Documente Academic
Documente Profesional
Documente Cultură
DEPLOYMENT SOLUTION
6.5
REFERENCE GUIDE
Notice
Copyright 1996 - 2005 Altiris Inc. All rights reserved.
Product Version: 6.5
Document Date: September 8, 2005
Protected by one or more of the following U.S. Patents: 5764593, 6144992, 5978805, 5778395, 5907672, 4701745, 5016009,
5126739, 5146221, 5414425, 5463390, 5506580. Other patents pending.
Due to the inherently complex nature of computer software, Altiris does not warrant that the Altiris software is error-free, will
operate without interruption, is compatible with all equipment and software configurations, or will otherwise meet your needs.
The content of this documentation is furnished for informational use only, is subject to change without notice, and should not be
construed as a commitment by Altiris. Altiris, Inc. assumes no responsibility or liability for any errors or inaccuracies that may
appear in this documentation. For the latest documentation, visit our Web site at www.altiris.com.
Altiris, the Altiris logo, BootWorks, Eality, ImageBlaster, Inventory Solution, PC Transplant, RapiDeploy, RapidInstall, and Vision
are registered trademarks of Altiris, Inc. in the United States. Altiris, the Altiris Logo, and ManageFusion are registered trademarks
of Altiris, Inc. in other countries.
Altiris Connector, Altiris eXpress, Altiris Protect, Application Management Solution, Application Metering Solution,
Asset Control Solution, Asset Management Suite, Carbon Copy Solution, Client Management Suite, Compliance Toolkit,
Connector Solution, Contract Management Solution, Deployment Server, Deployment Solution, Energy Saver Toolkit,
Education Management Suite, Handheld Management Suite, Helpdesk Solution, Lab Management Suite, ManageFusion,
Migration Toolkit, Mobile Client for SMS, Monitor Solution, Network Discovery, Notification Server, Package Importer,
Patch Management Solution, Problem Management Suite, Recovery Solution, Security Solution, Server Management Suite,
Site Monitor Solution, Software Delivery Solution, SNMP Management, Software Delivery Suite, TCO Management Solution,
UNIX Client for SMS, Web Administrator, Web Reports, and other product names are trademarks of Altiris, Inc. in the United States
and other countries.
Audit on Connecct, Audit on Detect, AuditExpress, Scan on Detect, and SecurityExpressions are a trademarks of Pedestal Software
Inc. in the United States.
WebLens and Guaranteeing Your Net Works is a registered trademarks of Tonic Software Inc. in the United States.
WebInsight and RUM are a trademarks of Tonic Software Inc. in the United States.
Microsoft, Windows, and the Windows logo are trademarks, or registered trademarks of Microsoft Corporation in the United States
and/or other countries.
HP and Compaq are registered trademarks of the Hewlett-Packard Corporation.
Dell is a registered trademark of Dell Inc.
Macintosh is a registered trademark of the Apple Computer Corporation.
Palm OS is a registered trademark of Palm Computing, Inc.
BlackBerry is a service mark and a trademark of Research In Motion Limited Corporation.
RIM is a service mark and trademark of Research In Motion (RIM).
All other brand names are trademarks or registered trademarks of their respective companies.
PostgreSQL is released under the BSD licence.
PostgreSQL Database Management System (formerly known as Postgres, then as Postgres95)
Portions Copyright 1996-2004, The PostgreSQL Global Development Group
Portions Copyright 1994, The Regents of the University of California
Altiris Deployment Solution Reference Guide
Notice
Permission to use, copy, modify, and distribute this software and its documentation for any purpose, without fee, and without a
written agreement is hereby granted, provided that the above copyright notice and this paragraph and the following two paragraphs
appear in all copies.
IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT,
SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, ARISING OUT OF THE USE
OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF THE UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.
THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
THE SOFTWARE PROVIDED HEREUNDER IS ON AN AS IS BASIS, AND THE UNIVERSITY OF CALIFORNIA HAS
NO OBLIGATIONS TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
DHCP Copyright
Following is the copyright on the ISC DHCP Server:
Copyright 2004 Internet Systems Consorium, Inc. (ISC)
Copyright 1995-2003 Internet Software Consortium.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the distribution.
* Neither the name of ISC, ISC DHCP, nor the names of its contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY INTERNET SYSTEMS CONSORTIUM AND CONTRIBUTORS AS IS AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ISC
OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
Apache License Version 2.0, January 2004 http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions. License shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1
through 9 of this document.
Licensor shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
Legal Entity shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition, control means (i) the power, direct or indirect, to cause the direction
or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding
shares, or (iii) beneficial ownership of such entity.
You (or Your) shall mean an individual or Legal Entity exercising permissions granted by this License.
Source form shall mean the preferred form for making modifications, including but not limited to software source code,
documentation source, and configuration files.
Object form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not
limited to compiled object code, generated documentation, and conversions to other media types.
Work shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work.
Derivative Works shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for
which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship.
For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by
name) to the interfaces of, the Work and Derivative Works thereof.
Contribution shall mean any work of authorship, including the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright
owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition,
Altiris Deployment Solution Reference Guide
Notice
submitted means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including
but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are
managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that
is conspicuously marked or otherwise designated in writing by the copyright owner as Not a Contribution.
Contributor shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by
Licensor and subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a
perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works
of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by
such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the
Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or
counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory
patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such
litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You meet the following conditions:
(a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution
notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
(d) If the Work includes a NOTICE text file as part of its distribution, then any Derivative Works that You distribute must include
a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part
of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative
Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by
the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for
informational purposes only and do not modify the License.
You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the
NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You
may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the
Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have
executed with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the
Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of
the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT,
MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this
License.
8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as
a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work
stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been
advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to
offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with
this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not
on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END
OF TERMS AND CONDITIONS
Sun's Java Runtime
Notice
Copyright 1994-2004 Sun Microsystems, Inc. All Rights Reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:
* Redistribution of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistribution in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the distribution.
Neither the name of Sun Microsystems, Inc. or the names of contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
This software is provided AS IS, without a warranty of any kind. ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN
MICROSYSTEMS, INC. (SUN) AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY
LICENSEE AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO
EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT,
INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND
REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS
SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
You acknowledge that this software is not designed, licensed or intended for use in the design, construction, operation or
maintenance of any nuclear facility.
OpenSSL License
Copyright 1998-2003 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgment:
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)
4. The names OpenSSL Toolkit and OpenSSL Project must not be used to endorse or promote products derived from this
software without prior written permission. For written permission, please contact openssl-core@openssl.org.
5. Products derived from this software may not be called OpenSSL nor may OpenSSL appear in their names without prior
written permission of the OpenSSL Project.
6. Redistributions of any form whatsoever must retain the following acknowledgment:
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
Contents
Notice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Chapter 1: Introduction to Deployment Solution
Features of Deployment Solution
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
37
38
38
38
39
40
41
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
47
47
48
49
49
49
49
49
50
50
50
51
51
51
51
52
52
53
54
6
Contents
Managing Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using the License Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Install a Regular License for Altiris Products
......................................
HP client computers and licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Install Multiple Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Adding a License from the Deployment Console
......................................
RDP Licensing
................................................................
Finding the Number of Licenses Used
..............................................
Computers Not Using a Regular License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Detecting an Expired License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Expired Licenses
..............................................................
57
58
59
59
60
60
60
61
61
61
62
DS Installation Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Install Configuration
............................................................
Installing Deployment Server
.....................................................
Installing Deployment Server using Component Install
.................................
Deployment Server Install
.......................................................
Pre-boot Operating System (Simple)
..............................................
Pre-boot Operating System (Custom)
.............................................
Deployment Database Install
.....................................................
PXE Server Install
.............................................................
Client Connection to Server
......................................................
Deployment Web Console Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Sysprep
.....................................................................
Installing Components
..........................................................
Simple and Custom Installation Summary
...........................................
Add Components Summary
......................................................
Deployment Database Authentication
..............................................
Add Components
..............................................................
Console Install
................................................................
62
62
63
64
64
64
65
65
66
66
67
67
67
67
68
68
68
68
73
73
74
77
77
78
79
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Contents
89
90
90
91
91
92
92
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
96
96
96
97
98
98
98
98
99
99
99
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
111
112
112
114
115
116
116
116
117
117
118
Contents
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Deployment Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Deployment Agent Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Production Agent Settings
......................................................
Changing Deployment Agent Properties from a Client Computer
........................
Changing Deployment Agent Properties from the Deployment Console
...................
Server Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Access
..................................................................
Security
.................................................................
Log File
.................................................................
Proxy
...................................................................
Startup/Shutdown
.........................................................
Deployment Agent on Linux
.....................................................
Automation Agent Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Drive Mappings
...........................................................
Authentication
............................................................
Network
.................................................................
.Deployment Agents for Pocket PC
...............................................
Connections to the Handheld . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Pocket PC Agent
..........................................................
Pocket PC Client
..........................................................
Deployment Agent on CE .NET
..................................................
Managing Client Connections
118
119
120
121
121
122
122
123
123
124
124
125
125
126
126
126
127
128
128
129
129
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Computer Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Hardware
...................................................................
Drives
......................................................................
Network Configuration
.........................................................
TCP/IP
.....................................................................
Applications
.................................................................
Services
....................................................................
Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Location
....................................................................
Bay
.......................................................................
Lights-Out
..................................................................
131
132
132
132
132
132
133
133
133
133
133
134
134
136
137
137
137
138
139
140
140
140
141
141
141
142
142
143
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Contents
144
145
146
146
146
147
147
148
148
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
155
156
157
157
157
158
158
158
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Deployment Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating a Disk Image
.........................................................
SysPrep Settings
..........................................................
Create Disk Image Advanced
................................................
Distributing a Disk Image
.......................................................
Distribute Disk Image-Resizing
...............................................
Distribute Disk Image-Additional Options
.......................................
Scripted OS Install
............................................................
Scripted Install for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Select OS Version and Language
.............................................
Installation Source Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Operating System-Source Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Partition and Format Disk
...................................................
Import an Answer File
......................................................
Answer File Setup
.........................................................
Add a New Variable Value or Section
..........................................
Add a New Variable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Command-line Switches for Scripted Install
.....................................
Deployment Agent Settings for Scripted Install
...................................
Scripted Install Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Scripted Install for Linux
.......................................................
Scripted Install Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
162
163
164
164
165
166
166
167
167
168
169
169
170
170
170
171
171
171
172
172
172
172
10
Contents
Distributing Software
..........................................................
Distribute Software Advanced
................................................
Capturing Personality Settings
..................................................
Capture Personality Advanced
...............................................
Distributing Personality Settings
.................................................
Distribute Personality Advanced
..............................................
Modifying Configuration
........................................................
Backing up and Restoring Registry Files
...........................................
Get Inventory
................................................................
Run Script
..................................................................
Script Information
.........................................................
Using LogEvent and WLogEvent in Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Copy File to
.................................................................
Copy File to Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Power Control
...............................................................
172
174
174
175
175
176
176
177
177
177
178
180
180
181
182
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
189
189
190
191
191
192
192
193
193
193
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
197
197
197
198
Migrations
......................................................................
Capture User Application Settings
................................................
Capture User Desktop Settings
..................................................
Capture User Microsoft Office Settings
............................................
Capture User Printer Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
198
198
198
199
199
Misc Jobs
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
11
Contents
200
200
200
201
201
201
202
202
202
202
202
203
203
Pocket PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Distribute Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Install Altiris Pocket PC Agent
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Scripted OS Installs
..............................................................
Create W2K Install Disk Image (Target HD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
W2K Scripted Install (Target HD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Create RH7 Install Disk Image (Network) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Create RH7 Install Disk Image (Target HD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
RH7 Scripted Install (Network) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
RH7 Scripted Install (Target HD)
.................................................
Create RH8 Install Disk Image (Network) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
RH8 Scripted Install (Network) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
204
204
205
206
206
207
208
208
209
Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Send Email if Disk Space Low (Linux)
.............................................
Logevent Script (Linux) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Restart HTTPD Service (Linux)
..................................................
Move Computer to Default Container (Windows) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Move Computer to Specific OU (Windows)
.........................................
Send Error Email (Windows)
....................................................
Server-side Embedded VBScript (Windows)
........................................
WLogevent CMD Script (Windows)
...............................................
WLogevent VB Script (Windows)
.................................................
209
210
210
210
210
211
211
211
211
212
XP Embedded . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Disable Enhanced Write Filter
...................................................
Enable Enhanced Write Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Distribute RapidInstall Package
..................................................
212
212
212
212
213
214
215
215
216
216
216
216
217
217
217
218
12
Contents
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
General Option
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Authentication Option
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Connections Option
Debug Option
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
228
229
229
229
230
230
231
231
231
232
232
233
233
233
234
234
234
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
239
239
240
240
240
241
241
241
242
242
243
243
244
244
13
Contents
246
246
247
247
248
248
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
249
250
250
250
251
251
252
253
254
254
255
255
256
256
257
257
257
257
257
257
258
258
258
258
258
259
259
259
259
259
262
264
265
265
265
14
Contents
Windows PE
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
268
268
268
268
269
269
269
270
270
270
271
272
272
273
273
274
274
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
281
281
282
282
283
283
283
283
284
284
284
286
287
HTTP Imaging
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
288
288
288
290
291
292
293
293
294
15
Contents
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
308
308
308
309
309
310
310
310
311
311
312
312
313
Troubleshooting RapiDeploy
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
321
321
321
322
322
322
322
322
322
322
322
323
323
324
324
325
325
325
326
326
327
327
327
328
329
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
16
Contents
334
335
335
336
336
336
337
337
337
338
338
338
338
339
339
340
340
343
344
344
345
346
348
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
348
349
349
350
350
351
351
351
352
352
353
353
359
359
359
360
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
17
Contents
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
Computer Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
General
.................................................................
Network
.................................................................
TCP/IP
..................................................................
Location
.................................................................
Bay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Lights-Out
...............................................................
Hardware
................................................................
Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Applications
..............................................................
Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Devices
.................................................................
Remote Operations
363
364
365
366
366
366
368
368
368
369
369
369
369
370
370
370
370
370
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
Deployment Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating a Disk Image
.........................................................
Create Disk Image Advanced
................................................
Distributing Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Distribute Disk Image- Resizing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Distribute Disk Image-Additional Options
.......................................
Distributing Software
..........................................................
Distribute Software-Advanced
................................................
Capturing Personality Settings
..................................................
Capture Personality-Advanced
...............................................
Distributing Personality Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Distribute Personality Advanced
..............................................
Modifying Configuration
........................................................
Backing up and Restoring Registry Files
...........................................
Get Inventory
................................................................
Run Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Advanced Run Script Options
................................................
Copy File
...................................................................
Copy File Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Power Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Copy Jobs and Job Folders
Importing and Exporting Jobs
376
377
378
379
380
380
381
382
383
383
384
384
385
385
385
385
386
387
388
388
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
18
Contents
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390
Initial Deployment
................................................................
Configurations
...............................................................
Jobs
.......................................................................
Options
....................................................................
391
392
392
393
Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
Chapter 21: Deployment Solution Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
Deployment Server Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
How Deployment Server Components Work Together
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
Deployment from Notification Server Architecture
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
Design Scenarios
................................................................
Two-tier Distributed Model
......................................................
Three-tier Reporting Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Installation Variables
..........................................................
403
403
405
407
411
411
412
414
415
416
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
420
420
421
421
Reporting Errors
.................................................................
DOS/CMD Error Handling
......................................................
Visual Basic Error Handling
.....................................................
Linux Shell ErSror Handling
.....................................................
422
422
423
423
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426
426
426
426
427
19
Contents
Windows CE .NET
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428
Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428
Licensing Thin Clients
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434
436
436
437
438
439
440
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
444
444
446
447
449
450
450
451
453
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
20
Chapter 1:
To scale upwards and manage multiple Deployment Server systems across your organization,
Deployment from the Altiris Console (on Notification Server) centralizes reporting and management
and allows you to integrate additional Altiris web solutions to unify IT operations from a single
console.
What Can I Do with Deployment Solution?
Deploy. Manage. Migrate. Regardless of your organizations size or special IT requirements,
Deployment Solution provides a complete system to cut costs and improve response times for both
big and small jobs.
21
Manage from a remote console. Deploy, control, and manage all types of computers across your
organization from a remote Deployment console. Use the feature-rich Deployment Server Console
for real-time management of computers, or access the Deployment Web Console from a web
browser on your preferred OS. Use Deployment from the Altiris Console to integrate reporting and
management across multiple network segments and to provide scalability and integration with other
web management solutions. See Managing from the Deployment Console on page 89.
Migrate data, applications, and personal settings. Through easy-to-use wizards, migrate data and
settings from a retiring computer to a new computer by capturing desktop, network, and application
settings. Redeploy these personal settings remotely from a Deployment console. See New Job
Wizard on page 155.
Upgrade and install software. Manage system software on a day-to-day basis for desktops, servers,
notebooks, and handhelds to upgrade applications, install service packs, set up printer drivers, and
modify systems as needed. Deployment Solution provides upgrade capabilities for all mobile
computers by deploying to remote sites as needed by traveling personnel. See Distributing
Software on page 172.
Deploy computers in large groups. Easily deploy and configure large numbers of computers
across an organization. Install hard disk images to groups of new or existing computer types using
multicasting features. Install software and personality settings with common applications, data and
drivers. Run post-configuration jobs or automated scripts to assign unique security IDs, configure
user names, and set IP addresses using deployment jobs. See Managing Computers on page 106.
Deploy and manage servers. Administrate all types of web and network servers, including ultra
high-density server board inserts. Automatically redeploy servers based on deployment history and
saved server images, or use automated scripted installs with easy-to-create answer files. Operating
systems can be installed as image files or run as scripted installsor as a combination strategy
(especially nice for managing ultra-dense server farms). See the Deployment Solution Reference.
Respond to common help desk requests. Remotely browse, diagnose, and repair problems on
systems without ever leaving a Deployment console. Detailed hardware and software inventories,
along with remote control and chat features, help simplify remote diagnosis of common problems.
See Remote Operations Using Deployment Solution on page 134.
Recover from disaster. Ease the pain of accidents by automatically backing up and restoring
configurations, personalities, registries, partitions, and drives remotely from a Deployment console.
Using the saved history of all deployment jobs assigned to a computer makes it easy to restore a
system to a previous working state. See Restoring a Computer from its Deployment History on
page 136.
Each Deployment Server system includes services, applications, and utilities for high-bandwidth,
real-time deployment, and includes a web console to perform IT duties from a web browser.
Deployment from the Altiris Console integrates multiple Deployment Server systems for generating
deployment reports across the enterprise and adds other web IT solutions, such as the Inventory,
Application Metering, Carbon Copy and other solutions of the Client Management Suite.
22
The Computers pane displays all computer resources managed by a Deployment Server system.
It includes features to right-click and remotely execute operations on managed computers. From
this pane you can drag computer icons to job icons to schedule deployment and management
tasks.
The Jobs pane executes and schedules deployment tasks for selected computers. Using one or
more sequenced jobs, you can image, configure computer settings, distribute packages, and run
scripts by dragging Job icons to individual computers or computer groups and scheduling an
advantageous time to execute. It lets you schedule deployment jobs by dragging computer icons
to job icons, or vice versa.
The Details pane provides information and features to filter computers by type and build
deployment tasks. It extends the user interface features when working in the Computers and Jobs
panes.
From the Deployment Server Console (the Windows console), a Shortcut and Resources pane
organizes and provides easy access to MSI files, RIPs, image files (.img), Personality Packages
(.exe), and other file types. It functions as a library for packages used when building jobs in the
console.
23
Managing Computers
In addition, the Deployment Server Console furnishes your IT team with easy-to-use wizards to
simplify and expedite common deployment tasks. See also Managing from the Deployment
Console on page 89.
Managing Computers
From the Deployment Console you can directly manage all types of computers to perform immediate
deployment and management operations. From the Computers pane of the console, computer
resources can be grouped by location, department, type (portables, desktops or servers) and
organized to reflect your environment. You can run on-the-fly operations or quickly schedule
deployment jobs, or access each computer or computer group to change network settings, run a quick
disk image, or perform other immediate management tasks.
The console identifies each computer and computer groups with a unique icon. To access a
computer, simply click its computer icon to view configuration settings or run specific deployment
and management operations. Computer icons can be dragged to job icons to schedule and run preconfigured deployment tasks from the Windows console. In the Deployment web console, you can
manage computers using drop-down lists, secondary dialog boxes, and other familiar web features.
See also Managing Computers on page 106.
Managing with Computer Icons
Icons displayed in the Computers pane of the console help in identifying the computer types and
deployment status. Group icons can be expanded to view the member computers, and computer
types can be identified by specific icons: handhelds, desktops and notebooks, servers, computer
groups, and Linux computers. Computer icons can also identify the state of the managed computer
a logged in user, a computer waiting for further instructions, a user not logged in and other states of
deploymentwhen performing operations or executing deployment tasks on a selected computer.
See also Viewing Computer Details on page 107.
This icon identifies a managed desktop or notebook computer that
is active and has a user logged on.
This icon identifies a managed Windows network or web server
that is active and has a user logged on.
24
Create common deployment tasks quickly and easily using the New Event Wizard.
25
Imaging
Imaging
A primary task of Deployment Solution is to capture an image (clone of the hard drive) from a
reference computer and distribute the image to set up new computers or reinstall computers to their
basic configuration. You can create a library of image files on the Deployment Share (file server
storage) and schedule image jobs to different computer types as required.
Deployment Server allows you to push down a boot image remotely and execute the image either
DOS, Linux, Windows PE, or a PXE Server, eliminating the need to physically attend and boot each
managed computer. See also Creating a Disk Image on page 163, Distributing a Disk Image on
page 165, and New Job Wizard on page 155
Imaging from Deployment Server
Deployment Server includes multiple features to capture an image and lay it down to a new or
existing computer. You can use the Deployment Server Console to create and distribute disk images
using deployment tasks, such as the Quick Disk Image wizard shown below:
Pre-boot environments allows you to boot to automation to create and deploy images, back up and
restore a computers Registry file, or run other automation tasks. You can also boot to a Network
Server and run imaging files and other commands. See Boot Disk Creator Help, and PXE
Configuration Utility Help.
Migrating Computers
Deployment Solution provides various options to migrate operating systems, computer
personalities, software, or complete hard disk images. You can accomplish migration tasks
individually or as a single job.
26
The New Job Wizard steps you through each migration option, allowing you to capture a complete
hard disk image (to upgrade to a new computer), migrate a user to another operating system with the
same personality settings and applications, or to simply move personality settings from one
computer to the another. Using the New Job Wizard is one of the easiest ways to build deployment
tasks to migrate user data and settings.
Deployment Solution allows you to build sophisticated deployment jobs that automatically migrate
personalities, including deployment tasks to capture the users personality, migrate OS and software,
and then reconfigure the computer with the users original personality settings. You can also edit
Personality Packages or Rapid Install Packages (RIPs) on-the-fly using the PC Transplant Editor and
the Wise MSI Editor tools from the Deployment Server Console.
27
Chapter 1:
28
behavior of the RapiDeploy program that runs the imaging tasks. But instead of removing the
partitions from the client computer, selecting these options forced RapiDeploy to replace the
partitions on the client computer with those in the image.
The new UI provides several new options to mange the additional options. See Distribute Disk
Image-Additional Options on page 380.
Importing and exporting jobs
The Deployment Web Console is now capable of importing and exporting job folders.
Administrators and users, who have been granted the privileges to perform this function, can use this
feature to remotely restore and backup job folders without having to go to the Deployment Console.
See Importing and Exporting Jobs on page 389.
Importing Virtual Computers
This feature is already available through the Deployment Console, but it is new to the Deployment
Web Console. You can import computer configuration data files to set up computer accounts in the
Deployment database, from any computer that has the Deployment Web Console installed. See
Importing New Computers from a Text File on page 363.
Rejecting connections
The Deployment Web Console introduces the capability of rejecting computer connections to the
Deployment Server. The Reject Connection is a new Computer Action that will remove the client
computer's name and all of its information from the Deployment database. The client computer will
not be manageable until it associates with another Deployment Server. See Reject Client Computer
Connections on page 337.
Using Deployment Solution, you can also allow the rejected computer to connect to the Deployment
server and manage.
Distributing Notification Server software
The Deployment Web Console lets you distribute Notification Server software packages, such as
Agents, Pocket PC Client, PCT, and more, to client computers using the Distribute Software task in
deployment jobs. You can achieve this by using the Distributing Software task.
Use of Tokens
The Deployment Web Console allows the use of different Deployment Solution tokens while
specifying the computer name during configuration. This option is available only for multiple
computers. Refer to Define name range in Networking Settings.
Enhanced Role Based Security
The enhanced Role Based Security provides a robust environment for the Deployment Web
Console. Enhanced Role Based Security provides the administrators with rights to deny or allow
users to schedule jobs and permission to move a computer, job, group, or folder to another group or
folders.
A new security permission, Schedule this job is available in the Object Security dialog box for the
selected job. A user who has been denied this right for the job cannot schedule the job regardless of
other privileges.
A new security permission, Move Object is also available in the Object Security dialog box for the
selected computer, folder, job, or group. A user who has been denied this right cannot move a
computer, folder, job, or a group. See Enabling Security on page 344.
Active Directory support
Deployment Solution 6.5 supports adding groups from the Active Directory, and reading and using
Active Directory syntax for user identifications, example: email@domain.com. This support is valid
for all the instances where user names and domains are required.
Deployment Solution passes existing user credentials, that is, the credentials used by the users to
authenticate to NT to the Deployment Web Console, and does not require re-authentication to the
SQL database on startup.
29
Deployment Solution also authenticates users based on their group membership. Deployment
Solution provides the ability to set security assignments, such that any user who belongs to that
Active Directory group has the assigned rights in Deployment Solution. See Importing groups from
the Active Directory on page 102.
Reboot option
Deployment Solution ensures that if Reboot option is not specified, then the client computer will not
restart after the configuration has changed. Previously, the client computer had to restart after any
configuration changes were applied, and there was no way to control the restarting of the computer.
Deployment Solution 6.5 introduces Reboot after configuration option for configuration tasks. You
can find this option in the Networking tab of the Computer configuration page.
Deployment Server options
Deployment Solution 6.5 enables you to set all the options related to Deployment Server in one page
using the Deployment Web Console. The options that you can set are Role-based Security, Global,
Agent Settings, Speed of replication, and Deployment Server name and port information.
Previously, this feature was available only through the Deployment Console. See Deployment
Server Configuration on page 338.
Microsoft Sysprep
Deployment Solution provides you native support for Sysprep. It allows you to use Sysprep while
creating a disk image or distributing a disk image. This facilitates in building hardware generic
images while ensuring that they are in compliance with the MS support agreement.
You can modify the Sysprep settings and include a customizable answer file as well. A new option
is introduced for Create Disk Image and Distribute Disk Image tasks. You can
enter global values for Sysprep settings using Global tab of the Deployment Server Options feature.
30
31
32
Centrally manage all PXE Servers across the network. The boot menu options can be either
Shared or Local. By default, PXE Configuration opens in the Shared Configuration mode and
any new boot menu options or property settings you change, will affect all PXE Servers on the
network.
Create boot menu options using Boot Disk Creator from within PXE Configuration. You can also
import configurations Direct from floppy, or select User supplied to add your own files to the
MenuOption<number> folder.
Install DOS, Linux, or Windows PE pre-boot operating system files any time you want.
However, you must install at least 1 pre-boot operating system before you can create boot menu
options with Boot Disk Creator.
Set the order of boot menu options. When client computers PXE boot, the menu list displays the
boot menu options you created in the order you set.
Select which Shared boot menu option you want to be used as the default boot option on client
computers.
Enable and configure the level of logging for various PXE server functions and communications.
PXE Manager
When you do a Deployment Server Simple or Custom install, if you select Install PXE Server, the
PXE Manager Service will always install to the same computer as the Deployment Server. PXE
Manager synchronizes Local and Shared boot menu options with all PXE Servers on the network,
and communicates with the Deployment Server and the Deployment database. It stores all PXE boot
images and sends boot images to PXE servers that require them or need to be updated. It also keeps
track of the PXE Configuration Utility properties settings for each PXE Server you have on the
network and applies the modifications to each PXE server if there is a change.
PXE BIS integration
Boot Integrity Services (BIS) is easier to implement and manage. BIS is now centrally managed by
PXE Manager, which manages certificates through a cetral interface. Enable BIS from the PXE
Configuration Utility, provide a certificate password, and then install BIS Certificates to any
computer or group of computers from the Deployment Console.
Assign PXE boot menu options to automation tasks in a Deployment job
You can create 1 Deployment job with 2 tasks, and assign a different boot menu option to each of
the tasks. Example: assign a DOS boot menu option to a Run script task to update the client
computer's BIOS, and then assign a Windows PE boot option to a Create disk image task for
imaging.
Only Shared boot menu options can be assigned to the following automation tasks:
33
Run script
Scripted OS install
Backup registry
Restore registry
RapiDeploy performance
You can select which performance option you want to use when imaging client computers. By
default, the Performance field has change from Balanced for size and speed to Optimize for speed.
This new option makes it so there is less data compression, which increases the size of image files.
However, it will take less time to decompress an image file when it is restored to a client computer.
Enhanced status display from RapiDeploy to Deployment Server
This feature lets you view the imaging status for client computers from the Deployment Console
when an imaging job runs. The client computer is passed the parameter, -dsstatus, which returns the
imaging status to the Deployment Console.
Example: When the imaging job begins to run on the client computer, the Deployment Console will
display the status in the following format.
Client computer images
Uploading disk image (as master); Time Remaining:13:29(4% complete)
Multicasting images
Downloading disk image (as client); Time Remaining:6:54(32% complete)
Downloading disk image (as master); Time Remaining:6:54(32% complete)
The percentage displayed on the Deployment Console updates when the monitor refreshes. The
minimum refresh rate is 30. You must also select the display status option in the Deployment
Console, because this feature is not set as a default option. Do the following:
1
34
Convert old 4.5 format image file to new 5.6/6.0 format image file
Exclude volumes
35
Deployment Solution
Architecture on page 395
36
Chapter 2:
To install Deployment Agents on the client computer, see Installing Deployment Solution Agents
on page 47
Note: You can also install the Deployment Server components remotely from the Altiris Console.
All of these components can be installed on the same computer or distributed across multiple
computers as needed for your environment.
37
Deployment Console
The Deployment Console is the Win32 user interface for Deployment Solution. You can install this
Windows console on computers across the network to view and manage resources from different
locations. In addition, from this console, you can access the Deployment Database on other
Deployment Server systems to manage sites across the enterprise. See Connecting to Another
Deployment Server on page 104.
Deployment Console communicates with the Deployment Database and Deployment Server
services. In a Simple Install for Deployment Server, the Deployment Console is installed on the
same computer as all of the other components. In a Custom Install for Deployment Server, you need
to make sure that a connection is available to these computers and security rights are set. You will
need to have administrative rights on any computer running the Deployment Console.
See also Deployment Web Console on page 41, Managing from the Deployment Console on
page 89, and Deployment Server Components on page 37.
Deployment Server
Altiris Deployment Server controls the flow of the work and information between the managed
computers and the other Deployment Server components (Deployment Console, Deployment
Database, and the Deployment Share). Managed computers connect and communicate with the
Deployment Server to register inventory and configuration information and to run deployment and
management tasks. Computer and deployment data for each managed computer is then stored in the
Deployment Database.
Note: To view, start, or stop Deployment Server, go to the Altiris Server services in your Windows
Manager.
Managed computers require access to the Deployment Server at all times, requiring that you have
administrative rights on the computer running the Deployment Server.
Create a user account to run the Deployment Server. The service runs
as a logged in user, not as a system account. You must create this
account on all Deployment Server computers. The account must have
full rights to the Deployment Share. The account must have a nonexpiring password.
Assign a static IP address to the Deployment Server computer. Other
components will not be able to connect to the Deployment Server if you
use DHCP and dynamically change the IP address.
To install the Deployment Server on a remote computer, the default
NT/2000 administration shares must be present. Restore any shares
that have been removed before you install the Deployment Server.
Hint: Creating an administrative account using the same name and password on each computer will
be easier to remember than using the names and passwords of existing accounts.
Most packages (RIP, Personality Packages, and MSI files) are passed through the Deployment
Server. Therefore storing these files on the same computer as the Deployment Server can speed up
the deployment of these packages. Image files, however, are sent directly from the Deployment
Share to the client computer when executing an imaging task.
See also Deployment Server Components on page 37.
Deployment Database
The Deployment Database can be installed on Microsoft SQL Server 2000 or Microsoft Desktop
Engine (MSDE) 2000. See Deployment Server System Requirements on page 41.
38
Note: In Deployment Solution 6.0 and later, if you have multiple instances of the Microsoft SQL
Server already set up, you can identify a specific instance using this format: <database
instance>\express. Example: if you have a clustered Microsoft SQL Server named
The database maintains all of the information about the managed computers, such as:
Hardware.
General Information.
Configuration.
Applications. The applications installed and information about these applications, such as the name
of the application, Publisher, and Product ID
Services.
Devices.
Location information.
The Deployment Server Database also contains jobs and other data used to manage your computers.
Note: You can install a single Deployment Database per Deployment Server system--you cannot
have two databases storing data for a single computer. If the computer you are installing the database
to has an existing Microsoft SQL Server, then the Deployment Database will simply be added to
that instance of the database engine.
Deployment Share
Deployment Share is a file server or shared directory where Altiris program files and packages are
stored. The Deployment Share can be a shared directory (default Simple install in Program Files\
Altiris\eXpress\Deployment Server) or another file server (in the Custom install you can
assign a Microsoft Windows or Novell NetWare file server).
Deployment Share is where you store image files, registry files, MSI packages, Personality
Packages, script files, and more. When a computer is being deployed or managed, Deployment
Server will store and retrieve these packages from the Deployment Share as needed.
39
Deployment Share's hard drive gets full, other computers can be used as additional, backup storage
points. In some cases, other systems emulating a Microsoft or NetWare environment can be used as
the Deployment Share.
Note for NetWare users: If you have trouble using the Novell NetWare server as a Deployment
Share, install the Novell Client rather than the Microsoft NetWare Client.
See also Deployment Server Components on page 37.
PXE Server
The Altiris PXE Server provides client computers on a subnet the ability to boot into an automation
operating system.. When the Deployment Server sends a deployment job, the client computer
receives a request to boot reboot. PXE-enabled computers will connect to the first PXE Server they
discover and then load the PXE boot image which contains the automation operating system along
with an automation agent. The client's automation agent will then communicate with the
Deployment Server and receive the job that was scheduled for that computer.
You can install PXE Server on a Microsoft Server 2003, Windows 2000 Server and Advanced
Server. The PXE Server also functions on the same protocols as a standard DHCP Server so you can
place the PXE Server on any Windows server that you would place a DHCP server. You can also
install as many PXE Servers as required in your system, but you must also have a DHCP Server
servicing addresses to PXE-enabled clients in their scope.
The PXE Server sends a boot menu option list to the client when the computer performs a PXE boot.
The deployment job, which contains at least 1 automation task, will either use the default automation
environment, or one that is specified by a user who has permissions to create a deployment job.
When a boot menu options is selected the client will then request the PXE boot files from the PXE
MTFTP Server. These are then downloaded from the PXE MTFTP Server to the client computer's
RAM storage. The client computer will always boot according to the request and reply
communications taking place between the Deployment and PXE Servers. S
Altiris supports DOS, Linux, and Windows Pre-Installation Environment (Windows PE) as pre-boot
environments. These options let you create a single job that contains multiple automation tasks, each
of which can use their own pre-boot environment. The default automation environment (the first preboot operating system files installed during the Deployment Solution installation) will be used for
Initial Deployment, unless you specify otherwise.
See also Pre-boot Operating System (Simple) (page 64) , Installing Automation Partitions (page
142) , and PXE Configuration Utility Help.
DHCP Server
The DHCP (Dynamic Host Configuration Protocol) server is a server set up to assign TCP/IP
address to the client computers. This server is not an Altiris product, but it is required if you intend
to use PXE Server.
We suggest that you use DHCP to manage the TCP/IP address in your network regardless of whether
you use PXE or not. This will greatly reduce the amount of time it takes to set up and manage your
computers.
See also Deployment Server Components on page 37.
40
Important: The DS Installer does not detect the version of MDAC that is installed. The Deployment
Web Console requires MDAC version 2.71 or later to install. If the version of MDAC is earlier than
2.71, the web console will display a target of invocation error.
See also Deployment Console on page 38 and Deployment Server Components on page 37.
TCP/IP is used for communication between all Deployment Server components. If you have a
NetWare file server for your Deployment Share, IPX can also be used to communicate with this
component.
For Windows 2000 systems, you must set up Active Directory with the Permissions compatible
with pre-Windows 2000 option. If you choose the option Permissions compatible only with
Windows 2000 servers, the Deployment Server cannot manage domain accounts for you.
If you are using Windows 2000 only permissions, change them to the pre-2000 option from the
Windows Start menu. Open a DOS prompt to add the group Everyone by typing the following:
net localgroup Pre-Windows 2000 Compatible Access Everyone /add
Then restart all domain controllers for the change to take effect.
Deployment Server
256 MB of RAM
Component
Hardware
Software
Deployment
Console
RAM: 128 MB
Disk Space: 3.5 MB
PXE Server
Memory: 128 MB
Disk Space: 25 MB (for boot
files)
41
Component
Hardware
Software
Deployment
Database
Memory: 128 MB
(Microsoft SQL ServerTM 2000 (SP3) or
Disk Space: 55 MB (for program MSDE 2000 (SP3)
Windows NT (SP6)
Windows 2000 Server or Advanced Server
Windows Server 2003
NetWare (file server only. Cannot use for
any other components).
Deployment Web
Console
Memory: 128 MB
Deployment Agents
Minimum client requirements:
Pentium processor
Operating Systems:
Windows 95 or later
Linux: Red Hat 7.2, 7.3, 8.0, 9.0 and Advanced Server 2.1, 3.0
Linux: SuSE 8.0, 8.1 and Enterprise Server 8
Linux: United Linux 1.0
installation of MSSQL, will not work with the simple installation of Deployment Solution.
42
Start the server and log on using the administrator account that you created for the Deployment
Server. See Deployment Server System Requirements on page 41.
Launch the appropriate Altiris Deployment Server installation file and follow the setup steps.
The Deployment Server self-extracting install dialog box opens.
Click the Use current temp folder option to use the current temporary folder to download
installation files or Extract to a specific folder option to set a path to an existing folder to download
installation files. Click Extract and Execute App option to extract and execute the application
immediately.
Select Include PXE Server. This option will install the Altiris PXE Server. See PXE Server on
page 40. This is optional.
In File Server path, enter the drive letter and the path where you want to install the
Deployment Server program files.
(The default path is C:\Program Files\Altiris\eXpress\Deployment Server.)
Select Create eXpress share to create a Deployment Share on the computer. The Deployment
Share lets you store files on the computer and run Deployment Server system applications.
See Deployment Share on page 39.
Click License File and browse to locate a license file (.lic file). This is the activation key you
received when you registered your Altiris software. Click Upgrade using existing license to
upgrade the installation using an existing license. If you do not have a license file, click Free
7 day license. The installation will continue and allow you to use a free evaluation license file.
See the Altiris Getting Started Guide for further licensing information.
Note: You do not need to apply a license key to activate the HP Thin Client t5000 Series.
This managed client computer will automatically receive a non-expiring license when
connected to the console.
Enter an administrator user name and password for the Deployment Server system. This
account must already exist. By default, the name you are currently logged on as will display.
If you use a domain account, enter the domain and the user name (Example:
Domain1\administrator).
Click Next. The Installation Information dialog box is displayed that lists the selected
Deployment Server components to be installed.
Note: If you are upgrading your installation, a message box will open asking: Do you want to
replace the share? Click Yes and continue. If you click No, then a secondary message box will
open, stating that the share is already in use and you need to manually set the share to point
to the correct directory. Click OK to this message. This features indicates that you may be
creating a new share (specifically when you changed the path in the previous screen) and that
you need to manually point to the new share after installation.
Click Install to install the components listed on the summary screen, or Back to modify settings
before starting the installation. The installation process begins and might take several minutes to
complete.
The Installation Information dialog box is displayed stating if you want to install clients.
Enable Sysprep Support. Select this option to enable Sysprep support. Provide the location of the
Microsoft Sysprep files.
Remote Install Clients. Select this option if you want to push the Deployment Agent to computers
running the Windows NT, 2000, XP, and Windows Server 2003 operating systems.
Download Adobe Acrobat. Select this option if you want to download the Adobe Acrobat Reader
10
43
You have successfully completed a Simple install for a Deployment Server system. Click the
Deployment Console icon on your desktop to view all computer resources running Deployment
Agents configured for your Deployment Server.
See Custom Install for Deployment Server on page 44.
Start the server and log on as the administrator account that you created to run Deployment
Server. See Deployment Server System Requirements on page 41.
Launch the appropriate Altiris Deployment Server installation file and follow the setup steps.
The Deployment Server self-extracting install dialog box is displayed.
Click the Use current temp folder option to use the current temporary folder to download
installation files, or click the Extract to a specific folder option to set a path to an existing folder
to download installation files. Click Extract and Execute App option to extract and execute the
application immediately.
Click the Custom Install option if any of the following conditions exist:
You are managing many computers and require a distributed architecture to meet bandwidth
restrictions and other design requirements.
Click the Install button. Click Yes to the Software License Agreement.
Install the Deployment Share and enter the license file location:
In File Server path, enter the drive letter and the path where you want to install the
Deployment Server program files. The default path is C:\Program
Files\Altiris\eXpress\Deployment Server.
Select Create Deployment Share to create a Deployment Share in the system. The Deployment
Share lets you store files on the computer and run Deployment Server system applications.
The Deployment Share can be on a Microsoft Windows server or Novell NetWare server.
(You can only create the share if it is on a Microsoft Windows Server; the Novell share
should already be set up.) See Deployment Share on page 39.
Click License File and browse to locate a license file (.lic file). This is the activation key you
received when you registered your Altiris software. Click Upgrade using existing license to
upgrade the installation using an existing license. If you do not have a license file, click Free
7 day license. The installation will continue and allow you to use a free evaluation license file.
See the Altiris Getting Started Guide for further licensing information. Click Next.
Note: You do not need to apply a license key to activate the HP Thin Client t5000 Series.
This managed client computer will automatically receive a non-expiring license when
connected to the console.
44
Enter Deployment Server information. Select the computer to install Deployment Server, the
services that controls the flow of the work and information between the managed computers and
Deployment Server components. Install the Deployment Server on this computer or on a remote
computer.
Enter a static IP address for the Deployment Server computer to ensure that the IP address
remains constant. Type the port information in the Port: text box.
Provide account information that already exists on the Deployment Share and the
Deployment Server. Click Next. See Deployment Server on page 38.
Enter Deployment Database information. Identify where you want to install the database, or select
an existing Microsoft SQL Server from the list of computers. See Deployment Database on
page 38.
Note: If you have multiple instances of the Microsoft SQL Server already set up, you can identify
a specific database instance in this field using the format: <SQL Server Name>\<database
instance>.
Depending upon the selection of SQL Server instance, the default port at which the selected
instance is listening will be displayed in the SQL Port Number text box. You can edit the port
number if you have manually entered the SQL Server name or if the port number does not get
filled automatically due to some fire wall restriction.
You can choose to use a different name other than eXpress for your Deployment Database. Type
the alternate name in the Database Name: field and click Next.
Note: The name of the Deployment Share, however, will still remain eXpress.
9
Identify the type of Deployment Database authentication to be used. Enter the user name and
password if SQL Server authentication is used. Click Next.
If a previous installation of the Deployment Database is detected, a message appears stating
whether you want to preserve or overwrite the existing database.
10
Enter the Pre-boot Operating Systems information required for Boot Disk Creator. Select any
one of the four options from FreeDos, MS-DOS, Linux, and Windows PE. Click Browse to select
the FIRM file (for FreeDos and Linux OS) or enter the path for the location of operating system
files (for MS-DOS and Windows PE).
11
Enter PXE Server information. Click Next. See PXE Server on page 40.
Select the pre-boot operating system to use as the default PXE boot menu item. You can
select DOS, Linux, or Windows PE.
12
Enter information on how you want to connect your managed computer to connect to the
Deployment Server. Click Connect directly to Deployment Server and provide the DS IP address
and Port or click Discover Deployment Server using TCP/IP multicast and provide a Server name. If
the Server name box is left blank then it finds the first Deployment Server that responds.
13
Enter Deployment Console information. Select if you want to install on the computer you are
currently installing from or on a remote computer.
14
Provide information for installing the Deployment Web Console on the computer you are
currently installing from. This computer must be running Microsoft IIS. You are required to
provide information about the path where you want to install the Deployment Web Console, and
also valid user credentials. Click Next. See Deployment Web Console Information on page 67.
Note: This option will be disabled if Microsoft IIS is not detected.
15
The Installation Information dialog box will open to display the selected Deployment Server
components to be installed.
Note: If you are upgrading your installation, a message box will display stating: Do you want to
replace the share? Click Yes and continue. If you click No, then a secondary message box will
display stating that the share is already in use and you will need to manually set the share to point
to the correct directory. Click OK. This features tells you that you may be creating a new share
(in rare occurrences where you changed the path in the previous screen) and you may have to
manually point to the new share after installation.
16
Click Install to install the components listed on the summary screen, or choose Back to modify
settings before starting the installation. The installation process will begin, and might take
several minutes.
45
17
Install Deployment Agent to client computers. The Installation Information dialog box will open
asking if you want to install clients.
Enable Sysprep Support. Select this option to enable Sysprep support. Provide the location of the
Remote Install Deployment Agent. Select this option if you want to push the Deployment Agent to
computers running the Windows NT, 2000, XP, and Windows Server 2003 operating systems.
Download Adobe Acrobat Reader.
18
You have successfully completed a Custom install for a Deployment Server system. Click the
Deployment Console icon on your desktop to view all the computer resources running Deployment
Agents configured for your Deployment Server.
See Simple Install for Deployment Server on page 42.
Start the server and log on with the administrator account that you created to run Deployment
Server. See Deployment Server System Requirements on page 41.
Launch the appropriate Altiris Deployment Server installation file and follow the setup steps.
The Deployment Server self-extracting install dialog box will open.
Install an additional Deployment Web Console. Click this option to install an additional
Deployment Web Console on the local computer. The web console will install on the local
computer if it is running Microsoft IIS. See Deployment Web Console Information on
page 67.
Install an additional Altiris PXE Server. Use this option to add additional PXE Servers across a
network segment to handle boot requests for large environments.
For all of the available options for installing Altiris PXE Server, see PXE Server Install on
page 66.
Install additional Deployment Agents. Click this option to install additional Deployment
Agents on client computers, setting up managed computers in the Deployment Server
system.
Add Microsoft Sysprep files. Click this option to install the Microsoft Sysprep files, if you did
not install them earlier. See Sysprep on page 67.
Select Download Adobe Acrobat (for documentation) if you want to install Adobe Acrobat to read
the product documentation.
46
Deployment Agent on Linux. Install on any supported Linux workstation or server. See
Automation Agent. Install on any Windows desktop, notebook, or server computer. See
Installing the Automation Agent on page 53.
Installing Deployment Agent for Pocket PC. Install on handheld computers running the Pocket
PC operating system. See Installing Deployment Agent for PocketPC on page 54.
Example: the OEM setup file will contain lines similar to the following:
[netcard]
NGRPCI=NETGEAR FA310TX Fast Ethernet PCI
Adapter,0,ndis,ethernet,real,NGRPCI,NGRPCI_NIF
[NGRPCI] (This header must be the sixth item listed in the line above)
Device=NGRPCI.DOS (If this line is missing, add it. The syntax is
device=drivername.)
If there is no protocol.ini file, create a text file that contains the following command:
DriverName=drivername
47
Searches all subdirectories for a directory that contains *.ins, *.com, and net.cfg files. (They
must be in the same directory.) The .ins file is then opened to get information about the network
card.
The program searches the file for a line starting with a carat (^). This line must have at least two
values listed, separated by a comma. The two values needed are the description of the card
(value1), and the .com driver file name (value2).
The following are requirements to install Deployment Agents to set up managed computers for each
Deployment Server system.
Click the Remote Agent Installer button on the Deployment Console toolbar, or click
to open the utility program. You can also download
aclient.exe from the network share or the Deployment Web Console to install a
Deployment agent. See Remote Agent Installer (page 49)
Tool > Remote Agent Installer
Windows 9x. For Windows 95/98/Me clients, you must install the agent software locally. There are
several ways to do this: You can add commands to the client login script to map to the Deployment
Agent on your file server and run the executable, or you can e-mail the executable or a shortcut to
users and run the install program from the client computer. For Windows 95, you must add Microsoft
updates for COM support for the Deployment Agent to run on the client computer.
Windows XP. The Deployment Agent will not install to Windows XP if the Use simple file sharing
(recommended) option is enabled on Windows XP. To ensure that this option is cleared, open My
and click Tools > Options. Select the View tab and ensure that the Use simple file sharing
check box is cleared.
Computer
When remotely installing the Deployment Agent on a Windows XP computer, each user must have
an account password. Remote Agent Installer will return an error message if it is unable to get to the
Administrative share on the remote XP computer for each user. Windows XP will not allow access
to any Administrative shares if the user on that computer does not have an assigned password
(including the guest account). When all users have passwords and the Network Setup Wizard has
run, you can successfully install the Deployment Agent using the Remote Agent Installer.
Note: Before installing the Deployment Agent on computers running Windows XP, disable the
Deployment Agent
Processors
Pentium
Disk space
5 MB contiguous
48
Deployment Agent
32 Mb
Click Next.
the client computer. If you enable this option, you will be required to locate and download program
install files.
View agent settings in the summary box.
Click Change Settings to set Production Agent Settings on page 120 for the Deployment Agent.
separate subgroups.
Select the computers by name in the list, or enter a computer name or IP address.
49
Computer Name.
Properties.
