computer, or you can create a deployment job on the Deployment Server and distribute the self-extracting file to multiple computers. When new versions of RapiDeploy become available through Deployment Server upgrades, you can re-make any self-extracting file by re-running Make Self-Extracting. The image files embedded RapiDeploy code is replaced with the latest version of RapiDeploy. This process may vary in length of time because ImageExplorer reads only the .IMG segment. If your file is 2 GB, the file will take more time than if the .IMG segment is 700 MB. RapiDeploy and only the first segment of the image file (.IMG) are combined together to create the executable that restores images. However, all other segments that make up the entire image, including the index (.IMX) are required when restoring an image. See also: See Create an Image Index (page 321).

Field Definitions
Current self-extractor type: The image file you selected is of this operating system type. Keep original image file: Select this check box for ImageExplorer to make a selfextracting image file without affecting the original image file. Note If you clear this check box and the Make Self-extracting process fails, the original image file may become damaged or corrupted, and you can no longer use the original image file to create a self-extracting file.

Altiris Deployment Solution 6.8 SP2

323

Image file size: The size of the current image selected. Remove existing self-extractor: Use this option to remove the .EXE code from a self extracting image. The image file will return to its original state with a .IMG file extension. This option is available only if the image file has self-extracting code, otherwise, this option is unavailable. DOS: This mode uses the RapiDeploy graphical user interface to display the image files progress while it is running. DOS text mode: This is a text version user interface. You can view the progress bar at the bottom of the client computers display while the image file is running.

To create a self-extracting image file


1. 2. 3. 4. 5. Click File, and select Make Self-Extracting. Click Browse to navigate to the location of the image file. Clear Keep original image file if you want to make the original image file a selfextracting image file. Select Change self-extractor type. See Field Definitions (page 323). Click OK. The self-extracting file is created in the same directory as the original image file. If the Not enough free space dialog appears, see Not Enough Free Space (page 324).

Not Enough Free Space


The image file you selected to make into a self-extracting file cannot be created because there is not enough free disk space. The Not enough free space dialog lets you select an alternate location to create the self-extracting file. Enter a directory path or click Browse to navigate to a location with more disk space. Click OK.

ImageX Sample Scripts


These are sample scripts that let Deployment Solution run ImageX imaging jobs from the Deployment Console. These sample scripts include documentation so you can put the name and location of the .WIM files. You can use ImageX to capture several different images into a single .WIM file. You can open the sample job and specify the location of the .WIM file with the correct passwords and network locations. You can run the job against the server, which launches the ImageX utility and captures an image of the target computer.

Print Folder Contents


You can print a list of the files and sub-folders within an image file, a volume (partition), or a folder. Depending on the options selected, you can print a report that includes the constituent files and subfolders and includes fields with the modified date, time, size, and other attributes for each file. When printing the contents of an image file, volume, or folder, click OK to view a Print Preview (page 325) of the report file.

Field Definitions
Title: Enter a title for the top of the report page.

Altiris Deployment Solution 6.8 SP2

324

What to print Just this folder: Print only the files in the selected image, volume, or folder. This will not print the subfolders. This folder and subtree: Print the files in the image, volume, or folder and all the subfolders and files. Print excluded items: Print the files that were marked previously as Excluded. Print < . > entries: Print an entry in each folder identified as < . > (a dot notation). Attributes and date/time properties will be saved for this hidden folder in the image file. Fields to Print Include modified date and time: Print the date and time that the file or folder was modified. Include size: Print the size of the file. Include attributes: Print the Read-only, Archive, Hidden, System, or Compressed system attributes (Read-only, System, Hidden) and the ImageExplorer attributes (Added, Excluded, Replaced). Include file number: Print the file number associated with each file. See also: Print a File (page 325).

Print Preview
View an online display of the print report for image files, volumes, or folders. The name of the report will appear at the top of the page with details in a table that were selected in the Print Folder Contents dialog.

Field Definitions
Save: Click to save the report to a text file. Lines: View the number of lines in the report. Print: Click to print the report.

Print a File
From the ImageExplorer dialog, you can select and print an actual file using its associated program. If your file is not associated with a program, you can associate it by selecting from a provided list of installed programs on the computer. You can also attempt a Quick print to open the file using a standard program, such as Microsoft Notepad.

Field Definitions
Quick print: Click this button to run a default program to open and print the selected file. The default program is Microsoft Notepad. You can change the default program to print files using the Print With program box in the Settings dialog. See also: Print Folder Contents (page 324)and Open a File (page 319).

Altiris Deployment Solution 6.8 SP2

325

Setting a Password on an Image File


Right-click an image file and select Properties. In the Attributes section, select Password. The Set / Change Password dialog appears.

Field Definitions
Current password: Enter current password. New password: Enter new password. Confirm password: Type the password again to confirm that is was correctly typed in.

Settings
You can set preferences for the Altiris ImageExplorer by clicking View > Settings. The Settings dialog appears to set options to confirm specific operations using message boxes in the user interface, to set options for displaying items or excluding items, or to select default programs when using the Quick print (see Print a File (page 325)) or Quick open (see Open a File (page 319)) options.

Confirmations
Read-only Open operations: Present a confirmation message to the user when opening a file in a Read-only state, and as a result any changes cannot be saved. Example: if an image file created in RapiDeploy 4.5 or earlier is opened, it is Read-only and any operation performed cannot be saved. As a result, when opening this file a confirmation box appears reminding the user that the file cannot be saved. File Overwrite operations: Present a confirmation message to the user when extracting a file from an image file and overwriting an existing file on a destination drive. File Revert operations: Present a confirmation message when executing a Revert operation that returns the image file to its original file structure and content after replacing files. Paste & Drop operations: Present a confirmation message when dragging a file to a new folder in an image file, when using the copy and paste operation to move files to another folder, or when using the Add New Files command. Exclude operations: Present a confirmation message to the user when assigning the Exclude option to a file (to not distribute the selected file as part of the image). This message appears when clicking the check box on the file or folder or selecting the Exclude operation. Folder Overwrite operations: Present a confirmation message to the user when extracting a folder from an image file and overwriting an existing folder on a destination drive.

Display Settings
Keep help on top: Select to keep open help file on top of the ImageExplorer user interface. This lets you view the help side-by-side with the program rather than allowing it to be sent behind the ImageExplorer user interface. Show file numbers: View the associated file numbers in the image. In NTFS the files are numbered automatically. In FAT, EXT2, EXT3, and other file systems the files are numbered by RapiDeploy when creating the image file.

Altiris Deployment Solution 6.8 SP2

326

Show excluded items: View the files marked as Excluded in the image. Files will be shown after refreshing the screen. Extract excluded items: Allow the Excluded files and folders to be extracted from the image file to a destination folder. This setting lets you include all files previously marked as Excluded to be saved to an external destination folder when running the Extract command. Color added items: Select this option to mark files/folders added to the image with blue text. See Add File (page 314) and Add Folder (page 314). Color replaced items: Select this option to mark files/folders replaced to the image with magenta text. See Replace Files (available for files) (page 317). Color excluded items: Select this option to mark files and folders added to the image with red text. See Exclude (page 315).

Default Programs to Open and Print Files


These settings are default settings for the Quick Open and Quick Print options that appear with the Open with and Open features. Use to associate files to a common program, such as Microsoft Notepad. Open with program: Set the default program to run with a selected file. The default program is Microsoft Notepad. See Open a File (page 319). Print with program: Set the default program to print a selected file. The default program is Microsoft Notepad. See Find Files (page 322).

Split Image
This feature lets you select an image file to split (rewrite) into a new image file based on the segment size you select. While Convert an Image (page 320) changes the file format of an image to be the current format used by RapiDeploy, split an image keeps the format of the original image but changes the size of its segments. Example: if you have a 2 GB image file, and you wanted to split the image so it could fit on CDs, you could select 650 MB or 700 MB as the new segment size and the result would be one image file with multiple segments. You could copy the segments to CDs and use them to restore the image file at client computers. When splitting image files, be aware of the following: If the old image is an old format image (IBMaster 4.5 or earlier), the image cannot be split but is converted instead. If this occurs, a message appears to verify if this is what you want to do. If you proceed, all the principles of Convert and Image apply. If an old image has an image index (.IMX) file, a new image index file is created. If an old image file is a self-extracting image, the embedded RapiDeploy code remains, and the new image contains the same version of RapiDeploy as when it was originally created. However, if the image is an old format image (IBMaster 4.5 or earlier), the image cannot be split but is converted instead. If you proceed, the self-extracting code is removed. If an old image has a password, the new image file has the same password. However, if the old image is an old format image (IBMaster 4.5 or earlier), the image cannot be split but is converted instead. If you proceed, the password is removed.

Altiris Deployment Solution 6.8 SP2

327

Field Definitions
Image File to Split: Select the image file you want to split. Current segment size: By default, the segment size for RapiDeploy images is 2 GB. Current segment count: The number of segments in the image file. New Output Image File: Select a folder and filename for the image file you want to split. New segment size (MB): Select a size for image segments from the drop-down list. The list of options includes default sizes for CDs, zip drives, and more. When a file segment reaches this limit, a new segment is created until the entire image is split. Estimated segment count: The estimated number of segments in the file you selected to split, based on the new segment size.

To split an image file


1. 2. 3. 4. 5. Click File, and select Split Image File. Click Browse to navigate to a folder, and select an image file to split. Click Browse to navigate to a folder, and enter a new filename for the image. Click the drop-down arrow, and select a segment size from the list. Click OK.

Command Line Switches


This feature can be use to create Deployment Server Run Scripts or batch jobs to help you manage images from the command line. At the end of some switches, select options are listed to indicate that the additional commands are allowed.