Select a computer and view agent install settings. You can also change SID and Agent
settings from this Agent Properties dialog box.
Import. Find an RCI file and import new computers from a file previously created file in a DOS text
file.
required if the administrator account does not have one assigned. If you are using the default settings,
you do not need to specify an input filename. Each computer entry must be on a separate line.
Export. You can export the computers listed into an export file for future use. The default extension
is *.RCI. Remote Agent Installer first looks for an RCI file extension, but any DOS text file can be
used.
When the computers appear in the installer list and the properties have been set, click Finish. The
status of the agent install is shown on screen.
After the Deployment Agent is installed, it will connect to Deployment Server automatically and
appear in the Computers pane of the Deployment console.
The installation program for installing Altiris SIDgen is located in the Deployment
Share (in Program Files > Altiris > eXpress > Deployment Server
> sidgen.exe by default).
To install Microsoft Sysprep, you need to download the install files required for
the Windows NT operating systems running on the client computer.
Windows NT 4 (nt4prep.exe)
Windows 2000/XP/2003 (deploy.cab)
You can install these files from the Microsoft Resource Kit Microsoft Resource
Kit CDs for each Operating system.
Click Next.
Change Settings
Click the Change Settings button to modify access, security and other settings on the Deployment
Agent to be installed. See Production Agent Settings on page 120.
50
Enter the security key file path for the Deployment Server or browse and select a file containing the
security key file path.
At the Altiris Client Service dialog box, enter a location to install the Deployment agent. Select
one of these options, if required:
Enable changing of Security ID. Select when managing security IDs to run a SID utility as part
Advanced. Click to open the Computer Configuration Properties dialog box and enter settings
for the Deployment agent you are installing.
settings.
of an imaging job.
Click Next.
If you chose to enable security IDs, you will see a screen listing options you can use for managing
SIDs. Select the utilities that you want to use and enter the path where the utilities are stored.
Click Next to install the Deployment Agent. Select a group in Deployment Console to add the
client to. This is optional.You can also leave it at the default group.
After the Deployment agent is installed, it will connect to Deployment Server automatically and
appear in the Computers pane of the Deployment console.
See also Installing Deployment Solution Agents on page 47.
51
Export_PC-1.inp
Export_PC-2.inp
Definition
-install
-remove
-silent
Lets you use the switches without being prompted for further input.
-stop
Stops the Deployment Agent from running, but does not remove it. The next
time the computer is booted, the Deployment Agent will run in production
mode.
-start
Starts the Deployment Agent. This switch will only work when Deployment
Agent is installed on the computer.
Processors
Pentium
Disk space
5 MB contiguous
32 MB
After downloading the BIN file to a local directory, you can install from the command-line.
To install from the command line, drive to the directory where you saved the BIN file, switch
to the root user (su) and change the directory to the location of the bin file by typing
(cd < directory>)
after changing the directory, you need to have the permission to execute the bin file, to obtain
the permission, type
chmod 544 <filename>
52
After installing the Deployment Console, you can change settings in the configuration file by
making direct edit changes to the adlagent.conf file, or running a script from the /opt/
altiris/deployment/adlagent/conf directory where the adlagent.conf file is
located.
To run the script to change settings for the adlagent configuration file, drive to the /opt/
altiris/deployment/adlagent/conf directory from the shell and type the following:
./configure
You will then be prompted to select Multicast options to identify a Deployment Server to
manage the current client computer, or you can select a specific Deployment Server by
setting the Multicast option to false and adding the IP address of the desired Deployment
Server.
To edit the configure file directly, open the adlagent.conf file located in the
/opt/altiris/deployment/adlagent/conf
In many cases, you may want to edit the configuration file to change functionality or
properties. Example: you can open the adlagent.conf file in an editor and scroll to the
[Transport] section and the UseMcast line. Change UseMcast=true to
UseMcast=false. Then type the IP address of the specific Deployment Server you want to
manage the client computer into the TCPAddr=<IP address> line. Additional
configuration settings can also be identified and edited in the configuration file.
3
After making edits to the configuration file, restart the Deployment Agent for Linux.
To start and stop the Deployment Agent for Linux, you must enter the full path name or drive to
the /etc/rc.d/init.d directory (with administrator/root rights) and use the
adlagent stop and adlagent start commands, or the adlagent restart command.
You can also use the Package Manager installed with Linux to restart the Deployment Agent for
Linux.
By stopping and starting the Deployment Agent for Linux, the service will update the changes
made in the adlagent configuration file.
You can now view the Linux managed computer from a Deployment console.
See Installing Deployment Solution Agents on page 47.
larger than 2 GB. In most cases you will not want to use a hidden automation partition with Windows
NT. PXE Servers or the embedded automation partition is preferable for Windows NT.
System Requirements
Processors
Pentium
Disk space
5 MB contiguous
32 MB
Here are some other ways to create and install an Automation Agent, which resides in an embedded
(recommended) or hidden partition on the client computers hard disk.
For Windows 95, 98, or ME computers, create boot disks to install locally.
For Deployment Solution systems running PXE Server, create boot menu options from the PXE
Configuration Utility, using on of the following methods: Boot Disk Creator, Direct from floppy, or
User Specified. See PXE Configuration Utility Help.
53
HP iPAQ Pocket PC
HP Jornada Pocket PC
You can manage handhelds through a cradle attached to a host computer, or through direct
connection to the network using a LAN or wireless network adapter. When connected through the
cradle, the Pocket PC Agent software will reside on the host computer and the Pocket PC Client
software will reside on the handheld computer. This configuration allows Deployment Server to
recognize and update the handheld each time it returns to the cradle and synchronize with the host
computer using Microsoft ActiveSync. Handheld computers connected directly to the network
install only the PPC Client software and are managed like any other computer in your Deployment
Server system.
System Requirements
Processors
ARM
MIP
SH3
Disk space
5 Mb contiguous
16 Mb
Install from a cradle or cable. See Install a Pocket PC Agent from the Deployment Console on
Download CAB files with ActiveSync. See Install Pocket PC Agent from the Host Computer on
page 56 to install the handheld by running or copying the Deployment agent install file or the
Deployment Client CAB files over the network.
Install directly to the handheld. See Install Pocket PC Client on the Handheld on page 56 to
install only the Deployment Client from CAB files on the handheld computer.
54
The Deployment Agent for Pocket PC (PA) runs on the host computer, which itself is a managed
computer running the Deployment Agent (DS). The Deployment Agent for Pocket PC automatically
installs the Deployment Client for Pocket PC (PC). You can also install the Deployment Client for
Pocket PC directly to the handheld by installing the required CAB files.
From a Deployment console, in the Jobs pane open the Samples > Pocket PC folder.
Click the Install Altiris Pocket PC job and then select the Active Sync computer condition in the
Condition box in the Details pane.
Drag the Install Altiris Pocket PC job to the host computer. If you are using a Web console, then
assign using web features.
fails, the Pocket PC Client will try to connect directly to the Deployment Server.
Click OK.
The handheld will appear in the Deployment Console as a unique computer displaying the
handhelds name.
55
file can be executed from the C:\Altiris\PPCAgent directory (or the directory where you installed
Pocket PC Agent if you chose a directory different from the default). This lets you access the features
of this program even though the icon has been hidden.
In addition, if you are using ActiveSync 3.5 or a later version, you can also log on to the Deployment
Share in the Deployment Server > Pocket PC Client folder and copy the correct CAB file
for the handheld (based on type of processor) to the host computer. You can then copy the CAB files
directly to the handheld using the Explore feature in ActiveSync.
Copy the CAB file to the host computer with ActiveSync (or to a share where you can copy the
file from).
In ActiveSync, click Explore. Windows Explorer will open the Mobile Device window for your
device.
In Windows Explorer, browse to the CAB file that you want to copy.
Place the cursor in the desired folder for your device, right-click, and click Paste.
From the device, tap Start > Programs > File Explorer.
Browse for the CAB file and tap the file to execute it. When the Pocket PC Client is installed on the
handheld, the Deployment Agent icon appears in the handhelds system tray.
Note: If using ActiveSync 3.5, the Pocket PC Agent is not required after the Pocket PC Client is
installed. However, the Pocket PC Agent can still be useful for installing the Pocket PC Client onto
the handheld, loading the client, and managing client settings.
See Installing Deployment Agent for PocketPC on page 54.
Copy the CAB file to the host computer with ActiveSync (or to a share where you can copy the
file from).
In ActiveSync, click Explore. Windows Explorer will open the Mobile Device window for your
device.
In Windows Explorer, browse to the CAB file that you want to copy.
Place the cursor in the desired folder for your device, right-click, and click Paste.
From the device, tap Start > Programs > File Explorer.
56
Managing Licenses
Browse for the CAB file and tap the file to execute it. When the Pocket PC Client is installed on the
handheld, the Deployment Agent icon appears in the handhelds system tray.
See Installing Deployment Agent for PocketPC on page 54.
Open the Pocket PC Agent status sheet by double-clicking Altiris Pocket PC Agent icon.
You can also uninstall the agent by running the ppcagent -remove switch from the command line.
Note: There is no uninstall program for the PPC Client. To remove the Pocket PC Client, you must
remove the client file from the My Device\Windows\ppccInt.exe file on the handheld.
-stop
-start
-restart
-silent
-remove
Managing Licenses
From the Deployment Console you can find the number of licenses used, detect an expired license,
or apply a license to a client computer. You can install multiple Deployment Servers, but licensing
is based on the number of managed client computers.
The Deployment Server system also provides the license utility to install or update regular licenses,
or add licenses to computers installed with Deployment Solution. This utility lets you display license
status, install a newer license, and add additional licenses.
57
Managing Licenses
Licensing Terms
Term
Description
Licensed Nodes
DS and PCT
Expired License
See also: Using the License Utility (page 58) , Adding a License from the Deployment Console
(page 60) , RDP Licensing (page 60) , Finding the Number of Licenses Used (page 61) , Computers
Not Using a Regular License (page 61) , Detecting an Expired License (page 61) , and Expired
Licenses (page 62) .
The License Utility lets you display license status, install a specific product, install new or updated
licenses for installed software, and additional licenses for installed software.
To open the Altiris License Utility
Option 1:
Click Start > Programs > Altiris > Deployment Solution > Product
Licensing Utility.
Option 2:
Browse to the location where you installed the Deployment Share.
Run license.exe.
58
Managing Licenses
Click Next.
A summary screen displays the activation key information.
Click Cancel.
released. After you receive the key, store it in a safe place (such as a floppy disk) for future reference.
Multiple license activation key files can be stored in individual folders on a single disk. You can also
store multiple license activation key files in the same folder, as long as the file names are different.
Enter the directory path to the new lic file and click Next.
The Altiris Activation Key Wizard displays activation key information.
Click Next.
A list displays the Altiris products that are installed on the Deployment Server. Each program
file uses license activation key files.
Select the product you want to license. Use the Shift key to select multiple products.
Option 2:
a
Select the program filename and click Open. The product will be added to the license list.
Option 3:
a
Click Remove.
From the Deployment Console, right-click on the HP client computer and select Properties.
59
Managing Licenses
Note: You do not need to apply a license key to activate the HP Thin Client t5000 Series. This
managed client computer automatically receives a non-expiring license when connected to the
console.
Enter the directory path to the new lic file and click Next.
The Altiris Activation Key Wizard displays activation key information.
Click Next.
A list displays the Altiris products that you have licensed.
Click Finish.
See also: Managing Licenses (page 57) , Adding a License from the Deployment Console (page 60)
, RDP Licensing (page 60) , Finding the Number of Licenses Used (page 61) , Computers Not Using
a Regular License (page 61) , Detecting an Expired License (page 61) , and Expired Licenses (page
62) .
From the Deployment Console, right-click on the computer that you want to apply the license.
Select Properties.
Click OK.
From the Deployment Console, right-click on the computer group that you want to apply the
license.
Select Advanced.
See also: Managing Licenses (page 57) , Using the License Utility (page 58) , RDP Licensing (page
60) , Finding the Number of Licenses Used (page 61) , Computers Not Using a Regular License
(page 61) , Detecting an Expired License (page 61) , and Expired Licenses (page 62) .
RDP Licensing
RDP (Rapid Deployment Pack) is a version of Deployment Server released to HP customers. It
functions and behaves almost in a similar manner in regards to licensing. The only major difference
is that due to HP policy, AUP for their customers is much longer than normal. Deployment Server
will not apply licenses correctly if they have AUP longer than 3 years. Because of this, if you have
licenses for RDP, and you download Deployment Server from the Altiris.com website, you will not
be able to apply the licenses.
60
Managing Licenses
The easiest way to resolve this issue is to use the install files from the HP site. Those installation
files will use a slightly different version of the Product Licensing Utility, and they will allow licenses
with long AUP dates.
See also: Managing Licenses (page 57) , Using the License Utility (page 58) , Adding a License
from the Deployment Console (page 60) , Finding the Number of Licenses Used (page 61) ,
Computers Not Using a Regular License (page 61) , Detecting an Expired License (page 61) , and
Expired Licenses (page 62) .
from the Deployment Console (page 60) , RDP Licensing (page 60) , Computers Not Using a
Regular License (page 61) , Detecting an Expired License (page 61) , and Expired Licenses (page
62) .
from the Deployment Console (page 60) , RDP Licensing (page 60) , Finding the Number of
Licenses Used (page 61) , Detecting an Expired License (page 61) , and Expired Licenses (page 62) .
A computer with an expired license will state Client license expired - see computer properties when
selected.
If you try to display the properties of a computer with an expired license, the following error
message displays:
Error: You have chosen a computer that has expired. Clients that are expired cannot be managed
until a license is purchased for them and they have been flagged in the Computer Properties
dialog box to accept a regular license.
Note: If you place a job on a computer with an expired license, the same error message is
displayed.
Select Properties.
61
DS Installation Help
Enter the IP address of the correct Deployment Server in the Address/Hostname field.
Click OK.
See also: Managing Licenses (page 57) , Using the License Utility (page 58) , Adding a License
from the Deployment Console (page 60) , RDP Licensing (page 60) , Finding the Number of
Licenses Used (page 61) , Computers Not Using a Regular License (page 61) , and Expired Licenses
(page 62) .
Expired Licenses
Regular Deployment Server licenses do not expire, however the 7 day trial license, or the 30 day
evaluation licenses do expire, and can cause some problems if not replaced properly after adding
regular licenses. Computers with expired licenses become dead nodes and can no longer be managed
by the DS console.
When a license is first installed on the Deployment Server, each computer in the database takes a
license node. If this node is a temporary license, then that computer has a tag in the database that
says it is a trial node. If that license is not replaced before the time limit then that computer will stop
accepting jobs or any type of remote management.
When the Deployment Server receives new regular licenses, it does not by default release the trial
license nodes that it was using before. This can cause problems if the trial licenses are still being
used and they expire even after you apply a regular license. There are 2 ways to deal with this
lingering expired license issue.
First you can set up a global option that will automatically replace any trial license with a regular
license as soon as they become available. This is a long term and preventative solution to expired
license issues.
1
Select the Automatically replace expired trial licenses with available regular licenses box. This
solves the computer node licenses expiry issue.
The second way you can deal with expired licenses is reapply all of the regular licenses to the
computer nodes. This is good if you want to see an immediate resolution to a license issue.
1
In the Deployment Console, right-clicking on the All Computers computer group (or any other
computer group you need to do this to).
Select Advanced > Apply Regular License. This will make all computer nodes in that group release
whatever license node they were using, and then take a regular license node.
See also: Managing Licenses (page 57) , Using the License Utility (page 58) , Adding a License
from the Deployment Console (page 60) , RDP Licensing (page 60) , Finding the Number of
Licenses Used (page 61) , Computers Not Using a Regular License (page 61) , and Detecting an
Expired License (page 61) .
DS Installation Help
The following are help file topics for the Deployment Server installation program accessed by
clicking the Help button or pressing the <F1> key. These topics identify and explain the screen
elements on the dialog boxes used in the installation process.
Install Configuration
The Deployment Server system supports both a Simple Install and a Custom Install option. A Simple
installation lets you install all components on a single computer. The Custom installation lets you
distribute individual components of a Deployment Server system on multiple computers. Use the
Component Install option to install additional components on your system.
Pre-Installation
62
DS Installation Help
Simple Install Helper. Click this option to check for an installation of Microsoft SQL Server for a
Simple install. If Microsoft SQL Server or MSDE is located, then the installation program will
continue. If not, then the installation program will prompt you to automatically install MSDE 2000
from an Altiris download web site.
Installation Type
Simple Install. Click this option to install all Deployment Server components on a single computer.
This configuration is recommended for managing computers on a single LAN or across a site with
few subnets. See Simple Install for Deployment Server on page 42.
Include PXE Server. Select this feature to install the Altiris PXE Server when running the Simple
install option. The PXE Server requires a DHCP server also installed on your network.
Custom Install.
Component Install.
Controller with SMB Signing enabled then you cannot execute any imaging and DOS jobs. When
running jobs on MS Windows Server 2003, you must change the SMB Signing Registry Key to
execute DOS-based deployment jobs.
To disable SMB signing on the Windows 2003 Server
1
Open the Default Domain Controller Security settings dialog box by clicking Start > Settings >
Locate the Microsoft network server: Digitally sign communications (always) policy setting, rightclick it and select Properties, and then select Disabled.
Disable the Microsoft network server: Digitally sign communications (if client agrees) policy setting
as well. This is Enabled by default.
Control Panel > Administrative Tools > Domain Controller Security Policy >Local Policies >Security
Options.
Server directory on the file server before you start the installation. For Windows XP, you must
run the Network Setup Wizard accessed from My Network Places to enable sharing.
63
DS Installation Help
Upgrade using existing license. Upgrade the Deployment Solution install by using an existing license
file.
License file. Type the path or browse to the license (.lic) file received when you registered on the
Altiris web site.
Service user name and Service password. If running a Simple Install, type the user name and password
of the Deployment Server service and the Deployment Share. For domain accounts include the
domain name, for example: orgDomain\admin. Make sure you create the administrator domain
account before starting the installation.
Note: During a Custom Install, the Service user name and Service password boxes are not displayed
on this screen.
See also Deployment Server Components (page 37) , and Managing Licenses (page 57) .
Type the user name and password of the Deployment Server. For a domain account, type the
domain and user name. Create this account before starting the installation.
Type the name of the computer or browse to where you want to install. The destination path and
IP address of the computer will appear automatically.
Type the user name and password of an administrator account for the Deployment Server
computer. For domain accounts include the domain name, for example: orgDomain\admin.
The user account must have rights to the Deployment Share. Create the administrator domain
account before starting the installation.
64
DS Installation Help
You can assign an automation pre-boot operating system to an automation task when it is added to
a deployment job. This flexibility lets you run several automation tasks within a single job, and each
task can boot to the automation environment you want.
None. Select this option if you do not want to provide a default automation operating system. You
can also select this later through the Boot Disk Creator utility.
FreeDOS. Browse to the BDCgpl.frm file, which is located in the GPL folder on the Deployment
Linux. Browse to the BDCgpl.frm file, which is located in the GPL folder on the Deployment
Server. The exact location of the folder will vary, depending on the installation path. This .frm
file is open source code and is not owned by Altiris. However, this file is available to all
customers by downloading the file from the Altiris Solutions Center.
Windows PE. Browse to the Windows PE files and the Microsoft Windows operating system path.
Server. The exact location of the folder will vary, depending on the installation path. This .frm
file is open source code and is not owned by Altiris. However, this file is available to all
customers by downloading the file from the Altiris Solutions Center.
FreeDOS. Browse to the BDCgpl.frm file, which is located in the GPL folder on the Deployment
Linux. Browse to the BDCgpl.frm file, which is located in the GPL folder on the Deployment
Server. The exact location of the folder will vary, depending on the installation path. This .frm
file is open source code and is not owned by Altiris. However, this file is available to all
customers by downloading the file from the Altiris Solutions Center.
Windows PE. Browse to the Windows PE files and the Microsoft Windows operating system path.
Server. The exact location of the folder will vary, depending on the installation path. This .frm
file is open source code and is not owned by Altiris. However, this file is available to all
customers by downloading the file from the Altiris Solutions Center.
Altiris supports Microsoft Windows PE 2005, and Microsoft Windows 2003 SP1.
65
DS Installation Help
clustered Microsoft SQL Server to manage multiple Deployment Solution systems on different
network segments, you can enter the name salesSegment\express or
marketingSegment\express depending on the previously established database instance.
Install the Deployment Database using these options:
Select the Microsoft SQL Server instance where you want to install your Deployment database.
You can also choose to change the default SQL Port number.
To name the Deployment Database differently from the default name eXpress, you can type a
different name in the Database Name: box. However, this does not alter the Deployment Share
name.
installing Deployment Server. The Universal Network Device Interface (UNDI) default driver is not
supported by Novell NetWare.
Click No I will be using an Altiris automation partition on each client computer, if you do not use
PXE and prefer using embedded (preferred) or hidden partitions, or bootable media to run tasks.
Note: This option is unavailable for installing PXE Servers using Add Components.
Click Yes, I want to install PXE Server on this computer to install on the local computer.
Note: This option is selected by default for the Add Components install.
Click Yes, I want to install PXE Server on a remote computer to install the Altiris PXE Server on a
remote computer. Type the name of the computer and the path.
Type the IP address for the PXE Server and the Deployment Server.
Select the pre-boot operating system that will be used as the default PXE boot menu item. The
pre-boot operating system options that are enabled depends on the options selected for pre-boot
operating system in the Pre-boot Operating Systems page. For example, if you select Linux in the
Pre-boot Operating Systems page, then the Linux option will be enabled as the default PXE boot
menu item.
See also Installing the Automation Agent (page 53) , Pre-boot Operating System (Simple) (page 64)
, and PXE Configuration Utility Help.
If managed computers are on a different segment or if you are using the Altiris PXE Server with an
UNDI driver, click Connect directly to Deployment Server and enter the IP address of the Deployment
Server that the managed computers will connect to. Do not change the port number unless the default
is already being used.
Note: If you change the port number, you will have to change the client configurations.
66
DS Installation Help
Multicasting cannot be used with the UNDI driver. If you want to use different drivers on the PXE
Server, you can create multiple PXE boot files after installing.
See also Deployment Agents on page 118.
By default, DS Web Console installs to the same computer running the installer. Click On a
remote computer, and then click the Browse button to navigate to a computer where you want the
installation to occur. You can also choose to not install Deployment Web Console by clicking
the Do not install option.
If you want to change the default values, enter a Console port and Deployment Web Console path
for the installation.
The Service user name and Service password must be an existing account on the Deployment
Share and the destination computer where the Web Console will be installed.
Note: If you are installing an additional Deployment Web Console using Add Component, the Do
See also Deployment Console on page 38 and Deployment Server Components on page 37.
Sysprep
Enter the location of the Microsoft Sysprep files according to operating system. Type the location or
click Browse and select the required files.
Installing Components
Click Install, or choose Back to change settings.
See also Deployment Server Components on page 37.
Select this option to push the Deployment Agent to computers running the
Windows NT, 2000, XP, and Windows Server 2003 operating systems.
PDF format.
67
DS Installation Help
authentication.
Use SL Server authentication. Enter the user name and password set for the Microsoft SQL Server. If
using MSDE, then the default sa user name is used with no password required.
Administrator Credentials
During a component install, you are required to provide the user name and password of an
administrator account for the Deployment Server computer. For domain accounts include the
domain name, example: orgDomain\admin. The user account must have rights to the Deployment
Share. Create the administrator domain account before starting the installation.
Add Components
If you have already installed Deployment Server, you can add components to the existing system.
Select the type of component you want to add.
See also Deployment Server Components on page 37.
Console Install
You can install the Deployment Console on either the local computer or multiple remote computers.
Installing to remote computers lets you manage computers from multiple Deployment Consoles
across the Deployment Server installation.
Click On this computer to install the Deployment Console to the local computer.
Click On a remote computer to install the Deployment Console to a remote computer. Type the
computer name or browse and select a computer.
68
Chapter 3:
Deployment Solution can be installed as a stand-alone Deployment Server system for a specific site
or integrated as a component of a larger Notification Server infrastructure. As a plug-in web
solution, Deployment Solution joins with other Altiris IT management solutions such as Inventory,
Helpdesk, Application Metering, and Software Delivery solutions. It is also a mainstay of the Client
Management Suite and Server Management Suite. These complementary solutions and suites
provide remote, automated administration of desktop, notebook, servers, handheld, and network
computer devices.
69
This guide details the basic tasks required to set up Notification Server and enable the Deployment
Solution in a controlled lab environment. After an initial evacuation, you can then move your Altiris
system into a production setting. For general set up information for Altiris products, see the Altiris
6.0 Getting Started Guide. For in-depth planning concepts and rollout instructions for large or
distributed environments, see the Installation section in the Altiris Notification Server Reference
Guide.
Ensure that the selected target server has all installation requirements before installing
Notification Server and Deployment Solution. See Step One: Verify Installation Requirements
on page 71.
Download and install prerequisite software and services, and then install Notification Server and
Deployment Solution to a Windows server. See Step Two: Install Server Software on page 73.
70
Push down and install the Altiris Agent to each computer device. See Step Three: Deploying
the Altiris Agent on page 80.
Validate communication between Notification Server and the Altiris Agent. See Step Four:
Verify Server-to-Client Communication on page 83.
Install Deployment Servers. See Step Five: Install Deployment Servers on page 83. This will
push a silent install of all required Deployment Server components.
Synchronize the NS and DS databases. See Step Six: Synchronize the NS and DS Databases
on page 85.
If Notification Server 6.0 is already installed, see Installing Deployment Solution from the Altiris
Console on page 77 to add Deployment Solution from the Solution Center.
If upgrading to Notification Server 6.0 and previous versions of Deployment, see Upgrading from
Previous Versions of NS on page 77 for detailed instructions about optimizing for
Notification Server 6.0. Because Notification Server 6.0 and Deployment Solution 6.1 include
major feature upgrades, in many cases you will need to perform basic update tasks to increase
allotted disk space for the database, and perform additional design optimization tasks.
If installing Altiris Notification Server 6.0 and Deployment for the first time,
71
These major updates will require the installation of Microsoft .NET services, updated MDAC
connectivity, increased database requirements, and other design considerations. See Upgrading
from Previous Versions of NS on page 77 for complete information.
System Requirements
The following are system requirements for installing Notification Server and the HP Client Manager
Software on a server and setting up the Altiris Agent on the managed client computers.
Server Requirements
Operating System
Processor
RAM
512 MB
1 GB recommended for increased speed in large environments
Hard Drive
20 GB (recommended)
105 MB for Notification Server and components (disk space)
1 GB for SQL Server database
File system
NTFS partition
72
The following are system requirements for the client computer running the Altiris Agent.
Client Requirements
Operating System
Windows 95 or later
RAM
64 MB
Browser
Running InstallHelper
From the Altiris web site or a product CD, access the HP Client Manager Software solution to
download the NSInstallHelper.exe to check for the installation of required programs and
services. If missing, the following software and services will be identified by the InstallHelper and
links will be provided to download the required software.
Microsoft SQL Server vs. MSDE
During installation, Altiris Notification Server creates an Altiris database in either a full install of
Microsoft SQL Server 2000 or using Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), a
limited-feature edition of SQL Server. It is recommended that you install the full version of
Microsoft SQL Server for production use, although MSDE can be downloaded and used for
evaluation of the product. For additional information about the limitations of MSDE 2000, see http:/
/www.microsoft.com/sql/msde/default.asp
Prerequisite Software
Database
Microsoft IIS
Services
Browser
73
Note: You may be required to restart InstallHelper after each software installation. You will then
need to run InstallHelper again to ensure that all prerequisites are installed.
74
Accept licensing terms and follow all prompts provided in the installation wizard to set up
Notification Server. For Setup Type, select the Complete option for evaluation or testing purposes.
For advances users, select Custom for installation across a distributed environment.
1
The User Identity Settings page will appear first. Enter credentials with administrator rights.
Important: If you are operating in a Workgroup, enter the server's computer name followed by
a user name with administrator rights, such as CanyonRim-Server2\administrator. If the server
is part of a domain, enter the Domain name followed by a user name with administrator rights,
as the graphic above illustrates. In both cases, the user name entered must authenticate as a
Windows user with local administrator rights to the NS computer to add, create, and delete files,
and query the Notification Database.
2
The E-mail Settings page lets you set up an e-mail address to send alerts to the administrator
automatically from system events generated from Notification Server.
Entering e-mail settings is optional. Notification Server generates e-mail notifications for events
generated from Notification Server. Example: through the use of Notification Servers Alert
Manager, a limited incident management program, you can automate generating an incident
when the DS system meets a specific criteria. For more advanced features in managing incidents
and assets, you can download and install the Altiris Helpdesk Solution, an ITIL compliant
product. See www.altiris.com/products/helpdesk/ for more details.
Note: The e-mail feature is not essential for standard Deployment features. If you are not going
to use the e-mail notification in Notification Server or if you are only evaluating Deployment,
click Next to skip this step.
75
In the E-mail address field, enter an IT e-mail address to receive messages from events generated
within the Notification Server infrastructure. In the SMTP server field, enter the name of the
Simple Mail Transfer Protocol (SMTP) server used for e-mail management for the site or subnet.
The SMTP server distributes e-mail files across the organization and is used to forward e-mail
generated from Notification Server. Enter the authentication credentials if your SMTP server is
protected.
Note: In most cases, your IT department will protect the SMTP server to avoid direct access from
unwanted e-mail. To send event e-mail messages to the provided e-mail address through
protected SMTP gateways, enter valid administrator credentials for the appropriate SMTP
server. In most cases, the authentication credentials would be your domain login name in the
form of domainName/username and the associated password. Click Send Test E-mail to verify
that Notification Server is sending e-mail messages to the correct address. Click the button and
verify that a test e-mail is sent to the e-mail inbox.
The SQL Database Settings page allows you identify and enter authentication credentials for the
Notification Database used by Notification Server to store and access Deployment data.
MSDE 2000 installations: If you are evaluating Deployment using MSDE 2000, just click Next
to accept the default values. This will identify MSDE 2000 as the local instance of SQL Server
and create an Altiris database automatically. For MSDE 2000, Notification Server will use the
application credentials (the Windows credentials) rather than the SQL login credentials, which
are used only when setting up the full installation of SQL Server.
In the Server name field, localhost will appear as a system variable name for the initial instance
of Microsoft SQL Server or MSDE 2000 that was installed as part of the software system
requirements. The actual name of the SQL Server can also be entered here (the initial instances
of SQL Server take the computer name by default).
In the Use existing database field, select the Notification Database previously created within the
selected instance of SQL Server. For new installations, enter a name in the Create new database
field. The default name is Altiris, but this database name can be changed.
Select Use application credentials to authenticate using Windows credentials with administrative
rights. Select Use SQL login to authenticate using Microsoft SQL Server credentials.
To select an appropriate Command Timeout (in seconds), enter a value between 1 second and
3600 seconds (1 hour). The database command timeout setting applies to all SQL Server
connections used by the Notification Server. If you experience timeout errors when using a
database connection due to network traffic or heavy server usage, increase the value of this
setting.
4
The Setup Wizard Completion page summarizes the settings entered in the previous pages. Click
Finish.
76
When complete, the Altiris Console will open to the Getting Started page. From this page you can
install Deployment from the Solutions page. If the Getting Started page closes, you can start the
Altiris Console by clicking Start > Programs > Altiris > Altiris Console from the Windows operating
system.
Open Add/Remove Programs from the Control Panel in your Windows operating system.
Back up your Notification Database. If you have a version of the Notification Database previous
to the Notification Server 5.5 SP3 database, you will have to upgrade first to that version of
Notification Solution.
Run InstallHelper to identify any missing software required for Notification Solution 6.0. See
Running InstallHelper on page 73.
Install Notification Server 6.0. See Installing Notification Server with the Install Wizard on
page 74.
Enable Deployment Solution 6.1 SP1. See Installing Deployment Solution from the Altiris
Console on page 77.
Altiris Agents and Package Servers will also update automatically. All necessary logic is built
into the Notification Server install packages. You can simply enable the upgrade policies.
Verify the upgrade installation. See Step Four: Verify Server-to-Client Communication on
page 83
77
The Solution Center page will open with a list of Available Solutions. Click the appropriate Solutions,
Suites, or Segments button, or sort solutions categorized by operating system (OS).
To install Deployment Solution, select Deployment Solution from the Solutions list. Click the Start
button on this page to begin the download and installation process of all selected Altiris solutions.
During the install process, a black dialog is displayed but does not appear to be doing any function,
or running any process. This dialog is normal and indicates that Deployment Solution is installing
to NS. When Deployment Solution completes its download to NS, the dialog no longer displays. You
must refresh the web browser for the Deployment tab to display in the Altiris Console.
To verify that Deployment is installed, click the Configuration tab on the Altiris Console. In the tree
view, click Upgrade/Install Additional Solutions, and then click the Currently Installed tab on the
Solution Center page. This table displays a list of the solutions installed on Notification Server.
78
If you are using DS in a Workgroup, you can skip this step and go directly toDiscovering Client
Computers within a Workgroup on page 79 where you can specify the inclusion of individual
computers by IP address or computer name.
Note: During an evaluation, you can skip this step and deploy the Altiris Agent without completing
a full network discovery operation. However, when deploying the Altiris Agent to several computers
in a large environment, you will want to use this automated process to discover computers on the
network.
Click Discover all computer resources on the Quickstart page. The Resource Discovery page will
open.
Enter the name of the Domain or browse to select available domains by clicking the folder icon
. Click the Add button
to include the domain in the search list.
Select Domain Browse List to discover all computers (including Windows 98 SE computers)
currently sharing files or printers or running the messenger service.
Select Domain Membership to discover all computers that have trust accounts in the domain,
including Windows NT/2000/XP/2003 computers in the domain. It will not find any Windows
98 SE computers. This method is slower than the Domain Browse List method and will not
identify the Operating System of the computer.
Click Discover Now. Computers from the entered domains will be discovered and listed. Select
the computers you want to receive the Altiris Agent and click Apply.
In the tree view, click Configuration > Altiris Agent > Altiris Agent Rollout > Altiris Agent Installation.
To discover client computers within a Workgroup, enter the IP address or computer name of the
client you want to receive the Altiris Agent, and then click Add. Continue entering the IP address
or computer name for each client within the Workgroup. When have completed all client entries,
go to step 5 on page 80 to continue Step Three: Deploying the Altiris Agent.
79
Windows XP Simple File Sharing on page 82 for information on how to deploy the Altiris Agent
to those types of client computers.
To Deploy the Altiris Agent
In the tree view, click Configuration > Altiris Agent > Altiris Agent Rollout > Altiris Agent Installation.
Click the drop-down arrow and select a collection from the list, and then click OK.
Hint: Select the Discovered computers not reporting inventory filter from the drop-down list to
view all discovered client computers that do not have an Altiris Agent already installed. You can
also add the names of known computers in the Add field.
5
The collections or computer names listed on the Altiris Agent Installation page, will receive the
Altiris Agent. If you do not want to send to one or more clients in the list, highlight the client,
and then click the Delete icon to delete the entry.
80
After reviewing the client list, you are now ready to deploy the Altiris Agent. Click the Install
button and the Altiris Agent Installation Options page displays.
Altiris Agent
Select the Show the Altiris Agent icon in the system tray option and enter any other information on
the page, and then click Proceed With Install. The Altiris Agent will be copied to the client
computers and automatically installed.
Note: You must have global Administrator rights to deploy the Altiris Agent from the
There is no process indicator to monitor the installation of the Altiris Agent on the client
computers. However, click the View Installation Status Report button to display installation report
options.
Click the Run this report option to open the Altiris Agent Installation status page.
10
Enter the property value in each field if you do not want to run the report with the default settings.
81
11
Click Refresh and all clients that you are deploying to will list if the Altiris installation was
successful.
12
On the Tools menu, click Folder Options, and then click the View tab.
In the Advanced Settings section, clear the Use simple file sharing (Recommended) checkbox.
Click OK.
From the Altiris Console, click the Configuration tab view. In the tree view pane, navigate to
Configuration > Altiris Agent > Altiris Agent Rollout.
Select Altiris Agent Installation. View the URL of the download page in the field under URL of
download page for Win32 users. You can e-mail this URL to your users to assist in installing the
Altiris Agent.
Click Show me this page to view the download page that you will send to users.
82
The URL that you will send to your users will be of the form:
http://NSName:80/Altiris/NS/Agent/AltirisAgentDownload.aspx
From the managed client computer, you can quickly verify the installation of the Altiris Agent
by simply checking the client computer. The Altiris Agent icon will appear in the system tray of
the managed computer.
When the Deployment Solution installation completes, the Altiris Agent will display a
Deployment Server properties command from its menu.
To verify that Deployment Server is installed on the destination computer, click the Altiris Agent
in the system tray of the destination computer and select Properties. Check the install status of
the Deployment Server install package, and the Deployment Agent package.
In a larger test environment with several managed computers, you may want to run the Altiris
report to check the client to server communication.
As part of its routine, the Altiris Agent sends basic inventory to Notification Server soon after it
is installed and reports the Altiris-enabled computers recently inventoried. This report can be
found in the Altiris Console by clicking the Reports tab view, then in the tree view pane,
navigating to Reports > Notification Server Infrastructure > Agent > Altiris Agent Inventory.
Agent basic inventory (sorted by last update)
Click Configuration > Solutions Settings > Deploy and Migrate > Deployment > Full Installation /
Upgrade > Install Wizard. The Deployment Server Installation Wizard page displays.
83
Click the Add Server icon to enter the IP address or computer name of the computer that you want
to receive Deployment Server from the Notification Server.
The Deployment Server Installation Settings page displays. This information is used on the
target client computer when DS performs the installation.
From the Deployment Server Installation Settings page, click the drop-down arrow and select
the computer you want to remotely install. The computers listed are compiled from the NS
database and display only if the client computer has the Altiris Agent and Microsoft SQL
Server installed.
Enter the Administrator username and password. All component services will run under this
account.
By default, the Free 7 day license option is selected. Leave this setting selected if you are
evaluating this product. If you purchased Deployment Solution, select the License file option.
A text field will display for you to enter the path where the licensing file (.lic file) is located,
or you can click the Browse icon to navigate to the licensing file location.
Click Advanced to configure options for the silent install. The IP address of the Deployment
Server computer will be listed. If you have multiple network adapters, then the first IP
address will be displayed.
Click one of the Deployment Server database authentication options, select the Install PXE
checkbox to install a PXE Server on the destination server, and then select the Install the
Deployment Web Console checkbox to install a stand-alone web console. Click OK.
84
If you do not have DOS boot files installed on NS, then a page will open asking you to find the
required DOS files.
Click one of the options to gather the DOS files at the bottom of the page, and then click Next.
The DOS files are gathered and the silent install begins.
Important: The installation of Deployment Server will begin after the Altiris Agent
Note: The configuration request interval is set from the Altiris Console in the Configuration tab
> Altiris Agent > Altiris Agent Configuration > All Windows Servers (or another appropriate collection).
For evaluation purposes, set the Request new configuration to 1 minute and set the Basic inventory
to 15 minutes.
Now that all the information for the target computer has been created, a policy is sent from
Notification Server to the client destination. The client receiving the policy, knows to connect to
NS and receive the DS package used on the client during the DS installation.
Note: The silent install of Deployment Server will take several minutes to complete.
In the Deployment Servers page, type the name of the existing Deployment Server. This is the
computer name of the Deployment Server, in most cases.
Click Advanced to enter credentials if Deployment Solution security is enabled for the
Deployment Server. Also, enter the Domain and connection speed.
85
Click Configuration > Altiris Agent > Altiris Agent Configuration > All Windows Server (excluding
Package Servers). The Altiris Agent Settings page opens with the General tab view displayed.
In the Agent Basic Setting section, the Request new configuration information every option is set to
15 minutes (testing only). Click the drop-down arrow and select a different time interval from the
list.
By default, the Send basic inventory every option is set to 1 day (Recommended). Click the dropdown arrow and select a different time interval from the list.
Click Apply.
Note: These settings can be set to any length of time you want to update the database data. If the
polling interval is set more frequently, you have access to report information on the NS without
having to wait for long periods of time. For production purposes, change the polling intervals to meet
your network demands, so that the NS database is updated frequently through out the day.
86
Click Configuration > Solutions Settings > Deploy and Migrate > Deployment > Deployment Server
Agent Configuration > Deployment Server Agent Configuration. The Deployment Solution Agent
Configuration page is displayed.
By default, the Deployment Server Agent Config for all Deployment Servers collections selected.
Click the drop-down arrow and select a time interval from the Computer/Job Polling Interval list.
If you have enabled DS role-based security on the Deployment Server, you can enter the same
username in the Role based Username field. If you have not enabled DS role-based security, leave
the Role based fields blank.
10
11
Click Apply.
87
Managing from the Deployment Deploy and manage computer devices from the
Web Console on page 333
browser.
Managing Deployment Servers Configuration and management information for
on page 189
deploying network and Web servers
88
Chapter 4:
Features of the Deployment Console. The Windows console for Deployment Solution provides
standard Computers, Jobs, and Details panes to drag and drop icons, view properties, and identify
state and status of Deployment objects. In addition, the Deployment Console also includes a
Shortcuts and Resources view and provides the tools, utilities and features required for complete
computer resource management. See Deployment Console Basics on page 89.
Set Program Options. From the Tools > Options dialog box, you can set preferences for each
Deployment Server system. See General Options on page 96.
Set Security. From the Tools > Security dialog box, you can set security rights and permissions for
all Deployment consoles. See Security in Deployment Solution on page 99.
Connecting to other Deployment Server systems. Connect to other Deployment Server
connections from your current Deployment Console and manage computers beyond your current
network segment or site. See Connecting to Another Deployment Server on page 104.
Customize the Tools menu. You can add commands to the Tools menu to open commonly-used
deployment programs and utilities. See Extending the Tools Menu on the DS Console on page 93.
89
Because the Deployment Console can reside on its own computer, you can have multiple consoles
running from different locations. The Deployment Console only needs to be running while making
assignments or viewing information about the managed computers. You can turn on the console, run
management tasks, and then turn off the console without interrupting the execution of scheduled or
running jobs.
Scheduling information is saved in the Deployment Database and tasks are executed at their
scheduled time. If an assignment to a managed computer is made from two different consoles at
approximately the same time, the computer will be assigned those tasks in the order they are
received. See Console options on page 96 to set refresh intervals for the Deployment Console.
Computers pane
Use this area to view and select managed computers for the Deployment Server system. You can
select and right-click a computer in the Computers pane to run Remote Operations Using
Deployment Solution on page 134, or view Computer Properties on page 131. You can also
create computer groups to organize collections of similar computers.
Create Computer Groups by clicking Computer Groups on the toolbar, or rightclicking in the Computer pane and selecting Groups. Click View > Show
Computers to display only computer group icons and not the individual
computers.
When a computer or group is selected, the Details pane displays a list of computers in the group and
provides basic information about each computer. The Filter detail bar displays in the Details pane
that helps to view computers by a set criteria. When a computer is selected, you can view the
computer status in the Details pane, including a list of jobs that have run or are scheduled to run on
the computer, and the status of each job.
To get more details about all of the tasks that have run on computers, click Status Detail. Status detail
displays a more detailed breakdown of all of the processes the job has executed and a status message
indicating what has been completed.
You can also import new computers from a text file or add security rights and privileges for a
specified computer or group of computers. See Managing Computers on page 106 for complete
information about setting up, importing, and managing computers from the Computer pane.
Jobs pane
Use this area to create and build jobs with specific deployment tasks. You can select and right-click
a job in the Jobs pane when Building New Jobs or running the New Job Wizard. You can also import
new jobs from a text file or add security rights and privileges for a specified job or collection of jobs.
Set up folders to organize and access jobs in a way that makes sense to you. Create a new folder by
right-clicking in the Jobs section and select the New Folder option. You can also create folders by
selecting File > New > Folder.
90
Click View > Jobs View to show or hide the Jobs pane.
When a job is selected, then the Details pane displays a list of computers in the folder and gives basic
information about each job, such as its state and status. It also shows the computers or computer
groups to which the job is assigned.
The Conditions detail bar is also displayed, allowing you to assign jobs to computers. See
Setting Conditions for Task Sets on page 159.
In System Jobs, folders are created to store jobs that are created when running operations from
the console.
Drag-n-Drop Jobs. Jobs are created and automatically placed in this folder when you drag an MSI,
RIP, or other package files from the Resources view to a specific computer or group, see the
Shortcuts and Resources View on page 91.
Image Jobs.
Jobs are placed in this folder when you create a Quick Disk Image.
Restoration Jobs.
Jobs are placed in this folder when you run a Restoring a Computer from its
Deployment History job.
From the Jobs pane you can drag job icons to computer icons to execute jobs, such as creating
images, deploying computers, changing configurations, or installing software. Once a job is created,
you can change it by adding, modifying, or deleting tasks. Jobs can be run immediately, scheduled
to run a particular time, or saved for a later time. See Building and Scheduling Jobs on page 154
for complete information about setting up, importing, and managing computers from the Jobs pane.
Details pane
The Details pane
Shortcuts panes.
extends the user interface features when working in the Computers, Jobs, or
When you select a computer in the Computers pane, the Details pane changes to a Filters area (if
you click a group icon) and displays the status of all jobs assigned to the selected computer.
When you select a job icon in the Jobs pane, the Details pane displays information about the job
to set up conditions, order tasks, and add, modify, or remove tasks.
When you select a computer or computer group in the Computers pane, the Details pane displays
information about a computer, including IP address, MAC address, and status.
When you select a batch file, you can click Modify to update the file.
When you select a hard disk image file (.img), the Details pane displays a description of the
image file, plus information about the included partitions.
When you click on package files, the Details pane displays the title, description, version, creation
date, and platform of a RIP or Personality Package.
91
Click View > Shortcuts to open the Shortcuts and Resources pane. You can drag
the jobs and computer icons to this pane. Click Resources in the Shortcuts and
Resources view, or click View > Resources or CTRL+R to open a filtered list of
packages residing on the Deployment Share.
The Shortcuts view provides quick links to view and access computers, jobs and packages. It can act
as a palette of Deployment Solution icons to drag to other working panes in the console, or storage
to save commonly-used jobs and computer icons.
The Resources view let you see a filtered view of the package filesMSI files, RIPs, image files,
Personality Packages, and other resource packagesstored in folders in the Deployment Share.
From the Resources view, you can drag packages directly to computers in the Computers pane to
deliver software. This automatically creates jobs in the System Jobs > Drag-n-Drop Jobs folder in the
Jobs pane. The Resources view lets you identify packages assigned to each job and assign those
packages to create new jobs.
Using Resources Directly
If you do not want to create a shortcut to a resource but still want to use a resource to assign work to
a computer, you can move the resource to a designated computer. To do so:
1
You can create a new script file from the Resources view, and use it directly to schedule it on a
computer. See Creating New Script Files on page 184.
See Console options on page 96 for options to set refresh intervals for Resources view.
Boot Disk Creator. Use this tool to create boot disk configurations, and automation and
network boot media to image client computers. The Boot Disk Creator can maintain several different
boot disk configurations for different types of network adapter cards. See Altiris Boot Disk Creator
help.
92
PXE Configuration. After installing the Altiris PXE Server, you can create and modify
configurations, which make up the boot menu options that display on client computers. This is
another solution to boot computers to automation. See the Altiris PXE Configuration help.
Remote Agent Installer. Remotely install the Deployment Agent on client computers from
the console. This utility lets you push the agent installation to client computers from the Deployment
Console.
Carbon Copy. Remotely control managed computers to view and troubleshoot problems
from the Deployment Console. This utility provides comprehensive remote access features beyond
the Remote Control feature accessed by right-clicking a computer or computer group from the
Deployment Console.
PC Transplant Editor. Use this tool to edit a Personality Package to add or remove data. See
the PC Transplant help located in the Deployment Share.
Image Explorer. After a disk image is saved to the Deployment share, this tool lets you view
and manage data in the image file. You can edit and split and image, create and index, and more. See
the Altiris Image Explorer help file located in the Deployment Share.
Wise MSI Editor. Edit MSI packages generated from the Wise Setup Capture tool or other
MSI files used to distribute software and other files.
ATools.ini file for the main menu or add new INI files to create submenus. Place both types of
INI files in the same directory where the Deployment Console executable (eXpress.exe) is located
(the default location is the Program Files\Altiris\ eXpress\Deployment Server).
You can add up to eight menu items to the main menu, and eight menu items for each submenu.
These INI fields are included for each application added to the Tools > Altiris Tools menu:
[Application name or submenu declaration]
MenuText=<the application name displayed in the menu>
Description=<the name displayed when you mouse over the menu item>
WorkDir=<directory set as default when executable is run>
Executable=<path to the executable files>
93
The ATools.ini file extends the main Tools menu on the console. This sample file contains one
submenu, Web Tools, and two additional menu items, Notepad, and Netmeeting. The INI files are
located in the Deployment Share.
[Submenus]
Web Tools=wtools.ini
[Notepad]
MenuText=Notepad Editor
Description=Simple Editor
WorkDir=.
Executable=C:\WINNT\notepad.exe
[NetMeeting]
MenuText=NetMeeting
Description=NetMeeting
WorkDir=.
Executable=C:\Program Files\NetMeeting\conf.exe
Another Tools INI file is named wtools.ini. It is a submenu file referenced by the main ATools.ini file.
On the main menu this is titled Web Tools (see Tools.ini) and contains two applications, Explorer
and Acrobat.
[Explorer]
MenuText=Explorer
Description=Windows Explorer
WorkDir=.
Executable=C:\Program Files\Internet Explorer\explorer.exe
[Acrobat]
MenuText=Acrobat Reader
Description=Acrobat Reader
WorkDir=.
Executable=C:\Program Files\Adobe\Acrobat\acrobat.exe
94
Click a job in the Jobs pane. The Condition feature will open in the Details pane. Click
Setup to add new conditions or edit existing conditions. When you are setting conditions
to schedule a job, select from a list of predefined database fields or create custom tokens
that key on other fields in the database.
Creating Custom Tokens
You can also create custom tokens to set conditions based on the database fields not provided in the
available preset conditions. in the Conditions dialog box. For example, select User Defined Token
from the drop-down list in the Fields box. Select contains in the Operation field, and enter Milo in the
Value field. In the Token field, enter the following custom
token:%#!computer@lic_os_user%.This filters out only the jobs with the registered license user
named Milo. The job runs only on the computers that meet the specified criterion.
Default Filters
Filter Name
Description
Active Computers
Windows 9x/ME
Windows NT/2000/ Displays only the computers with Windows NT, 2000, or 2003 operating
2003
systems.
Windows XP
Windows CE
(PDAs)
Linux
Windows XP
Embedded
Windows CE .NET Displays only the computers with Windows CE .NET operating systems.
Pocket PC (PDAs) Displays only the Pocket PC computers.
Click a computer group in the Computers pane. The Filter feature is displayed in
the Details pane for the selected computer group. Click Setup to add new filters,
or modify, and delete existing computer filters.
To create or modify a computer filter
1
On the Filter bar in the Details pane, click Setup > New to create a new filter.
Or
95
General Options
Type a name for the filter, and click Add. The Filter Definition screen will be displayed.
General Options
Use Program Options feature to set general options for Deployment Solution. Click Tools > Options
to view the Program Options dialog box.
Console options
Set basic console features for miscellaneous refresh actions and warning messages.
Scan resource files for changes every ____ seconds. Specify how frequently (in seconds) the
Deployment Console updates its view of package files in the Resources view, see Shortcuts and
Resources View on page 91.
Warn user when no tasks are assigned to the 'default' condition. When a job is assigned to computers
and the Default condition has no tasks assigned, then a message box is displayed. The job has no
secondary default tasks assigned if a computer in the group does not meet the primary conditions.
See Setting Conditions for Task Sets on page 159.
Refresh displayed data every ____ seconds. Refresh the display of data accessed from the Deployment
Database. This lets you refresh console data at defined intervals rather than updating every time the
Deployment Console receives a command from the server, which can be excessive traffic in large
enterprises.
Global options
Set global options for the Deployment Server system.
Delete history entries older than _____ days. Specify the number of days an entry is kept in the history
until it is deleted. Enter any number between 1 and 10,000. If you dont select this option, log entries
will remain in the history.
96
General Options
Synchronize display names with Windows computer names. Automatically update the displayed name
of the managed computer names in the console when the client computer name changes. If this
option is not selected, changes to the computer names will not be reflected in the console.
Synchronization is off by default. The names do not have to be synchronized for the Deployment
Server to manage the computer.
Reschedule failed image deployment jobs to immediately retry.
Specifies a static TCP port for file transfers to the clients. The
default value is 0 and causes the server to use a dynamic port. This setting is useful if you have a
firewall and need to use a specific port rather than a dynamically assigned port.
Automatically replace expired trial licenses with available regular licenses. Allows Deployment
Solution to automatically assign a permanent license to the computer after the trial license expires.
Be careful when using this option. Make sure that you do not give a permanent license to computers
that you do not want to manage after their trial license expires.
Display Imaging status on console. Displays the status of the imaging job on the Deployment Console.
Remote control ports. Specifies ports for using the Remote Control feature. You have the option to
enter a primary port address and a secondary port address (Optional).
Primary lookup key. Specifies the lookup key type used to associate a new computer with a managed
computer. The options are Serial Number (SMBIOS), Asset Tag (SMBIOS), UUID (SMBIOS), or MAC
Address.
Sysprep Settings.
This lets you enter global values for Sysprep. See Sysprep Settings on page 97.
Sysprep Settings
View and configure the Sysprep settings for the Deployment Server.
Per Seat indicates that the end user has purchased a client access license for each
computer accessing the server.
Per Seat:
product key. You are prompted with a message stating that the product key is being used by
another task.
97
General Options
RapiDeploy options
This feature optimizes the multicasting ability of the RapiDeploy application in Deployment Server,
allowing you to deploy images to a group of computers simultaneously, download an image from a
file server, or access a local hard drive, and manage the imaging of several client computers
concurrently.
Because RapiDeploy is more efficient when writing directly to the IP address of the network adapter
driver, you can enter a range of IP addresses when using the multicasting feature to speed computer
deployment and management. Deployment Server accesses the range of computers using the defined
IP pairs and avoids retrieving the computers through the port and OS layers.
However, because some network adapter cards do not handle multiple multicast addresses, you can
also identify a range of ports to identify these computers. On the first pass Deployment Server
accesses the selected computers using the list of IP numbers. On the second pass, Deployment Server
accesses the selected computers using the port numbers or higher level operating system ID's.
Note: Multicasting images is not supported when using the UNDI driver on PXE, and will be
98
When the Deployment Agent connects, Deployment Server verifies if the computer is a new or
existing computer. If the client computer is new and if the Force new agents to take these default
settings option is selected, then the Deployment Agent on the client computer receives the default
settings established in the Options > Agent Settings dialog box. If the computer is recognized as an
existing managed computer, then it uses the existing agent settings.
The alias name you would like to use when referencing the external SQL database.
Server.
Database.
The name of the external database from which you want to extract data.
Use Integrated Authentication. This option tries to authenticate to the external database using the
domain account you are currently logged on as.
User name and Password. When the integrated authentication is not being used, you must provide
a user name and password to authenticate to the external database.
Click Allowed Stored Procedures to allow or deny access to stored procedures for a custom
database.
Virtual Centers
You can keep a list of all VMware Virtual Center web services. The hosts and virtual computers
from each Virtual Center that have corresponding computers in the Deployment Database will be
displayed in the computer tree. These virtual computers display under Virtual computers node in the
Computer pane.
Click Add on the Virtual Center page, and enter the Server host name, display name, and user name.
You can also set up a password for the selected user.
Note: Computers used as VMware hosts must have UUIDs.
99
To set general security rights, click Tools > Security and add a user name and
password. You can create users and groups and set scope-based rights.
To set feature-based permissions for specific computers or jobs, select the object
in the console, right-click and click Security.
See also
Best Practices for Deployment Solution Security (page 100)
Enabling Security (page 100)
Setting Permissions (page 103)
Groups (page 102)
Rights (page 102)
Enabling Security
You can enable security by first creating a group with Administrator rights, adding a user to the
Administrator group, and then selecting Enable Security.
Note: When the Administrator Right is selected, you do not need to select any other rights because
the Administrator Right implies that all other rights are selected.
Click Manage User Groups tab and click Add. The Add User Group dialog box displays.
Select the authentication type. You can choose to add a DS group or a group from the Active
Directory. To add groups from Active Directory, see Adding groups from the Active Directory
on page 102.
Click DS Group
Note: The Browse button is disabled for Local Group.
100
Type a name and description in the Add User Group dialog box. Click OK.
The group name displays in the window.
Select Administrator in the Rights dialog box. This assigns complete rights and permissions to
the group. Click OK, and click Close.
On the main Security dialog box, click Manage Users tab, and click Add.
The Add User Account dialog box displays.
Select the authentication type. You can choose to add a DS user or a user from the Active
Directory. To add users from Active Directory, see Adding users from the Active Directory on
page 101.
10
11
Type user name, full name, and password. Retype the password, and provide a description for
the user. Click OK.
12
Select the user name in the main Security dialog box. Click the Rights button.
13
Click the name of the new Administrator group in the Groups window. This assigns the new user
to the new group with Administrator rights. Click OK.
Note: You can assign the user Administrator rights directly, but assigning users to groups is
advised. See Best Practices for Deployment Solution Security on page 100.
14
Now that you have a user with administrator rights, select the Enable Security box.
Security is now enabled. You can now create users and groups and assign permissions to computer
groups and job folders.
Adding users from the Active Directory
You can add users from the Active Directory.
1
In the main Security dialog box, click Manage Users tab, and click Add.
If you know the user name, type it in the User name box, or click Browse to select user from the
Active Directory.
The password field is deactivated as the user is being added from the Active Directory.
Note: You can add only one user at a time. To import users, see Importing users from the Active
Click OK.
Click Evaluate Rights to identify the combined rights of the selected user and its user group(s). This
feature identifies effective rights for each user by resolving any possible conflicts between multiple
group settings.
101
Groups
Assign the user to previously created groups. If you are enabling security, you can assign the user to
a group with Administration rights.
To add groups, from the Security dialog box, click the Manage User Groups tab, and click Add. Select
the authentication type, and then type the required details. You can view the members of any group
by clicking the group in the Manage User Groups dialog box and clicking View Members.
See also Best Practices for Deployment Solution Security on page 100, and Enabling Security
on page 100.
Adding groups from the Active Directory
You can add users from the Active Directory.
1
In the main Security dialog box, click Manage User Groups tab, and click Add.
If you know the group name, type it in the Name box, or click Browse to select the group from
the Active Directory. A list of groups, along with their descriptions, display in a new dialog box.
Select a group from the list, and click OK.
The Name, Domain, and Description gets automatically filled. However, you can modify the
description. Click OK.
The newly added group displays in the main Security dialog box.
Importing groups from the Active Directory
You can also import users from the Active Directory. In the main Security dialog box, click Manage
User Groups tab, and click AD Import to open a standard Windows Active Directory dialog box. Add
groups from Active Directory. You can choose a domain from the Domain List, and select a group
from the displayed list. The group is added to the Deployment Database. However, you still need to
assign the users to security groups with appropriate rights and permissions.
DS Authentication
If the user is already in the DS database, and it tries to access the Deployment Console, then
Deployment Server checks the authentication with the logged on user, and upon matching does not
prompt for user credentials. Similarly, if a group has already been added in the DS database, and if
a system logged-on user, who is a part of the AD group, tries to access the Deployment Console,
then Deployment Server does not prompt for credentials.
Rights
This dialog box lets you set general rights for a user or group. To verify, add or change the rights
assigned to each console user, use the following steps:
1
From the Set Rights For window, click the Rights tab.
Select the checkbox for each right that you want to grant.
A brief explanation of each Deployment Server right that can be assigned is detailed below:
Administrator. Lets user access to all features available on the Deployment console. You must
have Administrator rights to enable security. See Enabling Security on page 100.
Options Console. Lets you set Console options. If this checkbox is selected, you can set the view
Options Global. Lets you to set Global options. If this checkbox is selected, you can view and set
Lets you set Domain Accounts options. You can view and set the
102
Options RapiDeploy.
options.
Lets you set RapiDeploy options. You can view and set the RapiDeploy
settings.
Lets you set Agent Settings options. You can view and set the agent
Options Custom Data Sources. Lets you create Custom Data Sources options. You can view,
create, and set database aliases.
Manage Rejected Computers.
change status.
Refresh Clients. Lets you Refresh Deployment Solution clients. You can use
clients <CTRL +F5> feature to disconnect and reconnect client computers.
Allow scheduling on All Computers. Lets you schedule jobs on All Computers. If you have
administrator rights, then by default you have the rights to schedule job on all computers,
irrespective of the checkbox state. You can grant this right to a specific user or a group.
Import/Export. Lets
you import and export jobs and import computers as well. See Importing
and Exporting Jobs on page 184 and Importing New Computers from a Text File on
page 110.
Options Task Password. Lets you centrally update passwords for users and groups so they can
access the tasks: Copy File to, Distribute Software, Run Script, Distribute Personality, and Capture
Personality when creating or modifying. You must have administrative rights to access this
Options Virtual Centers. Lets you view and add options for Virtual Centers. See Virtual Centers
on page 99.
Setting Permissions
Set permissions for jobs, job folders, computers, and computer groups. See Best Practices for
Deployment Solution Security on page 100 for additional design tips.
1
Right-click on a computer group or job folder (or individual computers and jobs) and select
Permissions. The Object Security dialog box displays.
Click the Groups tab and select a group name. Or click the User tab and select a user name.
From the list in the right pane, select if you want to Accept or Deny permission to run the
operations on the selected computers or job objects. These permissions include access to Remote
Operations Using Deployment Solution and features for scheduling Deployment Tasks.
Select the Allow or Deny checkbox to explicitly set security permissions for these Deployment
Solution features for the selected objects.
Note: Administrators have access to all objects with unrestricted rights and permissions. You
cannot explicitly deny permissions to computer or job objects for users with administrator rights.
To assign permissions to multiple groups, click Set permissions on all child objects to assign the
values without closing the dialog box.
Click Close.
Note: You can set permissions for all jobs and computers by clicking in the Jobs pane or Computers
pane without selecting a job or computer object.
Permission Rules
Permissions received through different sources may conflict with each other. The following
permission rules determine which permissions are enforced:
Permissions cannot be used to deny the user with Administrator console rights access to use
any console objects or features.
103
Deny
Permissions do not flow down an object tree. Instead, the object in question looks in the
current location, and then up the tree for the first permission it can find and uses the same.
If a console user does not have permissions to run all of the tasks the job contains, the user is
not allowed to run the job.
overrides Allow. When a user is associated with multiple groups, one group could be
allowed a permission at a particular level while the other group is denied the same
permission. In this scenario, the permission to deny the privilege is enforced.
Evaluate Permissions
Click Evaluate Permissions to identify the combined permissions of groups and containers with
contrasting permissions. This feature identifies effective permissions for each object by resolving
any possible conflicts.
If a job includes multiple tasks and one of the tasks does not have sufficiently assigned permissions,
then the whole job fails due to lack of access permissions.
Note: Permissions to schedule jobs also allows a user to delete jobs in the Details pane after a job
runs. For example, if a job contains errors and does not run, then no other jobs can be scheduled. The
user must delete the job before scheduling a new job.
Click File > Connect to or press CTRL+O to open the Connect to Deployment Server
dialog box. Enter requisite information to connect to the external Deployment
Server connections using an ODBC driver.
Note: Although you are accessing another connection (another Deployment Database), Windows
remembers the last place you browsed to, which would be the Deployment Share of the previous
Deployment Server connection. You need to browse to the new connections Deployment Share to
access its shared folder containing its RIPs, images, executables, and other resources.
In the Create a New Data Source to SQL Server dialog box, enter a name and description for
the data source.
If an entry for your server already exists, select it from the menu. Otherwise, enter the name
of the server hosting your remote SQL server in this box. Click Next.
Click Next in the Create a New Data Source to SQL Server dialog box to accept the default
settings.
Select the Change the Default Database to: checkbox and then select eXpress from the menu.
Click Next.
Click Finish. The specifications for the ODBC data source displays.
104
Click OK. You will return to the main ODBC Data Source Administrator dialog box with
your new data source listed in the System DSN tab. Click OK.
Using the menu in the ODBC Data source name dialog box, select the new Data Source name
you just created.
In the Installation Directory path field enter the full UNC path (or path using any locally mapped
drive) to the directory of the required Deployment Server, for example:
\\SalesServer\express or H:
Click OK.
105
Chapter 5:
Managing Computers
From the Computers pane of a Deployment Solution console, you can identify, deploy, and manage
all computer resources across your organization, including desktop computers, notebooks,
handhelds, network and web servers, and network switches. You can quickly modify any computers
configuration settings or view its complete management history. Or you can take on big projects,
like completely re-imaging the hard drive, restoring software and migrating personality settings for
a whole department. You now have management of all your computer resources available from a
Windows or web console from any location.
All computer resources can be accessed and managed as single computers or organized into
computer groups with similar hardware configurations or deployment requirements, allowing you to
run deployment jobs or execute operations on multiple computers simultaneously. You can use
search features to locate a specific computer in the Deployment Database, or set filters to sort
computers by type, configuration, OS, or other criteria.
Manage with Computer icons. Major computer types are identified by a computer icon in the
console, with a listing of scheduled jobs and operations associated with each computer. In the
Deployment Console, you assign and schedule deployment jobs to computers or groups by dragging
the computer icon to a job in the Jobs pane, or vice versa. See Viewing Computer Details on
page 107.
Computer icons displays in the Computer pane of the Deployment console where
they can be organized into groups. To assign and schedule a computer in the
Deployment Server Console, drag a computer icon or group icon to a job icon.
Add new computers. Deployment Solution lets you add new computer accounts and set
configuration properties for new computers before they are recognized by the Deployment Server
system. Preset computer accounts will automatically associate with new computers when they start
up, or can be associated with pre-configured computers. See Adding New Computers on page 108.
Click the New Computer button on the console to create a new computer account.
You can also click File > New > Computer or right-click in the Computers pane
and select New Computer.
When the new computer starts up you can assign it a preset account.
Click the New Group button on the console to add a new group in the Computers
pane of the Deployment console. You can also click File > New > Computer Group
or right-click in the Computers pane and select New Group.
Deploy to groups of computers. Organize computers by department, network container, hardware
configuration, software requirements, or any other structure to meet your needs. You can then
deploy and provision computers on a mass scale. To filter computers in a computer group to
schedule jobs only to the appropriate computer types, see Computer Filters and Job Conditions on
page 94.
Configure Computer Agents. See the property pages for modifying Deployment Agent settings.
106
View and configure computer properties. You can modify computer settings for each computer
from the console. See Computer Configuration Properties on page 111. Or you can view the
Computer Properties page for detailed access to a computers hardware, software, and network
property settings. See Computer Properties on page 131.
Run remote operations from the console. Perform operations quickly in real-time from a
Deployment console. Restore a computer to a previous state, configure property settings, send a file,
remote control, chat, set security, run deployment jobs or select from additional management
commands. See Remote Operations Using Deployment Solution on page 134.
Build and schedule jobs. Build deployment jobs with one or more management tasks to run on
selected computers. Create jobs and add tasks, then assign the job to computer groups. Jobs can be
organized and assigned for daily tasks or to handle major IT upgrades. See Building and Scheduling
Jobs on page 154.
Manage Handhelds. Deployment Solution manages handheld computers (PDAs). See
.Deployment Agents for Pocket PC on page 127.
Manage Servers. Deployment Solution also manages network or web servers to administrate highdensity server farms or server network resources across your organization. See the Deployment
Solution Reference.
Managed Computers
Computer connected to Deployment Server but the user is not logged on.
Computer not currently connected to the Deployment Server but known to the
Deployment Database.
A pre-configured with values defined in advance using the New Computer feature. As
soon as the computer connects and the Deployment Server recognizes the new
computer and changes the icon. See Adding New Computers on page 108.
A managed computer waiting for user interaction before running deployment tasks.
This icon displays if the Workstations checkbox is selected in Initial Deployment. See
Sample Jobs in Deployment Solution on page 186.
A master computer is identified as a computer used to broadcast images to other client
computers.
107
Managed Computers
A managed server connected to the Deployment Server with a user logged on.
Additional icons identify different states of server deployment.
A managed Linux computer connected to the Deployment Server with a user logged on.
Additional icons identify different states of Linux computer deployment.
Computer Groups
Select the New Computers or All Computers group to run jobs or operations for these
default groups identified by an icon in the Computers pane.
Additional computer groups can be added to the Computers pane to organize similar
computer types or to list computers of similar departments or locations. Click the New
Group button or select New > Computer Group to create a new group.
See also Deployment Agents on page 118.
Install the Deployment Agent. If you install the Deployment Agent to a computer with the
operating system already installed, then the computer will be added automatically to the
Deployment Database at startup. New computers with the Deployment Agent installed will be
added to the All Computers groups (unless otherwise specified in the Deployment Agent
configuration). You can then move the computer to another group if desired.
Use Initial Deployment to configure and deploy new computers booting to automation.
Starting up a new computer with the Automation Agent lets you image the hard drive, assign IP
and network settings, distribute personal settings and software, and install the Deployment Agent
for new computers. Using Initial Deployment you can associate new computers with preconfigured computer accounts. These newly configured computers display in the New Computers
group. See Sample Jobs in Deployment Solution (page 186) .
Create or import computer accounts from the Deployment console. You can add new
computers using the New Computer feature or import computers using a delimited text file. You
can pre configure computer accounts by adding names and network settings from the console.
See Creating a New Computer Account on page 109.
108
The New Computer icon displays for a new computer if the MAC Address is
provided when creating a new computer account using any import or new
computer account feature.
A pre-configured computer account icon displays if specific hardware data
(MAC Address) is not known. As soon as the computer starts up and is
associated with a pre-configured computer account, then Deployment Server
recognizes the new computer and the icon changes.
A pre-configured computer account can be associated with a new computer using the Initial
Deployment feature. You can create multiple pre-configured computer accounts and then associate
the account with a new computer when it boots to automation. At startup, the configuration settings
and jobs assigned to the pre-configured computer account can be associated with the new computer.
Pre-configured Computer Account
Deployment Solution provides features to create a pre-configured computer account to pre-define a
computers configuration settings and assign customized jobs to that computer even if you do not
know that computer's MAC address. This type of computer is known as a pre-configured computer
account.
Pre-configured computer accounts offer a great deal of power and flexibility, especially when you
need to deploy several computers to individual users with specific needs. The pre-configured
computer account saves your time because you can configure the computer before it arrives on site.
You can set up as much configuration information (computer name, workgroup name, and IP
address, for example) that you know about the computer and apply it to the new computer as it comes
online. You can also prepare jobs prior to the arrival of the new computer to deploy the computer
using customized images, MSIs and RIPs based on a user's specific needs.
Example: a user might request Windows 2000 with Office 2000 and virus scanning software
installed on the new computer. The user also might request that his or her personality (customized
user settings, address books, bookmarks, familiar desktop settings) be migrated from the old system.
You can build any job, including any of the available tasks, and assign it to a pre-configured
computer account.
When the new computer finally arrives, you will be ready to deploy it because you have done all the
work ahead of time. Boot the client computer to automation (, and the new computer will connect to
the server and become a managed computer. Then you can perform an Initial Deployment, or run a
deployment imaging job on the new computer.
Click the New Computer button on the console to create a new computer account.
You can also click File > New > Computer or right-click in the Computers pane
and select New Computer.
109
Click Add.
Enter names and configuration settings for each new computer account using the Computer
Configuration screens. See Computer Configuration Properties on page 111 for a description
of the configuration settings.
Note: If you do not enter a MAC address, the computer you create or import will become a
virtual computer.
Click Import to add new computers from a delimited text file (see Importing New Computers
from a Text File on page 110). This is optional.
Click OK.
A pre-configured computer account icon displays in the Computers pane.
When a new computer starts up, you can assign it to this preset account.
To create and associate multiple computer accounts
You can create computer accounts and automatically assign predefined names. These computer
accounts can then be associated with computers in a selected computer group.
1
Select a computer group, including the New Computers group (empty groups cannot access
features). Right-click and select the Configure command.
Enter names and configuration settings for each new computer account using the Computer
Configuration screens. See Computer Configuration Properties on page 111.
Click the Microsoft Networking category and click the Define Range button. This is optional.
a
In Fixed Text box, type a base computer name. Example: enter Sales.
Type a numeral or letter in the Range Start box to add to the Fixed Text name. This will create
a unique name for a group of computers starting with the specified character. The range of
numerals and letters will be assigned to the computer name. Example: enter 3.
Select Append to add the range of numerals after the computer name. Clear the checkbox to
add names before the computer name.
The example computer names will begin with Sales3 and end with Sales7.
Click OK.
Click the Associate button. You can now associate computers in a group (including the New
Computers group) with the multiple computer accounts.
Click OK.
110
Note: Jobs can be added to the import file. They can be created and associated with the new
computers.
If the computer import file is incorrectly formatted, a warning displays, stating that the computer
import file is incorrect.
3
Edit computer settings by selecting a computer from the list and clicking the Properties button.
The Computer Properties sheet opens to edit or add values not set in the import file, such as
computer name, TCP/ IP settings, user name, and other configuration settings.
Click OK.
The imported computers displays in the Computers pane of the Deployment console.
You can also import a computer to be placed in a sub-folder in the Computers pane and create a job
to be associated with the imported computer. See the sample import file for additional information.
Referencing the Sample Import File
When creating an import file, use either the ImportComputers55.txt file or the
ImportComputers55.xls file in the Samples folder of the Deployment Share. The
ImportComputers55.txt file provides a sample import template you can access to test the Import
feature. The ImportComputers55.xls file is a Microsoft Excel spreadsheet that lets you add
values to each identified column and then save the file as a delimited TXT file to import to the
Deployment Database. The sample import file places a computer (DB Computer 1) in a computer
group (Test Group) and adds a job (Test Job) that is associated with the imported computer.
Note: Altiris Deployment Solution 5.5 and later use the 5.5 format for importing computers.
If you need to deploy large numbers of computers (100 to 5,000), consider using a barcode scanning
system to collect user information (names, OS and application needs) and computer information
(MAC address, serial numbers, asset tags). You can save this information to a file, which can then
be imported into the New Computers List View. Depending on the number of incoming computers, the
amount of information you have about those computers, and the needs of individual users, you can
use either the pre-configured computer account method (best for smaller numbers of new computers)
or the Initial Deployment job (best when deploying generic setups by departments or groups).
If you are using an import file, make sure you know primary lookup key. This is the piece of
information that Deployment Server needs to set up a unique computer. The primary lookup key can
be Serial Number, Asset Tag, UUID, or MAC address.
Modifying Configuration (page 176) . Create or edit property settings in a deployment job.
Click the configuration group icons to set additional computer property values. After you edit these
computer property settings, the computer will be restarted so that the changes can take effect.
Microsoft Networking Configuration Set the Windows name of the computer and the
Settings
Workgroup or Domain settings.
111
OS Licensing Configuration Settings Set the registered user name and view the hashed
installation license key for the installed operating system.
User Account Configuration Settings Set the local Windows user account values.
Field
Description
Name
Provides a name that displays in the Deployment console (not the BIOS name
of the computer).
Note: The Name box will be disabled for multiple computer configuration.
MAC address
Serial Number
Asset Tag
Computer Name
IP Address
Registered User
The name of the user who registered the operating system software
License key
The hash value rendered from the OEM key or 25-digit license key required
when installing the operating system.
User name
Full name.
Password
112
Field
Description
Computer Name
This is the NetBIOS name for the computer. The name must be unique in the
network and is limited to 15 characters.
Note: The Computer Name box will be disabled for multiple computer
configuration.
Define Range
Click to create a sequential range of computer names. You can identify a root
name and automatically increment its associated number. This option is
available when selecting groups of computers.
Note: When setting name ranges, do not set names using multiple Modifying
Configuration tasks and then assigning the names by Setting Conditions for
Task Sets. If you set up two separate name ranges to be assigned by separate
conditions, then the computer names will increment irrespective to the base
name.
Workgroup
Click and enter the name of the workgroup to place the managed computer.
Domain
Enter either the fully qualified domain name, the DNS domain name, or the
WINS domain name. You can enter the fully qualified domain name (for
example, mjones.yourcompany.com), and specify the organizational unit
(OU) using this format: OU/newOU/users. The complete entry to place the
computer in the users OU is the following:
mjones.yourcompany.com/OU/newOU/users
internal.myServer.org/New Corporate Computer OU/Mail Room/
Express Mail Servers
113
Field
Description
Computer Name
Range
For new computers, set a range of names for multiple new computers:
Fixed text. Enter the text portion of the name which you want associated
with each computer, for example: Marketing.
Range start. Enter a whole number to add to the fixed text, for example: 1.
Append. Select this checkbox to add the range after the fixed text in the
computer name. If you clear this box then the number will be added as a
prefix to the fixed text.
Result.
Select the checkbox to specify the computer name using tokens. Selecting this
option enables the Select Token combo box and disables the Define Range
option.
Note: This option is applicable for multiple computers and not for single
computers.
Select Token: You can select one of the six tokens from the drop-down list.
%NAME%- Complete computer name.
The NIC Number textbox is visible for NIC number input; the default value is 1.
114
Field
Description
Host name
Network Adapter
address.
DHCP server.
values.
IP Interfaces
Common IP Information
Field
Description
IP Address
Subnet mask
115
Linux Specific
Field
Description
Interface Name
Establish Linux-specific IP interface settings. Make sure you use the eth
syntax when naming new interfaces, for example: eth0:1 or eth0:new
interface.
Broadcast Address Enter the Broadcast address for the specified IP interface.
Interface State
The default value of the interface state is Up, which denotes that the named
interface is operating. You can shut down the named interface by selecting
Down.
See also Computer Configuration Properties on page 111.
Add additional Domain Naming Servers (DNS) for this network adapter.
Add the name of the Domain Suffix, and then use the Up and
Down arrows to set the DNS suffix search order.
IP,
Note: Windows 95/98/ME operating systems do not allow editing this information. The Deployment
116
Description
Destination
Netmask
Gateway
Interface
Enter the IP address for the interface over which the destination can be
reached.
Metric
Flags (Linux)
Enter the flag associated with a linux specific OS. Possible flags include:
U (route is up)
H (target is a host)
G (use gateway)
R (reinstate route for dynamic routing)
D (dynamically installed by daemon or redirect)
M (modified from routing daemon or redirect)
A (installed by addrconf)
C (cache entry)
! (reject route)
Ref (Linux)
Use (Linux)
Field
Description
Ignore NetWare
settings
Select to disregard all Novell NetWare client settings for this computer.
Preferred server
Click and enter the name of the NetWare server, for example: \\OneServer.
This is the primary login server for the NetWare client.
Preferred tree
Click and enter the name of the user object for the NetWare client.
NDS Context
Click and enter the organizational unit context for the user.
117
Deployment Agents
Field
Description
Registered user
Organization
License key
Enter the alpha-numeric license key. This is the hash value rendered from the
OEM key or 25-digit license key required when installing the operating
system.
See also Computer Configuration Properties (page 111) .
Field
Description
User name
Full name
Password
Confirm Password Confirm the password for the local Windows user account.
Groups
Specify the Windows groups that this user will belong to as a commadelimited list, for example: Administrators, Marketing, Management
Select to force the user to change the password after setting the configuration
properties.
User cannot change Prohibit the user from changing their password at any time.
password.
Password never
expires.
Deployment Agents
The Deployment Agent is installed as the Production Agent to each client computer in the
Deployment Server System. This lets you remotely manage computers from the Deployment
Console and perform production tasks, such as run script, distribute software, get inventory, and
more.
118
Deployment Agents
The Automation Agent is installed to client computers so you can run deployment jobs with
Automation tasks, such as run script, create disk image, scripted OS install, and more.
You can install the Deployment Agent to client computers in the production environment, running
Windows or Linux, or PPC Handhelds or Thin Client devices running CE. NET.
See also Production Agent Settings (page 120) , and Automation Agent Settings (page 125) .
Click Agent Settings. For handhelds, tap the Pocket PC Client icon in the
system tray and select Properties.
See
To view or modify settings at a Windows client computer
Right-click the Deployment Agent icon in the system tray.
Click Properties.
See
Automation Agent
Deployment Agent on Pocket PC Runs on the host computer for a handheld running the Pocket
PC operating system. See .Deployment Agents for Pocket
PC on page 127.
Deployment Agent on Pocket PC Runs on the handheld computer.
Deployment Agent on CE .NET
119
Deployment Agents
When the Deployment Agent is running on a computer, the user will see a small icon
in the system tray. When the icon is blue, then the client computer running the
Deployment Agent is connected to the Deployment Solution system.
When the Deployment Agent icon is clear, it shows that the client computer is not
connected to the Deployment Solution system. The agent may be configured
incorrectly, the Deployment Server is down, or other network problems exist.
Automatically update to newer version of Deployment Agent
At times, Altiris may update versions of the Deployment Agent to enhance features. For best
performance, it is suggested that all managed computers run the latest version of the Deployment
Agent. When a new version of the Deployment Agent is saved to the Deployment Share file server,
the managed computers will automatically update the Deployment Agent.
1
From the computer where Deployment Server is installed, click Start > Programs > Altiris >
The Deployment Server Configuration utility will open.
Click Options.
Click Transport.
Select the Force new agents to take these default settings checkbox to set the
Deployment Agent setting for all new computers.
Click OK.
Click Properties.
When the Deployment Agent in the production environment is first started, the agent establishes a
connection to the Deployment Server using the following general steps:
1
120
Deployment Agents
After the initial connection process is complete, no additional data needs to be sent to or from the
Deployment Server for the Deployment Agent to remain connected.
Note: If no Deployment Solution traffic is sent to the Deployment Agent, the TCP/IP protocols send
an occasional watchdog packet (approximately every 24 hours) to ensure that the connection is still
valid.
Field Definitions
View status. Bring up the Altiris Client Service page to observe the current status of the Deployment
Agent. You can also see computer name, deployment server connected to, IP address, multicast
address, and MAC address. You can also watch Deployment Agent communicate with the
Deployment Server. Clicking the Properties button will allow you to edit the Deployment Agent
properties. Passwords will protect this option.
About. Display the version and licensing statement for Deployment Agent. Passwords have no effect
on this option.
View log file. View the Deployment Agent log file, if you have chosen the option to create a log file.
Shutdown for imaging. Make an image of a computer without using a job. This will make the required
preparatory changes to the computer before an image is made. Failure to do this will break the
reconfiguration phase when deploying the image using a job. Passwords will protect this option
Change Name in Console. Change how this computer is listed in the deployment server console. This
option does not change the NetBios name of the computer or the name of the computer in the
database, but only changes the name of the computer displayed in the Computers window.
Passwords will protect this option.
Remove.
Uninstall Deployment Agent from the computer. Passwords will protect this option.
Exit. Stops all Deployment Agent services from running but does not uninstall Deployment Agent.
Deployment Agent will load normally the next time you boot the computer. Passwords will protect
this option.
User Properties.
Quickly go to the User Properties page to view or make changes. Passwords can
protect this option.
Admin Properties. Quickly go to the Admin Properties page to view or make changes. Passwords will
Show Network Interfaces. View what network cards are in your computer. Passwords will protect this
option.
121
Deployment Agents
Server Connection
Log File
Access
Proxy
Security
Startup/Shutdown
Server Connection
Connect directly to this Deployment Sever. Select this option so that the client receiving the
Deployment Agent will connect to the Deployment Server you selected to configure.
Address/Hostname.
Port.
Discover Deployment Server using TCP/IP multicast. Managed computers can use the multicast
address if they are on the same segment as the Deployment Server or if multicast is enabled on the
network routers. Ensure that the multicast address and port match those set up on the Deployment
Server. Try using defaults on both the client and Deployment Server if you are having problems
connecting.
Managed computers should use the Deployment Server IP address if multicasting is disabled on the
network routers or if they are not on the same network segment as the Deployment Server. The port
number must match the number set on the Deployment Server. Otherwise, your clients will not be
able to connect.
Server Name.
Port.
Enter the NetBIOS name of the computer running the Deployment Server.
TTL. Specifies the number of routers the multicast request is allowed to pass through.Change this
setting if you need to find a Deployment Server that is more than 32 routers away (default setting)
or if to restrict the search to a smaller number of routers, making it easier to find the closest
Deployment Server.
Refresh connection after idle. Select the Refresh Connection after idle checkbox and then set the
refresh time by seconds, minutes, hours, or days. The Deployment Server will close the connection
after the specified time and immediately try to re-open the connection. This will force clients to
realize the network is down.
The default checking is of 28800 seconds or 8 hours. It is recommend keeping this setting above
28800. Do not set this option too low--reconnecting to the Deployment Server increases bandwidth
when connecting. If this option is set too low you can run into problems where it takes longer for
your clients to connect than to refresh their connections.
Abort files transfers if the rate is slower than. Preserve bandwidth on slower connections by
selecting this option, which will save bandwidth when running deployment tasks on slower
connections.
Access
Set these commands to control how the client handles requests from the server.
Allow this computer to be remote controlled. Select to allow the administrator to remote control the
selected computer. The default setting is to NOT allow the computer to be remote controlled.
122
Deployment Agents
Shutdown and Restart. Select for the user to be prompted before shutting down or restarting the
computer. This feature overrides the Power Control option from the Deployment Server to Force
applications to shut down without a message.
Copy file and Run command. Select for the user to be prompted before running a program or executing
Select for the user to be prompted before running the Remote Control commands.
You can set a default time before running or aborting the commands. Select the time for the user to
respond and then either continue with the operation or abort the operation.
Time to wait for user response. If one of the Prompt the user before perform actions is selected and the
user is not at the computer to respond, you need to decide whether to continue or abort. Select the
amount of time you want to wait for a response, and then select one of the following:
Select when the Deployment Server is denied access to the Deployment Agent. Select the days and then
set the start and end times when access to the Deployment Agent is denied.
Security
This page lets you secure data between the Deployment Server and the Deployment Agent, or to set
a password so that the user on the client computer can only view and modify the User Properties of
the Altiris Client Settings on the managed computer.
Select to ALLOW encryption from this
managed client computer to the Deployment Server. This allows encrypted data transmissions
between the Deployment Server and the Deployment Agent on the client computer. If selected, then
the client computer can connect (but is not required to connect) using encryption.
Encrypt session communication with Deployment Server.
To enable encryption protocols, you must open the Deployment Configuration tool and select the
Transport tab. Select the Allow encrypted sessions with the servers checkbox to allow Deployment
Server to transmit using encryption protocols.
Require encrypted session with any servers. Select to require encryption between the managed client
computer and the Deployment Server. If this option is selected and the option to allow encryption in
the Deployment Configuration tool is not selected, then the Deployment Server will not
communicate with the Altiris Client on the managed client computer.
Note: Selecting encryption options will slow down the communication path between the agent and
Enter the password in the Password field and reenter the password for confirmation in the
field.
Confirm Password
Hide client tray icon. Select to hide the Altiris Client icon in the system tray of the managed computer.
If you hide the icon then you will be required to run AClient.exe -admin to view and modify the
complete administration properties from the managed client computer.
Log File
The Log File property page controls how data is logged and saved in a Deployment Server system,
allowing you to save different types and levels of information to the log files. You can save a text
file with log errors, informational errors, and debugging data using this dialog box.
If the log exceeds the specified size then older data will be dropped from the files. You can maximize
the size of the log file to save all selected data.
123
Deployment Agents
File name. Enter the name and path of the log file. The default is to save the log file to the \Program
Files\Altiris\AClient\AClient.log file.
Maximum size.
Log errors.
Select this option to save only the errors returned when running a job or operation
between the Deployment Server and the Deployment Agent.
computer.
Select this option to save a list of procedural steps run on the client
Log debugging information. Select this option to list comprehensive debugging information in the text
file.
Use this tab to save the Deployment Agent log file. By default, the option Save log information to a
is cleared. Select it to enter a file name for the log and the maximum size for the log file.
text file
Note: If the log exceeds the specified size then older data will be dropped from the files, so it is
recommended to provide maximum file size.
Proxy
Typically, remote networks on the other side of a router or switch cannot receive multicast or Wake
On LAN packets from the Deployment Server. Setting the managed computer as a proxy client
computer will forward or re-create the multicast packets. A managed client computer set up as a
multicast proxy will simply act as a Deployment Server and advertise the servers name and IP
address through multicasting. Or you can set the managed computer as a proxy to send Wake On
LAN packets.
Set these options to control how the managed computer will act as a proxy agent, identifying the type
of traffic this managed computer will forward from the server.
Foward Wake-On-LAN packets.
packages.
Send multicast advertisement every. Set the time by seconds, minutes, hours, or days for managed
computers send multicast advertisement.
Startup/Shutdown
Delay starting jobs after system startup. Set the time by seconds, minutes, hours, or days for managed
Specify the Windows boot drive. Specify the drive that the client computer will boot from. The default
is C:
Force all programs to close when shutting down. Select this option to shut down applications when
using Power Control features. The user will still be prompted to Abort or Continue the shutdown.
Synchronize date/time with Deployment Server. Select this option to synchronize the system clock of
managed computers with the time of the Deployment Server.
Prompt for a boot disk when performing automation jobs.
Advanced
Disabled direct disk access for Deployment Agent for DOS (BootWorks) communication.
Select this
124
Deployment Agents
Deployment Agent on
Windows computers
Deployment Agent on
Linux systems
Yes
Yes
Yes
Yes
Scripted OS Install
Yes
Yes
Distribute Software
Yes
Yes
Capture Personality
Yes
No
Distribute Personality
Yes
No
Change Configuration
Yes
Yes
Yes
N/A
Yes
N/A
Run Script
Yes
Yes
Copy File
Yes
Yes
Shutdown/Restart
Yes
Yes
When a new client computer connects, it will receive the default agent settings from the Deployment
Server for drive mappings, authentication, and LMHost entries. Each client computer will still have
the capability to maintain its unique settings for the Automation Agent as it is defined when you
create new configurations, using Boot Disk Creator. The Automation Agent is installed as an
embedded (recommended) or hidden partition, or booted manually using one of Boot Disk Creators
creation methods. See Boot Disk Creator Help, and Installing Automation Partitions (page 142) .
See also Drive Mappings (page 126) , Authentication (page 126) , Network (page 126) .
125
Deployment Agents
Drive Mappings
Set drive mappings used by the Automation Agent to access hard disk image files and other packages
from a specified network drive. It is required that the F Drive be mapped to the Deployment Share.
You can also map other file server directories when storing large numbers of image files or
deployment packages.
Drive Mapping: By default, the mapped drive that displays is F: \\<Deployment Share server>\eXpress.
Click Add, Edit, or Remove to modify the mapping.
Note: You must select a shared folder for this field. The browse window lets you select any type of
folder, but the Automation Agent will only map to and access files from a shared folder.
Enter the path for the Deployment Share. The path you enter will map to the drive letter you
selected in the Drive field. You can also click Browse to navigate to the Deployment Share if you are
unsure of the directory path or if the image files are store on a file server.
Path:
Example:
Windows users:
NetWare users:
Linux users:
\\server\share
server\volume:directory
//server/mount point
See also Deployment Agents (page 118) , and Automation Agent Settings (page 125) .
Authentication
Provide the login credentials that the Automation Agent requires to map network drives. The
associated credentials for each network drive must have the rights that the Automation Agent
administrative rights to access files.
Domain/Workgroup. Enter the name of the Domain or Workgroup of the user that the Deployment
Agent for DOS will use to log on as to map the network drives.
User name. Enter the user name that the Automation Agent will use to log on to the server and shared
Password.
Confirm Password.
See also Deployment Agents (page 118) , and Automation Agent Settings (page 125) .
Network
These settings lets you match the IP address with the computer name, as maintained in the LMHosts
file in the Automation partition.
1
Click Add.
From the Add LMHosts Entry dialog, enter the Computer Name that you want to associate with and
IP address.
Enter the IP address of the computer, using one of the following options.
Option 1:
Option 2:
Click the Lookup IP button. The IP address field automatically populate with the IP address
of the computer name you entered in the Computer Name field.
Click OK.
See also Deployment Agents (page 118) , and Automation Agent Settings (page 125) .
126
Deployment Agents
Using the Pocket PC Agent, Deployment Solution manages handheld computers running the Pocket
PC operating system 2000 or later, and ARM processors.
To set or modify agent settings for the Pocket PC Agent on the host computer (to
manage in a cradle, attached cable, or wireless NIC), double-click the Pocket PC
Agent icon in the system tray. See Pocket PC Agent on page 128.
To set or modify agent settings on the Pocket PC Client on the handheld
computer, tap the Pocket PC Agent icon in the system tray of the handheld. See
Pocket PC Client on page 129.
Set configuration properties. Configure TCP/IP information and computer name. Many of the
File Copy. Download files to the local device file system. If the file transfer is interrupted, it will be
able to resume the file transfer where it left off.
Software Delivery. Send EXE files or CAB files to be launched or installed on the Pocket PC.
Time Synchronization. Synchronize the handhelds date and time with the Deployment Server.
Remote Control. Perform any task on the handheld from the Deployment Server Console as if you
were physically working on the handheld. Control a single client or group.
Reboot. Reboot HP iPAQs from the Deployment Server Console. At this time, this feature is
Name/Location/Email/Phone user settings. Set the owner information. If you choose the
advanced option in the console to prompt for these items, the user on the Pocket PC will not be
prompted, but instead the items will be taken from the owner information.
Not all management tasks are available when managing handhelds. These tasks are currently NOT
available for handhelds:
127
Power Control
Deployment Agents
If you select an unsupported task, you will receive an error stating that the feature is not available
for handhelds.
See also Connections to the Handheld on page 128, Pocket PC Agent on page 128, and Pocket
PC Client on page 129.
Many handhelds support direct network connections through a modem or LAN adapter. Handhelds
with a direct connection to the network can then be managed by Deployment Server. The Pocket PC
Client will first try to connect to a Pocket PC Agent. If that fails, it will try to connect directly to the
Deployment Server.
Important: The Pocket PC Client on a handheld using a cradle and ActiveSync 3.1 cannot directly
communicate with the Deployment Server and must use the Pocket PC Agent. However, if using
ActiveSync 3.5, the Pocket PC Agent is not required once the Pocket PC Client is installed. The
Pocket PC Agent is still useful for installing the Pocket PC Client onto the handheld, loading the
client, and managing client settings.
Pocket PC Agent
You can configure the Pocket PC Agent settings on the host computer. For a list of command-line
options when executing the PPCAgent.exe, see Command-line options for the Pocket PC Agent in
Deployment Solution Reference Guide.
To view or configure the Pocket PC Agent properties
1
Double-click the Altiris Pocket PC Agent icon in the system tray of the host computer. The status
of the connection between the handheld and the host computer will be displayed.
Click Properties.
128
Deployment Agents
This is the port that the Pocket PC Agent is listening on for Pocket PC connections.
The agent port is updated each time the handheld connects.
Pocket PC Client Properties
Set server IP and port equal to AClient. If you are running from a cradle or cable, select this option.
Let me specify the server IP and port.
Set Pocket PCs server IP and port upon cradle connection. Select this option to assign the handheld
the entered IP address and port number each time the handheld connects through the agent.
Click OK.
Pocket PC Client
You can the set properties on the Pocket PC Client program running on the handheld computer by
clicking the Pocket PC Client icon in the system tray.
To view or configure the Pocket PC Client properties
1
From the handheld, tap the Altiris Pocket PC Client icon in the system tray.
Tap Properties.
Tap the General tab and select if you want to synchronize time settings with Deployment Server.
Tap the Security tab to select options to be prompted before running actions on the handheld.
Tap the Transport tab to view or change settings (see settings details below).
Click OK.
Tap My Device.
If the handheld is attached to the cradle, you can restart the Pocket PC Client by restarting the Pocket
PC Agent or by reconnecting the handheld to the cradle.
See also Deployment Agents on page 118.
Modify Computer Configuration (the computer name and TCP/IP Setting only)
Distribute software (.cab and .exe files)
129
Execute and run scripts (DOS and WIN batch files) *no VBS support
Copy files and directories
Create disk images
Distribute disk images
Remote Control clients (24 bit color depth only. No chat or send file features)
Power Control (restart/shutdown/wake up jobs)
Set computer properties
Create conditions to run jobs and filter computers
Modify client properties via Windows and Linux agent settings
Additional features included with other Deployment Agents are not supported in the Deployment
Agent on CE .NET.
To install the Deployment Agent for CE .NET if deleted
If the Deployment Agent on CE .NET is deleted on the managed computer, it can be installed from
the Deployment Server \ Agents \ CEAgent folder in the Deployment Share.
From the managed computer you can then access the Deployment Share and launch the file to install
the agent. Example: type this command from the client computer:
\\<computer name>\express\Agents\CEAgent\CEClient_6.5.xxx.exe -install
If you select Start > Settings > Control Panel > System > Memory tab and move the slider to allow
more than half of the memory to be allocated to Storage Memory, then you will be able to execute
a job that copies an embedded automation package to the \Temp folder on the CE .NET device
and execute a Windows Run Script task containing Start \Temp\<Embedded BootWorks
Package.exe>. This will install the Automation Agent and leave 1 MB of free disk space on
the device. If the slider shows less than half the memory available allocated to Storage Memory,
then Windows CE may not restart.
Another option for freeing up additional disk space is to uninstall the pre-installed HP
applications, allowing you to free up to as much as 10 MB of disk space. This lets you install an
embedded automation package through a Distribute Software task. Again, if the slider is not
placed around the middle of the Memory tab, then an Error 112 may occur.
130
Computer Properties
Right-click the computer you want to reject from connecting to the Deployment Server.
Click OK.
Rejected computers are stored in a Rejected Computers list. Select View > Rejected Computers to
view this list.
Accept a Previously Rejected Computer
If you now want to accept a previously rejected computer, you can retrieve it and reconnect it to the
Deployment Server.
1
Click the Accept Computer(s) button to remove the computer from the rejected list (this doesnt
delete the computer, just removes it from the list of rejected computers).
This client computer may now be managed from within the Computers pane. Connection requests
from this client computer will now be allowed.
See also Deployment Agents on page 118.
Computer Properties
View and edit the computer properties for each managed computer.
General
Services
Hardware
Devices
Drives
Location
Network Configuration
Bay
TCP/IP
Lights-Out
Applications
131
Computer Properties
General
View or change the name of the computer as it displays in the console. You can
view the following: logged in user names, operating system installed, name of
the Deployment Server, whether or not an automation partition is installed,
version of the Altiris Windows Client, and other client information.
See also Computer Configuration Properties on page 111.
Hardware
View processor make and type, processor count, RAM installed on the
computer, display configuration, manufacturer, model, product name, MAC
address of each network adapter installed, serial number, asset tag, UUID, and
whether or not Wake On LAN and PXE are installed and configured.
See also Computer Configuration Properties on page 111.
Drives
View information about each drive on the computer. If you have multiple drives,
you can select a drive from the list box to view its settings, such as capacity,
serial number, file system, volume label, and number of drives installed.
See also Computer Configuration Properties on page 111.
Network Configuration
View Microsoft Networking, Novell Netware settings, and user information for
the selected managed client computer.
See also Computer Configuration Properties on page 111.
TCP/IP
View TCP/IP information, including a list of all installed network adapter cards
(up to eight) for the selected computer. Click Change to open the configuration
window allowing you to modify settings (see Configuring Computers on
page 137).
See also Computer Configuration Properties on page 111.
132
Computer Properties
Applications
View the applications that are installed on the computer, including description,
publisher, version number, product ID, and systems components.
Services
View the services installed on the computer as well a description, start type, and
path for each service.