To access the online command line options


1. 2. 3. 4. From the Windows environment, select Start > Run. In the Open field, enter the command CMD. Enter C:\Program Files\Altiris\eXpress\Deployment Server\ (default installation path). Enter imgexpl /? to view the command-line switches page.

Command line
Parameters

Description
Image files to open or operate (can be repeated, such as w2k.img, xp.img).

Altiris Deployment Solution 6.8 SP2

328

Command line
Switches

Description
-register: register file types in the Windows Registry. -unregister: unregister file types in the Windows Registry. -add <src> <dst>: add file, folder, or volume to an image. Accepts the <-overwrite> option. You can use wildcards when entering the source (src). -extract <scr> <dst>: extract a file, folder, or volume from an image. Accepts the <-overwrite> and <-size> options. -convert <dst>: convert an old format image to the current image format used by RapiDeploy. Accepts the <-overwrite> and <-size> options. -split <dst>: split an image into new size file segments. Accepts <-overwrite> and <-size> options.

Options

-lang <lang code>: *specify the Language code for the user interface. -silent: *do not display confirmation or errors. -password <pwd>: *passwords for image files being opened. -overwrite: when in silent mode, do not confirm actions. -size <size in MB>: size of the new image segment in MB. * Indicates the options that can be used with any command.

Process exit codes

0 2 4 6 8

Success. Command line syntax error. Error registering or unregistering file types. Operation cancelled by the user. Attempted to write to a Read-only image.

10 Invalid password. 12 Error performing an operation. 14 The Image file was not found or an error occurred opening an image. 16 The Source was not found, or an error occurred option the source. 18 The destination was not found or an error occurred opening the destination. Examples: Open a W2k.img that requires the password develop. C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password develop Open two image files that each have different passwords, password and sales.

Altiris Deployment Solution 6.8 SP2

329

C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password develop f:\w2k.img -password sales Add all *.txt files in e:\to the temp folder of the volume in slot 1 of w2k.img. C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password develop -add e:\*.txt 1:\temp Extract kernal.dll from the Windows folder of the volume sys in w2k.img to e:\dump. C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -password develop -add e:\*.txt 1:\temp Convert the old format image file, w2k.img, to the new image, new2k.img, in 650 MB segments. C:\Program Files\Altiris\eXpress\Deployment Server\imgexpl f:\w2k.img -convert f:\new2k.img -size 650

Altiris Deployment Solution 6.8 SP2

330

Installing Deployment Server


Deployment Server is a flexible, scalable computer deployment and management system that can be installed and configured on a single computer, or installed across several computers to distribute processing for large enterprise environments. You can run a Simple install to position all Deployment Server Components on a single computer (most frequently used), or plan and perform a Custom install to distribute installation of components across separate computers in the site. The Deployment Web Console can be installed as part of the Deployment Server installation on any computer running Microsoft IIS. After installing Deployment Server components, you can remotely install Deployment Agents on all types of computer resources across your organization: laptops and handhelds, LAN and Web servers, network switches, and so on. Windows computers, Linux computers, and handhelds can be managed as a unified environment, with each client communicating through its own Deployment agent to update inventory data and react to Deployment Server commands and deployment tasks. Select one of the following methods for installing a Deployment Server system: Simple Install for Deployment Server on page 337 Custom Install for Deployment Server on page 340 Thin Client Install for Deployment Server on page 343 Component Install for Deployment Server on page 343 To install Deployment Agents on the client computer, see Installing Deployment Solution Agents on page 344. Note You can also install the Deployment Server components remotely from the Altiris Console.

Deployment Server Components


The Deployment Server system includes the following components: Deployment Console on page 332 Deployment Server on page 332 Deployment Database on page 333 Deployment Share on page 334 Altiris PXE Server on page 334 DHCP Server (not an Altiris product) Deployment Web Console on page 335 Installing Deployment Solution Agents on page 344 Sysprep on page 365

Altiris Deployment Solution 6.8 SP2

331

All these components can be installed on the same computer or distributed across multiple computers as per your environment.

Deployment Console
The Deployment Console is the Win32 user interface for Deployment Solution. You can install this Windows console on computers across the network to view and manage resources from different locations. In addition, from this console, you can access the Deployment Database on other Deployment Server systems to manage sites across the enterprise. See Connecting to Another Deployment Server on page 95. Deployment Console communicates with the Deployment Database and Deployment Server services. In a Simple Install for Deployment Server, the Deployment Console is installed on the same computer as all other components. In a Custom Install for Deployment Server, you must ensure that a connection is available to these computers and security rights are set. You must have administrative rights on any computer running the Deployment Console. See also Deployment Web Console on page 335, Managing from the Deployment Console on page 72, and Deployment Server Components on page 331.