Devices
View the devices installed on the computer, including display adapters, disk
drives, ports, storage volumes, keyboards, and other system devices.
Location
View and edit user-specific properties such as contact name, phone number, e-mail
address, department, mail stop, and site name. As the administrator, you can enter
this information manually or you can let the user populate this screen using Prompt
User for Properties.
See also Computer Configuration Properties on page 111.
Bay
View location information and other properties for Rack / Enclosure / Bay
components for high-density and blade servers. Set rules for automatic redeployment of blade servers based on physical location changes. This
property is available only to systems using blade servers.
133
Action
Re-Deploy Computer
The server will process any specified job. Select a job to run automatically
when a new server is detected in the bay.
This option lets you move blades to different bays without automatically
running jobs. The server blade placed in the bay is not identified as a new
server and no jobs are initiated. If the server existed in a previous bay, the
history and parameters for the server are moved or associated with the new
bay. If the server blade is a new server (never before identified), then the
established process for managing new computers will be executed.
(default) No job or tasks are performed (the Deployment Agent on the server
blade is instructed to wait). The icon on the console changes to reflect that the
server is waiting.
Lights-Out
View information about the remote management hardware installed on the
selected computer (most often a server) used to power up, power down and
restart the computer remotely, or to check server status. You can also enter the
password for the remote management hardware by clicking Password.
Note: This feature is currently only available for selected HP Integrated Lights Out (ILO) and
Remote Insight Lights-Out Edition (RILOE) features.
134
Computer Operations
Restore
History
View, print, delete, and save to file a history of deployment tasks. See
Viewing a Computers History on page 136.
Configure
Select a computer and image its hard disk. This will create and store the
image to distribute now or later. See Quick Disk Image on page 137.
Power Control
Wake up, restart, shut down, and log off remotely. See Power Control
on page 137.
Remote Control
Execute
Copy File to
Chat
ADVANCED >
Clear Status
Clear computer status as shown in the title bar of the List View.
Query the user for personal information. This feature sends a form to the
user to fill out. See Prompt User for Properties on page 142.
Reset Connection
Install Automations
Get Inventory
Reject Connection
Remove BIS
Certificate
Open this to schedule deployment jobs for the selected computer. See
New Job Wizard on page 155.
New Group
New Computer
Rename
Delete
135
Computer Operations
Change Agent
Settings
Security
Properties
Click the Show only list box and select only the type of tasks that you want displayed. Click the
Since list box to filter tasks by date. This is optional.
Click Next to schedule the job (See Scheduling Jobs on page 160).
Click Finish.
When you finish this computer operation, a new job displays in the Jobs pane of the Deployment
console under the System Jobs > Restoration Jobs folder. The job name will have a generic format of
Restore: <computer name>.
Viewing a Computers History
You can view a history of deployment tasks for a specific computer. Users who do not have
administrative privileges or the permissions to delete a computers history, will not have access to
this option.
1
Click Save As to save the file as a TXT or LOG file. This is optional.
Click Delete to delete the History file. Click Yes to the confirmation message.
Click Close.
136
Configuring Computers
From the Operations menu you can enter and modify configuration settings for computers. See
Computer Configuration Properties on page 111 for complete information about configuration
settings.
1
Set basic configuration values in the General configuration group (default view).
Click other configuration group icons in the left pane to set additional values.
Click OK.
Schedule the job to run immediately or at a later time. You can also click the option to not
schedule the job (this option places the job in the working area and will not run until you
manually drag it to a selected computer and reschedule it).
Click OK.
When you finish this computer operation, a new job displays in the Jobs pane of the Deployment
console under the System Jobs > Image Jobs folder. The job name will have a generic format of
Create Image: <computer name>.
Power Control
This computer operation lets you wake up a computer, restart a computer, shut down, or log off as
the current user for a selected managed computer. You can also power a computer on if Wake-OnLan is supported.
137
Wake up
Notes:
Shut down...
Click to shut down the selected managed computer. Select Force Applications
to shut down immediately without prompting
the user.
to close without a message box
Click to log off of the selected managed computer. Select Force Applications
to close without a message box to log off immediately.
Log off...
Select a Power Control option. A Confirm Operation dialog box will open. Select the Force
application to close without a message box to shut down users without a warning. If you do not
select Force application to close without a message, the user will be prompted to save any work
before the power operation is continued.
Click Yes.
Remote Control
Remote Control is a computer management feature built in to the Deployment Server Console. It lets
you control all types of computers to view problems or make immediate changes as if you were
sitting at the managed computers screen and using its keyboard and mouse.
Note: You cannot disable the flashing eye icon while the computer is being remote controlled.
The managed computer must have the Altiris Agent for Windows installed and properly set up.
The client must have the appropriate Proxy option checked in Altiris client properties.
The client and Deployment Server Console must be able to communicate to each other through
TCP/IP.
138
change this client setting using the Remote Control options in the Change Agent Settings
command. The default setting is to not allow remote control of the managed computer. See
Deployment Agent Proxy on page 124 options.
2
From the Remote Control window you can execute the following commands:
Toolbar
Chat
Click to open a chat session with the selected managed computer. This starts
a chat session between the console computer and the managed computer. The
chat session opens a chat window that lets you send messages back and forth
between the Console and the managed computer. If you are controlling
multiple computers in a single window and start a chat session, the chat
session is only between the Console and the master client.
Refresh
CTRL+ALT+DEL
Send File
Toggle Control
Control menu
Disable Input from
the Client
Click to prohibit the user of the managed computer from using the keyboard
or mouse during the remote control session.
Close Window
View menu
Refresh
Fit to Window
If this option is selected, the client display image becomes the same size as the
Remote Control window. If not, the image is the size of the client display.
Color Depth
Properties
To end a Remote Control session, click Control > Close Window in the Remote Control window.
Destination path.
Enter the path where you want the file to reside on the managed computer.
Compress Data.
Encrypt Data.
Select to compress the file during the copy process to decrease network traffic.
139
You can also drag entire folders from the Console computer to the remote control window, which
will copy the files to the remote client computer.
This setting applies only to the Remote Control window at the console, not the display of the
managed computer. There is no benefit to setting a color depth on the Remote Control window
greater than that of the managed computer. The benefit of lower colors is improvement in speed.
client display.
Click to specify the width and height of the image that represents the
Update interval. Select to specify how often the image in the Remote Control window is updated (in
milliseconds). The more frequently the display is updated, the more bandwidth is required.
Only update foreground window.
session.
After opening the Deployment Agent property page, select the Remote Control tab.
Select Allow this computer to be remote controlled to provide access from the Deployment Server
Console.
To lock the user from using the keyboard and mouse during a remote control session, select the
Enable NT keyboard and mouse driver box. This is optional.
This option works only on Windows NT/2000/XP/2003.
Important: After selecting this option (either enabling or disabling the keyboard and mouse) you
must restart the managed computer. This can be done using a Power Control operation.
If you want the user to be prompted before a remote control session begins, click the User
Prompts tab.
a
Under the Choose the commands you would like to be prompted before executing options, select
the Remote Control commands option.
Specify the number of seconds that you want the prompt to wait. Also, specify what will
happen after the prompt time is up. Click either Continue the operation or Abort the operation.
Click OK.
Open a separate Remote Control window for each managed computer. Right-click each
computer and select Remote Control. A new window will open for each selected computer.
Open a Remote Control window for a group of managed computers. Right-click a computer
group icon and select Remote Control.
140
The Remote Control Options dialog box will open with options to Control each client separately in
its own window or to Control all clients together. If you select to control clients separately, then
individual windows will open for each computer. If you select to control clients together, then
you will be asked to select a master computer.
The master computer is the computer that displays in the Remote Control window, however all
actions taken from the console will also run on the other computers in the group. All computers
in the group should be similar in configuration to work properly.
Note: If you are controlling multiple computers in a single window, you can send a file only
between the console and the master client. If you want to send a file to multiple clients at the
same time, use the Copy File to feature (see Copy File to on page 180.)
Execute
Send a command from the Deployment console as if you were entering a command from the
command-line prompt on the client computer.
Computers
Type a command that you would like executed on the remote computer(s) selected, or select from
a list of previously run commands. Example: type regedit to open the Registry on the
computer.
To run the command as another user on the managed computer, click the User button and enter
the user name and password.
User Account
Use this dialog to run a script using another local user account. You can log in with another user
name and password with rights to run an execute command.
Run with default security credentials.
default option.
This option runs with the current user credentials. This is the
Click this option to log on with another user name and password.
Chat
You can communicate with managed computers using the Chat text messaging system. From the
Deployment Server Console, select an individual computer or a group of computers to open an
individual chat session with each logged-in user.
Open text messaging with a user by right-clicking his or her computer icon in
the Computers pane and selecting Chat, or clicking the icon in the Remote
Control window.
1
Open a chat session. The Chat with <computer name> window will open identifying the computer
you are sending messages to.
141
In the Computers pane of the Deployment Server Console, right-click a computer and click
Advanced > Prompt User for Properties. You can also select a computer and click on the Prompt
User for Properties icon in the toolbar or click on Operations > Prompt User for Properties.
A dialog box will open in the Deployment Server Console with a list of properties.
Select the properties to prompt the user. The properties selected in this dialog box will be active
on the property form sent to the user, allowing the user to type information for the selected
properties.
Note: All properties will be selected by default; you must deselect the properties you dont want
Click OK.
The properties form displays for the logged-on user of the computer, asking for location
properties.
When the user enters information and selects OK, the Location properties in the computer
properties fields will be updated for the selected computer. If the user changed the computer
name, then the name in the Computers pane of the Deployment console will also change. These
settings are stored directly to the Deployment Database.
See also Chat on page 141 and Remote Operations Using Deployment Solution on page 134.
142
You can have multiple tasks within a deployment job, and each task can be assigned to run in a
different automation environment, depending on the task and end result you want. The following list
are automation tasks that you can add to deployment jobs.
Run script
Create disk image
Distribute disk image
Scripted OS install
Backup Registry
Restore Registry
During the Deployment Server installation, the Pre-boot Operating System page displays for you to
select a default pre-boot operating system, which is used by Boot Disk Creator to create the
configurations that boot client computers to automation. You can install additional pre-boot
operating system files through Boot Disk Creator. See Boot Disk Creator Help.
If you are running PXE Servers, you do not need to install an automation partition on each client
computers hard disk. When the Deployment Server sends a deployment job, PXE-enabled client
computers search for a PXE Server to receive the boot menu options and the boot menu files that are
required to boot to automation. See Automation Pre-boot Environment in the Deployment Server
Reference Guide.
To install an automation partition
1
Select the pre-boot operating system environment you want to install from the drop-down list.
Click OK.
The Automation Agent you selected installs as an embedded partition on the client computers
hard disk. After the installation completes, the client computer reboots automatically. You can
now run automation-specific deployment tasks this computer.
See also
From the Computers pane, right-click a computer and select Change Agent Settings.
Click OK.
143
Servers are identified in the Computer pane with distinctive server icons. Like all
managed computer icons, the icons change to identify the status and state of the
computer, such as user logged on or Server Waiting.
Note: Servers are recognized by their operating system (such as Windows 2000
Advanced Server, Windows Server 2003, or any Linux OS), multiple processors, and
specific vendor server models.
Manage Servers from the Console. The Deployment Server Console includes features specifically
designed for deploying and managing servers, such as enhanced task logging and history tracking
features to let you recall administrative actions and quickly redeploy mission-critical servers.
Set Server-specific options. Servers are essential to any organization and require special planning
and management strategies. Deployment Server provides server-specific features to automatically
deploy new servers and maintain existing servers. See Server Deployment Options on page 145.
Icon
Description
Indicates a server is active and a user is logged on.
interface card, Deployment Server provides property pages to access and configure multiple network
adapters remotely from the console. See TCP/IP Configuration Settings on page 114.
Synchronized server date and time. Deployment Server automatically sets the servers date and
time after installing or imaging (as part of the configuration process). Deployment Agents include
an option to disable this feature (it is off by default).
Enhanced scripting capabilities. You can deploy multiple tasks per deployment job and boot to
DOS multiple times when configuring and deploying a clean server. Deployment Server also lets
you view and debug each step in the deployment script, and track each job to provide a history of
tasks for redeploying a server.
144
Initial Deployment will not run for any computer identified in the console as a server.
Change PXE Options for Initial Deployment
If installing a server using a PXE Server, the server will attempt to install but will not run
automatically using default settings. It will wait until a boot option is selected from the client
computer. You can change the default setting in the PXE Configuration Utility to allow Initial
Deployment to run automatically and not sit at the prompt.
1
2
Click on Start > Programs > Altiris > PXE Services > PXE Configuration Utility.
Click the DS tab.
Select a pre-boot operating system from the Initial Deploy boot option drop-down list.
Click Save.
Click OK.
Select Tools > Options.The Altiris Program Options dialog will open.
145
Click OK.
Following these steps will assure that the BootWorks message will not come up and things will move
forward when a job is scheduled.
Using Deployment Solution, you can employ rip and replace technology that lets you insert a new
server blade and automatically configure and deploy it exactly like the previously installed server
blade, allowing you to replace any downed server and get it back on line quickly. Altiris provides
fail-safe features to ensure that no server is mistakenly overwritten and ensures that all disk images,
software, data, and patches are applied to the new server from the history of jobs assigned to the
previous server blade.
Virtual Bays
Hewlett-Packard blade servers now have a Virtual Bay feature that lets you pre-assign deployment
jobs to the Rack, the Enclosure, or to a specific blade server in the Bay. Any HP blade server can
have predefined deployment jobs and configuration tasks associated with it to execute automatically
upon installation. (This feature requires that the Hewlett-Packard Rapid Deployment Pack is
installed.) The Virtual Rack/Enclosure/Bay icons will change from virtual icons to managed server
icons in the Deployment console as live blade servers are inserted and identified by Deployment
Solution.
Rack name.
Enclosure name.
146
Enclosure type.
Initial Job. Select an existing job to run when the pre-configured computer account is associated with
a new server blade.
Server Change rule. Select the Server Deployment Rules to run on the Bay when a new server blade
is installed.
Note: If you create Virtual Bays for an enclosure (such as the BLe-class with 20 bays) and then if
another model of server blade with an enclosure containing fewer bays is connected (such as the
BLp-class with 8 bays), then the excess virtual bays will be truncated automatically. Conversely, if
you create Virtual Bays with fewer bays (8) and then install an enclosure with additional bays (20),
you will need to recreate the virtual bays in the enclosure (right-click the enclosure name in the
physical view and click New Virtual Bays).
HP Proliant BL p-class
Proliant BL 10e
Proliant BL 20p
Proliant BL 10e G2
Proliant BL 20p G2
Proliant BL 40p
HP blade servers allow you to employ all features provided in the Deployment Console when you
install the HP Proliant Essentials Rapid Deployment Pack (see www.hp.com/servers/rdp), including
the Virtual Blade Server feature. The name of each Rack for an HP Server is displayed along with
the assigned name for the Enclosure and Bay. These names are collected from the SMBIOS of the
server blade and displayed in both the physical and server views within the Computers pane of the
Deployment console.
For HP blade servers in the physical view the Rack name can be a custom name in the console, with
all subordinate Enclosures and Bays also identified. Example:
<rackName>
<enclosureName>
<bayNumber>
See also Server Management Features on page 144 and Server Deployment Options on
page 145.
PowerEdge 1655MC
For Dell blade servers in the physical view, the Rack name will always be Dell. All subordinate
Enclosures and Bays are identified with custom names under the Dell rack name. Example:
Dell
<enclosureName>
<bayName>
147
See also Server Management Features on page 144 and Server Deployment Options on
page 145.
For Fujitsu-Siemens blade servers in the physical view, the Rack name will always be FujitsuSiemens. All subordinate Enclosures and Bays are identified with custom names under the FujitsuSiemens rack name. Example:
Fujitsu-Siemens
<enclosureName>
<bayName>
See also Server Management Features on page 144 and Server Deployment Options on
page 145.
See also Server Management Features on page 144 and Server Deployment Options on
page 145.
Click <CTRL> F or click the Find Computer button on the console toolbar to
search the Deployment Database for computers by property settings.
The search begins at the top of the computer list and highlights the computer
name in the Computers pane when a match is found. Press F3 to find the next
computer that matches the search criteria until there are no more results, or the
end of the computer list is reached.
1
In the Search For box, type all or part of the computers property values that you would like to
search for. This alpha-numeric string will be compared with specified database fields.
In the In Field box, select the field that you want to search in the Deployment Database.
148
Example: to find a computer by searching for its IP address, type the address in Search For field
and then select IP Address from the In Field drop down list.
Name
Computer Name
MAC Address
IP Address
ID
Serial Number
Asset Tag
UUID
Registered User
Product Key
Logged On User
The computer you are looking for will be displayed and highlighted in the Computers window in the
console.
Note: This search is not case-sensitive and allows wildcard searches using the *.
Click the Lab Builder button on the console toolbar or click File > New > Lab
Builder to set up jobs specifically created for managing multiple computers in a
lab environment.
You can set up jobs to:
Deploy Lab
Restore Lab
Update Configuration
Upload Registries
Each of these jobs contains a default list of tasks. Lab Builder places these five new jobs under a
folder (which you name) located under the Lab folder. All of the tasks in the jobs have been assigned
default paths and file names that allow them to use the same images and configuration information,
registry data, etc. It is suggested that you do not change the file names and paths. If you change the
default settings (example: changing the image name), you must change it in all of the jobs where the
image is used.
To use Lab Builder
1
Click the Lab Builder icon on the toolbar, or choose File > New > Lab Builder.
149
Note: The lab name must be unique because the program creates a default image file name based
on the name, and the image file name must be unique. The default image name is synchronized
in all of the lab jobs, so if you change the name later you must change it in all the jobs that use
the image.
Enter a lab description to help you differentiate the lab from others (optional). Click OK. This is
also optional.
The following information describes the default jobs. To run one of these jobs, simply drag it to the
computer or computer group that you want it applied to.
Create Disk Image.
This job uploads an image of a computer to the server and an image name is
created automatically based on the lab name. However, there is no actual image in the job until you
drag the image source computer to this job.
Deploy Lab. This job has three default tasks: Deploy image, Apply configuration settings, and Back
up registry files. The image that is uploaded using the Create Disk Image job is deployed when you
use this job. The configuration settings you specify in the Update Configuration job are applied to
the computers, and then the computer registry files are uploaded to the Deployment Server.
Restore Lab. This job restores the image and registry files to a computer where a lab was previously
deployed. You can quickly get a computer running again by restoring the lab on that computer.
Update Configuration.
This job lets you set unique configuration information (such as computer
names and network addresses) for client computers. When a lab is deployed, each computer has an
identical image, but not the same configuration settings. This means you don't have to visit each
computer to reset IP addresses and other settings when you deploy an image.
Upload Registries.
150
151
152
153
Chapter 6:
Job icons display in the Jobs pane of the Deployment console. To assign and
schedule a job in the Deployment Console, drag the job icon to selected computer
icons. Job status icons also display in the Details pane of the Deployment Console
to indicate various deployment states. See Viewing Job Details on page 154.
The New Job Wizard guides you through common deployment and management jobs. It is an easy
way to set up new users or migrate users to new computers, create and distribute images of
computers on the network, distribute software packages, restore computers, and more.
Jobs include one or more Deployment Tasks. You build jobs by adding tasks to a job and then
customizing the task for your specific needs. You can add tasks to capture and distribute images,
software packages, and personality settings. Or you can write and run a script task, or run scripted
installs, configure settings, copy files and back up registry settings. You can also modify existing
jobs by adding, modifying, copy and pasting, or deleting tasks to fit your needs. See Building New
Jobs on page 158.
Set conditions on jobs to run only on computers with properties that match the criteria that you
specify. You can build one job to run on different computer types for different needs, and avoid
mistakes by ensuring that the right job runs on the right managed computer. See Setting Conditions
for Task Sets on page 159.
Initial Deployment lets you run predefined jobs and configuration tasks on new computers when
they start up. You can automatically deploy new computers by imaging and configuring TCP/IP,
SIDs, and other network settings and then installing basic software packages. See Sample Jobs in
Deployment Solution on page 186.
Sample jobs are installed with Deployment Solution and display in the Samples folder of the Jobs
pane. You can run many sample jobs as they are, or you can set environmental variables. See
Sample Jobs in Deployment Solution on page 186.
Job status icons that update to display the state of the job in running deployment tasks. These
icons are graphical symbols in the Deployment console used to identify the status of an assigned
job.
154
.
Indicates that a job is scheduled to run on a computer or computer group.
Indicates that a job is associated with a computer or group of computers but is not
scheduled.
Indicates error conditions when individual tasks run.
A description of the job, if available. You can also use the Add or Modify buttons in the main
window to edit the description as well.
If a job defines error conditions when individual tasks run, the Status field displays any errors
incurred and the tasks that completed successfully.
Job Schedule details. This is the job's run time, beginning when the job started and ending when
it completed successfully.
The currently applied conditions displayed in a list box with a Setup button to add conditions to
different task sets for different computer properties within a job. Conditions specify
characteristics that a computer must have before the job will execute. See Setting Conditions
for Task Sets on page 159.
A list of tasks assigned to the job and task descriptions are also be displayed. Change the order
of the task execution with the arrow buttons. Tasks are executed in the order they are listed. See
Deployment Tasks on page 162.
To sort jobs or computer details, just point and click on the category in the Details bar. Example:
click the Status column heading to organize and display the progress status of the job.
See also Viewing Computer Details on page 107.
will see the Altiris Client Service Message dialog display, warning them that a job is about to
execute. If a user clicks the Abort button when the message displays, an event is logged to the client's
history so that Deployment Solution administrators know when users abort a scheduled event.
155
Create a new job by clicking the New Job Wizard button on the Deployment
Console, clicking File > New > Job Wizard, or right-clicking in the Jobs pane of the
Deployment Console and selecting New Job Wizard. The New Job Wizard will
open to guide you through basic deployment jobs.
1
Restore a computer. This wizard guides you through the steps required to restore a computer to a
known working state by re-imaging the hard drive and reinstalling software packages,
personality settings, and defining configuration values. This option reschedules jobs saved in
each managed computers history record, which contains all deployment tasks previously
processed. See Restoring a Computer from its Deployment History on page 136.
This wizard guides you through the steps required to move a computer hard
disk image, applications, and personality settings from a source computer to a destination
computer. You can perform one or more migration operations using provided options.
Migrate computers
Give the job a unique name. You can type a name with up to 64 characters.
Follow the steps in each wizard to create a job (some New Job wizards build multiple jobs).
After creating a job, it will display in the Jobs pane of the Deployment console with deployment
tasks listed in the Tasks list for each job selected.
Note: You cannot define return codes when using the New Job Wizard. See Building New Jobs
Migrating Computers
From the New Job Wizard you can select Migrate computers to quickly distribute hard disk images,
software, and settings from a users current computer to a new computer. You can image a new
computers hard disk with a new operating system and then install software and personality settings.
Or perform different levels of migration to distribute only software or to simply capture and
distribute personality settings to the new computer.
Migrate one computer to another separate computer
Click this option to migrate a user from a source computer (old computer) to another destination
computer (new computer). Capture personality settings, distribute a new hard disk image, distribute
software and then redistribute the saved personality settings from the source computer to the new
destination computer.
Click the option alone to migrate only personality settings to one or more computers. Additionally,
select Prepare destination computer with a disk image to distribute a disk image to the new computer
and select Install software packages prior to applying the personality on the destination computer to
install software packages on the new computer.
Note: This option will create two jobs that will display in the Jobs pane: Job (Capture) and Job
(Distribute).
Job (Capture) includes a Capture Personality Settings task (see Capturing Personality Settings on
page 174) to capture the personality of the source computer and a Modify Configuration task to
rename the source computer to avoid naming conflicts (see Modifying Configuration on
page 176). The source computer will be named computerName (Old).
156
includes a Deploy Image task (see Distributing a Disk Image on page 165) if
selected, a Modify Configuration task to update settings to the destination computer, and one or
more Install Package tasks to update software (if selected) and migrate personality settings (see
Distributing Software on page 172).
Job (Distribute)
Job (Capture) includes a Capture Personality Settings task (see Capturing Personality Settings on
page 174) to capture the personality of the source computer.
Job (Distribute) includes a Deploy Image task (see Distributing a Disk Image on page
Note: This option will create a single job with a Capture Personality Settings task (see Capturing
the job.
Open an Adding New Computers dialog box to create new user accounts to assign
157
Right-click a computer in the Source column to replace it with another source computer. Right-click
a computer in the Destination column to replace it with another destination computer and assign it to
a new source computer. To automatically assign multiple computers, click Automatic to assign
source computers with destination computers using an alpha-numeric order. The associated
computers will share personality settings after running the jobs.
See also Migrating Computers on page 156.
Summary of Options
After selecting options in the New Job Wizard, you can view a summary of job names, assigned
computers, conditions, and other selected choices. To change any options, click Back to return to
previous dialog boxes. Click Finish to complete the steps in the wizard.
See also New Job Wizard on page 155 and Job Scheduling Wizard on page 159.
Create a new job by clicking the New Job button on the Deployment Console.
Click File > New > Job, or right-click in the Jobs pane of the Deployment Console,
and select New Job. You can modify jobs by double-clicking the job or rightclicking, and then selecting Properties. Add tasks to each job using the Setup
commands.
1
Create a new job. Enter a unique name and description for the job. You can type a name with up
to 64 characters.
A new job will be added to the Jobs pane in the Deployment console. You can group and
organize jobs, and then access and apply them to computers or computer groups from an index
of prebuilt jobs.
Set conditions to apply the job to specified computers meeting defined criteria. Order multiple
conditions to run jobs on computers that match the first applicable condition. See Setting
Conditions for Task Sets on page 159. This is optional.
Click Add to add open a list of possible deployment tasks to add to each job. See Deployment
Tasks on page 162.
158
After you complete the steps to create a task, it will be added to the task list box. Click Add to
add another task. Use the arrow buttons to change the order of execution of the tasks in the Task
list box.
Tasks are executed in the order that they display in the task list. As a result, make sure you do
not run a task that will override previous tasks. Example: list Distribute Disk Image above
Distribute Software or Distribute Personality, allowing the hard disk to be imaged before installing
applications and settings.
5
Set Return Codes. The last action in each task wizard lets you set return codes for each
deployment task. See Setting Up Return Codes on page 185. This is optional.
To schedule the job, drag it to a computer or computer group. The Schedule Jobs dialog box will
open. See Scheduling Jobs on page 160.
Select Job(s)
Select the job(s) or group(s) of jobs to assign to computers or computer groups. Use the SHIFT and
CTRL keys to select multiple jobs or job folders. Click Next.
is the only condition that a job contains, then the tasks associated with the default condition will
always work on all of the computers to which the job is assigned. Default condition is like having
no conditions.
In addition, if a task is associated with the default condition the task will always execute when a
computer does not meet any other conditions associated with this job.
1
Click Setup next to the Condition box. A menu will open with options to create a New condition,
Modify a condition, or Delete a condition.
To reorder conditions, click Order and reorder them using the Up or Down buttons. See Order
Condition Sets on page 160.
Click New in the menu to open the Condition Settings dialog box. Enter a name for the condition
up to 64 characters.
159
Scheduling Jobs
To set up custom conditions based on custom tokens, select User Defined Tokens from the Field
list.
Click OK.
The task set you create displays in the Task list for each condition. When you select a new condition,
the tasks for that condition display.
You can set Condition A to distribute the XPImage.img file to Windows XP computers using a
Deploy Image task. You can then set Condition B to distribute the W2KImage.img file to Windows
2000 computers using another Deploy Image task. When the job is applied to a computer group, the
conditions will be evaluated for each computer and the appropriate task will execute on the
appropriate computer.
Note: When using User Defined Tokens to set conditions for some client property values, you may
be required to use the decimal value rather than the hex value. Example: when setting conditions
based on the NICS table on the nic_device_id and nic_vendor_id columns, you are required to use
decimal values.
See also Deployment Tasks on page 162.
Scheduling Jobs
After a job has been created, and it has been assigned to multiple computers or computer groups. The
Schedule Job dialog box will open automatically, allowing you to schedule the job to run
immediately, at a scheduled interval, or assigned but not scheduled. Job and job folders selected
from the Jobs pane of the Deployment Console are scheduled in the order they were selected, even
across multiple Deployment Servers.
To schedule a job
1
Drag a job to a computer or computer group. The Schedule Job dialog box will open.
In the Schedule Job dialog box, click the Job Schedule tab. The options are as follows:
Do not schedule. This option lets you apply jobs to computers but does not run the job until
you return to the Schedule Job dialog box and set a run time.
Schedule this Job. This option lets you type the date and time to run the job at a specified time
and date. To run it at regular intervals, specify a time and date to repeat.
week(s).
160
Scheduling Jobs
Allow this job to be deferred for up to x. A job can be deferred when the server is busy executing
other jobs, setting a lower priority for particular jobs. By default all jobs are deferred up to
five minutes.
computers in batches to maximize efficiency.
Click the Computer(s) Selected tab. This is a list of computers, their associated group, and IP
address that the job is scheduled to run.
Click the Job(s) Selected tab. This displays the job name and folder is located in the Jobs pane.
Use the UP and Down arrow to change the order of the scheduled jobs.
Click OK.
Note: The Schedule Job dialog box is the same for Rescheduling Jobs, New Job Wizard, and Job
Scheduling Wizard.
To reschedule a job
1
From either the Computers or Jobs panes in the Deployment console, select a job or computer
that has been previously scheduled.
A job icon displays in the Details pane identifying the computers assigned or the name of the job.
Select the job icon, click the scheduled computers in the Details pane, right-click and then click
Reschedule.
If you selected a computer icon, click the job icon in the Details pane, right-click and then click
The Schedule Jobs dialog box will open.
Reschedule.
3
4
To immediately start a scheduled job that has not yet run, right-click the job icon and select Start
Now.
To stop a repeating job, right-click the job in the Details pane and click Discontinue Repeat. At
this point you need to schedule a new time to run the job or click the Do not schedule option.
Click a computer in the Details view and press Delete or right click the job(s) and select Delete.
Click Delete.
Select the scheduled job in the Details window, and press Delete or right click the job(s) and
select Delete. To remove multiple jobs, hold down the SHIFT or CTRL key while you select the
job(s), then press Delete or right click the job(s) and select Delete.
The icon for a scheduled job is yellow.
161
Deployment Tasks
See also Building New Jobs on page 158 and Modifying Tasks in a Deployment Job on
page 182.
Deployment Tasks
A task is an action of a job. Jobs are built with tasks. Each task is executed according to its order in
the task list contained in a job. You can resize the task pane by dragging the bottom pane (horizontal
bar) that separates the task list and the scheduled computer list of the Deployment Console. This lets
you view a greater number of tasks in a deployment job without using the scroll bar to navigate up
and down.
The Deployment Console has multiple tasks available from the Add menu, including:
Create a disk image from a reference computer and save the image file (IMG or
EXE files) for later distribution. See Creating a Disk Image on page 163.
Distribute Disk Image. Distribute previously created disk images (IMG or EXE files) or create a disk
image from a reference computer on the network and simultaneously distribute it (IMG or EXE) to
other managed computers on the network. See Distributing a Disk Image on page 165.
Scripted OS Install. Run scripted (unattended) installs using answer files to install computers
remotely over the network. See Scripted OS Install on page 167.
Distribute RIPs, MSI files, scripts, personality settings and other package files
to computers or groups. See Distributing Software on page 172.
Distribute Software.
Capture Personality. Capture the personality settings of a selected computer on the network using the
PC Transplant software. PC Transplant ships as a part of Deployment Server. See Capturing
Personality Settings on page 174.
Distribute Personality Package. Send a Personality Package to computer or groups. It identifies valid
Altiris packages and assign passwords and command-line switches to Personality Packages. See
Distributing Personality Settings on page 175.
Modify Configuration. Modify the IP address, computer and user name, domains and Active Directory
organizational units, and other network information and computer properties. See Modifying
Configuration on page 176.
Back up Registry. Back up an individual registry file for a selected computer and save it to a selected
directory. See Backing up and Restoring Registry Files on page 177.
Restore Registry. Restore registry settings previously saved for a selected computer. This lets you
recover from a hard disk crash or other disasters. See Backing up and Restoring Registry Files on
page 177.
Get Inventory. This lets you gather inventory information from client computers to ensure that the
deployment database is up-to-date with the latest computer properties. See Get Inventory on
page 177.
Create custom commands using scripts to perform jobs outside the bounds of the pre
configured tasks. Use the Run Script dialog box to select or define a script file to run on specified
computers or groups. See Run Script on page 177.
Run Script.
Copy File to. Copy a file from the Deployment Share or another source computer to a destination
computer. See Copy File to on page 180.
Perform power control options to restart, shutdown, power off, and log off. See
Power Control on page 182.
Power Control.
Tasks are listed for each job in the task list box. Each task will execute according to its order in the
list. You can change the order using the up and down arrow keys.
162
Deployment Tasks
Create an image file using the New Job Wizard or adding the task when Building
New Jobs. You can distribute the disk image file using the Distributing a Disk
Image task. This task will run Altiris RDeploy.exe from the console to capture
and migrate hard disk images.
Note: To create an image of a computer, you must boot to DOS, Linux or Windows PE. This requires
that you set up PXE Server or Deployment Agent for DOS automation.
Enter a path and file name to store the disk image file. You can store image files to access later
when a managed computer is assigned a job that includes the image file.
The default file name extension is IMG. Saving image files with an EXE extension makes them
into self-extracting executable files (the run-time version of RapiDeploy is added in the file).
Click Local image store if you want to store the image file locally on the managed computer's hard
drive. Be sure to enter the path relative to the managed computer (Example: c:\myimage.img).
This is optional.
When you store an image locally on a managed computer instead of a file server, you save server
disk space and decrease network traffic. If you imaging multiple computers or if you image
computers frequently, there is a strong advantage in storing images locally.
Prerequisite: Make sure you have a hidden automation partition installed on the computers
hard disk with enough disk space to hold the images you want to store.
Note: When imaging computers where labs are cached, do not use the option to remove the
automation partition unless you want to clear the lab from the computer.
Select Prepare using Sysprep to use a Sysprep answer file when creating an image. Then, click
the Sysprep Settings button.
Note: You must enter global values for Sysprep before you select the Prepare using Sysprep
option. To enter global values for Sysprep, navigate to Tools > Options > Global tab > Sysprep
Settings. See SysPrep Settings on page 164.
4
5
(DOS/Windows PE/Linux)
6
Click Advanced to select Media Spanning and additional options. See Create Disk Image
Advanced on page 164. This is optional.
Select the required pre-boot environment from the Automation (Pre-boot Environment) dropdown list to perform the Create Disk Image task. The option reported by the PXE Manager is the
default pre-boot environment option.
Set Return Codes. See Setting Up Return Codes on page 185. This is optional.
10
Click Finish. The task displays in the Task list for the job.
Troubleshooting Tip: If an imaging Job fails on a managed computer, the Deployment agent
configuration page displays on the client with a prompt, asking if the user wants to configure the
client or restore the original settings. Select Cancel > Restore Original Settings on the client screen.
163
Deployment Tasks
SysPrep Settings
You can use an existing Sysprep answer file or create a new file by entering the information onto
the Computer Information tab. Regardless of the Sysprep file used, you must select an operating
system and enter product key information.
Current Suffix.
In the Licensing Information area, specify the user and organization name. You can provide the
licensing mode by selecting the number of concurrent connections, per server or per seat.
Per Server. Per Server indicates that the end user has purchased client access licenses for each
server, which allows a certain number of concurrent connections to the server.
Per Seat indicates that the end user has purchased a client access license for each
computer accessing the server.
Per Seat.
Media Spanning
Maximum file size.
The Maximum file size supported is 2 GB. To save an image larger than 2 GB,
Deployment Server will automatically break it into separate files regardless of your storage capacity.
From the Maximum file size list, select a media type.
If the preferred type is not on the list, enter the file size you want in the field.
Additional Options
Do not boot to Windows. Select this option to create an image of the hard disk while booted to DOS
without first booting to Windows to save network settings (TCP/IP settings, SID, computer name,
etc.). If you select this option, these network settings will not be reapplied to the computer after the
imaging task, resulting in network conflicts when the computer starts up.
164
Deployment Tasks
Compression.
Select Optimize for Size to compress the image to the smallest file size. Select Optimize for Speed to
create a larger compressed image file with a faster imaging time. The default setting is a balance
between Optimize for Size and Optimize for Speed.
Note: Configuration restoration after imaging a compressed drive is not supported for this release.
Additional command-line switches.
Distribute a hard disk image using the New Job Wizard or adding the Distribute
Disk Image task when Building New Jobs. You can create the disk image file
using the Creating a Disk Image task. This task will run Altiris RDeploy.exe
from the console to capture and migrate hard disk images.
Note: If you are going to deploy Windows image over a Linux computer or Linux image over a
Windows computer, then you need to change the path of the Deployment Agent for Windows log
file accordingly.
Click Select a disk image file to select a stored image file. This lets you lay down a new image file
from a previously imaged computer. This is a common way to distribute an image file.
Note: When entering Linux mount points, you must put a single quote around folders or
filenames that contain either a period (.) or a space. These are considered special characters in
Linux and must have single quotes around the name so that the directory path can be found.
Example: //ImageServer/DS Images/mnt/z.
Select Local image store if you stored the image file on the client computers hard drive. With
local image store, the image file is stored on a partition on the computer being imaged.
Consequently, the server cannot validate the image when a local image store is used. This is
optional.
If you want to image a source computer on the network, click Select a computer on the network.
Enter the name and location of the source computer to both create an image and distribute the
newly created image file. This is optional.
This option saves an image of a selected computers hard disk in its current state each time the
job executes. You can schedule the job to image a specified computer every time it runs, allowing
the image to be updated each time.
Note: Network mapping must exist on the source computer before imaging. UNC paths are not
supported in DOS.
Select the Save the disk image as a file while distributing option to save the newly created image
file to a specified disk drive. If you use a reference computer as the image source, you can also
choose to save the image as a file for later use. Select the checkbox to save the image and type
in or browse for the location where you want to store the file.
4
Select Prepare using Sysprep to use a Sysprep answer file when distributing an image. Then, click
the Sysprep Settings button.
You can use an existing Sysprep answer file or create a new one by entering the information on
the Computer Information tab. Regardless of the Sysprep file used, you must select an operating
system and enter product key information.
165
Deployment Tasks
Note: You must enter global values for Sysprep before you select the Prepare using Sysprep
option. To enter global values for Sysprep, navigate to Tools > Options > Global tab > Sysprep
Settings. See SysPrep Settings on page 164.
5
Click Automatically perform configuration tasks after completing this imaging task to boot the
computer again and push down configuration settings to the newly imaged computer. This is
optional.
Select the required pre-boot environment from the Automation - PXE or BootWorks environments
drop-down list to perform the Create Disk Image task in selected preboot environment. By default the DOSManaged Boot Option type will be selected.
(DOS/Windows PE/Linux)
7
Click Advanced to resize partitions and set additional options. See Distribute Disk ImageResizing on page 166. Click OK.
Select the required pre-boot environment from the Automation (Pre-boot Environment) dropdown list to perform the Distribute Disk Image task. The option reported by the PXE Manager
is the default pre-boot environment option.
10
Set Return Codes. See Setting Up Return Codes on page 185. This is optional.
11
Click Finish.
Percentage.
occupy.
Select this option and enter the percentage of free space that you want the partition to
Min.
Max.
Note: FAT16 file systems have a 2 GB limit and cannot be resized larger than that (although it can
be sized smaller than the minimum value). HP partitions remain a fixed size.
Automation Partition:
Leave the client's existing BW partition as it is. If
166
Deployment Tasks
Replace the client's existing BW partition from image file [-forcebw]. Select this option if you want to
replace the existing automation partition on the client computer with the automation partition from
the image file.
OEM Partition:
Leave the client's existing OEM partition as it is. If the image file contains no OEM partition
information, by default, this option is selected. The OEM partion will remain unchanged when
distributing disk images.
Delete the client's OEM partition [-nooem]. Select
Replace the client's existing OEM partition from image file [-forceoem]. Select this option if you want to
replace the existing OEM partitions on the client computer with the OEM partition from the image
file.
Additional Command line switches. You can add command-line switches specifically for the
RapiDeploy program that runs imaging tasks. See the Altiris RapiDeploy Reference Guide located
in the Docs folder of the Deployment Share.
Note: The checkdisk command-line switch should not be used from a Deployment console. The
post-configuration task will fail after an image restore.
Scripted OS Install
The Scripted OS Install task performs remote, automated, and unattended operating system
installations over the network using answer files to input configuration and installation-specific
values. Scripted installs allow you to deploy server and client computers across the network from
installation files, and then perform post-installation configuration tasks. You can run scripted installs
for Windows or Linux computers.
Important: Scripted Install requires either an automation boot disk or PXE Server. Using embedded
automations will cause the selected image (DOS, Linux, Windows PE) to load and then halt. It will
not allow the scripted install to run.
When running a Scripted OS Install task, you can identify the type of OS to install for supported
languages, run the scripted install, and update with service pack installations. This task provides
easy-to-use features to create an answer file for each scripted installation.
Scripted installs are flexible in performing post-configuring tasks, but much slower and bandwidth
intensive. Complete network and web server installation and configuration tasks profit most from
scripted installs.
Windows. Use complete unattended install features to copy Windows OS source files quickly to the
Deployment Share and easily create an answer file. Configured OS install sets can then be reused to
build and run scripted install jobs as needed. See Scripted Install for Windows on page 167.
Linux. Run scripted install jobs to remotely install different versions of Linux. You can customize
sample scripted install jobs installed with the Deployment Server system and create a kickstart
answer file to remotely run a scripted install. See Scripted Install for Linux on page 172.
After selecting Add > Scripted OS Install, click the Windows option.
Select the type of Windows operating system to install. See Select OS Version and Language
on page 168. Click Next.
167
Select the required pre-boot environment from the Automation - PXE or BootWorks environments
drop-down list to perform the Distribute Disk Image task in selected
pre-boot environment. The option reported by the PXE Manager is the default pre-boot
environment option.
(DOS/Windows PE/Linux)
Select source files. Click the list to select Windows OS source files already copied to your
Deployment Share. See Installation Source Files on page 169.
Click Add New from the list to set up new OS installation files. See Operating System-Source
Files on page 169.
Click OK after entering a unique name and the path to the OS installation source files. The source
files will be copied over to the Deploy folder in the Deployment Share directory. The first source
files added will be given a generic name of WinOS001, with additional OS source folders named
to WinOS002, WinOS003 and so on. Service Pack source files will also be stored as an
WinSP00x.img file.
This process could take a few minutes. Because the installation source files are copied over to
the Deployment Share, when running subsequent scripted installs you will not need to add new
source files for this version of Windows. They can be selected from the list of installation source
files. See Installation Source Files on page 169.
Note: When importing Scripted Install jobs, you must edit the job files to point to the installation
source files on the new Deployment Server system. This requires you to run the Scripted Install
for Windows wizard and modify the path and name of the folder for the Installation Source Files
for the exported jobs. This is required for both the main installation and service pack installation
files. See also Importing and Exporting Jobs on page 184.
After the source files are copied, select the newly created OS source name from the Installation
Source Files list. Click Next.
Click to distribute a DOS disk image (default), or continue without distributing a DOS image and
partition and format the hard disk of the destination computer using custom scripts or setup
utilities. Click Advanced to set partition size, delete hidden partitions or set RapiDeploy
command-line parameters. Click Next. See Operating System-Source Files on page 169.
Note: Before running a scripted install, you must install DOS. However, DOS is not required if
you are using your own scripts or utilities to partition and format the client computer.
Import an answer file to the Deployment Database. See Import an Answer File on page 170.
Click Next.
Create the Answer file. See Answer File Setup on page 170. Click Next.
10
Set command-line switches for cmdlines.txt files and for the WINNT installation program. See
Command-line Switches for Scripted Install on page 171. Click Next.
11
View and modify the Deployment Agent for Windows configuration file from the dialog box.
See Deployment Agent Settings for Scripted Install on page 172. Click Next.
12
View summary of selected options. See Scripted Install Summary on page 172. Click Next.
13
Set up return codes for the Scripted Install task. See Setting Up Return Codes on page 185.
Click Finish.
168
Image Explorer
DS Info
Switch Management
Deployment Tasks
Select the OS version. Select the Windows operating system you want to install from the list. Click
Template if you want to install another version or language of a Windows operating system not
Automation (Pre-boot Environment). Select the required pre-boot environment from the Automation
(Pre-boot Environment) drop-down list. The option reported by the PXE Manager is the default preboot environment option.
German
French
Spanish
Japanese
Simplified Chinese
The Operating System-Source Files dialog lets you identify the version of Windows install files and
enter the path to the files (on the CD or other medium).
Select or add new service pack source files. Run service pack updates immediately after installing the
operating system during the scripted install process. Previous scripted install jobs will create a
WinSP00x.img file.
169
Deployment Tasks
Enter the path to the I386 folder on the CD where the Windows
installation programs and support files are stored. Example: browse to the CD drive and select
I386\WINNT.exe. Click Open.
The Windows OS identified previously in the Installation Source Files dialog box must match the
source files selected here. If the name and language of the OS does not match the installation files,
then you will receive an error.
Click OK and the files will copy from the source CD (or other volume) to the Deployment
Server\Deploy directory in the Deployment Share. This process will take a few minutes.
Enter a short description. Enter a description of the Windows OS source configuration, for example:
Note: While attempting to do a scripted install for Linux, make sure that you select both the options,
and Remove HP System Partition. This will remove the OEM partition
and allow the automation partition to be created as the first partition.
You can enter a path and select an answer file with any name. The answer file will be imported to
the database, edited in the console (if required), and then distributed as an unattend.txt file to the
client computer.
See also Scripted Install for Windows on page 167.
170
Deployment Tasks
Required answer file values will be selected automatically in the dialog box with a gray check (you
cannot clear these variables). Optional but selected values will have a green check. Other optional
values will be cleared. Select these optional values if you want to add them to the answer file when
it is generated.
The various tabs in the Answer File Setup dialog box correspond to general answer file sections. See
the Microsoft Windows Unattended Setup Guide for specific values for an unattended setup file.
See also Scripted Install for Windows on page 167.
entered in the cell if selected. If you are adding a section, then this name displays in the new tab in
the Answer File setup dialog box.
tab.
See the Microsoft Windows Unattended Setup Guide for your specific operating system values for
an unattended setup file.
See also Scripted Install for Windows on page 167.
Select a variable data type. The Default value and Displayed value boxes will
be activated depending on the variable type selected.
variable value.
Enter an alias for list item types to be displayed instead of the real
Description. Enter comments to describe the new variable. It will be displayed in the Description
column of the Answer File Setup dialog box.
install.
Add or edit switch commands to this line for the WINNT install program for the scripted
Additional commands in the cmdlines.txt file. Enter additional Windows scripted install commands in
this dialog box. The commands will execute in the order they are listed. The provided command
installs the Deployment Agent for Windows during the Install Component phase of the installation.
You can view and edit Deployment Agent settings in the next dialog box.
171
Browse to or enter the path and name of the Linux answer file (Kickstart file).
Command-line.
Automation - PXE or Bootworks environment (DOS/Windows PE/Linux). Select the required pre-boot
environment from the Default Automation drop-down list to perform the Backup and Restore task
in selected pre-boot environment. The option reported by the PXE Manager is the default pre-boot
environment option. By default the DOSManaged Boot Option type will be selected.
See also Scripted OS Install on page 167 and Scripted Install for Windows on page 167.
Distributing Software
Send MSI Packages, CAB, EXE, and other package files to selected computers or computer groups,
including EBS, and RPM files for Linux computers. This task identifies valid Altiris packages and
assigns passwords and command-line switches.
172
Deployment Tasks
Distribute software packages to managed computers using the New Job Wizard
or adding the Distribute Software task when Building New Jobs.
Enter the name and location of the package to distribute in the Name field.
Note: Information about the package will be displayed in the Description area for valid packages.
For RIPs, if you set the password option when you created the RIP, you must enter the password
for the package to run.
Select Run in quiet mode to install the package without requiring user interaction.
Specify the users to associate with the RIP or the Personality Package.
Click Apply to all users to run the package for all users with accounts on the computer.
If sending the package to a managed computer with multiple users and if you only want it
installed for certain users with a unique password, clear the Apply to all users box.
Example: to install a RIP for a specific user accounts on a computer add values to the
Additional command-line switches field:
-cu:JDoe;TMaya;Domain\BLee
Note: The command-line switches are specific to any package you are distributing that
supports command-line options, such as MSI and Personality Packages. For a complete list
of command-line switches, see the Wise MSI Reference Guide and the Altiris PC Transplant
Pro Reference Guide.
If distributing an install package or other types of packages with associated support files, you can
click Copy all directory files to install all peer files in the directory. Click Copy subdirectories to
distribute peer files in the directory and all files in associated subdirectories.
Important: Some clients may have software installed on the client computer that, for protection
against harmful software, only allows software programs on a list of "well-known" executables
to run. Therefore, whenever the system administrator wanted to install a patch on client
computers, he or she would have to update the well-known-executable list on all the client
computers, which could be a lot of work.
To save the work of updating that list, or of manually renaming distribution packages, the
"RenameDistPkg" feature was added. Now, the system administrator may update the wellknown-executable list once with a filename of their choosing. The well-known filename may
then be entered into the Windows registry of the Deployment Server computer (the computer
running axengine.exe), as the "Value data" of a string value named "RenameDistPkg" under the
"HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris eXpress\Options" key. If the
RenameDistPkg registry entry is set, then Deployment Server will rename installation files that
are copied to the client computers.
This feature only affects files that are temporarily copied to the client computer as part of a
"Distribute Software" task. The file that is to be executed only during the installation, sometimes
referred to as the "package", is the file that gets renamed, not the files that actually get installed
to various locations on the target computer.
If the Copy all directory files option is enabled task, only the main (installable) file will be
renamed.