Deployment Server
Deployment Server controls the flow of the work and information between the managed computers and the other Deployment Server components (Deployment Console, Deployment Database, and the Deployment Share). Managed computers connect and communicate with the Deployment Server to register inventory and configuration information and to run deployment and management tasks. The computer and deployment data for each managed computer is stored in the Deployment Database. Note To view, start, or stop Deployment Server, go to the Altiris Server services in your Windows Manager. Managed computers require access to the Deployment Server at all times, requiring that you have administrative rights on the computer running the Deployment Server.

Create a user account to run the Deployment Server. The service runs as a logged-onuser, not as a system account. You must create this account on all Deployment Server computers. The account must have full rights to the Deployment Share. The account must have a non-expiring password. Assign a static IP address to the Deployment Server computer. Other components cannot connect to the Deployment Server if you use DHCP and dynamically change the IP address. To install the Deployment Server on a remote computer, the default administration shares must be present. Restore any shares that have been removed before you install the Deployment Server.

Altiris Deployment Solution 6.8 SP2

332

Note Creating an administrative account using the same name and password on each computer is easier to remember than using the names and passwords of existing accounts. Most packages (.RIP, Personality Packages, and .MSI files) are passed through the Deployment Server. Therefore storing these files on the same computer as the Deployment Server can speed up the deployment of these packages. Image files, however, are sent directly from the Deployment Share to the client computer when executing an imaging task. See also Deployment Server Components on page 331.

Deployment Database
The Deployment Database can be installed on Microsoft SQL Server 2000 or Microsoft Desktop Engine (MSDE) 2000. See Deployment Server System Requirements on page 336. Note In Deployment Solution 6.0 and later, if you have multiple instances of the Microsoft SQL Server already set up, you can identify a specific instance using this format: <database instance>\express. Example: if you have a clustered Microsoft SQL Server named SQLClusterSvr to manage multiple Deployment Solution systems on different network segments, you can enter the name SQLClusterSvr\salesSegment or

SQLClusterSvr\marketingSegment during the Deployment Server setup depending on the previously established database instance. This feature is
supported in the silent install .INI file and the GUI install executable. The database maintains the information about the managed computers, such as: Hardware. RAM, Asset tag, and Serial numbers General Information. Computer name and MAC address Configuration. TCP/IP, Microsoft Networking, and User information Applications. The applications installed and information about these applications, such as the name of the application, Publisher, and Product ID Services. Windows services installed Devices. Windows devices installed such as network adapter, keyboard, and monitors Location information. Contact name, phone, E-mail, Department, Mail Stop, and Site The Deployment Server Database also contains jobs and other data used to manage your computers. Note You can install a single Deployment Database per Deployment Server systemyou cannot have two databases storing data for a single computer. If the computer you are installing the database to has an existing Microsoft SQL Server, the Deployment Database is added to that instance of the database engine.

Altiris Deployment Solution 6.8 SP2

333

Support for Multiple Database Instances


In Deployment Solution 6.0 and later, you can identify a named instance of the Microsoft SQL Server when installing Deployment Solution. You can now identify other named instances of Microsoft SQL Servers rather than accessing only the default instance. This feature lets you identify and run multiple databases from one clustered Microsoft SQL Server to manage multiple sites or network segments. This feature is supported in the silent install .INI file and the GUI install executable. See Custom Install for Deployment Server on page 340. The 6.8 release of Deployment Solution also supports a different name for the Deployment database other than the default eXpress. See also Deployment Server Components on page 331.

Deployment Share
Deployment Share is a file server or shared directory where Altiris program files and packages are stored. The Deployment Share can be a shared directory (default Simple install in Program Files\ Altiris\eXpress\Deployment Server) or another file server (in the Custom install you can assign a Microsoft Windows or Novell NetWare file server). Deployment Share is where you store image files, registry files, .MSI packages, Personality Packages, script files, and more. When a computer is being deployed or managed, Deployment Server stores and retrieves these packages from the Deployment Share as needed.

If you are installing Deployment Solution on a remote file server (not the computer where you are running the install program), create a share (or give Read/Write rights for NetWare) on the file server where Deployment Server can be installed. The share must allow access to all other components, including managed computers and the user account that runs the Deployment Server. This share must be created before you begin installing. If you are not installing to a remote computer, you can select the option to create the share during install.

Note You can install only one Deployment Share per Deployment Server system. However, if the Deployment Share's hard drive gets full, other computers can be used as additional, backup storage points. In some cases, other systems emulating a Microsoft or NetWare environment can be used as the Deployment Share. Note for NetWare users: If you have trouble using the Novell NetWare server as a Deployment Share, install the Novell Client rather than the Microsoft NetWare Client. See also Deployment Server Components on page 331.

Altiris PXE Server


The Altiris PXE Server provides service to client computers on a subnet. When the Deployment Server sends a deployment job, the client computer receives a request to boot to automation and the PXE-enabled computers connect to the first Altiris PXE

Altiris Deployment Solution 6.8 SP2

334

Server they discover, which communicates with the Deployment Server and the client computers. You can install an Altiris PXE Server on a Microsoft Server 2003, Windows 2000 Server and Advanced Server. The Altiris PXE Server also functions on the same protocols as a standard DHCP Server so you can place the Altiris PXE Server anywhere you would place a DHCP server. You can also install as many Altiris PXE Servers as required in your system, but you must also install a DHCP Server. The Altiris PXE Server sends a boot menu option list to the client when the computer performs a PXE boot. The deployment job, which contains at least one automation task, uses the default automation environment or the environment specified by a user who has the persmissions to create a deployment job. The boot menu options the request boot menu files from the Altiris PXE Server and are downloaded from the Altiris PXE Server to the client computers RAM storage. The client computer always boots according to the request and reply communications taking place between the Deployment and Altiris PXE Servers. Altiris supports DOS, Linux, and Windows PreInstallation Environment (Windows PE) as pre-boot environments. These options let you create a single job, but may contain multiple automation tasks. The default automation environment (the first pre-boot operating system files installed during the Deployment Solution installation) is used for Initial Deployment, unless you specify otherwise. Using an Altiris PXE Server to boot client computers to automation, saves you from having to install an automation partition on each client computers hard disk, or manually start computers using Altiris supported bootable media. See Boot Disk Creator Help. See also Pre-boot Operating System (Simple) on page 361, Install Automation Partition on page 137, and PXE Configuration Utility Help.

DHCP Server
The DHCP (Dynamic Host Configuration Protocol) server is a server set up to assign TCP/ IP address to the client computers. This server is not an Altiris product, but it is required if you intend to use the Altiris PXE Server. We recommend that you use DHCP to manage the TCP/IP address in your network regardless of whether you use PXE or not. This greatly reduces the amount of time it takes to set up and manage your computers. See also Deployment Server Components on page 331.

Deployment Web Console


The Deployment Web Console remotely administrates a Deployment Server installation from a Web browser. It deploys and manages Windows and Linux computers (both client and server editions) in real time with many of the features present in the Deployment Console. The Deployment Web Console can be installed on any computer running the Microsoft IIS Server, including a computer running Deployment Server, Notification Server, or a remote computer running only Microsoft IIS. Note If Microsoft IIS is running, the Deployment Web Console is installed automatically during the Windows installation.

Altiris Deployment Solution 6.8 SP2

335

Note The DS Installer does not detect the version of MDAC that is installed. The Deployment Web Console requires MDAC version 2.71 or later to install. If the version of MDAC is earlier than 2.71, the Web console displays a target of invocation error. See also Deployment Console on page 332 and Deployment Server Components on page 331.

Deployment Server System Requirements


The following are the system requirements for Deployment Server components and the network environment.

Network
TCP/IP is used for communication between all Deployment Server components. If you have a NetWare file server for your Deployment Share, IPX can also be used to communicate with this component. For Windows 2000 systems, you must set up Active Directory with the Permissions compatible with pre-Windows 2000 option. If you select the Permissions compatible only with Windows 2000 servers option the Deployment Server cannot manage domain accounts for you. If you are using Windows 2000 only permissions, change them to the pre-2000 option from the Windows Start menu. Open a DOS prompt to add the group Everyone by typing the following:

net localgroup Pre-Windows 2000 Compatible Access Everyone / add


Restart all domain controllers for the change to take effect.

Deployment Server
RAM: 256 MB Disk Space: 200 MB

Component

Hardware

Software

All components require Pentium III processors Deployment Server RAM: 256 MB Disk Space: 200 MB RAM: 128 MB
Disk Space: 3.5 MB

Windows 2000 Server and Advanced Server Windows Server 2003 (SP1)

Deployment Console

Windows 2000 Professional, Server and Advanced Server Windows XP Professional Windows Server 2003 (SP1)

Altiris Deployment Solution 6.8 SP2

336

Component
Altiris PXE Server

Hardware
Memory: 128 MB Disk Space: 25 MB (for boot files)

Software
DHCP server (must be on the network, but does not have to be on the same computer as an Altiris PXE server) Windows 2000 Server or Advanced Server Windows Server 2003 (SP1)

Deployment Database

Memory: 128 MB Disk Space: 55 MB (for program files), plus space for data. Memory: 128 MB Disk Space: 100 MB for Deployment Server program files plus space for storing files (image, boot, .RIP, and so on) Memory: 128 MB

(Microsoft SQL ServerTM 2000 (SP3) or MSDE 2000 (SP3)

Deployment Share (File server for storage)

Windows 2000 Server or Advanced Server Windows Server 2003 (SP1) NetWare (File server only. Cannot be used for any other components). Windows 2000 Professional, Server or Advanced Server Windows XP Professional Windows Server 2003 (SP1) MS IIS 5.5 MDAC 2.71 or later.