6
Click Advanced to specify how files are distributed to the managed computer. You can copy
through Deployment Server, or copy and run directly from the Deployment Share or from
another file server. See Distribute Software Advanced on page 174. Click Next.
Set Return Codes. See Setting Up Return Codes on page 185. This is optional.
Click Finish.
173
Deployment Tasks
Notes:
When a RIP or Personality Package is executed through Deployment Server, the quiet mode
command-line switch is applied. This means the user will not be able to interact with the user
interface on the managed computer.
If the Personality Package is configured to run only if a particular user is logged in and only if
the user has an account on the managed computer, the package will run the next time that user
logs in. If the user does not have an account, the package aborts and sends an error back to the
console via the Deployment Agent. If the package is not run through Deployment Server, a
message is displayed on the managed computer and the user is prompted to abort or continue.
Click this option to run files remotely from the Deployment Share
File source access and credentials. Enter the user name and password for the client computer and the
Deployment Share. Both must have the same user name and password (this is not an issue if both are
on the same domain).
Note: Windows 95/98/ME computers have security limitations when copying files directly from the
source to the Deployment Agent using the UNC path name. It is suggested that you use the Copy files
for these types of computers or plan a proper security strategy for
direct copying.
Capture personality settings using the New Job Wizard or adding the Capturing
Personality task when Building New Jobs. See Distributing Personality Settings
to migrate settings to another user.
1
Enter the name of a personality template, or browse and select a template. A default personality
template is included in the PCT folder of the Deployment Share (DEFAULT.PBT). Enter the
name of the folder where you want to store the package.
The personality template lets you define the settings, files, and options to be captured during run
time. Click Template Builder to open a wizard to build a custom template.
In User account and folder login, enter the login credentials for the managed computer from which
the personality settings will be captured, and the file server where the Personality Package will
be stored.
In Package login, enter a password for the Personality Package. This is a run time password that
is required when the Personality Package runs on the destination computer.
174
Deployment Tasks
Set Return Codes. See Setting Up Return Codes on page 185. This is optional.
Click Finish. You have now captured a personality setting and saved it as PCT file in the selected
location (most often in the PCT folder on the Deployment Server shared directory on the
Deployment Share). The Capture Personality task now displays in the Task list. See
Distributing Personality Settings on page 175.
Notes:
To capture a personality on a Windows 95, 98, or ME computer, make sure that all users have
Write access to the Deployment Server share (by default at C: Program
Files\Altiris\eXpress\Deployment Server in a Simple install). Also, make sure
that the User account and folder login boxes are blank. A user must also be logged on at the
client computer to capture the client profiles. An error will be returned if you attempt to
capture personality settings on Windows 9x computers that are not authenticated. It is
recommended that you don't capture personalities for mixed groups of Windows 9x and
Windows NT/2000/XP/2003 computers.
Set the conditions on the job for either Windows 95/98/ME or Windows NT/2000/XP/2003
computers to ensure that the appropriate Capture Personality task runs on the appropriate
computers.
Select this option to capture personality settings for all local users on the computer.
Custom. Specify users or groups to capture personality settings. Select the Custom checkbox and
enter the Users or Groups you want to capture personality settings. Also, instead of specifying
names, you can also select users that have been either created or last accessed in a specified number
of days.
Additional command-line switches.
Distribute personality settings using the New Job Wizard or adding the Distribute
Personality task when Building New Jobs. See Capturing Personality Settings to
create a Personality Package.
In the Name box, enter the file name and location of the PCT file.
Note: Information about the Personality Package will be displayed in the Description area for
valid Personality Packages (PCT files). If no description is displayed, then the file is not a valid
package.
If you use a token, such as %COMPNAME% in this field, and you proceed with the job, when
you apply the job to a Windows XP computer, the user must enter input before the job completes.
Altiris recommends you enter a valid Personality Package name and use the Additional commandline switches fields for token values. See the Altiris PC Transplant Pro Reference Guide for a
complete list of valid command-line switches.
2
In the Password box, type the password set for the PCT file when created.
Select Run in quiet mode to install the package without displaying the PC Transplant screens.
175
Deployment Tasks
Click Apply to all users to run the package for all users with accounts on the specified
computer.
If sending the package to a managed computer with multiple users and if you only want it
installed for certain users with a unique password, clear the Apply to all users box.
Example: to install a Personality Packages for a specific user accounts on a computer, add
values to the Additional command-line switches field:
-user: JDoe; TMaya; BLee
Note: The command-line switches are specifically for Personality Packages. For a complete
list of command-line switches, see the Altiris PC Transplant Pro Reference Guide.
Click Advanced to specify how Personality Packages are copied to the managed computer. You
can copy through Deployment Server, or copy and run directly from the Deployment Share or
from another file server. See Distribute Personality Advanced on page 176. This is optional.
Set Return Codes. See Setting Up Return Codes on page 185. This is optional.
Click Finish.
For more information about capturing a computer's personality settings, see the Altiris PC
Transplant Pro Reference Guide.
See also Distributing Software on page 172 and Modifying Tasks in a Deployment Job on
page 182.
Click this option to run files remotely from the Deployment Share or
File Source Credentials. Enter the user name and password for the client computer and the
Deployment Share. Both must have the same user name and password (this is not an issue if both are
on the same domain).
Modifying Configuration
You can add a task to configure or modify the configuration of computer property settings using the
Modify Configuration dialog box. The Deployment Agent will update the property settings and then
restart the computer for changes to take effect.
1
After creating a job, double-click the job, and then click Add > Modify Configuration.
Select the Reboot after Configuration checkbox to restart client computer after the configuration
changes are complete. By Default, the checkbox for Reboot after Configuration is selected.
176
Deployment Tasks
Enter or edit the property settings in the Configuration dialog box. Click the category icons in the
left pane to set additional values for each property setting group. See Computer Configuration
Properties on page 111.
Click Next.
Set Return Codes. See Setting Up Return Codes on page 185. This is optional.
Click Finish.
Copy registry settings by adding the Back up Registry task when Building New
Jobs. Restore registry settings by adding the Restore Registry task.
Select the required pre-boot environment from the Automation - PXE or Bootworks environment
(DOS/Windows PE/Linux) drop-down list to perform the Backup and Restore task in selected preboot environment. The option reported by the PXE Manager is the default pre-boot environment
option.
Select the required pre-boot environment from the Automation - PXE or lets you environments
(DOS/Windows PE/Linux) drop-down list to perform the Backup and Restore task in selected preboot environment. The option reported by the PXE Manager is the default pre-boot environment
option. By default the DOSManaged Boot Option type will be selected.
Click Advanced if Windows was installed on client computers in a directory other than the
default. Enter the correct path to the root of the Windows directory.
Select Include registry information for all users to back up registry keys for all user accounts.
Note: If you clear this checkbox, then only the Administrator and Guest user accounts will
be backed up or restored.
Click Next.
Set Return Codes. See Setting Up Return Codes on page 185. This is optional.
Click Finish.
Get Inventory
Use this task to gather inventory from an individual or group of client computers. This ensures that
the Deployment database is up-to-date with the latest computer properties information. You can
view the history of the Get Inventory task in the Computers History pane. See Viewing a
Computers History on page 136.
Click Add, and then select Get Inventory from the list.
Run Script
Select an existing script or write a new script file to run on selected managed client computers.
177
Deployment Tasks
Run script files on client computers by adding the New Script task when Building
New Jobs. See Script Information to identify how the script displays, script
security, and an option for server-side execution of the script.
1
If you have a script file defined, click Run the script from file and then browse from the folder icon
to select the file. To read or edit the script file, click Modify.
Note: To run scripts that call an executable, use the start command.
To create a new script, click Run this script. Type the script in the provided text box, or click
Import and select a script file to import. When a script is imported you can modify it in the text
box.
Specify whether the script should be run from DOS, Windows, or Linux.
Click Next.
Click Next.
Set Return Codes. See Setting Up Return Codes on page 185. This is optional.
Click Finish.
Notes:
When a computer is in automation mode using a DOS configuration, it does not see DOS
partitions. To run a script using the DOS Automation Agent, use FIRM (File-system Independent
Resource Manager) commands. FIRM can only copy files and delete files; it cannot run code on
a drive.
Deployment Server assumes a return code of zero (0) as a successful script execution. Some
programs return a code of one (1) to denote a successful script execution. If a program returns a
one (1), you will see an error message at the Deployment console even though the script ran
correctly. To modify the return codes, you can edit the script file to return a code that the console
interprets correctly.
Script Information
Click an option to run the script on a selected managed computer or to run the script on the
Deployment Server computer.
Script Run Location
On the client computer. The option runs the script on the managed computer to which you assign the
job.
Locally on the Deployment Server. This option runs a server-side script on the Deployment Server of
the managed computer. In most cases you will want to create a server-side script task that runs in
context with other tasks. Example: you can add a task to image a computer and then add a task to
execute a server-side script to post the imaging return codes to a log file stored on the Deployment
Server computer.
Use the -id switch for running scripts on Deployment Server when using the WLogEvent and
LogEvent utilities. See Using LogEvent and WLogEvent in Scripts on page 180.
Important: Scripts requiring user intervention will not execute using this feature. The script will run
on the Deployment Server of the managed computer, but will not be visible. Example: if you run a
DOS command locally on the Deployment Server, the Command Prompt window will not open on
the Deployment Server computer when the script executes.
178
Deployment Tasks
When running the script on the Deployment Server, it will execute specifically for the assigned
managed computer. Example: if you create a job with a script to run locally on the Deployment
Server and assign the job to 500 computers, then the script will run on the Deployment Server 500
times.
Client Run Environment
Select the environment for your client. You can run in either production or automation mode.
Production - Client-installed OS (Windows/Linux).
managed computers.
Specific user. If you have selected to run the task on the local Deployment Server, you are
required to enter an administrator user name and password for that Deployment Server account.
(In most cases Deployment Server does not have the Deployment Agent installed, prohibiting it
from using a network security account.)
Script Window. This determines how the Script Window displays when
Minimized, Normal, Maximized, or Hidden from the drop-down list..
Automation - PXE or Bootworks environment (DOS/Windows PE/Linux). Click to run the script in the
automation environment. Select a pre-boot automation environment from the drop-down list.
If you select Linux as the OS type, then the Locally on the Deployment Server option will be disabled
and only the Additional command-line switches under the Production Client installed OS(Windows/
Linux) will be enabled.
If you select DOS as the OS type, then the Locally on the Deployment Server option and the Production
- Client-installed OS (Windows/Linux) option will be disabled.
Example Script
The process to convert NT4 from FAT16 to NTFS normally returns a 1 after a successful
completion. Here is an example of the file that is modified to return a code of 0 (which is the success
code recognized by the Altiris Console and utilities). You can make similar changes to your script
files as needed.
CONVERT /FS:NTFS
if ERRORLEVEL 1 goto success
goto failure
:success
set ERRORLEVEL = 0
goto end
:failure
echo Failed
set ERRORLEVEL = 1
goto end
:end
179
Deployment Tasks
A DOS-based tool can be called from any script file to log status and error codes.
The console displays and works with the new status messages.
LogEvent posts status messages back to the Deployment Console, allowing you to view the status
of the script. It is a light-weight reporting tool that can log both status strings and status codes to the
history file and the console.
LogEvent
WLogEvent
The LogEvent and WLogEvent utilities are command-line driven only there is no user interface.
Use both utilities with the following switches.
LOGEVENT -c:code -id:%ID% -l:level -ss:message
code is any number for a return code level.
id
is used for server-side scripting only. For server-side scripts you must add the -id:%ID% switch.
See the Locally on the Deployment Server option on Script Information to select a server-side script.
level is the severity level. The following levels are used:
1 = Information message
2 =Warning message
3 = Critical failure message. Only this level can be used to set up a return code. See Setting Up
Return Codes on page 185. The response will not execute for a return code unless a level 3 is
specified when using the LogEvent and WLogEvent command in a script.
message is the status string. If spaces exist in the message, then the string must be contained in
quotes. Specifying a severity level of 3 will cause the script job to fail.
Example Scripts
Copy File to
Copy all types of files to managed computers. You can send selected files or directories to a
computer or computer group. If a full path is not provided the file copy is relative to the system folder
on the managed computer.
180
Deployment Tasks
Send files to client computers by adding the Copy File to task when Building New
Jobs. Use the Copy File to operation (see the Remote Operations Using
Deployment Solution menu) to copy files quickly from Computers pane in the
console.
1
Click either the Copy File or Copy Directory option. Click Copy Subdirectories to copy all
subdirectories.
Enter the directory path and name of the file or directory. The Source path defaults to the
Deployment Share, but you can type or browse to a file or directory.
To copy files or directories through Deployment Server from the Deployment Share, you can
enter a relative path in this field. To copy files or directories directly from the Deployment Share
to the managed computer, you must enter the full UNC path name (see Copy File to Advanced
on page 181 features).
Note: When entering the source path for copying files through the Deployment Server, you can
only access the shared directories through an established user account. Specifically, you can only
use UNC paths when you have sufficient authentication rights established.
Type the destination path. The Destination path field automatically enters a sample path, but you
can enter the directory path that you require. If the destination path does not exist on the
destination computer it will be created.
Click Advanced to specify additional features to copy files through Deployment Server or
directly from a file server. See Copy File to Advanced on page 181.
Click Next.
Set Return Codes. See Setting Up Return Codes on page 185 (Optional).
Click Finish.
Enter the user name and password for the client computer and the Deployment
Share. Both must have the same user name and password (this is not an issue if both are on the same
domain).
181
Note: Windows 95/98/ME computers have security limitations when copying files directly from the
source to the Deployment Agent using the UNC path name. It is suggested that you use the Copy files
for these types of computers or plan a proper security strategy for
direct copying.
Power Control
Start the computer using Wake-on-LAN or run standard power control options to restart the
computer, shut down, or log off the current user.
Wake up, shut down or log off client computers by adding the Power Control task
when Building New Jobs. See the Power Control operation to send commands
quickly from the console.
1
Create a job.
Select an option: Restart, Shut down (if available), Log off or Wake up (Send Wake-On-LAN).
Click Next.
Set Return Codes. See Setting Up Return Codes on page 185 (Optional).
Click Finish.
Follow the basic instructions on each dialog box provided for each task. Select the type of task
you want to add and follow directions.
After finishing task configuration, a new task displays in the Jobs list.
Change the order of the tasks using the Up and Down arrow buttons. The tasks will execute in
the order listed.
Click the job that contains the task you want to copy in the Jobs pane.
In the Details pane, right-click the task, and then select Copy Task. (To copy multiple tasks,
press the CTRL key and select the desired tasks. The tasks that are highlighted will be copied
when you select Copy Task.)
In the Jobs pane, click the destination Job where you want to paste the task.
182
Right-click in the Details pane and select Paste Task. The tasks displays at the bottom of the
task list, and will use the use the condition settings of the current job.
Change the order of the task using the Up and Down arrow buttons. The tasks will execute in the
order listed.
Click Modify and follow directions to make your changes. Click OK.
Select the task you want to remove from the task list.
Click the job that contains the task you want to copy in the Jobs pane.
In the Details pane, right-click the task, and then select Copy. (To copy multiple tasks, press the
CTRL key and select the desired tasks. The tasks that are highlighted will be copied when you
select Copy.)
In the Jobs pane, click the destination Job where you want to paste the task.
Right-click in the Details pane and select Paste. The tasks displays at the bottom of the task list
and will use the current condition settings of the destination job.
Change the order of the task using the Up and Down arrow buttons. The tasks will execute in the
order listed.
Click on one of the tasks within the job, and then add a new task. The new task is inserted above
the task you highlighted, and all other jobs shift down one position.
Use the Up and Down buttons to change the order of the tasks within the job.
Click the job in the Jobs pane with a Change Configuration task. Double-click the Change
Configuration task.
A message box will open. Click YES to modify configuration settings individually for each
scheduled computer. Click NO to modify the Change Configuration task when the job is
scheduled again (the current job will send modified configuration files already created).
If you click YES, then a Modify Job wizard will open with a list of each managed computer
scheduled to change configuration settings. Select one or more computers and click Next.
In the Computer Configuration Properties property page, modify settings. Click Next.
Click Finish.
183
Click Resources in the Shortcuts view to move the focus to the Resources view.
A script file is created by default at the root of the resources. The default file name is Batch.bat.
4
Drag the Batch.bat file to a computer or computer group where you want to schedule the job.
Specify the scheduling options, and click OK. See Scheduling Jobs on page 160.
In the Jobs pane, right-click on a job or job folder that you want to copy, and then click Copy.
Right-click on the destination job folder in the Jobs pane, and then click Paste.
Browse to or type the path and name of an existing import file (a BIN file).
Select Import to Job Folder to import the jobs to an existing folder in the Jobs pane. If you have
a folder already selected it displays in the edit field.
Select Overwrite existing Jobs and Folders with the same name to replace identical jobs and folders.
Select Delete existing jobs in folder to overwrite and replace all jobs in the selected Jobs folder.
Click OK to import the job(s).
To export jobs
1
Right-click the job or Jobs folder you want to export and select Export
or
184
Click the Export subfolders button to export all folders subordinate to the selected job folder.
Click OK.
When creating a task, the Return Codes dialog box displays so you can set a response if the task was
successful or to determine a default response if the task failed. Because Deployment Server returns
a 0 (zero) if the task runs successfully, any other return code value denotes some type of failure in
running the task. As a result, in the Success box you can select an action if the return code is 0 (zero),
or select an action in the Default box if the return code is not a 0 (zero).
Return codes are first evaluated to be successful (zero) or failed (non-zero). If the task returns as
successful, then it will run the action in the Success box. If it is not successful, then it determines if
the return code has been assigned a custom code value. If the return code is defined as a custom code,
then the selected action for that custom code is executed. If no custom code is assigned to the return
code, then the action set in the Default is executed.
Note: If Using LogEvent and WlogEvent in Scripts, you can only generate return codes when the
level 3 message is specified. Specifying a severity level 3 will cause the script job to fail and allow
you to respond using this return code feature.
Return Code Actions
For both successful tasks (in the Success box) and failed tasks (in the Default box), you can
determine these specific actions:
Stop.
This action will stop the job after the task runs. Subsequent tasks will not run.
Continue.
This action will continue with subsequent tasks in the job after the task runs.
Select a job.
This action will allow you to select existing jobs to run after the task completes.
These actions also apply to custom return codes designed specifically for your system.
Custom Return Codes
In the Other return codes area, you can view custom return codes set specifically for your system.
You can add return codes by clicking the Add button below the Other return codes area, or by clicking
the Master Return Code button.
Type a custom code in the Code box, select a response action from the Response list, select the status
from the Status list to specify the interpretation of this return code as Success or Failure, and provide
a message in the Message box. These custom codes can respond to any return codes set up in scripts
or batch files in the Run Scripts task, or these custom codes can respond to system return codes
thrown from Deployment Server or external codes generated when distributing applications,
personality settings, or disk images. Any task can have custom codes that respond to different return
code values.
Master Return Codes. This is a list of all the return codes existing in the Deployment database. You
can add, modify, and delete the codes and their values so that setting codes for other tasks is easier.
This allows you to add a new custom return code for the task. You can also choose to add the
return code to the Master Return Codes list.
Add.
185
Modify. This allows you to modify the return codes listed in the Other return codes area. The changes
This allows you to delete return codes listed in the Other return codes area, but not from the
Master Return Codes list.
Delete.
In the Success list box, keep the default value Continue. This allows the job to continue running
additional tasks in the job after successfully completing this task.
Click Add to add custom return codes. The Add Return Code dialog box displays.
Click the Response drop-down arrow and select Continue from the list.
Click the Result drop-down arrow and select Success from the list. This displays that even if the
return code was not zero, success by default, the task will be considered a success as per users
choice.
Enter a description for the return code in the Status field. This is the message that will be
displayed when the task, within a selected job, executes.
Select the Add to Master return code list checkbox to add the custom code to the master return code
list. The code is then listed in both, the Other return code and Master Return Codes list. This is
helpful if you want to use the return code again.
Click OK. The return code is added to the list of Other Return Codes.
If the code you added already exists, a message dialog box displays the return code and asks if
you want to replace it. Click Yes to replace the return code, and click No to return to the Add
Return Code dialog box.
10
Select Select a job from the Default box to select a job to be executed when a default condition is
reached. The Select a Job dialog box opens, allowing you to select an existing job that runs if the
task returns a failed system return code (non-zero) or a return code not defined as a custom return
code.
Note: The status of the tasks executed in a job is also displayed in the history of a computer.
186
187
188
Chapter 7:
Servers are identified in the Computer pane with distinctive server icons. Like all
managed computer icons, the icons change to identify the status and state of the
computer, such as user logged on or Server Waiting.
Note: Servers are recognized by their operating system (such as Windows 2000
Advanced Server, Windows Server 2003, or any Linux OS), multiple processors, and
specific vendor server models.
Manage Servers from the Console. The Deployment Server Console includes features specifically
designed for deploying and managing servers, such as enhanced task logging and history tracking
features to let you recall administrative actions and quickly redeploy mission-critical servers. See
Server Management Features on page 189.
Set Server-specific options. Servers are essential to any organization and require special planning
and management strategies. Deployment Server provides server-specific features to automatically
deploy new servers and maintain existing servers. See Server Deployment Options on page 190.
189
Server icons. The Deployment consoles display icons to identify servers across the network. Like
other computer icons in the console, server icons can be selected to view server properties or assign
specific jobs and management tasks
Icon
Description
Indicates a server is active and a user is logged on.
interface card, Deployment Server provides property pages to access and configure multiple network
adapters remotely from the console. See TCP/IP Configuration Settings on page 114.
Synchronized server date and time. Deployment Server automatically sets the servers date and
time after installing or imaging (as part of the configuration process). Deployment Agents include
an option to disable this feature (it is off by default).
Enhanced scripting capabilities. You can deploy multiple tasks per deployment job and boot to
DOS multiple times when configuring and deploying a clean server. Deployment Server also lets
you view and debug each step in the deployment script, and track each job to provide a history of
tasks for redeploying a server.
Initial Deployment will not run for any computer identified in the console as a server.
190
Click on Start > Programs > Altiris > PXE Services > PXE Configuration Utility.
Click Altiris BootWorks (Initial Deployment). Click Edit.
Select Execute Immediately.
Initial Deployment will run automatically for every identified server.
Click OK.
Select Tools > Options.The Altiris Program Options dialog will open.
Click OK.
Following these steps will assure that the BootWorks message will not come up and things will move
forward when a job is scheduled.
Using Deployment Solution, you can employ rip and replace technology that allows you to insert
a new server blade and automatically configure and deploy it exactly like the previously installed
server blade, allowing you to replace any downed server and get it back on line quickly. Altiris
provides fail-safe features to ensure that no server is mistakenly overwritten and ensures that all disk
images, software, data, and patches are applied to the new server from the history of jobs assigned
to the previous server blade.
191
HP Proliant BL p-class
Proliant BL 10e
Proliant BL 20p
Proliant BL 10e G2
Proliant BL 20p G2
Proliant BL 40p
HP blade servers allow you to employ all features provided in the Deployment Console when you
install the HP Proliant Essentials Rapid Deployment Pack (see www.hp.com/servers/rdp), including
the Virtual Blade Server feature. The name of each Rack for an HP Server is displayed along with
the assigned name for the Enclosure and Bay. These names are collected from the SMBIOS of the
server blade and displayed in both the physical and server views within the Computers pane of the
Deployment console.
For HP blade servers in the physical view the Rack name can be a custom name in the console, with
all subordinate Enclosures and Bays also identified. For example:
<rackName>
<enclosureName>
<bayNumber>
See also Server Management Features on page 189 and Server Deployment Options on
page 190.
Virtual Bays
Blade servers now have a Virtual Bay feature that allows you to pre-assign deployment jobs to the
rack, the enclosure, or to a specific server blade in the bay. Any blade server can have predefined
deployment jobs and configuration tasks associated with it to execute automatically upon
installation. The Virtual Rack/Enclosure/Bay icons will change from virtual icons to managed server
icons in the Deployment console as live blade servers are inserted and identified by Deployment
Solution.
Rack name.
Enclosure name.
192
Enclosure type.
Initial Job.
blade.
Select an existing job to run when the virtual computer is associated with a new server
Server Change rule. Select the Server Deployment Rules to run on the Bay when a new server blade
is installed.
Note: If you create Virtual Bays for an enclosure (such as the BLe-class with 20 bays) and then if
another model of server blade with an enclosure containing fewer bays is connected (such as the
BLp-class with 8 bays), then the excess virtual bays will be truncated automatically. Conversely, if
you create Virtual Bays with fewer bays (8) and then install an enclosure with additional bays (20),
you will need to recreate the virtual bays in the enclosure (right-click the enclosure name in the
physical view and click New Virtual Bays).
PowerEdge 1655MC
For Dell blade servers in the physical view, the Rack name will always be Dell. All subordinate
Enclosures and Bays are identified with custom names under the Dell rack name. For example:
Dell
<enclosureName>
<bayName>
See also Server Management Features on page 189 and Server Deployment Options on
page 190.
For Fujitsu-Siemens blade servers in the physical view, the Rack name will always be FujitsuSiemens. All subordinate Enclosures and Bays are identified with custom names under the FujitsuSiemens rack name. For example:
Fujitsu-Siemens
<enclosureName>
<bayName>
See also Server Management Features on page 189 and Server Deployment Options on
page 190.
193
For IBM blade servers in the physical view, the Rack name will always be IBM. All subordinate
Enclosures are identified with custom names under the IBM rack name and Bays are identified by
number. For example:
IBM
<enclosureName>
<baynumber>
See also Server Management Features on page 189 and Server Deployment Options on
page 190.
Click <CTRL> F or click the Find Computer button on the console toolbar to
search the Deployment Database for computers by property settings.
The computers that match the search will be highlighted in the Computers pane.
1
In the Search For box, type all or part of the computers property values that you would like to
search for. This alpha-numeric string will be compared with specified database fields.
In the In Field box, select the field that you want to search in the Deployment Database.
For example, to find a computer by searching for its IP address, type the address in Search For
field and then select IP Address from the In Field drop down list.
Name
Computer Name
MAC Address
IP Address
ID
Serial Number
Asset Tag
UUID
Registered User
Product Key
Logged On User
The computer you are looking for will be displayed and highlighted in the Computers window in the
console.
Note: This search is not case-sensitive and allows wildcard searches using the *.
194
Click the Lab Builder button on the console toolbar or click File > New > Lab
Builder to set up jobs specifically created for managing multiple computers in a
lab environment.
You can set up jobs to:
Deploy Lab
Restore Lab
Update Configuration
Upload Registries
Each of these jobs contains a default list of tasks. Lab Builder places these five new jobs under a
folder (which you name) located under the Lab folder. All of the tasks in the jobs have been assigned
default paths and file names that allow them to use the same images and configuration information,
registry data, etc. It is suggested that you do not change the file names and paths. If you change the
default settings (for example, changing the image name), you must change it in all of the jobs where
the image is used.
To use Lab Builder
1
Click the Lab Builder icon on the toolbar, or choose File > New > Lab Builder.
on the name, and the image file name must be unique. The default image name is synchronized
in all of the lab jobs, so if you change the name later you must change it in all the jobs that use
the image.
Enter a lab description to help you differentiate the lab from others. This field is optional. Click
OK. This is optional.
The following information describes the default jobs. To run one of these jobs, simply drag it to the
computer or computer group that you want it applied to.
Create Disk Image.
This job uploads an image of a computer to the server and an image name is
created automatically based on the lab name. However, there is no actual image in the job until you
drag the image source computer to this job.
Deploy Lab. This job has three default tasks: Deploy image, Apply configuration settings, and Back
up registry files. The image that is uploaded using the Create Disk Image job is deployed when you
use this job. The configuration settings you specify in the Update Configuration job are applied to
the computers, and then the computer registry files are uploaded to the Deployment Server.
Restore Lab. This job restores the image and registry files to a computer where a lab was previously
deployed. You can quickly get a computer running again by restoring the lab on that computer.
Update Configuration. This job allows you to set unique configuration information (such as computer
names and network addresses) for client computers. When a lab is deployed, each computer has an
identical image, but not the same configuration settings. This means you don't have to visit each
computer to reset IP addresses and other settings when you deploy an image.
Upload Registries.
195
Chapter 8:
Deployment Solution where they can be viewed in the Samples folder in the Jobs area of the console.
The Samples folder contains subfolders for Imaging, Simple Tests, Migrations, Miscellaneous Jobs,
Pocket PC, Scripted OS Installs, Scripts, and XP Embedded.
Jobs in each folder marked with an asterisk (*) require input parameters or other minor modifications
added before running on your system. These modifications allow you to add parameters to the job
such as user name and password, or other required data to allow the job to be functional. These jobs
will not function properly if you do not edit the job task with the information specific to your
environment.
All files without an asterisk (*) can be used to perform the identified functions without modification.
However, if the job conditions are not met or are not consistent with the computer type then you may
get an error. For example, if the Repair Office XP job runs on a computer without MS Office XP then
you will get an error when trying to run the job.
Note It is suggested that you copy the desired sample job and change the name to avoid overwrites
Sample files are provided to help create jobs and other files for use in your specific environment.
These files portray possible solutions and configurations, and can be modified and rewritten. Each
of these jobs can also be created in the Deployment Server Console and executed with the same
effectiveness to meet your specific needs. Because of continually changing market conditions and
specific requirements for your organization, Altiris cannot guarantee the effectiveness of these
sample files working in your environment.
See sample jobs in these categories:
Imaging (page 196)
Simple Tests (page 197)
Migrations (page 198)
Misc Jobs (page 199)
Pocket PC (page 203)
Scripted OS Installs (page 204)
Scripts (page 209)
XP Embedded (page 212)
Imaging
Use these sample jobs for basic imaging tasks:
Create Disk Image (page 197)
196
Simple Tests
filename.
image filename.
Simple Tests
Run simple commands and install software packages using these jobs:
DIR Command at DOS (page 197)
DIR Command at Windows (page 197)
Distribute RapidInstall Package (page 198)
197
Migrations
Migrations
With the aid of PC Transplant, capture various user settings using these jobs:
Capture User Application Settings (page 198)
Capture User Desktop Settings (page 198)
Capture User Microsoft Office Settings (page 199)
Capture User Printer Settings (page 199)
application settings for all of the users that exist on the computer. The client computer will execute
the PC Transplant Wizard using the specified template and create a file (computername.exe) at
the specified location.
Steps to use
1
Assign the username and password for use with Windows NT/2000/XP/2003 based systems. If
you are using this job on Windows 9x computers, then the logged-in user must have rights to the
specified location for the template and package creation.
desktop settings for all of the users that exist on the computer. The client computer will execute the
PC Transplant Wizard using the specified template and create a file (computername.exe) at the
specified location.
Steps to use
1
Assign the username and password for use with Windows NT/2000/XP/2003 based systems. If
you are using this job on Windows 9x computers, then the logged-in user must have rights to the
specified location for the template and package creation.
198
Misc Jobs
Microsoft Office settings for all of the users that exist on the computer. The client computer will
execute the PC Transplant Wizard using the specified template and create a file
(computername.exe) at the specified location.
Steps to use
1
Assign the username and password for use with Windows NT/2000/XP/2003 based systems. If
you are using this job on Windows 9x computers the logged-in user must have rights to the
specified location for the template and package creation.
printer settings for all of the users that exist on the computer. The client computer will execute the
PC Transplant Wizard using the specified template and create a file (computername.exe) at the
specified location.
Steps to use
1
Assign the username and password for use with Windows NT/2000/XP/2003 based systems. If
you are using this job on Windows 9x computers the logged-in user must have rights to the
specified location for the template and package creation. Assign the job to a computer or
computer group.
Misc Jobs
Misc jobs can be executed on computers, including installation and repair of Office XP, computer
power control, and SQL service and installation:
Install Office XP from Mapped Drive (page 200)
Install Office XP from UNC Source (page 200)
SQL 2000 Unattended Install (page 200)
SQL 2000 Unattended Install Using a RIP (page 201)
Copy WLogevent to Client (page 201)
Install MSI 2.0 Runtime (page 201)
Repair Office XP (page 202)
Restart Computer (page 202)
199
Misc Jobs
To customize the script, change the UNC that the drive is being mapped to, as well as the
username and password.
To change the username, go into the advanced settings of the script. Note that the client computer
must be in the domain if you are using domain authentication.
Note It is strongly recommended that you follow Microsoft's guidelines for preparing Office XP to
be deployed. The setup should be customized using the proper tools, and an administrative install
should be performed to place the setup files on the network share. For more details, consult the
Office XP Resource Kit.
What this task does This script runs a Microsoft Office XP Professional with Front Page install
To customize the script, change the location of the setup files, as well as the username and
password. Note that the client computer must be in the domain if you are using domain
authentication.
Note It is strongly recommended that you follow Microsoft's guidelines for preparing Office XP to
be deployed. The setup should be customized using the proper tools, and an administrative install
should be performed to place the setup files on the network share. For more details, consult the
Office XP Resource Kit.
200
Misc Jobs
What this task does This script will copy all of the files and directories from the SQL setup to the
client computer, then execute an unattended install using the specified silent install script
(sqlins.iss).
Steps to use
1
Copy the files from the SQL 2000 CD into the .\samples\misc\sql2000 directory. Edit the
sqlins.iss file located in the .\samples\misc\sql2000 directory to include your CD key.
Copy the files and directories from the SQL 2000 CD into the SQL2000 directory in the RIP by
dragging and dropping them onto the SQL2000 folder.
After the files have been added to the RIP, save it by choosing File>Save. Close the RapidInstall
Editor.
to the client computer in the temp directory. This file is used for logging status in windows scripts.
201
Misc Jobs
Repair Office XP
Description This script will force Microsoft Office XP Professional with Front Page to be repaired
Additional files required The source that Office XP was originally installed from must be
What this task does This script will force Microsoft Office XP Professional with Front Page to be
repaired on the client computer. You can substitute the Product ID of any MSI (Windows Installer)
installed application in this sample.
Steps to use Assign the job to a computer or computer group.
Restart Computer
Description Restarts the client.
Additional files required None.
What this task does Restarts the client if restart is supported.
Steps to use Assign the job to a computer or computer group.
Shutdown Computer
Description Shutdown the client.
Additional files required None.
What this task does Shuts down the client if shutdown is supported.
Steps to use Assign the job to a computer or computer group.
computer.
Steps to use
1
If you run the SQLServerAgent you need to remove the REM on the line that starts the agent
service.
server will not stop if this is running from the command line.
202
Pocket PC
Uninstall Office XP
Description This script will force Microsoft Office XP Professional with Front Page to be
uninstalled on the client computer.
Additional files required The source that Office XP was originally installed from must be
What this task does This script will force Microsoft Office XP Professional with Front Page to be
uninstalled on the client computer. You can substitute the Product ID of any MSI (Windows
Installer) installed application in this sample.
Steps to use Assign the job to a computer or computer group.
Wake up Computer
Description Wake up a computer.
Additional files required None.
What this task does Sends a Wake On LAN packet to the computer. If the client supports Wake On
Pocket PC
These jobs are used to install agents and CAB files to manage handheld devices in Deployment
Solution:
Distribute Software (page 203)
Install Altiris Pocket PC Agent (page 203)
Distribute Software
Description Installs a simple application that displays the name of the Pocket PC.
Additional files required None.
What this task does This job allows you to set a condition for a MIPS, ARM, or SH3 processor for
your handheld device. Once a condition is set then it will install the correct CAB file from the
Samples directory.
Steps to use Assign the job to the handheld device displayed in the Computers section of the
Deployment Server Console.
203
Scripted OS Installs
Steps to use Assign the job to a managed computer acting as host (with Microsoft ActiveSync
Scripted OS Installs
These imported jobs allow you to run scripted, unattended installs on both Windows and Linux
servers. These jobs are used for both Network installs and Hard Disk installs. To do a network
scripted install of Windows, use the Scripted OS install task type in a job:
Create W2K Install Disk Image (Target HD) (page 204)
W2K Scripted Install (Target HD) (page 205)
Create RH7 Install Disk Image (Network) (page 206)
Create RH7 Install Disk Image (Target HD) (page 206)
RH7 Scripted Install (Network) (page 207)
RH7 Scripted Install (Target HD) (page 208)
Create RH8 Install Disk Image (Network) (page 208)
RH8 Scripted Install (Network) (page 209)
Windows 2000 installation files (I386 directory from the Windows CD). These files need to be
copied from the Windows CD to the OS files directory. The default directory is <DS install
path>\DEPLOY\WIN\W2K\I386 directory.
the Deployment Agent, other DOS utilities, and the Windows OS files needed for the target HD
install.
If you need to supply drivers that are not included with the Windows installation you will need
to create a $OEM$ directory under the i386 directory.
If you have hardware or other devices that are not supported in the OS distribution, you can add
the drivers needed in the $OEM$ directory that is supported by the unattended install process.
In our examples we have added drivers for Intel display, network and chipset. The $1 specifies
the root of the %SYSTEMDRIVE% variable. You will need to verify that the directories are included
in the OemPnpDriversPath value in the Unattended section of the unattended.txt file.
Note The Windows unattended install process requires that all drivers in $OEM$ be fully
extracted. Zip files cannot be used. See the "Microsoft Windows 2000 Guide to Unattended
Setup" for more information. This guide is named unattend.doc and is in the deploy.cab
file in the \Support\Tools folder of the Windows 2000 installation CDROM.
What this task does This job creates a hard drive image that can later be used for installing
Windows 2000 through the hard disk install method. It downloads the DOS_ONLY image to the
selected client. This creates a 2 GB, FAT16 DOS bootable partition. It reboots the client so that DOS
will recognize the newly created DOS partition. It calls the w2ksetup.bat file to copy the
Deployment Agent, and the Deployment Agent input file (aclient.inp) as well as various other
204
Scripted OS Installs
DOS utilities to facilitate a Windows scripted install. It also copies the Windows OS files (usually
from the I386 directory) to the target's hard drive in the C:\I386 directory. It runs rdeploy.exe
to create a disk image of the now populated DOS partition.
Steps to use
1
If you want to create your own DOS_ONLY.img with MSDOS instead of using the supplied DR
DOS image, you will need to manually create the image. To create your own DOS image, use a
DOS boot floppy to run fdisk.exe to create a 2GB partition on a reference computer. Format
the partition to be a system drive. Copy the appropriate DOS files needed (e.g., himem.sys,
smartdrv, xcopy, etc.). Create an autoexec.bat file that runs smartdrv to speed the
installation and then looks for a file called install.bat. Install.bat will be used in our
examples to initiate the unattended installation.
Example Autoexec.bat file:
@echo off
smartdrv
IF NOT EXIST c:\install.bat goto no_install
call c:\install.bat
goto done
:no_install
echo No Install File
:done
Be sure to include smartdrv in the batch file. This command starts SMARTDrive, which
creates a disk cache in extended memory. A disk cache will significantly speed up the imaging
process. After the above tasks have been performed, create an image of the drive named
MS_DOS.img. Once the MS_DOS image is created, copy the i386 folder of the Windows CD
(along with the $OEM$ folder if supplemental drivers will be required) to the DOS computer.
Now create another image of the drive and name it W2K_AS.img. This image will be used for
hard drive scripted OS installs to provide the OS files needed for the Windows installation. A
total of two DOS images should be created with the second image containing Windows install
files in a C:\i386 folder. If you use the MS_DOS.img then edit the task and replace
DOS_ONLY.img with MS_DOS.img.
3
Edit the last Run Script task, Create Windows Install Disk Image, and change the SET
ImageName=F:\IMAGES\W2K_HD.IMG line to the name of the image you wish to create.
If you copied the Windows OS files to a location other than <DS install
path>\DEPLOY\WIN\W2K\I386, edit the second Run Script task, Copy Windows Files to Hard
Drive, and specify the location on the SET OSFilesPath= line.
Change the name of the job to reflect the desired purpose (optional).
Note After this job finishes, it will leave the client computer in an unmanageable state.
model. This will use the image we created with the Create W2K Scripted Install (Target HD) job.
In 6.5, we recommend using FAT32.img rather than DOS_ONLY.img to perform scripted installs.
Additional files required
<install path>\IMAGES\W2K_HD.IMG. This is the image file created by the Create W2K
Install Disk Image (Target HD) job described above. You may have changed the name. This image
file contains a DOS bootable partition with the Deployement Agent and other various DOS
utilities along with the Windows OS files that are required for a Windows unattended install.
205
Scripted OS Installs
Windows unattended answer file. A sample provided by the product installation located in the
What this task does This job starts a Windows unattended OS install on a client using the hard disk
install method. It downloads the W2K_HD image (or whatever you have named it) to the selected
client. This creates a 2 GB, FAT16 DOS bootable partition with the OS files to do a Windows
unattended install. It then reboots the computer to get the new partition and format information. It
uses a script to get the unattended answer file copied to the client. It then reboots the client. Upon
reboot, the DOS partition is booted and the OS install is automatically started with the
autoexec.bat that is called in the image.
Steps to use
1
Edit the Deploy Image task and change the name of the image file to the name you created with
the Create W2K Install Disk Image (Target HD) job described above.
Edit the answer file to specify the product key and other information.
Change the name of the job to reflect the desired purpose (optional).
What this task does This job creates a hard drive image that can later be used for installing RedHat
Linux through the network install method. It downloads the DOS_ONLY image to the selected client.
This creates a 2 Gig FAT16 DOS bootable partition. Then it reboots the client so that DOS will
recognize the newly created DOS partition. It then calls RH7SETUP to copy the basic RedHat files
that facilitate a RedHat Kickstart install. It then runs RDeploy to create a disk image of the now
populated DOS partition.
Steps to use
1
Edit the last Run Script task, Create Red Hat Install Disk Image, and change the SET
ImageName=F:\IMAGES\RH71_FTP.IMG line to the name of the image you wish to create.
Change the name of the job to reflect the desired purpose (optional).
206
Scripted OS Installs
RedHat OS files (REDHAT and DOSUTILS directories from the RedHat CD). These files need
to be copied from the RedHat CD to the <install
path>\DEPLOY\CDS\REDHAT\RH71\REDHAT and <install
path>\DEPLOY\CDS\REDHAT\RH71\DOSUTILS directories, respectively.
the job calls to copy the RedHat OS files needed for the target hard drive install.
What this task does: This job creates a hard drive image that can later be used for installing RedHat
Linux v7.1 through the Hard Disk install method. It downloads the DOS_ONLY image to the selected
client. This creates a 2 Gig FAT16 DOS bootable partition. It reboots the client so that DOS will
recognize the newly created DOS partition. It calls RH7SETUP.bat to copy the basic RedHat files
that facilitate a RedHat Kickstart install. It also copies the RedHat OS files to the target's hard drive
in the C:\REDHAT directory. It runs RDeploy to create a disk image of the now populated DOS
partition.
Steps to use
1
Make a copy of the sample job. Edit the last Run Script task, Create Red Hat Install Disk Image, and
change the SET ImageName=F:\IMAGES\RH71_HD.IMG line to the name of the image you
wish to create.
If you copied the RedHat OS files to a location other than <DS install
path>.\DEPLOY\CDS\REDHAT\RH71, edit the second Run Script task, Copy RedHat Files to
Hard Drive, and specify the location on the SET OSFilesPath= line.
Change the name of the job to reflect the desired purpose (optional).
<DS install path>\IMAGES\RH71_FTP.IMG. This is the image file created by the Create
job described above. You may have changed the name. This
image file contains a DOS bootable partition with the basic RedHat files that facilitate a RedHat
Kickstart install.
INSTALL\REDHAT directory.
What this task does This job starts a RedHat Kickstart OS install on a client using the Network
install method. It downloads the RH71_FTP image (or whatever you have named it) to the selected
client. This creates a 2 Gig FAT16 DOS bootable partition with files to facilitate a RedHat Kickstart
install. It reboots the client so that DOS will recognize the newly created DOS partition. It uses a
Scripted OS Install task to start the unattended install on the client. This task contains the location of
the OS install files located on the FTP server as well as the Kickstart file to be used for the OS install.
Steps to use
1
Edit the Deploy Image task and change the name of the image file to the name you created with
the Create RH7 Install Disk Image (Network) job described above.
Edit the Scripted OS Install task and change the location of the Kickstart answer file.
Change the hard drive ID in the Command Line edit box to the proper ID for the target system.
The default is ks=hd:hda1/ks.cfg where hda1 is the default hard drive ID.
Change the name of the job to reflect the desired purpose (optional).
207
Scripted OS Installs
<DS install path> \IMAGES\RH71_HD.IMG. This is the image file created by the Create
RH7 Install Disk Image (Target HD) job described above. You may have changed the name. This
image file contains a DOS bootable partition with the RedHat OS files that are required for a
RedHat Kickstart install.
INSTALL\REDHAT directory.
What this task does: This job starts a RedHat Kickstart OS install on a client using the Target HD
install method. It downloads the RH71_HD image (or whatever you have named it) to the selected
client. This creates a 2 Gig FAT16 DOS bootable partition with the OS files to do a Kickstart
unattended install. It uses a Scripted OS Install task to get the Kickstart answer file copied to the
client. This task contains the location of the answer file to be used for the OS install. It reboots the
client. Upon reboot, the DOS partition is booted and the OS install is automatically started.
Steps to use
1
Edit the Deploy Image task and change the name of the image file to the name you created with
the Create RH7 Install Disk Image (Target HD) job described above.
Edit the Scripted OS Install task and point it to the desired Kickstart answer file.
Change the hard drive ID in the Command Line edit box to the proper ID for the target system.
The default is ks=hd:hda1/ks.cfg where hda1 is the default hard drive ID.
Change the name of the job to reflect the desired purpose (optional).
What this task does This job creates a hard drive image that can later be used for installing RedHat
Linux through the Network install method. It downloads the DOS_ONLY image to the selected client.
This creates a 2 Gig FAT16 DOS bootable partition. It reboots the client so that DOS will recognize
the newly created DOS partition. It calls RH8SETUP to copy the basic RedHat files that facilitate a
RedHat Kickstart install. It runs RDeploy to create a disk image of the now populated DOS partition.
Steps to use
1
Edit the last Run Script task, Create Red Hat Install Disk Image, and change the SET
ImageName=F:\IMAGES\RH80_FTP.IMG line to the name of the image you wish to create.
Change the name of the job to reflect the desired purpose (optional).
208
Scripts
<DS install path>\IMAGES\RH80_FTP.IMG. This is the image file created by the Create
job described above. You may have changed the name. This
image file contains a DOS bootable partition with the basic RedHat files that facilitate a RedHat
Kickstart install.
What this task does This job starts a RedHat Kickstart OS install on a client using the Network
install method. It downloads the RH80_FTP image (or whatever you have named it) to the selected
client. This creates a 2 Gig FAT16 DOS bootable partition with files to facilitate a RedHat Kickstart
install. It reboots the client so that DOS will recognize the newly created DOS partition. It uses a
Scripted OS Install task to start the unattended install on the client. This task contains the location of
the OS install files located on the FTP server as well as the Kickstart file to be used for the OS install.
Steps to use
1
Edit the Deploy Image task and change the name of the image file to the name you created with
the Create RH8 Install Disk Image (Network) job described above.
Edit the Scripted OS Install task and change the location of the Kickstart answer file.
Change the hard drive ID in the Command Line edit box to the proper ID for the target system.
The default is ks=hd:hda1/ks.cfg where hda1 is the default hard drive ID.
Change the name of the job to reflect the desired purpose (optional).
Scripts
These jobs are provided to give some ideas of things that can be accomplished by scripting. The
scripts have been divided into scripts for Windows and scripts for Linux:
Send Email if Disk Space Low (Linux) (page 210)
Logevent Script (Linux) (page 210)
Restart HTTPD Service (Linux) (page 210)
Move Computer to Default Container (Windows) (page 210)
Move Computer to Specific OU (Windows) (page 211)
Send Error Email (Windows) (page 211)
Server-side Embedded VBScript (Windows) (page 211)
WLogevent CMD Script (Windows) (page 211)
WLogevent VB Script (Windows) (page 212)
209
Scripts
Edit the embedded script to specify the email username to send to and the threshold percentage.
Edit the movecomp_cn.vbs to specify the domain that you want to use for the computer to be
moved in.
This script will not create the computer account in the domain. If it is not already a member of
the domain, this event will fail.
210
Scripts
OU.
Steps to use
1
Edit the movecomputer.vbs to specify the domain and OU that you want the computer to be
moved into.
This script will not create the computer account in the domain. If it is not already a member of
the domain, this event will fail.
identify the client that had an error. This script is run on the Deployment server and can be used as
a job to be run when having a specific error occurs.
Steps to use
1
Edit the sendmailscript.vbs to specify the SMTP server and the user to have the email sent
from and to.
Assign the job to a return code handler on another task. (See "Setting up Return Codes" in help
for more details).
Assign the calling job to a computer or computer group. If you have the error then this job (Send
Error Email) will be called.
module. The text will read Deployment Server Job complete for <computername>.
console.
211
XP Embedded
console.
XP Embedded
These jobs are provided to give samples when working with XP embedded that have the Enhanced
Write Filter enabled:
Disable Enhanced Write Filter (page 212)
Enable Enhanced Write Filter (page 212)
Distribute RapidInstall Package (page 212)
includes a utility that displays the computer name in a window. A shortcut is created in the startup
group so that every time the computer is started the window will display the computer name. After
installing the RIP, the Enhanced Write Filter will be enabled.
212
Chapter 9:
Managing Switches
To administer roles and configurations for network servers, it is necessary to discover and modify
the network switch settings for the connected network servers. Deployment Solution provides the
Switch Add-On program to discover and manage Virtual Local Area Networks (VLAN) settings on
a LAN switch or to run commands from the command-line. This utility allows you to directly
discover and provision the port settings of a LAN switch.
To open the Switch Management tool, click Tools > Altiris Tools > Switch
Management. This will open the Deployment Solution Switch Add-On utility tool.
Network switches will be identified in the left pane. Click the star button to Add
New Switches.