Deployment Web Console

Deployment Agents
Deployment Agent requirements are the same as the target operating system. The Deployment Agent requires around 5 MB disk space. See the following sections for additional information: Installing the Deployment Agent on page 346 Installing Deployment Agent on Linux on page 350 Installing the Automation Agent on page 352 Managing Licenses on page 352

Simple Install for Deployment Server


The Simple Install places all Deployment Server Components Deployment Server, Deployment Console, Deployment Share, and Deployment Databaseon the same computer. You can install the Deployment Server with a Microsoft Desktop Engine (MSDE) from the Simple Install. The Deployment Web Console is installed during a Simple Install (and during a silent install) if the Microsoft IIS services and .NET frameworks are running on the selected computer.

Altiris Deployment Solution 6.8 SP2

337

You can download the Altiris Deployment Solution either from the Altiris product CD or from www.altiris.com.

AltirisDeploymentSolutionWin_6_8 installs all Windows components of Deployment Solution. Using the Simple Install option, you can install MSDE 2000 on a local computer if a database is not already installed.

Note Simple installation works only with a default Microsoft SQL 2000, SQL 2005, or MSDE install.

To run a simple install


1. 2. Start the server and log on using the administrator account you created for the Deployment Server. See Deployment Server System Requirements on page 336. Launch the appropriate Altiris Deployment Server installation file and follow the setup steps. The Deployment Server self-extracting install dialog appears. 3. Click the Use current temp folder option to use the current temporary folder to download installation files or Extract to a specific folder option to set a path to an existing folder to download installation files. Click Extract and Execute App to extract and execute the application immediately. Note The default installation directory is DSSetup on C drive. 4. 5. 6. 7. Click Simple Install. Select Include PXE Server. This option installs the Altiris PXE Server. See Altiris PXE Server on page 334. This is optional. Click Install. Click Yes to the Software License Agreement. Enter the following information in the Install Information screen: a. In File Server path, enter the drive letter and the path to install the Deployment Server program files. (The default path is C:\Program Files\Altiris\eXpress\Deployment Server.) Select Create eXpress share to create a Deployment Share on the computer. The Deployment Share lets you store files on the computer and run Deployment Server system applications. See Deployment Share on page 334. Click License File and browse to locate a license file (.LIC file). This is the activation key you received when you registered your Altiris software. Click Upgrade using existing license to upgrade the installation using an existing license. If you do not have a license file, click Free 7 day license. The installation continues and lets you use a free evaluation license file. See the Altiris Getting Started Guide for further licensing information.

b.

c.

Altiris Deployment Solution 6.8 SP2

338

Note You do not need to apply a license key to activate the HP Thin Client t5000 Series. This managed client computer automatically receives a non-expiring license when connected to the console. d. Enter an administrator user name and password for the Deployment Server system. This account must already exist. By default, the name you are currently logged on as appears. If you use a domain account, enter the domain and the user name (Example: Domain1\administrator). Click Next. The Installation Information dialog displays the selected Deployment Server components to be installed. Note If you are upgrading your installation, the message Do you want to replace the share? appears. Click Yes and continue. If you click No, a message appears, stating that the share is already in use and you need to manually set the share to point to the correct directory. Click OK to this message. 8. Click Install to install the components listed on the summary screen, or click Back to modify settings before starting the installation. The installation process begins and can take several minutes to complete. The Installation Information dialog appears asking if you want to install clients. Enable Sysprep Support. Select this option to enable Sysprep support. Provide the location of the Microsoft Sysprep files. Remote Install Clients. Select this option if you want to push the Deployment Agent to computers running the Windows 2000, XP, and Windows Server 2003 operating systems. Install add-ons to provision server hardware. Select this option to install the add-ons for Dell computers. Note This option is enabled on Dell computers ony when add-ons are present in the oeminstall-addons section of the oeminstall.ini file located in the eXpress directory. 10. After the installation is complete, click Finish. You have successfully completed a Simple install for a Deployment Server system. Click the Deployment Console icon on your desktop to view all computer resources running Deployment Agents configured for your Deployment Server. Note Antivirus applications can delete service .EXE files or can disable services. For example: when you run the Deployment Server Win32 Console, the Unable to connect to the Altiris Deployment Server DS Management Server. Please ensure this service is started and running currently. error appears. This occurs because the service files are deleted by the antivirus application during scanning. To resolve this issue, disable the antivirus software and reinstall Deployment Server. See Custom Install for Deployment Server on page 340.

e.

9.

Altiris Deployment Solution 6.8 SP2

339

Custom Install for Deployment Server


The Custom Install lets you distribute all Deployment Server Components Deployment Server, Deployment Console, the Deployment Share, and the Deployment Databaseon different computers. You can install Deployment Server with Microsoft Data Engine (MSDE) or install it to an existing SQL Server. You can download the Altiris Deployment Solution either from the Altiris product CD or from www.altiris.com.

AltirisDeploymentSolutionWin_6_8 installs all Windows components of Deployment Solution. Select the Custom install option to add new components or to install Deployment Solution to an existing database.