Switch Management Features
Typically, a VLAN setting is port based it is a LAN switch port that can be configured as a
member of a specific VLAN. As such, client and server computers connected to that LAN switch
port are members of the VLAN and can communicate with other member client and server
computers of that VLAN. By changing the VLAN setting of a switch port, you can move client and
server computers between logical VLAN groupings without actually changing the physical network
infrastructure.
Often, when modifying server roles or configurations, it will be necessary for you to change the
grouping or VLAN for the servers network. This can be accomplished by changing the VLAN
setting on the switch port that the server is connected to.
The Deployment Solution Switch Add-On allows you to perform the following functions:
Discover the LAN switch MIB II system information (command-line and GUI)
Discover the switch ports of a LAN switch (command line and GUI)
Discover the VLAN setting for each switch port (command line and GUI)
Modify the VLAN setting of a switch port (command line and GUI)
213
Notes
If a LAN switch supports the 802.1Q VLAN standard, Deployment Solution Switch Add-On will
only provide PVID management on a port.
Since most vendors do not support VLAN Add/Edit/Delete through SNMP, Deployment
Solution Switch Add-On will not provide these features.
switches:
HP
Models: BL eClass Interconnect Switch (802.1Q PVID management only)
Dell
Models: PowerEdge 1655MC Integrated Switch (802.1Q PVID management only)
214
The following are port attributes displayed in the Details pane of the program:
Switch
Port
The name of the port (vendor-specific port names will be shown when available)
Description
VLAN
Connectivity
By selecting a device in the tree view pane, the switch port display will be updated to show its
respective ports. By selecting Network in the tree view, all switch ports that have been discovered
will be shown in the switch port view. You can sort on attributes by selecting the appropriate
column.
215
Note When the device is available and the SNMP communities are correct, the application will read
the MIB II system information from the device and add the device to the tree view. If not, an error
message be displayed.
Discovering a Device
Once a device has been added to the database, all of the properties for that device can be discovered.
By selecting the device in the tree view and right clicking, the following menu will open:
Click Discover Device to discover all the switch device properties and store these values in the
Deployment Database. Once the discovery process is complete, the switch ports for that device will
be seen in the port view.
Deleting a Device
A device can be deleted in two ways:
1
The Deployment Solution Switch Add-On application will then use the supplied SNMP community
strings (passwords) and attempt to change the VLAN setting on the port. If successful, the VLAN
column will be updated.
216
Note It is possible to select more than one port in the port view and assign all selected ports to a
particular VLAN in one operation. However, due to the number of operations required to change
VLANs on some switching devices, this operation can be time consuming.
The Assign/View Connectivity dialog box displays all visible devices, including the MAC addresses
that are being forwarded by the switch. It also displays any previous connectivity mapping, such as
an X in the Connected column). You can add a hostname to a specific MAC address by right-clicking
the appropriate MAC address. A menu will open. Click Add/Edit Host Info to enter the hostname on
the dialog.
Note If the IP address and Hostname columns are blank for a MAC address, the application does not
have enough information about the global network to display an IP Address/Hostname binding to
that MAC address.
You can assign connectivity to a particular switch device by selecting the device (or MAC address)
in the list and clicking Assign Connectivity to Port. This will mark the MAC address as connected to
this port. You can remove connectivity by selecting the MAC address that you want to remove from
connectivity and clicking Remove Connectivity from Port. When the dialog is closed, the client and
server computers can be seen in the Connectivity column of the switch port view.
Command-line Parameters
The following command line parameters can be supplied to the Deployment Solution Switch AddOn program to launch the program with the appropriate
-d=<switch IP address>: By supplying the IP address of the switch, the Switch Add-On program will
launch and automatically select the supplied device in the tree view (thereby, showing all of its ports
in the port view).
-e=<end node MAC address>: By supplying the MAC address of a client or server computer, the
Switch Add-On program will launch and automatically select the switch and port that the client or
server computer is connected to (if the connectivity has been previously assigned).
GUI Tools
The Switch Management Console includes a Tools menu, providing a Ping IP Range command to
assist in "pinging" a specified IP range in order to generate traffic to a range of devices that might
otherwise be inactive. From this dialog box you can specify the starting and ending IP addresses to
ping. Success or failure messages will appear in the list.
217
The Ping IP Range tool can be used to lookup the MAC address of the device being pinged. To be
successful, SNMP must be enabled on the end device. The user can supply an SNMP Read
community name to perform this operation. Otherwise, the user may clear the SNMP MAC Lookup
box to ping only the end device.
If a device is inactive, the forwarding tables in the switch will not show the MAC address of
the client or server computer. The Ping IP Range tool can be used to refresh the forwarding table in
the switch.
Note
-m=<mode>
-d=<target ip>
This indicates the switch (by IP address) to perform the operation on.
-r=<read community>
The SNMP read community name (password) to use to discover the switch.
-w=<write community> The SNMP write community name (password) to use to perform any set
operations on the indicated device.
-p=<port name>
-v=<VLAN number>
-n-<VLAN name>
218
-e=<end node MAC address> The MAC address of the workstation/server that you want to be put in
a particular VLAN. In order for the utility to perform this operation correctly, the connectivity of the
MAC address must have already been assigned using the GUI application. When using this option,
the user must only supply the SNMP write community (password) and the VLAN (name or number)
to put the workstation/server in. The CLI application will use its database to lookup the appropriate
(bound) switch and switch port to provision.
-c=<SNMP retry count>
-t=<SNMP timeout>
The number of attempts that SNMP should attempt before giving up.
Note Prior to executing any command to provision a switch, that switch MUST be discovered.
Command-line Examples
Discover a Switch
switchcfg.exe -m=discover -d=<target IP> -r=<SNMP read>
219
Chapter 10:
Set up an account for Deployment Server. See Logon Account (page 221).
Map drives to file servers in your Deployment Server system (if you have images stored in more
than one place). See Drive Mappings Option (page 222).
Set the communications protocol (multicast or TCP) and set the imaging multicast threshold. See
Transport Option (page 223).
Filter connections from the Deployment Server by IP addresses or network adapter interface.
Connections Option (page 225).
Set debug and log file options in the Debug Option (page 225).
Log in to the Deployment Server you want to manage. Open the Deployment Server
Configuration Utility by clicking Start > Programs > Altiris > Deployment Server >
Configuration.
From the main view of the Deployment Server Configuration Utility, you can view Deployment
Server statistics, start and stop the Deployment Server, access Deployment Server configuration
options and more.
Item
Description
Server activity
and statistics
Start
Stop
Restart
220
Logon Account
Account
Opens the Server Login Account dialog box, which allows you to specify the
account used by the Deployment Server service.
The LocalSystem account requires a simple install that runs Deployment
Server services on the local computer, prohibiting access to network shares or
components.
With the LocalSystem account selected, you can click the Allow service to
interact with desktop box to place an icon in your system tray. This icon allows
you to quickly shut down the Deployment Server services or to view server
statistics (just as you can do from the Manage > Services and
Applications > Services > Altiris eXpress Server service).
The default setting is to provide a user name and password during installation.
With this option you can install the service on different computers and access
components across the network.
Options
Opens the Deployment Server Options dialog, which allows you to specify
Deployment Server options.
Logon Account
This Service Logon Account dialog is used to set up the user account used by Deployment Server.
Item
Description
Open the Deployment Server Configuration Utility in the Control Panel of the Deployment
Server computer.
Click Account.
Choose whether you want to use the LocalSystem account or a user-defined account. If you
choose a user-defined account, you must enter the username and password.
Click OK.
General Option
The General tab provides features to set inventory polling and the timeout value when updating
connections of managed computers.
Update Inventory.
Set the polling intervals to inventory each managed computer for basic hardware
and software properties. The default value of 24 hours will inventory each computer no more than
once a day. However, an inventory is only performed when a computer (with the Deployment Agent)
starts up. If a computer is not restarted for a number of days, no inventory will be taken even though
the Update Inventory value is set to 24 hours. When the computer resets, even though the Update
Inventory interval has passed, the inventory will automatically be taken.
221
Set the value to 0 to turn polling off and retain only the values already in the database for each
managed computer.
An inventory is only executed when the Deployment Agent starts up on the managed computer. As
a result, if the computer is not restarted for a period of days then no inventory will be taken during
that time even though the update inventory value is set to 24 hours. When the computer is restarted
and if the Update Inventory interval has elapsed, then an inventory will be run on the managed
computer.
Ping Time-out. Set the time-out value when using the Operations > Update all agent connections
feature or when automatically updating connections (Deployment Solution will automatically
update connections to client computers after 60 minutes if no activity has occurred). The console will
send out a packet to the IP address of each managed computer and wait for a response for the length
of time entered.
Item
Description
Displays the drive mappings with the mapped drive letters and the
corresponding UNC paths.
Add
Opens the Map Drive dialog, which allows you to create a drive mapping.
Driver Letter. Drive letter to which the drive mapping is mapped.
UNC path. UNC path to which the mapped drive points.
Modify
Opens the Map Drive dialog, which allows you to edit the drive letter or UNC
path of the selected drive mapping.
Remove
Specifies the path to stored packages and files and other DS functions (such as
license verification). The default path is C:\Program
files\Altiris\express\Deployment Server.
Note Do not use this setting to change the path to the Deployment Share.
Modifiying this setting does not automatically allow you to use another shared
directory other than the express share. To change the Deployment Share shared
directory, run a Custom install to establish another location for the Deployment
Share.
Open the Deployment Server Configuration Utility in the Control Panel of the Deployment
Server computer.
Click Add.
222
Transport Option
Open the Deployment Server Configuration Utility in the Control Panel of the Deployment
Server computer.
Select the drive mapping you want to edit and click Edit.
Open the Deployment Server Configuration Utility in the Control Panel of the Deployment
Server computer.
Select the drive mapping you want to remove and click Remove.
Transport Option
The Transport tab allows you to specify settings for the Deployment Server transport protocols.
Item
Description
Multicast Address
Multicast Port
Port used for the multicast. This is used only if multicast is not
disabled.
Multicast TTL
Specifies the number of "hops" or hubs that the client can go through
to multicast. This is used only if multicast is enabled.
TCP Port
Automatically update
clients
Open the Deployment Server Configuration Utility in the Control Panel of the Deployment
Server computer.
If you want to use multicast, do not select the Disable multicast support checkbox.
If you want to use TCP, select Disable multicast support and supply the Multicast Address,
Multicast Port, Multicast TTL, and TCP Port.
Click OK.
223
Item
Description
Open the Deployment Server Configuration Utility in the Control Panel of the Deployment
Server computer.
Select one of the following depending on when you want to use multicasting:
If you do not want to use multicasting, select the Use disk image multicast threshold of n clients
checkbox and set n to 0.
If you want to use multicasting whenever there is more than one client, do NOT select the
checkbox.
If you want to use multicasting only when there are more than a specific number of clients,
select the Use disk image multicast threshold of n clients checkbox and set n to the number of
clients there must be more than before multicasting is used.
4.Click OK.
To set the maximum bandwidth used during multicasting
1
Open the Deployment Server Configuration Utility in the Control Panel of the Deployment
Server computer.
Select the Limit each disk image multicast to n Mbps checkbox and set n to the maximum
bandwidth you want a multicasting operation to use.
Click OK.
224
Authentication Option
Authentication Option
The Authentications tab allows you to authenticate to an existing SQL Server database and to the
NetWare Server as a file access point.
Database Authentication
To access and authenticate to a specified Microsoft SQL Server database:
1
Connections Option
The Connections tab allows you to allow or reject connections from the Deployment Agents based
on the IP subnet, IP address, and local interfaces.
Define Subnets
Select the Allow/reject agents based on their IP subnet box and click the Define Subnets button.
Click Add or Modify to enter or edit a network IP address and the corresponding mask.
Define IP Addresses
Select the Allow/reject agents based on their IP address box and click the Define IP Addresses button.
Click either the Allow or Reject option. Click Add or Modify to enter or edit a specific a range of IP
addresses to connect to the Deployment Server.
Define Interfaces
Select the Allow/reject agents based on their IP address box and click the Define IP Addresses button.
Select from the list of network adapter cards to allow or reject when connecting to Deployment
Server.
Debug Option
The Debug tab allows you to set debug options for Deployment Server and communication between
managed computers.
Engine Debug Logging.
Select this option to set the name and location of the logging report and the
logging level for Deployment Server. The Engine Debug Log is a single report that captures debug
information for Altris support personnel.
Log File Name: Set the path and name for the log text file. The default name is axengine.log in the
Deployment Server shared directory.
Max File Size:
Set the size of the text file by entering the maximum file size allowed.
Logging Level:
Enter the logging level. This number can be from 1 to 9, with nine the deepest
logging level and one the most cursory logging level. Altiris support will instruct you on the
required logging level for your issue.
Log Agent Communication with Engine. Select the directory path and name to log error messages
between managed computers and the Deployment Server.
225
Debug Option
Log Directory.
Set the path of the folder to collect the client error messages. Each managed
computer will have its own log file in this directory named <the computer ID of the managed
computer>.log.
Set the size of each log file by entering the maximum file size allowed.
226
Learn about using the Boot Disk Creator utility to create and install
automation configurations.
Learn about the features of PXE and how to deploy PXE services on
your network.
PXE Configuration Utility Learn about using the PXE Configuration utility to perform PXE
on page 261
configuration.
RapiDeploy Imaging on
page 281
RapiDeploy Technical
Reference on page 298
Altiris ImageExplorer on Learn how to view and modify RapiDeploy images using the Image
page 318
Explorer utility.
227
Chapter 11:
Production
Several of the tasks you perform to manage your network can be completed in the production
environment. However, other tasks, primarily imaging, must be performed before the operating
system boots. In DS, this pre-boot environment is called the automation environment, or booting into
automation mode.
The following table contains a list of DS tasks and the environment in which they execute:
Production Tasks
Automation Tasks
Distribute Software
Capture Personality
Distribute Personality
Scripted OS Install
Get Inventory
Backup Registry
Copy File to
Restore Registry
Modify Configuration
Run script
Power Control
Run script
In order to manage computers in a pre-boot state, you must select a method to boot computers to
automation, then decide which OS to use in the automation environment.
DS provides support for a broad range of boot methods and automation operating systems; this
section helps you decide which works best for your environment.
In order to set up automation, you must make the following decisions:
228
An important thing to note is that the automation environment you use is not constrained by the
production OS on the computer. All of the DS automation tools support these OSs, so you can
perform DS automation tasks in any OS (Linux computers can be imaged from DOS, Windows
computers can be imaged from Linux, and so on).
You might even use two automation OSs for different tasks within the same job. For example, you
might use a vendor-supplied tool to perform a BIOS update in DOS, then boot to Windows PE or
Linux to perform an imaging task.
When you set up your test environment, you might want to run automation jobs in multiple OSs to
see if one performs better in your environment.
The following sections contain an overview of the automation operating systems:
Although you can use these environments to perform a wide-variety of management using scripts
and other tools, support for these environments is limited to the task performed by Deployment
Solution.
DOS
DOS is still used often today as a pre-boot environment, though new technologies have emerged that
might better suit your environment, such as Windows PE.
The largest roadblocks most companies face when using DOS are access to drivers that support
modern hardware, and security concerns. DOS still performs well for several tasks though, and can
be a good choice if you have the proper driver support.
DOS typically requires only around 1 MB of space.
DOS provides an additional advantage in a PXE environment. When performing an automation task
on multiple computers, the PXE server can use multicast to boot automation, which enables large
numbers of managed computers to boot DOS simultaneously.
Windows PE
Windows PE (Windows Pre-boot Environment) is the next generation boot environment for
Windows computers. Windows PE provides several advantages over DOS, including better driver
support (Windows PE uses the same drivers used by the other modern versions of Windows),
increased speed, and generally more functionality.
Windows PE typically requires around 150 MB of space.
The biggest drawbacks are its size, which causes increased boot time, especially when booting over
the network using PXE, and its licensing requirements. Additionally, clients using Windows PE
require at least 256 MB of RAM.
Fedora Linux
Fedora Linux provides an alternate pre-boot environment to DOS or Windows PE. The Fedora
distribution used by DS includes the 2.6.11 Core 3 kernel and a number of network drivers supported
by this kernel. Additional drivers can be compiled against this kernel and added as well. Many
vendors provide gigabit and wireless drivers for Linux that are not available in DOS.
Linux typically requires around 10 MB of space.
Linux can be a good choice if you do not want to license MS DOS or Windows PE, but you need
updated driver support.
229
PXE
Pre-boot Execution Environment (PXE) is an industry standard developed to boot computers using
a network card. PXE can boot computers regardless of the disk configuration or operating system
installed, and doesnt require any files or configuration settings on a client. After PXE boot is turned
on in the BIOS, a computer can communicate with your DS PXE server to receive automation jobs.
PXE provides a number of advantages, especially when you are using the initial deployment features
of DS, which enables you to remotely deploy an image to a computer which has no software
installed.
For example, the receiving department of your company could have PXE enabled on their subnet.
When a new computer arrives, a technician could quickly unpack and plug the computer into the
network, and possibly enable PXE boot if it was not enabled by the manufacturer.
When this unknown computer contacts the Deployment Server, it is assigned an initial deployment
job, which could image the computer with the corporate standard image, install additional packages,
then power off the computer. The computer is now ready for delivery with minimal effort.
PXE also provides an advantage if you need to use multiple automation OSs in your environment.
Since the image containing the automation OS is downloaded when a task is executed, different OS
environments can easily be assigned to different tasks.
At the same time however, this can be a disadvantage if you are using an OS with a large footprint,
such as Windows PE, since the entire image must be downloaded each time you run an automation
task. If you often run automation jobs, especially on several computers simultaneously, embedding
the automation OS on the disk is faster and significantly reduces network traffic.
It is also possible to use PXE for initial deployment, then install an automation partition as part of
the deployment. In this case, you could use the initial deployment features of PXE for arriving
computers, then install an automation partition in case you need access to automation at a later time.
This configuration does not require PXE in your general network environment, but still provides
access to the automation environment without physical access.
When using the DOS automation environment, PXE provides an additional advantage: multicast
boot. This enables your PXE server to simultaneously boot up to 100 computers in a single session
to perform automation work. PXE multicast booting is not provided by Windows PE, and is not
supported on Linux.
Images can still be deployed using multicast to all supported automation environments, but nonDOS OSs must be booted using unicast, which is considerably slower.
230
Automation Partitions
An automation partition is a sector of your hard disk drive partitioned and managed by DS. This
partition contains the automation operating system and the files needed to contact your Deployment
Server, and must be present on each managed computer.
The biggest advantage to an embedded partition is that it does not require PXE, yet it still enables
you to boot into automation remotely. The biggest disadvantages to embedded partitions is that they
consume space on the drive, they requires an existing partition on the drive, and they must be
manually installed from a disk on Linux and Unix OSs.
Another drawback, depending on your configuration, might be the fact that only one automation OS
can be installed to a managed computer that is using an automation partition. If you have tools that
are supported only in DOS, this might limit you to DOS for all automation tasks on a particular
managed computer.
Automation partitions have an additional advantage in some configurations. Optionally, you can
create a different type of automation partition, called a hidden partition, to store an image (or other
files) locally.
This provides advantages in environments where computers need to be re-imaged often, or in
environments where there is limited bandwidth or network connectivity. Since the image is stored
locally, the time needed to create and restore images is greatly reduced and network traffic is
significantly reduced as well.
231
Linux
The .frm file containing Fedora Linux. This file is available for
download from the Altiris Solutions center at (URL)
MS DOS
FreeDOS
To install:
1
In Boot Disk Creator, click Tools > Install Pre-Boot Operating Systems.
Click Install and complete the wizard, providing the files listed in the previous table when
prompted.
For complete details on this process see Boot Disk Creator on page 237.
232
Select either the Windows PE Additional Files folder, or a specific Boot Disk Creator
configuration.
Right-click and select add > Folder. Using this add folder command, create the following path:
i386\system32\diskdrivers
Within the diskdrivers folder, create the necessary folders to contain your drivers. The folders
you add should contain a txtsetup.oem file, and at least one *.sys file, and possibly additional
files. You must also ensure that any sub-folders specified by txtsetup.oem are included, and that
the [defaults] section references the proper device driver (some textsetup.oem files might support
multiple devices and drivers, and the proper device must be specified in the [defaults] section).
The diskdrivers path is for adding mass storage drivers. If you are adding different driver types, you
might need to modify this path.
233
The following sections guide you through the process of setting up PXE, automation partitions, or
media to boot your computers into the automation mode:
Configuring PXE
Configuring PXE
PXE is a server-based technology, and requires additional components on your DS server, and
possibly other computers. Setting up and configuring PXE is covered in detail in PXE Server on
page 252.
Hidden Partition
A larger partition installed on the hard drive of a managed computer to contain not only the automation OS, but to provide
room to store images and other files. This partition is not normally viewable in the production OS.
An embedded partition doesnt create an actual disk partition, it reserves space on an existing
partition by marking the sectors on the disk as unusable. The target drive must have an existing
partition before an embedded partition can be installed.
A hidden partition creates an actual disk partition, but this partition is hidden from normal view
within the production system, though it is still viewable by FDISK or by an administrator. The
partition is listed as a non-DOS partition.
When a computer using an automation partition is assigned jobs, the Master Boot Record (MBR) of
the computer is modified to boot to this hidden partition. After the work is completed, the MBR is
restored to the previous configuration.
Hidden partitions are very useful for computers which are imaged often, such as those in a test lab
or provided for general use (such as a hotel or a library). After the visiting person is done using this
computer, you may want to quickly re-image to ensure that the next visitor finds the computer in
good working order. In these circumstances, a hidden partitions enables you to quickly restore an
image without needing access to a high bandwidth network.
Automation partitions can be installed using an installation package deployed from DS (windows
only), or installed from a CD, USB device, or floppy. This is different than using boot media to
access automation, because the automation partition media is used once per computer to install, then
the partition is used to perform tasks.
Using boot media to access automation doesnt leave any files on the computer, but the media must
be used each time you want to access automation.
234
Install the automation OSs you want to use, as explained in Installing Windows PE, Linux, or
DOS.
In Boot Disk Creator, Create a new configuration. The wizard is accessed by clicking File > New
configuration.
This configuration contains the automation OS files, network drivers, IP address of your server,
and other settings which control how the managed computer communicates with DS.
This configuration does not specify how this automation configuration is installed. This is done
using the Create Boot Disk wizard, which is launched automatically after you create a
configuration.
After selecting how you want to install automation, complete the wizard.
Complete details on using the Boot Disk Creator are contained in Boot Disk Creator on
page 237.
You can also uninstall an automation partition using an install package, or configure a CD, USB
device, or floppy from Boot Disk Creator.
235
Automation Agents
Using PXE
1
Install the automation OSs you want to use, as explained in Installing Windows PE, Linux, or
DOS.
In the PXE Configuration utility (Start > All Programs > Altiris > PXE Services > PXE
Configuration Utility), create a new menu item to correspond to the automation configuration
you want to install.
Click Create Boot Image to launch the configuration wizard. This wizard is identical to the
wizard used when creating configurations for automation Partitions or boot media.
When this options is selected from the PXE menu, the necessary files are loaded, the job is
performed, then the computer boots to the production OS. None of these files are saved on the
managed computer, they are downloaded each time the computer boots to automation.
Automation Agents
Automation Agents are provided for each of the pre-boot operating systems supported by
Deployment Server. Automation Agents are the client software which communicates with DS to
execute jobs and tasks in the automation mode.
The following table contains the Automation and Production Agents used by each OS in each
environment:
Operating System
Automation Agent
DOS
Bootwork.exe
Windows
Production Agent
AClient.exe
Windows PE
AClient.exe
Linux
ADLagent
ADLagent
236
Chapter 12:
Run Script
Scripted OS Install
Backup Registry
Restore Registry
The Deployment Server sends a message to the client computer that the type of task within a
deployment job requires an automation environment. The client computer then boots to the
automation environment you created using Boot Disk Creator and connects with the Deployment
Server to run the tasks that have been assigned by the deployment job. This feature lets you create a
single deployment job with multiple tasks that will boot to the automation environment you want
when each task runs.
The Boot Disk Creator Utility gathers data as you create new configurations. The base pre-boot
operating system files, disk drivers, files you add to the Additional Files folder (in the treeview of
Boot Disk Creator), and all the settings you selected in the New Configuration Wizard are added to the
boot image. Based on the type of pre-boot environment you are creating, the appropriate Automation
Agent is also added. Boot Disk Creator then creates the type of bootable media you want to use when
booting client computers to automation. Boot Disk Creator supports the following bootable media:
Floppy disks
See Create Boot Disk (page 246), Automation Partitions, Network and Automation Boot Disks
(page 246).
Before creating configurations, you must first install the pre-boot operating system files for the types
of pre-boot configurations you want to create. When the Deployment Solution gets installed, you
have the option to install the pre-boot operating system files at that time. If there are no files
installed, you can use the Install Pre-boot Operating System Files feature within Boot Disk Creator
to install the necessary pre-boot operating system files.
Example: you can install DOS, Linux, or Windows PE operating system files so you can create any
type of configuration any time you want. Or, you can install only DOS and Windows PE system files
and then install Linux later. You can only create configurations for the type of pre-boot operating
system files you have installed. This feature also lets you update pre-boot operating system files
when you receive new releases of software and makes it easy to install system files any time you
want. See Install Pre-boot Operating System Files (page 249).
237
The New Configuration Wizard is the main process of Boot Disk Creator. This is how you select the
type of pre-boot environment configuration you want to create, along with other settings such as, the
type of network adapter, network server information, TCP/IP information, and more.
After the wizard completes, the Create Boot Disk Wizard automatically displays. This is the
production process of Boot Disk Creator that lets you select the boot disk creation method for how
you want to implement the configuration you created. You can create floppy boot disks, which are
used for DOS configurations since Linux and Windows PE system files are too large to fit on a
floppy. Network and automation boot disks can create ISO images, which you can save to bootable
CDs using your own third party CD burning software, or you can select a flash drive from the
Bootable drive drop-down list. You can also create a Windows Installation package to run in a
Windows production environment, which will install an embedded (recommended) or hidden
automation partition on the client computers hard drive. See Automation Partitions, Network and
Automation Boot Disks (page 246).
If you create an Automation boot disk, the Automation Agent is added to the configuration so that
when you boot client computers, they will try to connect to the Deployment Server. If you select
Network boot disk, client computers will boot to the network server you specified in the New
Configuration Wizard, displaying only a users prompt. See New Configuration Wizard (page 239).
Boot Disk Creator can also be accessed from the PXE Configuration Utility, so that you can create
boot menu options using the New Configuration Wizard. You can also create boot configurations
directly from Boot Disk Creator, and then import the boot images into the PXE Configuration
Utility. The PXE Configuration Import feature lets you import images that have been created by
Boot Disk Creator or any other third party imaging software, but you cannot edit the boot images
after they have been imported. See PXE Configuration Utility Help.
To help you manage the configurations you create, Boot Disk Creator uses colors to inform you
which type of pre-boot configuration you are editing. The colors on the display change when you
select a configuration in the treeview of the utility. The colors indicate the following:
Black:
Blue:
Green:
Red:
DOS configuration
Linux configuration
Windows PE configuration
To start the Boot Disk Creator tool, open the Deployment Console and click
the button on the toolbar, or click Tools > Boot Disk Creator.
238
Toolbar Description
Toolbar Description
The buttons on the toolbar help you navigate to the tasks you want to perform within Boot Disk
Creator in one click. The options are:
Toolbar Description
Buttons
Description
New Configuration Wizard (page 239): Creates new
configurations that is used when booting client computers to
automation or a network prompt.
Create an Automation Install Package (page 247): Creates
and installs an embedded automation partition to a client
computers hard disk, using an installer package.
Remove Automation Partition (page 248): Removes an
automation partition from a client computers hard disk.
Create Automation Boot Disk (page 247): Creates
automation boot disks to manually boot client computers to
automation.
Create Network Boot Disk (page 248): Creates network boot
disks to manually boot client computers to a specified
network server.
To start the New Configuration Wizard, click the button on the toolbar of the
Boot Disk Creator tool, click Ctrl+N, or click File > New Configuration.
Configuration Name
This is the first page of the New Configuration Wizard, which is the same for DOS, Linux, or
Windows PE. You must enter a name of for the configuration to make the Pre-boot Operating System
for this Configuration fields active. The description field is optional but helps you to know what the
configuration contains, such as the file server type, NIC drivers, and any additional files you want
to add.
Field Definitions
Name: The configuration name you enter displays in the Configurations treeview after the wizard is
completed.
Enter a description for the configuration. (Example: enter the type of computer,
operating system, network adapter, and any other characteristics that will help you identify this
particular configuration.) After the Create Configuration and Create Boot Disk wizards complete, if
you select the configuration from the treeview, the description you entered for this field displays at
the top of the right pane.
Description:
Pre-boot Operating System for this Configuration: Boot Disk Creator supports DOS, Linux, and
Windows PE operating systems to create pre-boot environments. Select the pre-boot operating
system, and then click Install Pre-boot Operating System Files (page 249) to install pre-boot
operating system files.
239
Microsoft Windows:
Novell NetWare (VLM): Select this option to store images on a NetWare server with VLM clients, using
Select this option to store images on a NetWare server with 32-bit clients.
Network Adapter
The drivers listed in the Network Adapters window vary depending on the type of configuration you
are creating. You can install pre-boot operating system files for DOS, Linux, or Windows
Preinstallation Environment (Windows PE). See Install Pre-boot Operating System Files (page 249).
Example: After installing the pre-boot operating system files for Windows PE, the Windows NIC
drivers that are available to create a Windows PE configuration display, and are automatically added
to the new configuration. If you select Auto-detect network adapter, Windows PE determines which
network adapter driver to use.
Select a driver from the network adapters driver list. You must create a new configuration for each
type of network adapter that is installed on client computers, unless you want to create a Multi-NIC
configuration. See Multi-Network Adapter Configurations (page 241). If you want to add or change
adapter settings (such as I/O Memory, IRQ, and PCMCIA for DOS configurations) click Advanced.
See Advanced (page 241).
Advanced Features
The network adapters you select must support DOS, Linux, or Windows PE so that client computers
can connect to a network or Deployment Server, depending on whether you create automation
partitions, or network or automation boot disks. The Have Disk (page 240) button lets you install
network adapter drivers from a disk, CD, or network folder. The Internet (page 241) button lets you
connects to an Altiris supported web site to download and install network adapter drivers. The
Advanced (page 241) button lets you further define network adapters and their drivers.
Field Definitions
Allow selection of multiple network adapters: Select this option to add multiple network adapter drivers
to a single PXE boot file configuration. This feature lets you build configuration files to boot
multiple computers that contain different types of network adapter cards. See Multi-Network
Adapter Configurations (page 241).
Have Disk
You can add network adapter drivers by using any disk media or navigating to a folder. Network
adapters can be downloaded from the manufacturers Web site and saved to a folder or a disk to be
installed later. New network adapters come with a floppy disk or CD to install the appropriate
drivers.
240
Internet
Altiris supports many manufacturer network adapters and supports a Web site for you to download
the latest NIC drivers. From the Network Adapter page, click Internet to launch the Web browser and
connect to ftp://support.altiris.com/support/NIC_drivers/. Download the driver you want, and then
unzip the files it to a folder on the hard drive. Click Add Driver and the driver you downloaded will
be added to the Network Adapters list.
Advanced
This options lets you add or change settings for network adapter cards so they will work correctly
when using DOS configurations. If you are creating a Linux or Windows PE configuration, this
option is not available. From the Network Adapter page, click Advanced. Refer to the following
properties and values.
Microsoft clients
Memory (protocol.ini):
config.sys file.
config.sys file.
Novell Client 32
config.sys file.
file.
241
Use a static IP address: Select this option if you want a client computer, using this configuration, to
be assigned a specific IP address. Enter an IP address, Subnet mask, and default gateway. You can
also enter a primary and secondary WINS address if you need to resolve IP addresses and naming
conventions. This option also requires that you create a configuration for each client computer, so
that the IP address is not the same for all computers.
Server IP address,
You can also specify how you want to run the Automation Agent, either from the Deployment Share
or from the local hard disk. However, this feature is only for Linux and Windows PE configurations,
since DOS configurations always run the Automation Agent from the Deployment Share. See the
Automation Agent Location field definitions below.
Example: The TCP port on the Deployment Server is set to 402 and the Port field in the Boot Disk
configuration is set to 502. This would result in client computers not being able to communicate with
the Deployment Server, because the port numbers do not match. To establish communications
between client computers and the Deployment Server, change the Port field in the Boot Disk
configuration to 402.
Note: The settings on this page are only used if you create an automation boot image where the
Automation Agent needs to know how to find the Deployment Server. If you intend to create a
network boot disk, you can ignore this page by clicking Next, as none of the properties will be used
to create a network boot image.
To set the TCP port on the Deployment Server
From the Deployment Server, click Start > Control Panel > Deployment Solution Configuration
Click OK.
Use TCP/IP multicasting to find the Altiris Deployment Server: Select this option to use TCP/IP
multicasting to find the Deployment Server. When client computers boot to automation using this
configuration, a multicast packet will broadcast across the network to find where the Deployment
Server is located.
Multicast IP address:
Port: This option defines which port client computers will use to communicate with the
Deployment Server Engine, which manages the Deployment Database, sends job commands
to the Deployment Agent, and more.
Server name: When you select Use TCP/IP multicasting to find the Altiris Deployment Server, a
multicast packet will broadcast to the server you specify. If you leave this field blank, the
client computer will connect to any server responding to the multicast packet.
242
Use TCP/IP to connect to the Altiris Deployment Server: Select this option to connect to a specific
Deployment Server. You must select this option if your network adapter or network does not support
multicasting. See your network adapter documentation or call the manufacturer or consult with your
IT department for information.
Server IP address: Enter the IP address of the Deployment Server to access information stored
Port: This option defines which port client computers will use to communicate with the
Deployment Server Engine, which manages the Deployment Database, sends job commands
to the Deployment Agent, and more.
in the Deployment Share. If you are using the Intel Universal NIC driver (UNDI), the IP
address is required.
this option to run the Automation Agent from the Deployment Share. This ensures
that you are running the latest version of the agent when the client computer boots to the automation
mode.
Local: Select
this option to run the Automation Agent from the local boot image, which is included
in the automation partition or in bootable media. The Automation Agent that boots the client
computer to automation mode, will always be the same version as when it was originally created. If
you want to update the Automation Agent to the latest version, you must reinstall the automation
partition or recreate all bootable media.
Network Connection
This option lets you define how client computers connect to the Deployment Share or a file server
where image files are stored.
Window
Workgroup: Enter
NetWare
Server name: Enter the server name for the Deployment Share or file server. Click Advanced to enter
a NetWare context for the server, and then select a Frame type if it is different than the default value
of 802.2.
User name: Enter the authorized user name that was set up when the Deployment Share directory was
created. If you did not assign a User name and Password when for the Deployment Share or file server
was created, leave this and the Password field blank.
Password:
Confirm password: Enter the password for the user name as confirmation that you entered the proper
password in the Password field.
By default, the mapped drive that displays is F: \\<Deployment Share server>\eXpress. Click
the drop-down arrow and select a different drive letter if F: is already in use.
Drive:
243
Enter the path for the Deployment Share. The path you enter will map to the drive letter you
selected in the Drive field. You can also click Browse to navigate to the Deployment Share if you are
unsure of the directory path or if the image files are store on a file server.
Path:
Example:
Windows users:
NetWare users:
Linux users:
\\server\share
server\volume:directory
//server/mount point
Note: When entering Linux mount points, you must put a single quote around folders or filenames
that contain either a period (.) or a space. These are considered special characters in Linux and must
have single quotes around the name so that the directory path can be found. Example: //ImageServer/
DS Images/mnt/z.
Create and entry in the LMHOSTS file for the Deployment Server file store (other entries must be added
manually): Select this option if your network does not support NetBIOS name resolution for IP
addresses. Enter a Server name and IP address so that client computers can find the Deployment
Configuration Summary
This page lets you review all the options you selected throughout the New Configuration Wizard. If
you find a setting mis-entered or not what you want, click Back to re-select the option. When you
click Finish, the Create Boot Disk Wizard automatically displays for the next process to begin. See
Automation Partitions, Network and Automation Boot Disks (page 246) and Edit Configurations
(page 244).
If you are using Boot Disk Creator from within the PXE Configuration Utility, the Edit
Configuration page displays next. See Edit Configurations (page 244).
Edit Configurations
This is the main Boot Disk Creator page that displays when you start the utility. If you are using Boot
Disk Creator from within the PXE Configuration Utility, this page displays at the end of the New
Configuration Wizard.
This feature lets you modify configurations that have already been created. As you select files and
folders from the treeview in the left pane, the configuration information displays in the right pane.
The display color changes to help you know the type of configuration you selected to view, edit, or
delete. The colors displayed are:
Black:
Blue:
Green: The configuration you selected or created is based on the Linux pre-boot environment.
Red: The
The configuration you selected or created is based on the DOS pre-boot environment.
To change configuration settings, right-click on a configuration folder and select Edit Configuration,
and then click Back until you find the page for the options that you want to change. You can also
make text edits to files (selected from the treeview) in the right pane.
All other files within a configuration can be edited as needed. However, after you edit a
configuration, Boot Disk Creator rewrites certain files within the configuration so that drive
mappings and mount points are always updated. The following files are rewritten after editing
configurations:
244
Linux - mounts.local
WinPE - mapdrv.bat
See also: New Configuration Wizard (page 239), Install Pre-boot Operating System Files (page
249)
Additional Files
Boot Disk Creator lets you add additional files to folders that will either apply to a specific
configuration or to all configurations that are of the same type of pre-boot operating system.
However, any files you add to the global <OS> additional files folders will be written to the boot
image before the specific configuration files. If a file in the <OS> additional files folder is the same
name as a file in a specific configuration folder, it will be overwritten.
Example: if a file named 5684_Drivers resides in the DOS additional files folder, and the same file
5684_Drivers exists in a specific configuration folder, then when the files are written to a boot
image, the file in the configuration folder will overwrite the file in the DOS additional files folder.
This may cause unexpected results. If you edit text files in a <OS> additional files folder, yet the
specific configuration file is the one that is written to the boot image, the result will not be as you
expected.
Add files to all configuration
When you install a pre-boot operating system, a new folder will be added to the bottom of the
treeview on the main page of Boot Disk Creator. If you install pre-boot operating system files and
the <OS> additional files folders do not display, press F5 to refresh Boot Disk Creator. The folders
that display are as follows:
Boot Disk Creator will copy the files from the <OS> additional files folders to all corresponding
operating system configurations and will be added to the boot images. These folders are considered
global, since they can affect configurations of the same type.
Example: using the Windows Copy and Paste command, you can add tracert.exe to the WinPE
additional files folder. Each WinPE configuration you create will then add the files in the WinPE
additional files folder to the boot image.
Add files to a specific configuration
If you want to add files to a specific configuration only, and do not want to use the global feature of
the <OS> additional files folders, do the following:
1
Right-click a configuration in the treeview and select New > Folder. A new subfolder is created
in the treeview.
Enter a name for the folder so that you know they are added files.
To add files to the <OS> additional files folder, do one of the following methods:
Copy files from a network folder and Paste them into the configuration folder.
Right-click a configuration and select Add File. A browser dialog displays to navigate to the
file you want to add.
Right-click on a configuration and select File > Text file. A new empty text file is added to the
treeview. Enter a name for the file and write text as needed in the left pane.
245
Automation PXE image: The automation agent for the type of pre-boot operating system configuration
you created will be added to the settings you selected throughout the New Configuration Wizard.
Network PXE image: The configuration you created will not contain an automation agent. When client
computers boot with this image file, they will map to a network server and be at a users prompt.
However, based on your selections, Boot Disk Creator will display the appropriate dialog pages
when creating bootable media.
Example: If you right-click on a configuration in the treeview and select Install automation partition,
the number of dialog pages thereafter will be different than if you select the option, Create an
automation partition install package, from this page. Both options achieve the same result even though
the dialog steps may be different.
Select this option to close the Create Boot Disk dialog
without creating an automation boot disk, installer package, or network boot disk. You can select
any of these options from the Boot Disk Creator toolbar or from the File menu.
Create an automation partition install package: Select this option to create an automation install
package that will install an embedded automation partition to any client computer on the network.
See Create an Automation Install Package (page 247).
Create a network boot disk: Select this option to create network boot disks so you can manually boot
a client computer to a network server. See Create Network Boot Disk (page 248).
246
Select this option to install the automation partition using a DOS bootable disk.
Linux bootable disk: Select this option to install the automation partition using a Linux bootable disk.
Windows setup package: Select this option to install the automation partition using an installation
setup package that runs in a Windows production environment.
Create a hidden DOS automation partition (for partitions greater than 50 MB): Select this option to install
Partition size in MB: The default partition size value will change, depending on the type of operating
system you selected. Example: If you are creating an automation partition for a Windows PE
configuration, then the partition size is 150-200 MB. However, the partition size for a DOS
configuration would range is only 5-50 MB.
Select this option to lock the users keyboard on the client computer when the
automation environment boots or an automation job runs.
Lock keyboard:
Select this option to install the automation partition without user input.
Install the Altiris Deployment Agent for Windows: Select this option to install the Deployment Agent
on client computers in the production environment after the automation partition is installed.
If you selected to install the Deployment Agent (above), click this button to set limited
properties for the Deployment Agent.
Advanced:
247
Field Definitions
Bootable ISO CD Image:
ISO image file path: Enter the path to the folder where ISO images are stored. You must use third party
software to burn the ISO image to a CD.
Bootable disk: Select this option to create a boot disk that can be used at client computers to manually
boot to automation or manually install an automation partition. Click the drop-down arrow to select
bootable media from the list. All the drives listed will display the physical drive number instead of
the logical drive letter.
Rescan drives: If you attach a USB flash drive to the server, but it is not displayed in the Bootable
disk drop-down list, you can click this button to rescan the physical drives that are attached to the
Show fixed drives: If you try to select a USB flash drive from the Bootable disk drop-down list, but
you cannot find it even after clicking Rescan drives, it is possible that the flash drive you are using
displays in Windows as Fixed instead of Removable. Select this option to display all drives attached
to the server.
ISO image file path: Enter the path to the folder where ISO images are stored. You must use third party
software to burn the ISO image to a CD.
Bootable disk: Select this option to create a boot disk that can be used at client computers to manually
boot to a network server. Click the drop-down arrow to select bootable media from the list. All the
drives listed will display the physical drive number instead of the logical drive letter.
Rescan drives: If you attach a USB flash drive to the server, but it is not displayed in the Bootable
disk drop-down list, you can click this button to re-scan the physical drives that are attached to the
Show fixed drives: If you try to select a USB flash drive from the Bootable disk drop-down list, but
you cannot find it even after clicking Rescan drives, it is possible that the flash drive you are using
displays in Windows as Fixed instead of Removable. Select this option to display all drives attached
to the server.
Select this option to remove an automation partition using a DOS bootable disk.
Linux bootable disk: Select this option to remove an automation partition using a Linux bootable disk.
Windows setup package:
248
automation partition.
Select this option to create an ISO CD boot image that will remove an
ISO image file path: Enter the path to the folder where ISO images are stored. You must use third party
software to burn the ISO image to a CD.
Bootable disk: Select this option to create a boot disk that removes an automation partition from a
client computer. Click the drop-down arrow to select bootable media from the list. All the drives
listed will display the physical drive number instead of the logical drive letter.
Rescan drives: If you attach a USB flash drive to the server, but it is not displayed in the Bootable
disk drop-down list, you can click this button to re-scan the physical drives that are attached to the
Show fixed drives: If you try to select a USB flash drive from the Bootable disk drop-down list, but
you cannot find it even after clicking Rescan drives, it is possible that the flash drive you are using
displays in Windows as Fixed instead of Removable. Select this option to display all drives attached
to the server.
Field Definitions
Directory:
Browse:
Enter a path to where the configuration files that you want to convert are located.
Click to navigate to the directory path where configuration files are located.
Config File Name: This is the name of the old configuration files that you have selected to convert and
import into this release of Boot Disk Creator.
Description:
249
create Linux configurations and Linux boot images. You can open the Install Pre-boot Operating
System Files dialog at any time to install the Linux system files, or of the other pre-boot operating
system files.
When you install the pre-boot operating system files for DOS (page 250), Linux (page 251), or
Windows PE (page 251), a check mark next to the operating system name indicates that the files
have been successfully installed. The operating system version number displays (except for MSDOS), and the Install button changes to display Update.
If you acquire a newer version of DOS, Linux or Windows PE, click Update to install the new files.
However, any existing operating system files will be deleted before the newer files are installed.
Example: If you installed Windows PE, and Altiris supports a newer version that becomes available,
click Update to install the new files. All existing Windows PE files will be deleted from the hard disk
before the new files are installed. If you experience any problems with the new version of Windows
PE, you will have to install the older version to restore Boot Disk Creator functionality for Windows
PE.
To install pre-boot operating system files
Click the Install button next to the pre-boot operating system that you want to install.
DOS
You can install FreeDOS (page 250), MS-DOS (page 250) or both. However, you can only run one
version of DOS at a time. If both versions of DOS are installed, click either FreeDOS or MS-DOS to
select the version you want to run as the default for creating configurations.
FreeDOS
Deployment Solution provides FreeDOS in a file named BDCgpl.frm. The BDCgpl.frm file can be
downloaded from the Altiris Solution Center Web site and then saved to any location on the network.
When newer versions of FreeDOS become available, an updated .frm file will be available online
through Deployment Solution Hot Fixes or Service Pack releases.
Note: FreeDOS may not support newer motherboard chip-sets.
MS-DOS
Using an original Microsoft Windows 95/98 installation CD, copy the appropriate files to a system
formatted floppy disk, a folder that can be accessed from Boot Disk Creator, or use the CD directly.
Use Microsoft Windows 95/98 installation CD:
Floppy Disk: Select to format a disk using the Format a: /s command. Copy the required files listed
below from an original Microsoft Windows 95/98 installation CD to the floppy disk. Boot disk
creator only installs DOS files from the A drive. If you select B-Floppy Drive from the drop-down list,
Boot Disk Creator will still try to read data from the A-Floppy Drive.
Folder: Select to copy the required files to a folder that can be access from within Boot Disk Creator.
Required
Optional
HIMEM.SYS
EDIT.COM
EMM386.EXE
MEM.EXE
SMARTDRV.EXE
ATTRIB.EXE
SYS.COM
MODE.COM
250
MS-DOS files
Required
Optional
XCOPY32.MOD
FORMAT.COM
FDISK.EXE
Important: The SMARTDRV.EXE file is required for all computers running a scripted install in
Windows 2003\XP.
Linux
Deployment Solution provides Linux RedHat Fedora in a file named BDCgpl.frm. The BDCgpl.frm
file can be downloaded from the Altiris Solution Center Web site and then saved to any location on
the network. When newer versions of Linux become available, an updated .frm file will be available
online through Deployment Solution Hot Fixes or Service Pack releases.
Windows PE
Altiris supports Windows PE 2005 as a pre-boot environment for Boot Disk Creator. When you
install Windows PE, you will be asked to supply 2 CDs: Windows PE 2005 and Windows Server
2003 SP1.
In most instances, the Welcome to Microsoft(R) Windows(R) Server 2003 page displays after
inserting the Windows Server 2003 CD. Click Exit to avoid installing the full version of Windows
Server.
There are two dialog pages to complete the Windows PE installation. You will first be asked to
provide the Windows PE CD, followed by the Windows CD. The text on the page lists the operating
system CD you need to enter for each of these pages.
Example: On the Windows PE CD page, the text displays Windows PE 2005 (Windows Server 2003while the Windows CD page displays Windows Server 2003-SP1 (Windows PE 2005). The first
operating system listed on each page is the CD you want to use.
SP1),
FreeDOS or MS-DOS.
251
Chapter 13:
PXE Server
Pre-boot Execution Environment (PXE) is an open industry standard which enables computers to
boot remotely using a network card.
PXE uses standard network protocols to establish a communication channel between a computer and
a PXE server during the boot process. Using this channel, a PXE server sends an execution
environment to the computer so that work can be performed in a pre-boot state.
In Deployment Solution, this pre-boot state is called the automation environment, and DOS, Linux,
and Windows PE are currently supported as pre-boot operating systems. An overview of the
automation boot methods and environments is contained in Automation Pre-boot Environment on
page 228.
An advanced, tightly integrated PXE environment is provided with DS. DS leverages PXE to
provide the following advantages:
When a managed device needs to boot into automation, DS restarts the computer and notifies the
PXE server. PXE server then boots the computer into the automation environment indicated in
the DS job automatically.
PXE can perform an initial deployment of a new system by checking to see if a computer exists
in DS.
All PXE configuration is done using the PXE Configuration Utility from the DS console,
enabling you to remotely configure all PXE servers in your network.
How you implement PXE is partially dependent on what you plan to do with it. Many organizations
use PXE only on a subnet in a receiving department to deploy corporate images and initial
configuration of new computers. After this computer is assigned to a user, PXE is not used in the
normal production environment.
This limits the extent of the PXE environment, but prevents you from accessing the automation
environment to capture images and perform other automation-only tasks.
Other companies which often use automation select PXE because it leaves no footprint on the
managed computer, and has several other advantages such as image multicasting and tight DS
integration.
Regardless of how broadly you implement PXE, DS provides tools and services to simplify
management of PXE in your environment. This section contains the following topics providing an
overview of PXE in DS:
252
Description
PXE Manager
PXE Server
MTFTP
The PXE Manager service interacts with DS, PXE Helper service, and the PXE config utility to
perform centralized PXE management:
253
On each individual PXE server, the PXE Server service and the MTFTP service are installed to
perform the work of a PXE server. These services are configured, started and stopped by the PXE
Config Helper service. Clients connect directly to these services during the PXE boot process:
RapiDeploy Images
In a PXE environment, a managed computer can receive a boot image from a PXE server multicast,
load the image, then receive an image through a multicast from RapiDeploy.
This can be confusing, because both PXE server and RapiDeploy send images, and both can use
multicast technology. The difference is the type of image they deploy.
A boot image contains only the files necessary to load automation, and is largely transparent. A
RapiDeploy image contains what is normally considered an image, which is a snapshot of a disk
or partition, usually containing an OS and standard applications.
254
255
The .1 file is an image of a boot disk floppy with modifications to the autoexec.bat and additional
files which ultimately provide the automation environment on the managed computer.
The following diagrams contain a basic outline of this process:
256
Network Speed
Since the majority of the resources on a PXE server are used transferring files over the wire, the
faster the network, the more work a single PXE server can do. A single PXE server on a gigabit
network can remotely boot a larger number of computers over a period of time than even multiple
servers on a slower network.
This becomes especially important when using certain automation environments, such as Windows
PE, that can be over 100 MB and do not provide support for multicast booting. Boot files must be
delivered to each of these managed computers individually, causing a large amount of network
traffic and greatly increased boot times.
This is less of an issue when using boot images with a small footprint, such as DOS, which support
multicast booting.
257
If these services are located on different computers, additional configuration might be required.
If you are going to forward packets, make sure your router configuration allows DHCP traffic to
access the proper ports and IP addresses for both DHCP and PXE servers.
Once the broadcast issues are resolved, the routing of multicast traffic must be considered.
Multicasting leverages significant efficiencies in transferring files but also introduces challenges
similar to broadcast packet forwarding. Like the broadcasting solution, routers can be configured to
support multicast traffic between PXE Clients and PXE Servers.
Please consult the documentation provided by your router vendor for additional information on
packet forwarding.
Shared and local configuration settings. These settings include timeout values, replication and
logging options, and so on.
Boot options. Each boot option corresponds to a specific configuration which includes an
operating system, network and other drivers, utilities, mapped drives, and so on.
This section contains a brief overview of selected PXE configuration and boot options. For complete
details, see PXE Configuration Utility on page 261.
PXE Settings
Shared vs. Local
DS provides a PXE settings hierarchy enabling you to provide shared and local PXE configuration
values. All PXE servers inherit the shared values unless they are overridden on the local server.
Session Timeout
The PXE configuration utility connects the PXE Manager service on DS. To make sure your changes
are not overwritten by another instance of the PXE Configuration Utility, only one instance of PXE
config is allowed to connect to PXE manager at any given time.
If you attempt to launch PXE Configuration when another instance is running, you receive an error.
To prevent you from being completely locked out for extended periods (for example, an instance is
inadvertently left open on another computer), a timeout has been added which terminates a
connection after 30 minutes of inactivity after someone else attempts to connect.
258
This timeout applies only if someone else is attempting to launch PXE Configuration. If no other
connections are attempted, the timeout is never enabled and your session remains active.
Boot Options
Boot options are the boot configurations provided to a client by a PXE server. Each boot option has
a corresponding automation operating system, network drivers, and other settings.
Redirection
This lets you redirect a global PXE menu option to use a local PXE menu option on a specific PXE
server.
Redirection settings are not available on the shared configuration, they are always specific to an
individual PXE server. This is due to the role redirection plays in your PXE environment.
Consider the following example:
You manage computers in three locations: Two offices in Ontario, and one office in Alberta. To limit
transfer between each site, each office has a local PXE server, and a file server with a mirror of the
deployment share. This enables clients at each location to contact the local PXE server to boot, then
use the local deployment mirror to access the network tools and to store images.
You need to create a job to capture an image of each managed computer on Friday evening, once a
month. To create this job, you add an imaging task, select a PXE boot option, then set the schedule.
Simple, right?
Hold on. If you select the same PXE boot option for each office, you are going to have problems.
The Alberta office uses a mirror of the deployment share on alb1\eXpress, and stores captured
images on alb1\images. The two Ontario offices use the ont1 and ont2 servers respectively.
You could go ahead and create three global configurations and three different jobs, but that is
confusing and could potentially cause problems if the wrong selection is made. If you took this route,
on each PXE server, two of the three global configurations could potentially cause problems (they
259
are mapped to drives in remote offices). Since you enjoy avoiding problems, what you really need
is a way to select a single global configuration for a job, then update it based on the location of the
PXE server.
This is exactly what redirection does. You create a global configuration named, for example,
Imaging Environment. Then, on each PXE server, you create a local configuration for each office
with the correct server mappings.
The Imaging Environment global option is then redirected to the local option. Now the imaging
job can be applied to all computers at once, simplifying the process and reducing the chance of
errors.
260
Chapter 14:
PXE Server has also been added to Role Based Security to ensure that only those users authorized
can make changes to boot menu options.
If you select Deployment Solution Simple Install and Install PXE Server, they will both install to the
same server. If you select Custom Install and Install PXE Server, you can choose to install them to
separate servers. However, regardless of the PXE install options you select, PXE Manager will
always install on the Deployment Server. See the Deployment Solution Reference Guide.
PXE Manager
PXE Manager is a service that synchronizes Deployment Server and all PXE Servers installed and
configured across the network. It keeps track of all PXE Server boot menu options, and whether they
are Shared or Local. PXE Manager also gathers data from all PXE Servers and stores the information
in the PXE Manager.ini file. Whether you are in Use Shared properties or select a server to Customize
PXE Server (Shared Configuration), the changes you make to the properties settings will be saved to
the PXE Manager.ini file when you click the Save button. Then, when you close the PXE
Configuration Utility, PXE Manager creates and distributes the appropriate PXE.ini file for each
PXE Server on the network. See PXE Manager (page 278).
Shared or Local boot menu options
When you start the PXE Configuration Utility, you can select which properties you want to set. The
Use Shared properties option lets you create Shared boot menu options that will be used by all PXE
Servers on the network. When you select a specific PXE Server from the File menu, you can select
the Customize PXE Server (Shared Configuration) option that lets you change any of the shared
properties for that specific server. By default, PXE Configuration will always start in the Use Shared
properties mode. See Boot Menu Tab (page 262).
The boot menu options you create will display as a menu list on client computers when a PXE boot
operation is performed. You can set the order of the boot menu options and select which menu option
you want as the default. Previous users of Altiris PXE Server will notice that Initial Deployment and
ManagedPC are no longer boot menu options. You can still perform an Initial Deployment, but now
you can select DOS, Linux, or Microsoft Windows Preinstallation Environment (Windows PE) as
the pre-boot automation environment. By default, the pre-boot operating system selected at install
time will be set for Initial Deployment. See DS Tab (page 275).
261
Wizard from
Automation Tasks
Only Shared boot menu options can be assigned to a task in a deployment job. The tasks the can run
in automation are:
Run script
Scripted OS Install
Backup Registry
Restore Registry.
When a client computer performs a PXE boot, the Deployment Agent verifies if there is work to
complete. If so, the client computer boots to automation and performs the deployment jobs that have
been assigned. If there are no deployment jobs for the client computer, the Local Boot menu option
is automatically selected.
Example: If a deployment job contains the task Create Disk Image, and the Automation - PXE or
Bootworks environment (DOS/Windows PE/Linux) field is assigned to DOS - Broadcom, then when
client computer executes the task, it will use DOS - Broadband as the automation environment.
the
Additional tasks within the same job may be assigned a different boot menu option, yet each task
will execute in the automation environment you want. See the Deployment Solution Reference
Guide.
See also: Boot Menu Tab (page 262), PXE Server Tab (page 274), DS Tab (page 275), MAC Filter
Tab (page 276), Multicast Tab (page 277), BIS Tab (page 279), Data Logs Tab (page 279), Remote
PXE Installation (page 280).
To open PXE Configuration
Option 1:
From the Deployment Console, click PXE Configuration on the toolbar. You can also click Tools
> PXE Configuration.
Option 2:
1
Click Start > Programs > Altiris > PXE Services > PXE Configuration Utility.
Click each tab to set the category in the PXE Server properties.
262
When you manage all PXE Servers (Shared) across the network, the page displays Boot Menu Option
at the top of the page and above the list of configurations.
When you select a specific server (Local) from the File menu, the page displays Boot Menu Option for
PXE Server: (name of Server). This will help you identify which mode you are working in.
By default, PXE Configuration Utility opens to the last saved action, which could be either Shared
Configuration or Custom PXE Server mode. The boot menu options listed are for all PXE Servers, so
the Scope will always be Shared. The OS field indicates the type of pre-boot operating system files
used to create the boot menu option. If you select a PXE Server from the File menu, the window
displays the boot menu option for the PXE Server you selected. The Scope field will display both
Shared and any new boot menu options you create will display Local. The OS field is the same as in
the Shared mode.
View Area
When you are in Shared Configuration mode, only configurations you create for all PXE Servers is
displayed in the view area. When you are in Customize PXE Server <server name> mode, both Shared
and Local configurations display. You cannot create a configuration named the same as any other
configuration in the view area, regardless of the mode you are in.
Example: if you are in Customize PXE Server <server name> mode, you can view both Shared and
Local configuration. You can create a Local configuration named DOS Clients since there are no
others with the same name. Then, you change to Shared Configuration mode and create a
configuration named DOS Clients because the Local configuration of the same name does not
display in the view area. When you change back to Customize PXE Server <server name> mode, both
DOS Clients configurations display in the view area. When client computers perform a PXE boot,
both configurations display and users will not know which boot menu option to select. See Redirect
Shared Boot Menu Option (page 265).
Boot Menu Options for PXE Server: <Shared Configuration>
Name: This is the name of the PXE item that will display on client computers after a PXE boot
operation is performed.
Scope: Shared indicates that the configuration is available on multiple PXE Servers in an
environment where they are all serviced by a single Deployment Server. Local indicates the
configuration was created for a specific PXE Server.
OS:
The operating system that the configuration will use to boot on client computers.
Up and Down: Select to order boot options. The top boot option is the default that runs automatically
if no other option is selected from the PXE Server menu. Altiris recommends that the Boot Local
menu option remain at the top of the boot menu list.
New: Click to open a dialog box to add a new boot menu option. See New Shared Menu Option (page
264).
Edit:
Click to modify properties for boot menu options. See Edit Shared Menu Option (page 265).
Delete: Select
a boot menu option from the list and click Delete. You are not allowed to delete boot
menu options if they are assigned to a task within a deployment job. Go to the Deployment Console,
open the appropriate deployment job, and delete the task or change the Automation - PXE or
Bootworks environment (DOS/Windows PE/Linux) field before you try to delete the boot menu option.
Customize PXE Server (Shared Configuration): This option is available when you select a specific
server from the File menu. You can keep the settings on the page or customize the properties for the
is the user prompt for the PXE boot menu list when it displays on client computers.
You can change the text message but not the <F8> command, as it is still required to perform a PXE
boot option.
263
Append server name: Select this option to have the PXE Server name listed following the prompt on
client computers when the boot menu list displays. This helps users know which PXE Server is
servicing their client computer.
Time-out: This is the length of time the prompt is displayed before the boot process starts. If the user
does not press the <F8> key within the time-out period, the default boot option runs.
Save: Click to save all changes you made to the PXE Manager.ini file. When you close the PXE
Configuration Utility, PXE Manager creates and sends PXE.ini files to each PXE Server on the
network.
Name:
Allow as default PXE boot option: Select this option to move the configuration you are creating to the
top of the boot menu, so that it becomes the default boot option on client computers. It you do not
select this option, the Up button is active to move the configuration up the menu list but becomes
inactive if you try to move the configuration to the default boot position.
This field can help you identify which PXE item you are configuring. PXE
configurations are stored in the default directory of C:\Program Files\Altiris\eXpress\Deployment
Server\PXE\Images\MenuOption<number>. The MenuOption number increments each time you
create a new configuration.
Location on PXE Server:
Operating System: Select the type of pre-boot operating system for the configuration you are
creating. If an operating system has an asterick next to it, then the pre-boot operating system files
must be installed before Boot Disk Creator starts the New Configuration Wizard. See Install Preboot Operating System Files (page 266).
264
Select a boot menu option from the view area on the Boot Menu page, and click Edit.
If you selected Boot Disk Creator as the Image Creation Method, click Edit Boot Image. The Edit
Configuration page from the New Configuration Wizard will only display the
MenuOption<number> you selected from the Boot Menu page.
To make changes, right-click on the MenuOption<number> and select Edit Configuration, or click
Edit on the Edit Configuration page until you find the options you want to change.
See also: Edit Configurations (page 273) and Boot Menu Tab (page 262).
Select a PXE Server. (This is the Customize PXE Server <server name> mode.)
Click the drop-down arrow and select a Local configuration from the list.
Click OK. The Shared configuration displays the redirected configuration in the list.
From the New Shared Menu Option dialog, select Direct from floppy and click Import Boot Image.
Insert a floppy disk. The path and name of the new MenuOption<number> displays.
Click Next. A progress bar displays the PXE boot file image being read as it is imported.
Click Finish.
265
Option 2:
1
From the New Shared Menu Option dialog, select User Supplied.
Click OK.
Enter a name for the boot menu item in the Menu item properties field.
Click the operating system for the boot menu item. If there is an asterick next to the operating
system name, the pre-boot operating system files have not been installed.
Click the Install button next to the pre-boot operating system that you want to install.
DOS
You can install FreeDOS (page 266), MS-DOS (page 267) or both. However, you can only run one
version of DOS at a time. If both versions of DOS are installed, click either FreeDOS or MS-DOS to
select the version you want to run as the default for creating configurations.
FreeDOS
Deployment Solution provides FreeDOS in a file named BDCgpl.frm. The BDCgpl.frm file can be
downloaded from the Altiris Solution Center Web site and then saved to any location on the network.
When newer versions of FreeDOS become available, an updated .frm file will be available online
through Deployment Solution Hot Fixes or Service Pack releases.
Note: FreeDOS may not support newer motherboard chip-sets.
266
MS-DOS
Using an original Microsoft Windows 95/98 installation CD, copy the appropriate files to a system
formatted floppy disk, a folder that can be accessed from Boot Disk Creator, or use the CD directly.
Use Microsoft Windows 95/98 installation CD:
Floppy Disk: Select to format a disk using the Format a: /s command. Copy the required files listed
below from an original Microsoft Windows 95/98 installation CD to the floppy disk. Boot disk
creator only installs DOS files from the A drive. If you select B-Floppy Drive from the drop-down list,
Boot Disk Creator will still try to read data from the A-Floppy Drive.
Folder: Select to copy the required files to a folder that can be access from within Boot Disk Creator.
Required
Optional
HIMEM.SYS
EDIT.COM
EMM386.EXE
MEM.EXE
SMARTDRV.EXE
ATTRIB.EXE
SYS.COM
MODE.COM
XCOPY32.MOD
FORMAT.COM
FDISK.EXE
Important: The SMARTDRV.EXE file is required for all computers running a scripted install in
Windows 2003\XP.
Linux
Deployment Solution provides Linux RedHat Fedora in a file named BDCgpl.frm. The BDCgpl.frm
file can be downloaded from the Altiris Solution Center Web site and then saved to any location on
the network. When newer versions of Linux become available, an updated .frm file will be available
online through Deployment Solution Hot Fixes or Service Pack releases.
Windows PE
Altiris supports Windows PE 2005 as a pre-boot environment for Boot Disk Creator. When you
install Windows PE, you will be asked to supply 2 CDs: Windows PE 2005 and Windows Server
2003 SP1.
In most instances, the Welcome to Microsoft(R) Windows(R) Server 2003 page displays after
inserting the Windows Server 2003 CD. Click Exit to avoid installing the full version of Windows
Server.
There are two dialog pages to complete the Windows PE installation. You will first be asked to
provide the Windows PE CD, followed by the Windows CD. The text on the page lists the operating
system CD you need to enter for each of these pages.
Example: On the Windows PE CD page, the text displays Windows PE 2005 (Windows Server 2003while the Windows CD page displays Windows Server 2003-SP1 (Windows PE 2005). The first
operating system listed on each page is the CD you want to use.
SP1),
267
To start the New Configuration Wizard, click the button on the toolbar of the
Boot Disk Creator tool, click Ctrl+N, or click File > New Configuration.
Configuration Name
This is the first page of the New Configuration Wizard, which is the same for DOS, Linux, or
Windows PE. You must enter a name of for the configuration to make the Pre-boot Operating System
for this Configuration fields active. The description field is optional but helps you to know what the
configuration contains, such as the file server type, NIC drivers, and any additional files you want
to add.
Field Definitions
Name: The configuration name you enter displays in the Configurations treeview after the wizard is
completed.
Enter a description for the configuration. (Example: enter the type of computer,
operating system, network adapter, and any other characteristics that will help you identify this
particular configuration.) After the Create Configuration and Create Boot Disk wizards complete, if
you select the configuration from the treeview, the description you entered for this field displays at
the top of the right pane.
Description:
Pre-boot Operating System for this Configuration: Boot Disk Creator supports DOS, Linux, and
Windows PE operating systems to create pre-boot environments. Select the pre-boot operating
system, and then click Install Pre-boot Operating System Files (page 266) to install pre-boot
operating system files.
Microsoft Windows:
Novell NetWare (VLM): Select this option to store images on a NetWare server with VLM clients, using
Select this option to store images on a NetWare server with 32-bit clients.
Network Adapter
The drivers listed in the Network Adapters window vary depending on the type of configuration you
are creating. You can install pre-boot operating system files for DOS, Linux, or Windows
Preinstallation Environment (Windows PE). See Install Pre-boot Operating System Files (page 266).
268
Example: After installing the pre-boot operating system files for Windows PE, the Windows NIC
drivers that are available to create a Windows PE configuration display, and are automatically added
to the new configuration. If you select Auto-detect network adapter, Windows PE determines which
network adapter driver to use.
Select a driver from the network adapters driver list. You must create a new configuration for each
type of network adapter that is installed on client computers, unless you want to create a Multi-NIC
configuration. See Multi-Network Adapter Configurations (page 270). If you want to add or change
adapter settings (such as I/O Memory, IRQ, and PCMCIA for DOS configurations) click Advanced.
See Advanced (page 269).
If the network adapter you want does not appear in the list, you can click Have Disk, Internet, or
Advanced (if they are available for the type of configuration you are creating) to add additional
drivers. See Have Disk (page 269), Internet (page 269), Advanced (page 269).
Field Definitions
Allow selection of multiple network adapters: Select this option to add multiple network adapter drivers
to a single PXE boot file configuration. This feature lets you build configuration files to boot
multiple computers that contain different types of network adapter cards. See Multi-Network
Adapter Configurations (page 270).
Have Disk
You can add network adapter drivers by using any disk media or navigating to a folder. Network
adapters can be downloaded from the manufacturers Web site and saved to a folder or a disk to be
installed later. New network adapters come with a floppy disk or CD to install the appropriate
drivers.
Internet
Altiris supports many manufacturer network adapters and supports a Web site for you to download
the latest NIC drivers. From the Network Adapter page, click Internet to launch the Web browser and
connect to ftp://support.altiris.com/support/NIC_drivers/. Download the driver you want, and then
unzip the files it to a folder on the hard drive. Click Add Driver and the driver you downloaded will
be added to the Network Adapters list.
Advanced
This options lets you add or change settings for network adapter cards so they will work correctly
when using DOS configurations. If you are creating a Linux or Windows PE configuration, this
option is not available. From the Network Adapter page, click Advanced. Refer to the following
properties and values.
Microsoft clients
Memory (protocol.ini):
config.sys file.
config.sys file.
269
Novell Client 32
config.sys file.
file.
Use a static IP address: Select this option if you want a client computer, using this configuration, to
be assigned a specific IP address. Enter an IP address, Subnet mask, and default gateway. You can
also enter a primary and secondary WINS address if you need to resolve IP addresses and naming
conventions. This option also requires that you create a configuration for each client computer, so
that the IP address is not the same for all computers.
Server IP address,
270
Example: The TCP port on the Deployment Server is set to 402 and the Port field in the Boot Disk
configuration is set to 502. This would result in client computers not being able to communicate with
the Deployment Server, because the port numbers do not match. To establish communications
between client computers and the Deployment Server, change the Port field in the Boot Disk
configuration to 402.
Note: The settings on this page are only used if you create an automation boot image where the
Automation Agent needs to know how to find the Deployment Server. If you intend to create a
network boot disk, you can ignore this page by clicking Next, as none of the properties will be used
to create a network boot image.
To set the TCP port on the Deployment Server
From the Deployment Server, click Start > Control Panel > Deployment Solution Configuration
Click OK.
Use TCP/IP multicasting to find the Altiris Deployment Server: Select this option to use TCP/IP
multicasting to find the Deployment Server. When client computers boot to automation using this
configuration, a multicast packet will broadcast across the network to find where the Deployment
Server is located.
Multicast IP address:
Port: This option defines which port client computers will use to communicate with the
Deployment Server Engine, which manages the Deployment Database, sends job commands
to the Deployment Agent, and more.
Server name: When you select Use TCP/IP multicasting to find the Altiris Deployment Server, a
multicast packet will broadcast to the server you specify. If you leave this field blank, the
client computer will connect to any server responding to the multicast packet.
Use TCP/IP to connect to the Altiris Deployment Server: Select this option to connect to a specific
Deployment Server. You must select this option if your network adapter or network does not support
multicasting. See your network adapter documentation or call the manufacturer or consult with your
IT department for information.
Server IP address: Enter the IP address of the Deployment Server to access information stored
Port: This option defines which port client computers will use to communicate with the
Deployment Server Engine, which manages the Deployment Database, sends job commands
to the Deployment Agent, and more.
in the Deployment Share. If you are using the Intel Universal NIC driver (UNDI), the IP
address is required.
this option to run the Automation Agent from the Deployment Share. This ensures
that you are running the latest version of the agent when the client computer boots to the automation
mode.
Local: Select
this option to run the Automation Agent from the local boot image, which is included
in the automation partition or in bootable media. The Automation Agent that boots the client
computer to automation mode, will always be the same version as when it was originally created. If
you want to update the Automation Agent to the latest version, you must reinstall the automation
partition or recreate all bootable media.
Network Configuration
This option lets you define how client computers connect to the Deployment Share or a file server
where image files are stored.
Window
Workgroup: Enter
271
NetWare
Server name: Enter the server name for the Deployment Share or file server. Click Advanced to enter
a NetWare context for the server, and then select a Frame type if it is different than the default value
of 802.2.
User name: Enter the authorized user name that was set up when the Deployment Share directory was
created. If you did not assign a User name and Password when for the Deployment Share or file server
was created, leave this and the Password field blank.
Password:
Confirm password: Enter the password for the user name as confirmation that you entered the proper
password in the Password field.
By default, the mapped drive that displays is F: \\<Deployment Share server>\eXpress. Click
the drop-down arrow and select a different drive letter if F: is already in use.
Drive:
Enter the path for the Deployment Share. The path you enter will map to the drive letter you
selected in the Drive field. You can also click Browse to navigate to the Deployment Share if you are
unsure of the directory path or if the image files are store on a file server.
Path:
Example:
Windows users:
NetWare users:
Linux users:
\\server\share
server\volume:directory
//server/mount point
Note: When entering Linux mount points, you must put a single quote around folders or filenames
that contain either a period (.) or a space. These are considered special characters in Linux and must
have single quotes around the name so that the directory path can be found. Example: //ImageServer/
DS Images/mnt/z.
Create and entry in the LMHOSTS file for the Deployment Server file store (other entries must be added
manually): Select this option if your network does not support NetBIOS name resolution for IP
addresses. Enter a Server name and IP address so that client computers can find the Deployment
Configuration Summary
This page lets you review all the options you selected throughout the New Configuration Wizard. If
you find a setting mis-entered or not what you want, click Back to re-select the option. When you
click Finish, the Create Boot Disk Wizard automatically displays for the next process to begin.
If you are using Boot Disk Creator from within the PXE Configuration Utility, the Edit
Configuration page displays next. See Edit Configurations (page 273).
272
Edit Configurations
This is the main Boot Disk Creator page that displays when you start the utility. If you are using Boot
Disk Creator from within the PXE Configuration Utility, this page displays at the end of the New
Configuration Wizard.
This feature lets you modify configurations that have already been created. As you select files and
folders from the treeview in the left pane, the configuration information displays in the right pane.
The display color changes to help you know the type of configuration you selected to view, edit, or
delete. The colors displayed are:
Blue:
Green: The configuration you selected or created is based on the Linux pre-boot environment.
Red: The
The configuration you selected or created is based on the DOS pre-boot environment.
To change configuration settings, right-click on a configuration folder and select Edit Configuration,
and then click Edit until you find the page for the options that you want to change. You can also make
text edits to files (selected from the treeview) in the right pane.
All other files within a configuration can be edited as needed. However, after you edit a
configuration, Boot Disk Creator rewrites certain files within the configuration so that drive
mappings and mount points are always updated. The following files are rewritten after editing
configurations:
See also: New Configuration Wizard (page 268), Install Pre-boot Operating System Files (page
266)
Additional Files
Boot Disk Creator lets you add additional files to folders that will either apply to a specific
configuration or to all configurations that are of the same type of pre-boot operating system.
However, any files you add to the global <OS> additional files folders will be written to the boot
image before the specific configuration files. If a file in the <OS> additional files folder is the same
name as a file in a specific configuration folder, it will be overwritten.
Example: if a file named 5684_Drivers resides in the DOS additional files folder, and the same file
5684_Drivers exists in a specific configuration folder, then when the files are written to a boot
image, the file in the configuration folder will overwrite the file in the DOS additional files folder.
This may cause unexpected results. If you edit text files in a <OS> additional files folder, yet the
specific configuration file is the one that is written to the boot image, the result will not be as you
expected.
Add files to all configuration
When you install a pre-boot operating system, a new folder will be added to the bottom of the
treeview on the main page of Boot Disk Creator. If you install pre-boot operating system files and
the <OS> additional files folders do not display, press F5 to refresh Boot Disk Creator. The folders
that display are as follows:
Boot Disk Creator will copy the files from the <OS> additional files folders to all corresponding
operating system configurations and will be added to the boot images. These folders are considered
global, since they can affect configurations of the same type.
273
Example: using the Windows Copy and Paste command, you can add tracert.exe to the WinPE
additional files folder. Each WinPE configuration you create will then add the files in the WinPE
additional files folder to the boot image.
Add files to a specific configuration
If you want to add files to a specific configuration only, and do not want to use the global feature of
the <OS> additional files folders, do the following:
1
Right-click a configuration in the treeview and select New > Folder. A new subfolder is created
in the treeview.
Enter a name for the folder so that you know they are added files.
To add files to the <OS> additional files folder, do one of the following methods:
Copy files from a network folder and Paste them into the configuration folder.
Right-click a configuration and select Add File. A browser dialog displays to navigate to the
file you want to add.
Right-click on a configuration and select File > Text file. A new empty text file is added to the
treeview. Enter a name for the file and write text as needed in the left pane.
computers boot with this image file, they will map to a network server and be at a users prompt.
(This option is not available in Shared Configuration mode.)
Server modes are already entered. If, for some reason, you need to change the IP address on a PXE
Server, enter the same IP address in this field.
Enter the IP address for the specific PXE Server you selected from the File menu. When client
computers perform a PXE boot, the IP address helps them communicate with the PXE Server.
274
DS Tab
This is selected when you are setting the properties for a Shared
Configuration. You cannot change this selection on the other pages if you are setting properties for
the Shared Configuration.
Customize PXE Server (Shared Configuration): This option is available when you select a specific
Server from the File menu. You can keep the settings on the page or customize the properties for the
Response Time: This lets you set the PXE Server response time for when client computers request a
PXE boot.
Example: If you have 3 PXE Servers, you can set the first PXE Server to Short delayed response (1/
2 second), the second to Immediate response, and the third to a Delayed response of your choice. This
helps control which PXE Servers will respond to client computers when they perform a PXE boot.
In this example, the second PXE Server would respond to client computers before the first server.
DHCP Server discovery:
Auto detect Microsoft DHCP Server and configure for PXE: Select this option when installing
Altiris PXE Server on the same server where Microsoft DCHP Server is installed and
running. PXE Server will then auto detect the presence of a Microsoft DHCP server, and
install and enable Option 60 in the DHCP Global Server Options. PXE Server will not
actively monitor DCHP ports for requests, but rather wait for clients to directly request PXE
services based on option 60 being enabled. This applies only to Microsoft DHCP Servers.
No DHCP Server installed on PXE Server (Use DHCP port): Select this option if PXE Server and
Third party DHCP Server installed on PXE server (Do NOT use DHCP port):
DHCP Server are installed on different servers. This option enables PXE server to actively
listen and respond to DCHP PXE requests.
DS Tab
This lets you set properties so that all PXE Servers can communicate with the Deployment Server.
PXE Servers and the Deployment Server work together to perform tasks, such as creating and
distributing an image, scripted OS installs, and more. The PXE Server must be able to access the
Deployment Server and the Deployment Database to retrieve the information required to carry out
these tasks on client computers.
The Deployment Server IP address, the Engine Port, and the Data Manager Port are critical fields
because they define how the PXE Server will establish communication with the Deployment Server.
Example: The TCP port on the Deployment Server is set to 402 and the Engine port on the PXE Server
is set to 502. This would result in the PXE Server not being able to communicate with the
Deployment Server because the port numbers do not match. To establish communication between
the 2 servers, change the Engine port field on the PXE Server to 402.
To set the TCP port on the Deployment Server
1
From the Deployment Server, click Start > Control Panel > Deployment Solution Configuration
Click OK.
This option defines which port PXE Servers will use to communicate with the
Deployment Server Engine, which manages the Deployment Database, sends job commands to the
Deployment Agent, and more.
Engine port:
275
Server.
This is the port that PXE Manager uses to communicate with the Deployment
By default, this option is enabled. Clear the checkbox if you do not want
Initial Deploy boot option: The boot menu item that was set as the default pre-boot operating system
at install time will be selected. If no boot menu items were created, then the first boot menu item
(shared) is selected. Go to the Boot Menu Tab (page 262) and create a Shared Configuration if there
are no items in the list.
When the boot menu displays on client computers, the default boot option you select for Initial
Deployment will move to the top of the boot menu, even if the boot option is not at the top of the list
on the Boot Menu Options for PXE Server: (Shared Configuration) page.
Select this option for Initial Deployment to run on new client computers
without any user interaction following a PXE boot. From the Deployment Console, in the Initial
Deployment Advanced properties, there is a default time-out value of 5 minutes. If you select this
option, PXE will respond immediately but Initial Deployment will still wait 5 minutes before
running.
Execute immediately:
Wait indefinitely:
Select this option so that a user must press <F8> to start the Initial deployment job.
Use default timeout: Select this option to use the time-out value set in the Initial Deployment
Advanced properties from the Deployment Console.
Timeout: Select this option to enter a time-out value of your choice. The boot menu will display on
new client computers for the length of time you set before booting to Initial Deployment.
PXE Servers on the same subnet, then client computers will always connect to the PXE Server that
was installed on the Deployment Server, regardless of the MAC filter you set. To successfully use
MAC filtering, install PXE Server to a different server than the Deployment Server, and then add
additional PXE Servers.
MAC addresses filter properties mode
This is selected when you are setting the properties for a Shared
Configuration. You cannot change this selection on the other pages if you are setting properties for
the Shared Configuration.
Customize PXE Server (Shared Configuration): This option is available when you select a specific
server from the File menu. You can keep the settings on the page or customize the properties for the
Use MAC Address Filtering: Select this option to use MAC filtering. If this checkbox is not selected,
the entries in the MAC Address Patterns area are ignored.
Service listed addresses: Select this option if you want the PXE Server to service the list of MAC
addresses in the MAC Address Patterns area.
276
Multicast Tab
Do NOT service addresses: Select this option if you do not want the PXE Server to service the list of
MAC addresses in the MAC Address Patterns area.
This lets you enter MAC addresses. When you click this button, the Define MAC Addresses
dialog displays. See Define MAC Addresses (page 277).
Edit: This lets you modify addresses previously added to the MAC address list. When you click this
button, the Define MAC Addresses dialog displays. See Define MAC Addresses (page 277).
Delete:
Select a MAC address from the list, and then click this button.
Import: This option lets you import comma-separated text file MAC address list. You can create the
import text file manually, or you can import a file that has previously been exported from any PXE
Server on your network. When the Windows navigation dialog displays, go to the folder or disk drive
where the text file is located and click OK.
Export: This option lets you export the MAC address list to a comma-separated text file. You can use
the export feature to save a large MAC address list, and then import the file to another PXE Server
or to the same PXE Server in the event you need to uninstall and install PXE Server. You can export
all or part of the list by selecting the MAC addresses. When the Windows navigation dialog displays,
go to the folder or disk drive where you want to save the text file and click OK.
Select this option to enter a range of MAC addresses. Enter a MAC address to start
the range in the From box and an end range MAC address in the To box.
Address range:
Multicast Tab
This option lets you set properties for the way PXE Servers download the boot image to client
computers. PXE Servers communicate with client computers using the Multicast Trivial File
Transport Protocol (MTFTP) and support larger transport packets, which reduces the time it takes to
download files.
The PXE Manager multicast properties lets you set a beginning multicast address, the number of
multicast addresses available, and the number of addresses available for a single PXE Server.
A multicast address is automatically assigned to the files PXE Server uses to download the boot
menu to client computers. A PXE boot menu option consists of 2 files. The MenuOption<number>.0
file is the boot menu, and the MenuOption<number>.1 file is the additional file needed to execute
whichever menu item is selected by the user.
Example: The PXE.ini file consists of information gathered by PXE Manager and includes a section
called MTFTP\Files. This section lists the MenuOption files and their assigned multicast addresses.
[MTFTPD\FILES]
BStrap\x86pc\BStrap.0=224.1.1.0
MenuOption128\x86pc\MenuOption128.0=224.1.1.1
MenuOption128\x86pc\MenuOption128.0.cr-1005309736=224.1.1.2
277
Multicast Tab
MenuOption128\x86pc\MenuOption128.1=224.1.1.3
MenuOption129\x86pc\MenuOption129.0=224.1.1.4
MenuOption129\x86pc\MenuOption129.0.cr-1005309736=224.1.1.5
MenuOption129\x86pc\MenuOption129.1=224.1.1.6
Notice that the multicast address increments by 1 for each file that is created when a new PXE
configuration is added and the boot image is created. These are the files that PXE Server will
download when a user selects a boot menu option from the menu list on a client computer.
PXE Manager
PXE Manager creates a PXE Manager.ini file, which gathers data from all PXE Servers on the
network. The PXE Manager.ini file then creates and sends a PXE.ini file specific to each PXE
Server. PXE Manager.ini and PXE.ini are both used by the PXE Manager service to synchronize the
boot images across all PXE Servers and Deployment Servers on the network.
Important: Do not edit the PXE Manager.ini or PXE.ini files. If these files are edited, you will lose
the ability to access the boot images stored on all PXE Servers, and the PXE Manager service will
not function properly. See PXE Manager in the Automation & Imaging section of the Deployment
Solution Reference Guide.
TFTP/MTFTP properties
This is selected when you are setting the properties for a Shared
Configuration. You cannot change this selection on the other pages if you are setting properties for
the Shared Configuration.
Customize PXE Server (Shared Configuration): This option is available when you select a specific
server from the File menu. You can keep the settings on the page or customize the properties for the
Enable MTFTP: Clear this option if you do not want to use MTFTP to download the boot menu from
the PXE Server to client computers. If a PXE Server is going to service client computers on the same
subnet, then you want to select this option to communicate. If you disable MTFTP, then normal
TFTP will be used to communicate.
PXE-enabled client computers listen for broadcast messages sent by the PXE Server through
MTFTP. If a PXE Server is going to service client computers across subnets and this option is
enabled, PXE Server will try to communicate with clients using MTFTP. If the router is not
configured to pass a multicast packet, an error message displays on client computers, stating that
MTFTP is unavailable. PXE Server then tries to connect to client computers using TFTP.
Enable larger packets for TFTP/MTFTP:
Packet size: Enter the transport packet size if your infrastructure does not have the capability of
handling the default packet size of 768.
Do not allow IP fragmentation: Clear this option to use IP fragmentation. This is helpful if you have a
narrow bandwidth on the network and want to Enable Larger packets for TFTP/MTFTP when
downloading files from the PXE Server to client computers. IP fragmentation allows larger packets
to be broken up into smaller packets during transport. However, you must use a Third Party
application to reassemble the smaller packets into the original packet size.
PXE Manager multicast properties
Beginning Multicast address:
225.255.255.255.
Number of Multicast Addresses Available: Enter the number of addresses available for the PXE Server.
Limit: 128,000.
278
BIS Tab
BIS Tab
PXE configurations always create a .0 and .1 file, which are an open source on the network when
PXE downloads these boot items to client computers. With Boot Integrity Services (BIS), you can
encrypt the files to ensure that the PXE Servers communicating with the client computers are secure.
You can use BIS Certificates if you meet the following requirements:
You must Enable BIS on this page first, then go to the Deployment Console and right-click on a
computer or group of computers, and select Advanced > Install BIS Certificate. The client computers
will receive their certificate from the PXE Server. The next time BIS installed client computers try
to boot to the PXE Server, the BIS Certificates must validate before any files can be downloaded.
Note: If you have BIS enabled in Deployment Server 6.1, you must remove all BIS certificates
Certificate owner:
Enter a password.
Customize PXE Server (Shared Configuration): This option is available when you select a specific
server from the File menu. You can keep the settings on the page or customize the properties for the
Log File Location: This is the folder where all log files are stored. If no directory path is entered, log
Log Files: These log files are specific to PXE Servers and if enabled, will log information to the
filename you specify and then store it in the PXE folder on each PXE Server across the network.
DS Traffic Log
279
The PXE Manager Log writes data to the filename you specify and then stores it in the PXE folder
on the Deployment Server.
Level: Select the type of data you want to write to the log files. Each level in the list will write out
more details to the log files then the previous level.
Filename:
Enter a name for the log file you enabled if you do not want to use the default name.
Browse to the location where axInstall.exe is installed. The default location is C:\DSSetup.
Run axInstall.exe.
Enter the computer name or Browse the network to select a remote PXE Server.
10
11
Click Install.
280
Chapter 15:
RapiDeploy Imaging
You will learn about hard disk imaging, how to create and restore images, and about the necessary
tools and methods used to support imaging computers.
See Also
How Imaging Works (page 281)
Preparing Computers for Imaging (page 283)
Creating, Uploading, and Sending Images (page 288)
Restoring, Downloading, and Receiving Images (page 292)
Making Self-Extracting Image Files (page 297)
Managing Images (page 297)
RapiDeploy 6.5 provides support for HTTP imaging
For information on using the program wizards, see Creating, Uploading, and Sending Images on
page 288. For information on running from the command-line with switches, see Running
RapiDeploy from the Command-line on page 58.
resulting in a clean, defragmented image that can be resized and restored to a disk of a different size.
Other File Formats. For other file systems, the disk is read sector by sector regardless of which
sectors are in use. The image mirrors the contents of the disk. These formats are not resizable.
281
Partition Selection
When a computer receives an image, you can select which partitions to download. The default
setting is to restore all partitions, which would overwrite any existing partitions. To keep an existing
partition, you can specify which partitions to download and which to ignore. You can also use
command-line switches to keep existing partitions.
Partition slots on the Client PCs will be, by default, the same as the image source PC. A partition
occupying slot 3 in the image file will be by default in slot 3 on the Client PCs.
By default, the following partition types will not be overwritten:
The default behavior can be overridden by selecting the appropriate option in the RapiDeploy wizard
or at the command-line.
Partition Size
When you are restoring an image to a computer, the destination hard disk may be a different size
than the disk imaged. If there are multiple partitions, the partition size percentage of the Client PCs
will, by default, be the same as the image source.
For example, if you image a 1 GB hard disk where 40% (400 MB) of the disk is a Windows NT
partition and 60% (600 MB) is a Windows 98 partition, a Client PC with a 2 Gigabyte disk will use
the same percentages. The size of the Windows NT partition will be 800 MB and the Windows 98
partition will be 1200 MB.
RapiDeploy also offers a partition resize feature that allows you to manually resize the partitions to
a size that you specify.
Spanning Media
RapiDeploy lets you span media or store images across multiple media. For example, you can
store one image across several CD-RWs, Iomega Jaz or ZIP drives, or other removable media.
Spanning is accomplished by splitting the image into multiple files. For example, if you named your
image file basepc.img, and the image is split into four files, the following files are created:
basepc.img
basepc.002
basepc.003
basepc.004
You can set the split image file size to be between 1-2040 MB.
Important The maximum file size that can be written is 2040 MB. Any image that is larger then 2040
MB, whether it is spanned or not, will be split into multiple files.
Save all of the image split files to a file server directory and then transfer them to the media later
282
To be prompted to swap media during the image creation process, load rdeploy.exe with the -span
option. For more information, see -span under Running RapiDeploy from the Command-line on
page 58.
You can specify the split file size either in the Rdeploy wizard or from the command-line. To set it
from the command-line, add the -split option to the -span option. For more information, see -split
under Running RapiDeploy from the Command-line on page 58.
is present on the computer that you will create the image of. For more information, see Install the
Deployment Agent For Windows for Post Image Configuration on page 286.
Multicasting
RapiDeploy uses multicasting to simultaneously deploy images to a group of computers, called
Client PCs. The Master PC manages the multicast session. The Master PC can multicast images to
Client PCs in the following three ways:
While the Master PC downloads an image from a file server and manages the simultaneous
imaging of the Client PCs
While the Master PC creates an image on a file server and manages the simultaneous imaging of
the Client PCs
While using its own hard disk as the source and sending the contents to Client PCs
The multicast transmission is synchronized by the Master PC, so it will only go as fast as the
slowest computer in the group.
If a single computer fails, it will drop out of the session and the session will continue.
You can usually multicast only to computers on the same network segment because most routers
and switches do not allow multicasting. To image computers on another segment, start a Master
PC on that segment and connect the Client PCs to the Master PC.
283
See Also
Task Overview
Before you can create, send, or download an image, you must do the following:
Create boot disks for all computers that will be used to create or receive an image (see Create
Boot Disks on page 284).
(Optional) Install the Deployment Agent For Windows (see Install the Deployment Agent For
Windows for Post Image Configuration on page 286).
(Optional) Name computers for Microsoft Domain Controllers (see Name Computers for
Domains on page 287).
Client PCs (other computers that will receive the same image from the Master PC)
The Altiris Boot Disk Creator creates the Master PC and Client PC boot disks.
Gather Information
Before you create boot disks, collect the following information:
The type of file server you will store the image on (Windows or NetWare)
The type of network adapter in the computers that you are building the boot disks for (3Com,
Intel, and so on). Boot disks are network adapter-specific. You must create a unique boot disk
for every computer that has a unique network adapter.
The name of your workgroup/domain (for Microsoft networks) or your server name (NetWare)
The account name and password assigned to the RapiDeploy directory after the software was
installed (see Installing RapiDeploy on page 13).
284
On the computer where you installed RapiDeploy, click Start > Programs > Altiris > RapiDeploy >
Boot Disk Creator.
Important The first time you run Boot Disk Creator on a Windows NT/2000/ ME/XP computer,
you will be required to provide DOS system files. For more information, see Get DOS System
Files on page 13.
By default, Create a new configuration is already selected, click OK to continue with the wizard.
However, if you already have a configuration similar to the one you are creating click Close this
Dialog, and then OK. Follow the steps below to edit copy and then edit an existing configuration.
a
From the Boot Disk Creator interface, right-click on one of the configurations listed, and then
select Copy.
Right-click on the re-named configuration file, and then click Edit Configuration.
Edit the values on each page of the Boot Disk Creator Wizard as needed. When all changes
to the configuration file are complete, click Finish.
file in the text field. For example, RDMaster 3C905.
Click Next.
Click one of the Boot Disk Types. This is the type of configuration file you want to make.
RapiDeploy Client PC boot disk - connects PCs under DOS to run the RapiDeploy multicasting
engine.
client.
Note: Select the Run Client Configuration Wizard check box if you want to enter configuration
settings prior to imaging. This important feature saves you time and effort by letting you enter
a clients information such as the computer name, workgroup or Domain, IP address settings,
and more. These settings are saved until after the imaging to the client is complete, and then
the configuration settings are restored. If you plan to multicast to a number of client
computers, this option is preferred.
manually.
Click Next.
Click the File Server Type where you will store and access images.
If you have a Microsoft Windows server, you can also select the check box to Create MultiNetwork Adapter Configuration. This will create a multiple network adapter configuration. See
If you have NetWare client computers, click the option that corresponds to the type of Novell
NetWare server that they will connected to.
Click Next.
10
From the list of Network Adapters, select a network card. This configuration will only work on
client computers that have the type of network adapter card you select. You can click Have Disk
to install DOS drivers for a network adapter not listed. Click Internet to go to the Altiris FTP NIC
driver support site to find additional driver files. If your network adapter does not appear on the
list, see Network Adapter on page 240.
285
Important: Configuration files are specific to the network adapter card. You must create a
configuration file for each type of network adapter that is installed on client computers.
11
Click Next.
12
Click the TCP/IP Protocol Setting that client computers will use to communicate (in DOS) with
the RapiDeploy server. BootWorks runs imaging and registry backup/restore jobs in DOS before
computers boot to Windows.
If you have a DHCP server to assign IP addresses, click Obtain an IP address from a DHCP
server.
If you want to enter static IP address information, click Use a static IP address. If you use
static IP addresses, you must make a separate boot disk for each computer. See TCP/IP
Protocol Settings (page 242) for more details.
13
Click Next.
14
Enter or select the Domain or Workgroup (Windows network), or server (Novell network) where
client computers will connect to store and access image files on the file server.
15
Enter or select the user name and password that will be used to connect to the file server. The
name must be a valid local user in the administrators group of the Windows NT authentication
system. If you did not assign a password to the users account, leave the password fields blank.
16
Click Next.
17
If you want to change the default drive letter, click the drop-down arrow and select a letter from
the list for the Drive Map. This entry will be part of the autoexec.bat file that is executed when the
client computer boots using this configuration, and also gives BootWorks access to the image
files on the server.
If you are using NetWare and you want the client login scripts to create the drive mapping,
click Use login scripts to create drive maps.
18
If you want to change the path to the rdeploy shared folder on the file server, enter the path in the
Path field, or click Browse to navigate to the rdeploy folder.
19
Click Next.
20
Review the configuration properties you selected through out the Boot Disk Creator wizard.
Click Back to return to any previous page, and then reenter values as needed. When all
configuration settings are complete, click Finish.
You can now use the configuration to create required boot files or BootWorks installation packages.
For more information creating boot disk configurations, see Boot Disk Creator on page 237.
Create Disks
1
If you just created a configuration, a dialog box appears. Click Create floppy disks sets and click
OK to exit the Boot Disk Creator wizard.
or
From the Boot Disk Creator interface, select the configuration file you want to use and click
from the taskbar.
Create Disks
Note If you have not created a configuration yet, click New Configuration from the taskbar and
complete the steps to create one.
2
Insert a blank floppy disk when prompted, and follow the prompts to finish making the boot disk.
To help yourself keep track of the floppy disks, label each one as it is created.
Important All existing data on the disk will be replaced.
286
HTTP Imaging
To use this feature, you must make sure that the Deployment Agent (aclient.exe) is running on the
computer that you will create the image of. After a computer has received an image, Deployment
Agent automatically runs, applies the configurations you set, and reboots the computer so the
changes take effect.
Click Start > Programs > Administrative Tools > Active Directory Users and Computers.
Highlight the Computers folder under the domain where you will add the computer.
Select the Allow pre-Windows 2000 computers to use this account box. This box must always be
selected.
Click Start > Programs > Administrative Tools (Common) > Server Manager.
The name of the image source computer cannot be used as a target computer name.
Computer names must be newly created entries in the domain.
You must add the target computer names to the domain server before you deploy the image.
HTTP Imaging
When capturing or deploying an image, you have the option of providing a URL as the path to an
image file. This is non-typical interaction, and requires some configuration on your Web server.
Your Web server needs to following:
In Apache 2, enable unlimited MaxKeepAliveRequests in your httpd.conf file. You also need to
obtain and install mod_put module to enable image uploading.
287
In IIS, consult your documentation for information on enabling keep alives and uploads. Basic
authentication is supported, Windows digest authentication is not supported. You might also need
to specify a file type of application/octet-stream for your images to prevent errors.
Task Overview
When you create an image of a computer, you have three options:
Create an image file of a Master PC on a file server (see
Creating an Image File on page 288).
Choose a computer on your network that has a baseline system you want to image, insert the
Master PC boot disk into this computer, and reboot. For more information, see Create Boot
Disks on page 284.
The computer boots to DOS, connects to the computer share where RapiDeploy is installed, and
loads rdeploy.exe.
288
If the computer has more than one hard disk, select the disk that you want to image and click Next.
(Optional) If you want the image file to be a self-extracting executable file rather than an .img
file, then select the Make this a self-extracting .EXE check box.
For more information, see Making Self-Extracting Image Files on page 297.
Specify the type of compression you want to apply to this image (optimize for smaller Size or
faster Speed or the default Balanced) or select No Compression.
Specify maximum file size in the Spanned Media File Size menu.
For more information, see Spanning Media on page 282.
Click Next.
Deselect any partitions that you do not want to include in the image.
10
The time it takes to complete imaging depends on the amount of data involved. Imaging is complete
when you see a DOS prompt that indicates the imaging was successful.
289
Boot all of the Client PCs that will receive the image using the Client PC boot disks you created
earlier (see Create Boot Disks on page 284). This runs the RapiDeploy wizard.
At each Client PC, use the wizard to set up the configurations (such as TCP/IP, OS licensing,
networking, and user settings) that you want applied to the computer after it has received the
image file.
Click Finish.
The Client PCs are now ready to receive an image file from the Master PC.
Start the Master PC Image
1
On a baseline computer on your network that you want to create and send an image of, insert the
Master PC boot disk and reboot.
The computer boots to DOS and connects to the computer share where RapiDeploy is installed,
and loads rdeploy.exe.
Select the Send While Creating check box, and click Next.
If the computer has more than one hard disk, select the disk that you want to image and click Next.