To run a custom install


1. 2. Start the server and log on as the administrator account you created to run Deployment Server. See Deployment Server System Requirements on page 336. Launch the appropriate Altiris Deployment Server installation file and follow the setup steps. The Deployment Server self-extracting install dialog appears. 3. Click the Use current temp folder option to use the current temporary folder to download installation files, or click the Extract to a specific folder option to set a path to an existing folder to download installation files. The default path is the DSSetup directory in the C drive. Click Extract and Execute App to extract and execute the application immediately. Click the Custom Install option if any of the following conditions exist: You are using the NetWare file server as a Deployment Share. You are managing many computers and require a distributed architecture to meet bandwidth restrictions and other design requirements. 5. 6. Click Install. Click Yes to the Software License Agreement. Install the Deployment Share and enter the license file location: In File Server path, enter the drive letter and the path to install the Deployment Server program files. The default path is C:\Program Files\Altiris\eXpress\Deployment Server. Select Create Deployment Share to create a Deployment Share in the system. The Deployment Share lets you store files on the computer and run Deployment Server system applications. The Deployment Share can be on a Microsoft Windows server or Novell NetWare server. (You can only create the share if it is on a Microsoft Windows Server; the Novell share should already be set up.) See Deployment Share on page 334. Click License File and browse to locate the license file (.LIC file). This is the activation key you received when you registered your Altiris software. Click Upgrade using existing license to upgrade the installation using an existing license. If you do not have a license file, click Free 7 day license. The

4.

Altiris Deployment Solution 6.8 SP2

340

installation continues and lets you use a free evaluation license file. See the Altiris Getting Started Guide for further licensing information. Click Next. Note You do not need to apply a license key to activate the HP Thin Client t5000 Series. This managed client computer automatically receives a non-expiring license when connected to the console. 7. Enter the Deployment Server information. Select the computer to install Deployment Server, the services that controls the flow of the work and information between the managed computers and Deployment Server components. Install the Deployment Server on this computer or on a remote computer. Enter a static IP address for the Deployment Server computer to ensure that the IP address remains constant. Type the port information in the Port field. Enter the path where the Deployment Server should be installed. Provide the account information that already exists on the Deployment Share and the Deployment Server. Click Next. See Deployment Server on page 332. 8. Enter the Deployment Database information. Identify where you want to install the database, or select an existing Microsoft SQL Server from the list of computers. See Deployment Database on page 333. Note If you have multiple instances of the Microsoft SQL Server already set up, you can identify a specific database instance in this field using the format: <SQL Server Name>\<database instance>. Depending upon the selection of SQL Server instance, the default port at which the selected instance is listening appears in the SQL Port Number field. You can edit the port number if you have manually entered the SQL Server name or if the port number does not appear automatically due to some firewall restriction. You can select a different name other than eXpress for your Deployment Database. Type the alternate name in the Database Name field and click Next. 9. Identify the type of Deployment Database authentication to be used. Enter the user name and password if SQL Server authentication is used. Click Next. If a previous installation of the Deployment Database is detected, a message appears asking whether you want to preserve or overwrite the existing database. Note You cannot use the remote SQL database with NT authentication on a remote computer if you don't have administrative rights on the computer. 10. Enter the Pre-boot Operating Systems information required for Boot Disk Creator. Select any one of the four options from FreeDos, MS-DOS, Linux, and Windows PE. Click Browse to select the FIRM file (for FreeDos and Linux operating systems) or enter the path for the location of the operating system files (for MS-DOS and Windows PE). Note If you are using a free evaluation license you cannot use the WinPE Add On Packages.

Altiris Deployment Solution 6.8 SP2

341

11. Enter PXE Server information. Click Next. See Altiris PXE Server on page 334. Select the pre-boot operating system to use as the default PXE boot menu item. You can select DOS, Linux, or Windows PE. If you want to use the previously installed pre-boot operating system, select the Keep Default option. 12. Enter information on how you want to connect your managed computer to the Deployment Server. Click Connect directly to Deployment Server and provide the DS IP address and Port or click Discover Deployment Server using TCP/IP multicast and provide the Server name. If the Server name field is left blank it finds the first Deployment Server that responds. 13. Enter Deployment Console information. Select whether you want to install the Deployment Console on the computer you are working or on a remote computer. 14. Provide information for installing the Deployment Web Console on the computer you are currently installing from. This computer must be running Microsoft IIS .NET framework. You must provide information about the path where you want to install the Deployment Web Console and also valid user credentials. Click Next. See Deployment Web Console Information on page 364. Note This option is disabled if Microsoft IIS is not detected. 15. The Installation Information dialog displays the selected Deployment Server components to be installed. Note If you are upgrading your installation, the message Do you want to replace the share? appears. Click Yes and continue. If you click No, a message appears stating that the share is already in use and you need to manually set the share to point to the correct directory. Click OK. 16. Click Install to install the components listed on the summary screen, or click Back to modify settings before starting the installation. The installation process begins, and can take several minutes. 17. Install Deployment Agent to the client computers. The Installation Information dialog appears asking whether you want to install clients. Enable Sysprep Support. Select this option to enable Sysprep support. Provide the location of the Microsoft Sysprep files. Remote Install Deployment Agent. Select this option if you want to push the Deployment Agent to computers running the Windows 2000, XP, and Windows Server 2003 operating systems. Install add-ons to provision server hardware. Select this option to install the add-ons for Dell computers. Note This option is enabled on Dell computers ony when add-ons are present in the oeminstall-addons section of the oeminstall.ini file located in the eXpress directory. 18. After the installation is complete, click Finish.

Altiris Deployment Solution 6.8 SP2

342

You have successfully completed a Custom install for a Deployment Server system. Click the Deployment Console icon on your desktop to view all the computer resources running Deployment Agents configured for your Deployment Server. See Simple Install for Deployment Server on page 337.

Thin Client Install for Deployment Server


The Thin Client installation option lets you install the Thin Client view of the Deployment Console on your computer.

To install Thin Client


1. 2. 3. 4. 5. 6. Double-click axinstall.exe. Select the Thin Client Install option on the Deployment Server Install Configuration dialog and click Next. (Optional) Select Include PXE Server. This option installs the Altiris PXE Server. See Altiris PXE Server on page 334. Enter the user name and password of the Deployment Server service on the Deployment Share Information dialog and click Next. Select a default pre-boot operating system or select None and click Next. Click Install on the Installation Information screen.

The Thin Client is installed.

Component Install for Deployment Server


The Component installation option lets you add selected Deployment Server Components Deployment Console, Deployment Web Console, Altiris PXE Server, and Deployment Agents to the existing Deployment Share. Additionally, you can also add Microsoft Sysprep files.

To install components
1. 2. Start the server and log on with the administrator account you created to run Deployment Server. See Deployment Server System Requirements on page 336. Launch the appropriate Altiris Deployment Server installation file and follow the setup steps. The Deployment Server self-extracting install dialog appears. 3. 4. 5. 6. 7. Click Extract and Execute App. Click Add Component. Click Install. Click Yes to the Software License Agreement. Enter a path for the Deployment Share. Click Next. Select the Components to install. Install an additional Deployment Console. Click this option to install another Deployment Console (a Windows executable) on another computer. You can add as many Deployment Consoles as required to manage from multiple consoles across your system, but you can install only one at a time.

Altiris Deployment Solution 6.8 SP2

343

Install an additional Deployment Web Console. Click this option to install an additional Deployment Web Console on the local computer. The Web console is installed on the local computer if the computer is running Microsoft IIS. See Deployment Web Console Information on page 364. Install an additional Altiris PXE Server. Use this option to add additional Altiris PXE Servers across a network segment to handle boot requests for large environments. Master PXE Server. When you add another Altiris PXE Server, the Altiris PXE Server installed initially is designated as the Master PXE Server. The Master PXE Server works concurrently with any additional Altiris PXE Server to handle boot requests across the network segment, but it also allocates additional blocks of IP addresses to other Altiris PXE Servers in the system. For all the available options for installing Altiris PXE Server, see Altiris PXE Server Install on page 363. Install additional Deployment Agents. Click this option to install additional Deployment Agents on client computers, setting up managed computers in the Deployment Server system. Add Microsoft Sysprep files. Click this option to install the Microsoft Sysprep files, if you did not install them earlier. See Sysprep on page 365. 8. Click Next. The Deployment Console Information dialog appears. 9. Select the computer to install the component and click Next. Note If you select the On a remote computer option, you have to browse and select the remote computer. 10. Click Install to install the components listed on the summary screen, or click Back to modify settings before starting the installation. The installation process begins, and can take several minutes. 11. The Installation Information dialog appears specifying that the installation has been successful. Click Finish. Install add-ons to provision server hardware. Select this option to install the add-ons for Dell computers. Note This option is enabled on Dell computers ony when add-ons are present in the oeminstall-addons section of the oeminstall.ini file located in the eXpress directory. Note Install add-ons to provision server hardware is the only option available on the Installation Information Summary dialog when you select Component Install.

Installing Deployment Solution Agents


Each client computer requires the Deployment Agent to run as the Production Agent on a local hard disk, which communicates with the Deployment Server and registers in the

Altiris Deployment Solution 6.8 SP2

344

Deployment Database. For Windows and Linux client computers, Deployment Solution lets you push agent software to a client computer from a Deployment console, or you can pull the Deployment agent from the client computer from the Deployment Web Console (or pull it from the Deployment Share). You can install an embedded (recommended) or hidden automation partition, which contains an Automation Agent that establishes communications with the Deployment Server to run the deployment jobs that have been assigned to the client computer. See Install Automation Partition on page 137. The Deployment agents for handhelds are