(Optional) If you want the image file to be a self-extracting executable file rather than an .img
file, then select the Make this a self-extracting .EXE check box.
For more information, see Making Self-Extracting Image Files on page 297.
Specify the type of compression you want to apply to this image (optimize for smaller Size or
faster Speed or the default Balanced) or select No Compression.
290
Specify maximum file size in the Spanned Media File Size menu.
For more information, see Spanning Media on page 282.
Click Next.
10
11
(Optional) If you are running on a high traffic network, you can limit the bandwidth to a slower
number of megabits per second (for example, 3 Mbps).
12
(Optional) You can configure the Master PC to wait until a specified number of Client PCs
connects to it. To use this feature, select the Start After X Clients Connect check box, and specify
the number.
You can also configure the Master PC to wait until a specified number of minutes. To use this
feature, enter a value for or after X minutes.
13
Click Next.
14
Deselect any partitions that you do not want to include in the image.
15
16
Eject the boot disks from all the Client PCs and reboot them.
An Altiris message box will appear indicating that the Client PCs are being reconfigured. The
computers will automatically reboot into the operating system that was in the image you just
deployed.
Boot all of the Client PCs that will receive the image using the Client PC boot disks you created
earlier. This runs the RapiDeploy wizard.
At each Client PC, use the wizard to set up the configurations (such as TCP/IP, OS licensing,
networking, and user settings) that you want applied to the computer after it has received the
image file.
Click Finish.
The Client PCs are now ready to receive an image file from the Master PC.
Start the Master PC Image
1
On a baseline computer on your network that you want to create and send an image of, insert the
Master PC boot disk and reboot.
The computer boots to DOS and connects to the computer share where RapiDeploy is installed,
and loads rdeploy.exe.
291
Leave the Session ID field set to default unless you are running multiple sessions that need
separate session IDs.
(Optional) If you are running on a high traffic network, you can limit the bandwidth to a slower
number of megabits per second (for example, 3 Mbps).
(Optional) You can configure the Master PC to wait until a specified number of Client PCs
connects to it. To use this feature, select the Start After X Clients Connect check box, and specify
the number.
You can also configure the Master PC to wait until a specified number of minutes. To use this
feature, specify a value for or after X minutes.
Click Next.
Deselect any partitions that you do not want to include in the image.
Eject the boot disks from all the Client computers and reboot them.
An Altiris message box will appear indicating that the Client PCs are being reconfigured. The
computers will automatically reboot into the operating system that was in the image you just
deployed.
292
Restoring (Download) Image to Master PC While Sending It to Client PCs (page 294)
Configuring Computers with Post-Imaging Settings (page 296)
Task Overview
You can restore (download) an image file from the file server to one or more computers. You can
download an image in one of the following ways:
Download an image to the Master PC only (see Restoring an
Image to a Master PC on page 293).
Before downloading images, you can set post-imaging configurations on the computers that will be
set automatically after the computer is imaged. You can configure OS licensing, networking, TCP/
IP and user settings. For more information, see Configuring Computers with Post-Imaging
Settings on page 296.
On a computer on your network that you want to download an image to, insert the Master PC
boot disk and reboot.
The computer boots to DOS, connects to the computer share where RapiDeploy is installed, and
loads rdeploy.exe.
2
3
configurations
293
Click Next.
Click Browse and then select the image you want to download and click OK.
Click Next.
Click Next.
If you selected the Do post configuration option, you are shown the Post imaging configuration
window. Set any configurations you want to apply to the computer after imaging. For more
information, see Configuring Computers with Post-Imaging Settings on page 296.
Important Post-configuration settings are organized into groups and are available by clicking the
group name in the left panel. Do not click Finish until all configuration options are set.
10
The time it takes to complete imaging and multicasting depends on the amount of data involved.
Imaging is complete when you see a DOS prompt that indicates the imaging was successful.
Boot all of the Client PCs that will receive the image with the Client PC boot disks you created
earlier. This runs the RapiDeploy wizard.
At each Client PC, use the wizard to set up the configurations (such as TCP/IP, OS licensing,
networking, and user settings) that you want applied to the computer after it has received the
image file.
Click Finish.
The Client PCs are now ready to receive an image file from the Master PC.
294
On a computer on your network that you want to download an image to, insert the Master PC
boot disk and reboot.
The computer boots to DOS and connects to the computer share where RapiDeploy is installed,
and loads rdeploy.exe.
If you want to automatically modify the computers settings after imaging, select the Do post
check box (default).
configurations
Click Next.
Select the image file to restore to the Master PC and send to Client PCs.
(Optional) If you are running on a high traffic network, you can limit the bandwidth to a slower
number of megabits per second (for example, 3 Mbps).
(Optional) You can configure the Master PC to wait until a specified number of Client PCs
connects to it. To use this feature, select the Start After X Clients Connect check box, and specify
the number.
You can also configure the Master PC to wait until a specified number of minutes. To use this
feature, specify a value for or after X minutes.
10
Click Next.
11
Deselect any partitions that you do not want to restore in the download.
12
Click Next.
If you selected to Do post configuration, you are shown the Post imaging configuration window.
Set any configurations you want to apply to the computer after imaging. For more information,
see Configuring Computers with Post-Imaging Settings on page 296.
Important Post-configuration settings are organized into groups and are available by clicking the
group name in the left panel. Do not click Finish until all configuration options are set.
13
295
Imaging is complete when you see a DOS prompt that indicates the imaging was successful.
14
Eject the boot disks from all the Client PCs and reboot them.
An Altiris message box will appear indicating that the Client PCs are being reconfigured. The
computers will automatically reboot into the operating system that was in the image you just
deployed.
present on the computer that you will create the image from. After a computer has received an image,
Deployment Agent is automatically run, applies the configurations you set, and reboots the computer
so the changes take effect. To install Deployment Agent on a computer prior to imaging, connect to
the RapiDeploy installation directory, run clcfg.exe, and follow the instructions.
Settings Options
At the top of each section, there is a Prompt user for settings check box. If this option is checked, the
user will be prompted for those settings when the computer is rebooted.
Also, at the bottom of the section, there is a check box labeled Save these as your default settings. If
you do not want to save these settings for the next time you run this program, clear this box.
Post-configuration settings are organized into groups and are available by clicking the group name
in the left panel (you can also click the TAB and then SPACE keys to select groups). The settings
groups are summarized below.
License Settings
This is where you enter the license information for the computers operating system. You can enter
the user name, organization name, and license key.
Networking Settings
The networking group contains workgroup and domain settings. You can choose either workgroup
or domain settings. Enter the name of the workgroup or domain along with the computer name. If
you are using domains, you can also change the Windows Security ID (SID) for that particular
computer. Each computer in a domain must have a different SID. After imaging, they all have the
same SID. A new SID will be generated for each computer that has this check box selected. For more
information, see Using SIDgen on page 67.
TCP/IP Settings
This group contains the same settings that you would find in the Windows Networking Properties
and TCP/IP settings. These settings let you choose between DHCP or static IP addresses. You can
also set up WINS and DNS options.
NetWare Settings
If the computer will be a Novell NetWare client, this section helps you apply NetWare client settings
on a newly imaged computer. You can specify the NDS user name, select whether you want to login
to a tree or a server, the preferred tree or server name, the NDS context, and if you want to run login
scripts.
Account Settings
Here you can set up Windows user accounts for the newly imaged computer. You can enter the user
name, full name, password (you must confirm the password by typing it again in the field below it),
and you can also specify the groups that this user will belong to as a comma-delimited list. For
296
example: Administrators, Marketing, Management. You can also determine whether the user must
change their password the next time they log on, whether they can change their password, and
whether the password expires.
Select Create a self-extracting image from an .img file option and click Next.
Select the .img file you want to turn into an .exe file and click Finish.
The .exe file will be created in the same directory as the .img file you selected.
Managing Images
You can view and make changes to RapiDeploy image files (*.img) using the Altiris ImageExplorer.
For more information, see Altiris ImageExplorer on page 318.
297
Chapter 16:
298
File
Description
rdeploy.exe
firm.exe
File System Independent Resource Management (FIRM) gives you basic file
access to all FAT, NTFS, ext2, and ext3 file systems on your hard disk,
regardless of the version of DOS you are running. This is an advanced feature.
You dont have to use it to perform normal management tasks. For more
information, see Using File System Independent Resource Management
(FIRM) on page 311.
bootwiz.exe
The Boot Disk Creator executable file. The Boot Disk Creator creates the Master
PC and Client PC boot disks. For more information, see Create Boot Disks on
page 284 and Boot Disk Creator (page 237).
imgexpl.exe
An Altiris Windows application, the ImageExplorer executable file lets you view
and make modifications to Altiris image files (*.img). For more information, see
Managing Images on page 297 and Using ImageExplorer (page 321).
aclient.exe
The Deployment Agent for Windows (aclient.exe). For information about how
aclient.exe is used with RapiDeploy, see Install the Deployment Agent For
Windows for Post Image Configuration on page 286.
sidgen.exe
clcfg.exe
Installs the Deployment Agent for Windows (aclient.exe). For more information,
see Task Overview on page 284.
299
Switch [parameters]
Details
-?
-c[compression mode]
-checkdisk
Mark the partitions dirty so that checkdisk will run after the image is
restored (works on all file systems).
Note Post configuration will fail when this switch is used.
Example rdeploy -mu -f[filename] -checkdisk
See also -m[mode], -f[path & file name]
300
Switch [parameters]
Details
-dpos[#]
Examples
-forcegui
Function Forces the wizard to appear even if it doesnt have to. Use
this switch to force the wizard to appear so that you can view or edit
settings for each computer.
Example To restore an image but first view or make changes in the
settings, type
rdeploy -md -f[filename] -forcegui
See also -m[mode], -f[path & file name]
-forceoem
301
Switch [parameters]
Details
-frm:[name]
-i:[20..25]
-i[IDnumber]
-ip:[n.n.n.n:p]
Function Sets the multicast IP address and port. This can be used for
two purposes: 1) To allow multicasting through a router that is set up
to use a different multicast IP address, and 2) to separate multiple
multicasting sessions more efficiently.
If you are manually running multiple multicast sessions, you can
specify a different multicast IP address for each session to allow the
NIC itself to filter out unwanted packets from other sessions. This
speeds up all sessions involved.
Important Remember to put the port number at the end of the IP
address after a colon.
Example
rdeploy -mdb -f[filename] -s9 -ip:224.2.0.3:401
See also -m[mode], -s[number of Client PCs], -f[path & file name]
-kap
302
Switch [parameters]
Details
-kp[1-31]
-m[mode]
specified partition.
n=partition 1 - 31
Example To keep partition 2 from being overwritten during imaging,
type
rdeploy -md -f[filename] -kp2
See also -m[mode], -f[path & file name]
u (Upload image)
d (Download image)
b (Multicast only)
ub (Upload and multicast image)
db (Download and multicast image)
client (Client mode)
Examples
-mconv
restoring a hard disk image that has been split across multiple CDs or
other storage media. This switch causes RapiDeploy to create an .imx
(IMage IndeX) file which contains data that may reside on other CDs.
If RapiDeploy has access to the .imx file, it will not prompt you to
insert any CD more than once.
Use the -makeimx switch when you create an image. However, no
switches are needed when restoring the image. Once the split image
file has been created and you are ready to burn the image to CDs, put
the .imx file on the CD with the first .img split image file. Subsequent
split image files do not require the .imx file to be placed on the CD.
-nobw
Function Makes sure that a BootWorks partition does not exist in the
destination, is not on the disk when restoring, and is not in the image
when creating.
Example To remove an existing BootWorks partition from a hard
disk and exclude the BootWorks partition from being downloaded
with an image, type
rdeploy -md -f[filename] -nobw
See also -m[mode], -f[path & file name]
-nocancel
303
Switch [parameters]
Details
-nooem
Function Makes sure that an OEM partition does not exist in the
destination, is not on the disk when restoring, and is not in the image
when creating.
Example To remove an existing OEM partition from a hard disk and
exclude the OEM partition in an images from being restored, type
rdeploy -md -f[filename] -nooem
See also -m[mode], -f[path & file name]
-noprompt
-nt64k
(Download only)
-p[partition]
Examples
304
Switch [parameters]
Details
-restoresig
the MBR of the hard disk from which the image was created.
Normally, RapiDeploy does not transfer the disk signature to the
target computer when deploying an image. This switch can be used
when restoring an image to the same or similar systems. The -szf
switch may be needed in combination with the -restoresig switch.
Example One This -restoresig switch has been added to the
Distribute Disk Image job in the XP Embedded folder in the Samples
folder to protect the Write Filter Partition. It is required for all Restore
Image jobs for XPe Thin Clients.
Example Two The -restoresig switch is needed when restoring an
image to a Citrix Metaframe Server to preserve the alternate drive
mappings. In this situation the -szf switch is also required.
Note This switch will function only if no production partitions are
being preserved on the hard drive when deploying the disk image.
-span
Function Prompts between each piece of an image file (if set when
-split:[n]
Function Use this switch to set fixed sizing for all partitions. By using
this switch, RapiDeploy will use the original sizes that existed on the
computer from which the image was created.
Example If the original size of the partition to be downloaded was
250 MB and you want the destination partition to remain 250 MB, use
the -szf switch. If the target disk has 500 MB of free space, youll have
a 250 MB fixed partition and 250 MB of free space.
305
Switch [parameters]
Details
-sz[parameter]
Examples
Function Run in text mode instead of GUI mode. To use this switch,
all settings must be specified at the command-line.
Examples
rdeploy -md -f[filename] -text
or
rdeploy -mu -f[filename] -text
306
Switch [parameters]
Details
-threshold:[n]
Function This option applies only to the Restore and Send (-mdb)
mode. We have found that when using a small number of clients, it is
faster to perform individual downloads on each client than it is to
multicast to all of them. There is a point where it becomes more
efficient to multicast than it is to perform individual downloads. This
threshold is where it becomes faster to multicast than to do
individual downloads and can be specified by the -threshold:[n]
command line parameter.
Depending upon the network environment, this number may vary.
You should perform a few tests to pick a good threshold value for
your network. It may be a small number, like four, or it could be much
larger, like 15.
Once you have found this threshold value, you can specify this
number on the command line and then RapiDeploy will, depending on
the number of clients that connect, have them do individual
downloads or have them multicast.
The number [n] specifies the minimum number of clients that will
need to connect to the master in order for it to multicast. For example,
if you specify -threshold=5, and four or fewer clients connect to
the master PC, it will have them all do individual downloads of the
image. If five or more clients connect to that master, it will multicast
to them.
This becomes more important when multicasting across subnets with
a router that doesn't support multicasting. If you start one master and
nine clients (10 PC's total), three of which are on one side of the router
and seven of which are on the other side, RapiDeploy will detect that
there are only three on one side of the router and do individual
downloads to them. It will also detect that seven are on the other side
and multicast to them. RapiDeploy does all of this automatically. All
you must supply is the threshold value to let RapiDeploy determine
when it should multicast or not.
Example
Suppose you have determined that the threshold value for your
network is five. In other words, you have found that multicasting from
one master to five or more clients is faster than doing individual
downloads to those clients and the master. You could then specify the
following threshold value on the command line:
rdeploy -mdb -f[filename] -s9 -threshold:5
See also -m[mode], -f[path & file name], -s[number of Client PCs]
-ve:[31.34]
type
rdeploy -ve:31
-w[n]
-x
minutes to wait for Client PCs to connect. If all Client PCs connect, it
will start right away.
Default: 5 minutes (or until the specified number of Client PCs is
connected).
Example To set the timeout to wait for PC Clients to 10 minutes, type
rdeploy -w10 -mdb -f[filename] -s9
See also -m[mode], -s[number of Client PCs]
setting will automatically be set if the image file name specified by the
307
Using SIDgen
You can combine this switch with any of the other switches.
Using SIDgen
When you download an image to Windows computers in a domain, you will need to generate unique
security IDs (SIDs) for each one. To accomplish this, RapiDeploy uses the Altiris SIDgen utility, a
native 32-bit security attribute modification utility that works on Windows NT 4.0 and Windows
2000/XP/2003 workstations and servers (including Primary and Backup Domain Controllers). The
SIDgen executable is located in your RapiDeploy program directory. Deployment Agent
(aclient.exe), assuming it is included in the image, runs SIDgen behind the scenes for you if you
select Change the Windows Security ID (SID).
Note SIDgen uses the NT/2000/XP/2003 System Account to make security ID changes. If you have
Include SIDgen in an image if you want to change the SID every time you image the computer
and apply configuration changes. (If you want to include it in an image but you dont want to run
SIDgen each time you run the imaging event, you will have to use ImageExplorer to exclude the
image file after you run the event the first time.)
Use Copy File to Computers on the Deployment Windows Console to copy the program to the
computers in the same folder as the Deployment Agent (aclient.exe).
Install sidgen.exe automatically when you install Deployment Agent (see Using SIDgen on
page 309).
To determine the best option for you, consider how often you will need to change SIDs.
308
Using SIDgen
When SIDgen is on the computers, it can be run as needed using a simple script file.
For Windows NT, click the Performance tab. For Windows 2000, click Advanced > Performance
Options.
In the Registry Size box, make sure the Maximum Registry Size is at least double Current
Registry Size.
Using SIDgen
You can change a SID every time you image a computer. You can also run SIDgen from the
command-line. For a list of SIDgen command-line parameters, see To run SIDgen from the
Command-line on page 309.
To change a SID every time you image a computer
1
When you install aclient.exe on the computer, select Enable Changing of Security ID on the Altiris
Client install screen.
Altiris SIDgen utility. This utility is the most thorough way to change SIDs because it
searches all registry entries and NTFS file system security permissions. Because of this, it
takes longer for the program to run (unless you choose not to check NTFS permissions).
Microsoft SysPrep utility. This utility changes the basic SID options. It is not provided by
Altiris.
Both utilities. Use both utilities if you want to use SysPrep to change the basic SID options
and SIDgen to make in-depth changes.
If you are using SIDgen and you dont want to check NTFS permissions, deselect the box.
Note If permissions are not checked, file restrictions set on the local computer will not be carried
forward. Access rights will have to be reset manually.
Click Next to complete the install. aclient.exe and SIDgen.exe are copied to the directory you
specified on the Client PC.
Note SIDgen will run on the computer each time it is imaged and new configuration settings are
applied. If you do only one of the tasks (deploy an image without reconfiguring or reconfigure
without imaging), SIDgen will not run. After running SIDgen, you should back up the registry
files to save the configuration changes.
309
Using SIDgen
Switch [parameters]
Function
/clean
/data:[sync filename]
/install
/log:[log filename]
/name:[new name]
Changes the computer name along with the SID. (If the [new name]
portion is omitted, you will be prompted upon execution of the utility.)
/nofs
/remove
/start
/verbose
If you are running the Deployment Console on a Win NT/2000/XP/2003 computer with access
to the domain server, and you have rights to create computer accounts on the primary domain
controller (PDC), the console will manage SIDs in the domain for you. Follow the steps in Set A.
If one of these criteria is not met, the Deployment Windows Console cannot manage the domain
for you, so you will have to enter the information manually. Follow the steps in Set B.
310
Set A
1
Boot all imaged workstations. They should launch SIDgen to change their SIDs. You are
prompted for the computer name on each computer. When complete, the computers should
reboot and connect into the domain normally.
Set B
1
From the PDC, remove the workstations domain database entry, and then add all the computer
names that will be specified in Step 6.
Boot all imaged workstations. They should launch SIDgen to change their SIDs. You are
prompted for the computer name of each computer. When complete, the computers should
reboot and connect into the domain normally.
Create a synchronization file in a network shared location or on a floppy disk by running SIDgen
on the PDC (for example, type sidgen /data:a:\pdc.dat).
When the PDCs SID has been changed, run SIDgen on the BDCs, using the synchronization file
that you created in Step 1.
The utility detects whether to read or write this file based on the role of the computer.
To change all occurrences of the old domain, run SIDgen on all workstations installed into the
domain, specifying the same synchronization file created in Step 1.
If your system does not meet the criteria specified in Scenario 2, go to the PDC and remove and readd any domain members whose SIDs have been replaced. You can also add the /name parameter to
any of these steps to change the computer names of these computers during this process.
311
Sample Partitions
Partitions
Partitions
Partitions
Partitions
recognized by recognized by recognized by recognized by
Win 98
WIN NT
WIN 2000
FIRM
Embedded BootWorks
partition (always drive
W:)
FAT 32
FAT 16
NTFS
EXT2/EXT3
*Drive letters are assigned according to where the drives physically reside on the disk.
FIRM uses the following logic to determine which type of drive to use:
Running FIRM
To run FIRM
1
Put the disk containing FIRM.EXE into drive a:, or log into the server where the program files
are located.
312
Using FIRM
Drive designations Because FIRM and DOS recognize drives differently, they might assign
different letters to the same drive. So, for some commands you must specify the drive type in
addition to the drive letter.
Drive types are: d (DOS drive), and f (FIRM drive).
Tokens You can use a token in place of a drive letter wherever one is required. Tokens are just
another way of accessing a drive on the partition. FIRM replaces tokens with the appropriate drive
letter.
FIRM Options
Option
Function
*, ?
one character.
Examples
firm delete auto:\*.bat
firm delete auto:\autoexec?.bat
-q
-force
-recurse
313
FIRM Tokens
Token
Function
auto
prod
Function Used in place of the production partition letter (for example, firm c:
drive).
Examples
To copy backup files from the production partition c: to the BootWorks partition,
type
firm copy prod:\backup.lst auto:\backup.lst
temp
Command
Options
drives
Function Gets a list of all partitions/drives. Shows the file system and FIRM
drive letters. Also shows the percentage of the drive used by the partition.
type
Function Sees the contents of an ascii text file. (Other file types dont display
correctly.)
314
Command
Options
copy
To copy an autoexec.bat file from DOS drive C: to the BootWorks partition, type
firm copy dc:\autoexec.bat auto:\autoexec.bat
To copy backup files from the production partition to the BootWorks partition,
type
firm copy prod:\backup.lst auto:\backup.lst
To copy an autoexec.bat file from DOS drive c: to FIRM drive c:, type
firm copy dc:\autoexec.bat fc:\autoexec.bat
dir
Dont include a filename or you will get an error. The drive type is optional.
Examples
or, type
firm dir auto:\
(This shows the same results as dos: dir c:\ when running in BootWorks.)
When you are in the BootWorks partition, you can get a list of the contents of the
TEMP directory on DOS drive c: by typing
firm dir auto:\temp
To see a list of files and directories in the Windows system directory, type
firm dir prod:\windows\system
delete
Always use the full path when deleting a file. You can also use tokens.
Examples
To delete the file foo.txt from a directory on DOS drive d:, type
firm delete dd:\mydir\foo.txt
315
Command
Options
backupreg
restorereg
316
Troubleshooting RapiDeploy
Command
Options
backuplist
Troubleshooting RapiDeploy
If you an encounter an error, the event is recorded in the rd.log file (a text file located in the
RapiDeploy application folder). View the log file for details about your error and information that
can help you solve the error.
317
Chapter 17:
Altiris ImageExplorer
The Altiris ImageExplorer provides features to view and edit image files. Image files are created
using the RapiDeploy utility, a tool used most commonly in Deployment Solution to create and
distribute hard disk image files, an IMG or EXE file containing a replication of the source
computers hard disk.
Using ImageExplorer, you can modify an image file add or delete data files, folders and
applications before distributing and restoring its contents to a client computer. You can view
properties and perform operations, such as extracting and saving files to another destination volume,
or exclude files from being restored when distributing the image file to a client computer. You can
also print the contents of a folder or edit a file using its associated application.
See also: Using ImageExplorer (page 321)
ImageExplorer Features
Convert images
Exclude (or include) volumes, folders, and files from being restored
Replace files
Split images
Click the ImageExplorer icon on the toolbar or click Tools > ImageExplorer. This
opens the ImgExpl.exe program located in the Deployment Share.
You can open and edit image files in the native IMG file type or image files with
packaged rdeploy.exe runtime versions in an EXE file type.
Altiris ImageExplorer provides the following features to view, manage, and modify the volume,
folder, and file elements of an image file.
318
Feature
Description
Add File
Button
Access
Option 1: Ctrl-A
Option 2: Click Edit >
Add File
Option 3: Right-click
an item and select Add
File
Add Folder
Option 1: Ctrl-D
Option 2: Click Edit >
Add Folder
Option 3: Right-click
an item and select Add
Folder
Convert Image
Copy
Create Image
Index
Exclude
Extract
Find
Option 1: Ctrl-T
Option 2: Click File >
Convert Image
Option 1: Ctrl-C
or
Copy
or
Option 3: Right-click
an item and select Copy
Option 1: Ctrl-I
Option 2: Click File >
Create Image Index
Option 1: Del key
or
Exclude
or
Option 3: Right-click a
file and select Exclude
File(s)
Option 1: Ctrl-E
or
Extract
or
Option 3: Right-click
an item and select
Extract File(s)
Option 1: Ctrl-F
or
Find
Option 3: Right-click a
container object and
select Find
319
Feature
Description
Include
Make SelfExtracting
Open File
(available for
files)
Button
Access
Option 1: Insert key
or
Include
or
Option 3: Right-click
an excluded item and
select Include
Option 1: Ctrl-M
Option 2: Click File >
Make Self-Extracting
Option 1: Double-click
or
Open
or
Option 3: Right-click
the file and select Open
Open File with
Paste
Option 1: Double-click
(if not associated)
or
Open with
or
Option 3: Right-click
the file and select Open
with
Option 1: Ctrl-O
or
Open
Option 1: Ctrl-V
or
Paste
or
Option 3: Right-click
an item and select Paste
Print
Option 1: Ctrl-P
or
or
Option 3: Right-click
an item and select Print
320
Using ImageExplorer
Feature
Description
Properties
Button
Access
Option 1: Alt-Enter
or
Properties
or
Option 3: Right-click
an item and select
Properties
Replace Files
(available for
files)
Option 1: Ctrl-L
or
Replace
or
Option 3: Right-click a
file and select Replace
File(s)
Revert
(available for
files)
Option 1: Ctrl-R
or
Revert
or
Option 3: Right-click
an item and select
Revert File(s)
Split Image
Option 1: Ctrl-S
Option 2: Click File >
Split Image
Using ImageExplorer
With the ImageExplorer running, open the image file you want to view or modify by selecting Files
> Open from the program menu bar.
Note: Older image files created with IBMaster.exe instead of the current RDeploy.exe cannot be
modified with the version of ImageExplorer that ships with Deployment Solution 5.6 or higher.
However, image files created with IBMaster can be viewed and files can be extracted. The
ImageExplorer will always display the files created with IBMaster as Read-only even when the file
attributes are Read-write. To modify older image files you will need to use the version of Altiris
ImageExplorer that ships with the earlier versions of Deployment Solution.
See also: View Properties (page 321) , Add New Files (page 323) , and Extract a Folder (page 324) .
View Properties
After opening an image file with ImageExplorer, basic information about the image file and its
elements can be viewed by selecting a file or volume (partition) name and clicking Properties. You
can open the properties page for an image file, volume, or file by right-clicking and selecting
Properties, clicking File > Properties, or typing Alt-Enter. Depending on the type of image element, a
property page opens with the appropriate tabs:
321
Using ImageExplorer
You can modify the password of the image file in this dialog box.
Open a File
To open a file in an image, double-click the file in the Details pane of the ImageExplorer or rightclick and select Open. The file opens with its associated program. If no associated program is located,
an Open with dialog box displays, allowing the user to select and associate a program for the file.
Note: You can also associate a file with a program by right-clicking the file and selecting the Open
with
command.
The Quick open feature lets you select a default program to open files without associated programs
(Microsoft Notepad is the default program). You can change the default program for the Quick Open
feature by clicking View > Settings and editing the Open with program box.
See also: Print a File (page 327) and Settings (page 328) .
322
Using ImageExplorer
Click OK.
Right-click the preferred volume or folder in the image and select Add File. The Select Files to
dialog box displays.
add
Option 1:
Locate a file and click OK. The new file will now display in the image.
Option 2:
Drag a file from Windows Explorer to the selected folder or volume in an image file
displayed in ImageExplorer, or copy and paste the file. If the option is selected (see the Paste
/ Drop operations in the Settings (page 328) dialog box), a message box will appear
confirming your decision to copy a file to the image file.
Note: You can access and edit text files by double-clicking the file in the Details pane of the
ImageExplorer dialog box.
Convert an Image
The internal file format for images changed from file format 4 in Deployment Server version 5.5 and
earlier, to file format 6 in Deployment Server 5.6 or later. File format 6 has remained the same since
its release, but minor changes have been made to improve the overall format structure.
This feature lets you select any previously created image file and convert it to the current file format
that RapiDeploy uses today. If the file format changes in future releases of Deployment Server, when
you convert an image file, it will always be to the most current file format.
When converting image files, be aware of the following:
If an old image has an image index (.imx) file, then a new image index file is created.
If an old image file is a self-extracting image, the embedded RapiDeploy code is removed and
the image is restored to a .img file. You will not receive a message warning that the embedded
self-extracting code was removed.
If an old image has a password, the new image file created will not have a password. However,
the user will receive a message display indicating that the password has been removed.
File conversions may vary in length of time because ImageExplorer reads each segment in the
image before converting it to the new image file. If you have large files with many segments, this
process will take longer.
Field Definitions
Image File to Convert:
New Output Image File: Select a folder and filename for the image file you want to convert, based on
New segment size (MB): Select a size for image segments from the drop-down list. The list of options
includes default sizes for CDs, zip drives, and more. When a file segment reaches this limit, a new
segment is created until the entire image is converted.
Estimated segment count:
323
Using ImageExplorer
Click Browse to navigate to a folder. Enter a new filename for the converted image.
Click the drop-down arrow and select a segment size from the list.
Click OK.
Output Folder for Index (optional): If you do not select a folder for the index output, the .imx file is
created in the same folder as the image you selected to index.
Click OK.
Extract a Folder
Use this feature to take a folder or file from an image and save it to an external destination folder:
1
Click OK.
Select a folder in the image, right-click, and select Extract Folder. The Browse dialog box
displays.
Select a folder on your local disk or on the network to place the extracted folder.
Click OK.
Note: Extracting large amounts of data and large numbers of files can take several minutes.
324
Using ImageExplorer
Find Files
To search for files or folders in an image file, enter a string or characters (alpha and numeric) in the
Find what box. You can use the ? (question mark) as a variable for a single character, or use
the * (asterisk) for multiple characters.
To search for a file, select the image file, volume name, or folder name from the treeview to set a
search domain. You can change the search domain before clicking Find.
Field Definitions
Include folders:
Include files:
Files and folders meeting specified search criteria are listed in the results box, organized by File Name
and Location.
Filter Results
Click Filter on the Find Files dialog box to open an advanced search for files based on associated
system attributes (Read-only, Hidden, System) and ImageExplorer attributes (Added, Excluded,
Replaced).
Field Definitions
Find What: Enter the string or characters to find a file based on system attributes or ImageExplorer
attributes of the file or folder. Click Include matching files to select files. Click Include matching
folders to select folders.
Note: To search in a specific directory, select that directory in the treeview pane and open the Find
dialog box.
An empty box means the item must not contain the attribute.
A dimmed checkmark means the value is NULL and the item can either have the value or not.
These are the system attributes of the files assigned by the operating system when the
image was created.
Attributes:
Flags: These
325
Using ImageExplorer
This process make vary in length of time because ImageExplorer reads only the .img segment. If
your file is 2 GB, then the file will take more time than if the .img segment is 700 MB.
RapiDeploy and only the first segment of the image file (.img) are combined together to create the
executable that restores images. However, all other segments that make up the entire image,
including the index (.imx) are required when restoring an image.
See also: See Create an Image Index (page 324) .
Field Definitions
Current self-extractor type:
Keep original image file: Select this checkbox for ImageExplorer to make a self-extracting image file
without affecting the original image file.
Note: If you clear this checkbox and the Make Self-extracting process fails, then the original image
file may become damaged or corrupted, and you can no longer use the original image file to create
a self-extracting file.
Remove existing self-extractor: Use this option to remove the .exe code from a self extracting image.
The image file will return to its original state with a .img file extension. This option is only available
if the image file has self-extracting code, otherwise, this option is unavailable.
This mode uses the RapiDeploy graphical user interface to display the image files progress
while it is running.
DOS:
This is a text version user interface. You can view the progress bar at the bottom of
the client computers display while the image file is running.
Clear the Keep original image file if you want to make the original image file a self-extracting
image file.
Select the Change self-extractor type. See Field Definitions (page 326) .
Click OK. The self extracting file is created in the same directory as the original image file. If the
Not enough free space dialog displays, see Not Enough Free Space (page 326) .
What to print
326
subfolders.
Using ImageExplorer
Print only the files in the selected image, volume, or folder. This will not print the
This folder and subtree: Print the files in the image, volume, or folder and all the subfolders and files.
Print excluded items:
Print < . > entries: Print an entry in each folder identified as < . > (a dot notation). Attributes and date/
time properties will be saved for this hidden folder in the image file.
Fields to Print
Include modified date and time:
Include size:
Print the date and time that the file or folder was modified.
Include attributes: Print the Read-only, Archive, Hidden, System, or Compressed system attributes
(Read-only, System, Hidden) and the ImageExplorer attributes (Added, Excluded, Replaced).
Include file number:
Print Preview
View an online display of the print report for image files, volumes, or folders. The name of the report
will appear at the top of the page with details in a table that were selected in the Print Folder Contents
dialog box.
Field Definitions
Save:
Lines:
Print:
Print a File
From the ImageExplorer dialog box, you can select and print an actual file using its associated
program. If your file is not associated with a program, you can associate it by selecting from a
provided list of installed programs on the computer. You can also attempt a Quick print to open the
file using a standard program, such as NotePad.
Field Definitions
Quick print: Click this button to run a default program to open and print the selected file. The default
program is Microsoft Notepad. You can change the default program to print files using the Print With
program box in the Settings dialog box.
See also: Print Folder Contents (page 326) and Open a File (page 322) .
Change Password
Field Definitions
Current password:
New password:
327
Confirm password:
Using ImageExplorer
Type the password again to confirm that is was correctly typed in.
Settings
You can set preferences for the Altiris ImageExplorer by clicking View > Settings. The Settings
dialog box will open to set options to confirm specific operations using message boxes in the user
interface, to set options for displaying items or excluding items, or to select default programs when
using the Quick print (see Print a File (page 327) ) or Quick open (see Open a File (page 322) ) options.
Confirmations
Read-only Open operations: Present a confirmation message to the user when opening a file in a Read-
only state, and as a result any changes cannot be saved. Example: if an image file created in
RapiDeploy 4.5 or earlier is opened, it will be Read-only and any operation performed cannot be
saved. As a result, when opening this file a confirmation box will appear reminding the user that the
file cannot be saved.
File Revert operations: Present a confirmation message when executing a Revert operation that
returns the image file to its original file structure and content after replacing files.
Exclude operations: Present a confirmation message to the user when assigning the Exclude option
to a file (to not distribute the selected file as part of the image). This message will appear when
clicking the checkbox on the file or folder or selecting the Exclude operation.
Display Settings
Select to keep open help file on top of the ImageExplorer user interface. This lets
you view the help side-by-side with the program rather than allowing it to be sent behind the
ImageExplorer user interface.
Show file numbers: Display the associated file numbers in the image. In NTFS the files are numbered
automatically. In FAT, EXT2, EXT3, and other file systems the files are numbered by RapiDeploy
when creating the image file.
Show excluded items: Display the files marked as Excluded in the image. Files will be shown after a
refreshing the screen.
Extract excluded items: Allow the Excluded files and folders to be extracted from the image file to a
destination folder. This setting lets you include all files previously marked as Excluded to be saved
to an external destination folder when running the Extract command.
Color added items: Select this option to mark files/folders added to the image with blue text. See Add
Color replaced items: Select this option to mark files/folders replaced to the image with magenta text.
Color excluded items: Select this option to mark files and folders added to the image with red text.
See Exclude (page 319) .
Open with
328
Using ImageExplorer
Set the default program to run with a selected file. The default program is
Microsoft Notepad. See Open a File (page 322) .
Print with program: Set the default program to print a selected file. The default program is Microsoft
Split Image
This feature lets you select an image file to split (rewrite) into a new image file based on the segment
size you select. While Convert an Image (page 323) changes the file format of an image to be the
current format used by RapiDeploy, split an image keeps the format of the original image but
changes the size of its segments.
Example: If you have a 2 GB image file, and you wanted to split the image so it could fit on CDs,
then you could select 650 MB or 700 MB as the new segment size and the result would be 1 image
file with multiple segments. You could then copy the segments to CDs and use them to restore the
image file at client computers.
When splitting image files, be aware of the following:
If the old image is an old format image (IBMaster 4.5 or earlier), then the image cannot be split
but will be converted instead. If this occurs, a message displays to verify this is what you want
to do. If you proceed, all the principles of Convert and Image apply.
If an old image has an image index (.imx) file, then a new image index file is created.
If an old image file is a self-extracting image, the embedded RapiDeploy code remains, and the
new image will contain the same version of RapiDeploy as when it was originally created.
However, if the image is an old format image (IBMaster 4.5 or earlier), then the image cannot be
split but will be converted instead. If you proceed, the self-extracting code is removed.
If an old image has a password, the new image file will have the same password. However, if the
old image is an old format image (IBMaster 4.5 or earlier), then the image cannot be split but
will be converted instead. If you proceed, the password is removed.
Field Definitions
Image File to Split:
a folder and filename for the image file you want to split.
New segment size (MB): Select a size for image segments from the drop-down list. The list of options
includes default sizes for CDs, zip drives, and more. When a file segment reaches this limit, a new
segment is created until the entire image is split.
Estimated segment count:
The estimated number of segments in the file you selected to split, based
Click Browse to navigate to a folder, and enter a new filename for the image.
Click the drop-down arrow, and select a segment size from the list.
Click OK.
329
Switches
Options
-lang <lang code>: *specify the Language code for the user interface.
-silent: *do not display confirmation or errors.
-password <pwd>: *passwords for image files being opened.
-overwrite: when in silent mode, do not confirm actions.
-size <size in MB>: size of the new image segment in MB.
* Indicates the options that can be used with any command.
Open two image files that each have different passwords, password and sales.
Add all *.txt files in e:\to the temp folder of the volume in slot 1 of w2k.img.
330
Extract kernal.dll from the Windows folder of the volume sys in w2k.img to e:\dump.
Convert the old format image file, w2k.img, to the new image, new2k.img, in 650 MB segments.
331
332
Chapter 18:
The web console for Deployment Solution provides standard Computers, Jobs, and Details panes to
view computer icons and properties, perform remote operations, schedule deployment jobs, and
identify the state and status of computers in your system. See Deployment Web Console Basics
on page 334.
Deployment from the Altiris Console lets you manage and generate reports across multiple
Deployment Server systems and integrate additional web applications available in the client and
server management suites, including Inventory, Software Delivery, Recovery, HelpDesk, and
Application Metering solutions. Deployment from the Altiris Console lets you generate enterprisewide reports that track deployment resources and integrate features such as Package Servers for
location-sensitive software distribution. Notification Server also provides collection features to
group computers by defined criteria. See Deployment from the Altiris Console on page 348.
The Deployment Console is a Windows-based console with complete deployment and management
features, including remote control, security, PXE server configuration, image editing, and other
deployment utilities and features. To launch the Deployment Server Console, double-click the icon
on the desktop or click Programs > Altiris > Deployment Solution > Console. See the Deployment
Server Help and Deployment Reference Guide for additional information.
333
The Deployment Web Console also provides features and functionality to integrate with Microsofts
Automated Deployment Services (ADS). See Automated Deployment Services (ADS) on
page 348.
See Basic Tasks from the Deployment Web Console on page 336 for steps to manage and deploy
computer devices from the Deployment Web Console.
Apply. Click to apply settings, properties or names. You will remain on the current page
Cancel.
Click to cancel out of an action or delete a property or name. You will remain
on the current page after clicking the Cancel button.
New. Click to add new items or objects within a group, such as new computer accounts
or conditions sets.
New Computer.
New Job.
Up/Down arrows. Click to change the order of items in a list. Example: the order of tasks
in a deployment job.
Task User Passwords. Click to change the users task password on multiple Deployment
servers. Users then have access to the job tasks: Copy file to, Distribute Software, Run
Script, Distribute Personality, and Capture personality.
Find.
Click to find or filter selected computers in a group or jobs in a folder. You can
also filter computers by operating system or jobs by task types.
Go.
Delete.
Deployment Web Console options. Click to set these features set properties for the
Deployment Web Console and the ADS features.
334
Like all Deployment consoles, the Deployment Web Console is divided into several panes to
organize computers, deployment jobs, software packages and scripts. It gives you a graphical view
of your network and provides features to build jobs, store and access jobs and packages, and report
the status and state of all of your computer resources.
Computers pane
From the Computers pane, you can traverse multiple Deployment Server systems and navigate the
treeview of each system to select computers or computer groups. You can then view Computer
Details, run Remote Operations, or Assigning and Scheduling Jobs for each selected computer or
group. Elements of each group are displayed in the Details pane with features to view properties and
run management tasks.
By drilling down into a selected Deployment Server system, you can view and select New
Computers and other computer groups defined for your organization. When running Deployment
from the Altiris Console, you can also identify managed computers within the Altiris Console
Collections created by Notification Server. These collections identify only managed computers with
the Deployment Agent installed, displaying computers by operating system, computer model, type,
or other properties. You can now manage computers by defined groups or filtered by client type.
When a computer or group is selected, the Details pane shows a list of computers in the group and
gives basic information about each computer. The Find detail bar appears in the Details pane to filter
computers by a set criteria. When a computer is selected, you can view the computer status in the
Details pane, including a list of jobs that have run or are scheduled to run on the computer and the
status of each job. See Managing Computers from the Deployment Web Console on page 358 for
complete information about organizing computers, running remote operations, and viewing
properties from the Computers pane.
Jobs pane
Use the Jobs pane to create and build jobs with specified deployment tasks. You can then organize
the job objects using the New job folder command from the Select Action list. Jobs in one
Deployment Server group can be scheduled to computers in another Deployment group, where they
will be replicated to the source Deployment Server. Jobs can also be replicated directly to another
system using the Move job command in the Details pane.
From the Jobs pane you can schedule and execute deployment jobs such as creating images,
deploying computers, changing configurations, or installing software. Once a job is created, you can
change it by adding, modifying, or deleting tasks. Jobs can be run immediately, scheduled to run a
335
particular time, or saved for a later time. See Scheduling Jobs from the Deployment Web Console
on page 373 for complete information about setting up, importing, and managing computers from
the Jobs pane.
Jobs are organized by Deployment Servers, listing all of the job folders and individual jobs for a
specific site under the name of the managing Deployment Server. When a job is selected, the Details
pane displays a list of jobs in the folder and provides basic information about each job object, such
as its state, status, and task list. It also shows the computers or computer groups to which the job is
assigned.
Details pane
The Details pane is the right-hand pane in the Deployment Web Console. It extends the user interface
features when working in the Computers or Jobs panes.
When you select Deployment Servers in the Computers pane, the Details pane lists all associated
Deployment Server in your organization and displays links to access the computers and jobs for
that site. When you select a specific Deployment Server, all computers and computer groups for
that system will be displayed.
When you select a Deployment Server in the list, the computer groups and managed computers
for that system is displayed.
When you select a job icon in the Jobs pane, the Details pane displays information about the job
to set up conditions, order tasks, and add, modify, or remove tasks.
The Deployment Web Console will open with the following console options.
Clear the computer and job selections after scheduling. Select this option to clear selected computers
or computer groups and the associated jobs assigned to them.
Prompt before performing operations. Verify actions to the user before scheduling jobs or performing
other operations.
Show physical devices. Display blade servers as Rack/Enclosure/Bay objects in the Computer pane.
336
Click a Deployment Server or other computer group in the Computers pane. In the Details pane,
the computers and computer groups will be listed. Select the managed computers to then select
the checkbox for specific computers.
The computer(s) will appear as a Selected Computer.
From the Selected Computers list, select an action to perform on the managed computer. See
Remote Operations on page 370 for a list of provided management actions.
Depending on the selected action, a secondary page may open to run the operation. Set the
appropriate values and click OK.
The selected operation will run on the managed computers.
From the Deployment Web Console, in the Computers pane, click a Deployment Server name. A list
of client computers and groups are displayed in the Details pane.
Select the checkbox next to the computer whose connection you want to reject.
Click the Computer actions drop-down list, and select Reject Connection.
Click a Deployment Server or another computer group in the Computers pane. Then select the
checkbox for specific computers or computer groups in the Details pane. The computer will
appear as a Selected Computer.
Click a job folder in the Jobs pane. Then select the checkbox for one or more jobs in the Details
pane. The job(s) will appear as a Selected Job.
.
To clear the computers or jobs and reselect, click the clear button.
Click the Run Now or Schedule buttons to run the selected jobs on the selected computers.
Secondary pages will open to set scheduling values.
337
Scheduling Jobs
After selecting computers or computer groups and assigning jobs, you can now select to run the job
immediately or schedule it for another time. See Scheduling Jobs on page 338.
Global
Set global options for the Deployment Server system.
Synchronize display names with windows computer names. Automatically updates the display name of
the managed computer names in the web console when the managed computer name changes. If this
option is not selected, changes to computer names will not be reflected in the web console.
Synchronization option is off by default. The computer names do not have to be synchronized for
the Deployment Server to manage the computer.
dynamically.
a static TCP port for file transfers to the clients or choose to assign it
The default value for static port is 0 and causes the server to use a dynamic port. This
setting is useful if you have a firewall and need to use a specific port rather than a dynamically
assigned port. The transfer port range is 1 to 2147483647.
Static Port.
Remote control ports. You can specify the two ports; Port 1 and Port 2 by selecting the Remote control
ports checkbox. By default the checkbox for Remote control ports will be clear and dynamic port will
be used while remote controlling. If the Port 1 is already in use then Port 2 will be used for remote
control. The remote control port ranges from 0 to 65535.
338
Primary lookup key. Specifies the lookup key type used to associate a new computer with a managed
computer. Click the drop-down arrow and select Serial Number (SMBIOS), Asset Tag (SMBIOS), UUID
(SMBIOS), or MAC Address from the list.
Speed. This is the file transfer speed between the Deployment Server and client computers. Click the
Change Sysprep Settings. Enter the global Sysprep values that you want to use when creating or
distributing disk images. Click Change Sysprep Settings to view the Sysprep Settings dialog box.
See SysPrep Settings on page 339.
SysPrep Settings
Computer Information tab
Computer Name. This is a token value that will be replaced with information read from the
Deployment database when an image is created. If this field is modified, the Suffix and Current Suffix
fields are reset to zero.
Suffix.
Current Suffix.
In the Licensing Information area, specify the user and organization name. You can provide the
licensing mode by selecting the number of concurrent connections per server or per seat.
Per Server. Per Server indicates that the end user purchased client access licenses for each server,
which allows a certain number of concurrent connections to the server.
Per Seat. Per Seat indicates that the end user has purchased a client access license for each computer
Maintenance
Retry failed imaging jobs immediately. Immediately retry a failed image deployment job. The program
will continue to retry until the job succeeds or until the job is cancelled.
Delete History older than _____ days. Specify the number of days an entry is kept in the history until
it is deleted. If the number of days is set to 0, then no entries are kept in the history. If this option is
not selected, log entries will remain in the history.
339
Agent Settings
Use the Agent Settings tab to control the default agent settings for new computers. These default
settings are applied only for new client computers that have never connected to the Deployment
Server and have no information stored in the Deployment Database.
Production Agent Settings
Force new Production agents to take these default settings.
Modify default settings. Click this link to change Deployment Agent Settings for Windows and Linux
systems.
new client computers until you can change the settings using the Deployment Console.
Server Connection
Connect directly to this Deployment Sever. Select this option so that the client receiving the
Deployment Agent will connect to the Deployment Server you selected to configure.
Address/Hostname.
Port.
Enable key-based authentication to Deployment Server. Select this option to valid the client computers
that are trying to connect to the Deployment Server. This helps keep rogue computers from
connecting to unauthorized Deployment Servers.
Key file.
Enter or browse to an authorized key. The client computer checks the Deployment Server
authentication key and if a match is made, the client connection is allowed.
Discover Deployment Server using TCP/IP multicast. Managed computers can use the multicast
address if they are on the same segment as the Deployment Server or if multicast is enabled on the
network routers. Ensure that the multicast address and port match those set up on the Deployment
Server. Try using defaults on both the client and Deployment Server if you are having problems
connecting.
Managed computers should use the Deployment Server IP address if multicasting is disabled on the
network routers or if they are not on the same network segment as the Deployment Server. The port
number must match the number set on the Deployment Server. Otherwise, your clients will not be
able to connect.
Server Name.
Port.
Enter the NetBIOS name of the computer running the Deployment Server.
340
TTL. Specifies the number of routers the multicast request is allowed to pass through.Change this
setting if you need to find a Deployment Server that is more than 32 routers away (default setting)
or if to restrict the search to a smaller number of routers, making it easier to find the closest
Deployment Server.
Refresh connection after idle. Select the Refresh connection after idle checkbox and then set the
refresh time by seconds, minutes, hours, or days. The Deployment Server will close the connection
after the specified time and immediately try to re-open the connection. This will force clients to
realize the network is down.
The default checking is of 28800 seconds or 8 hours. It is recommend keeping this setting above
28800. Do not set this option too low--reconnecting to the Deployment Server increases bandwidth
when connecting. If this option is set too low you can run into problems where it takes longer for
your clients to connect than to refresh their connections.
Abort files transfers if the rate is slower than. Preserve bandwidth on slower connections by
selecting this option, which will save bandwidth when running deployment tasks on slower
connections.
Access
Set these commands to control how the client handles requests from the server.
Allow this computer to be remotely controlled. Select to allow the administrator to remote control the
selected computer. The default setting is to NOT allow the computer to be remote controlled.
Select for the user to be prompted before running the Remote Control commands.
You can set a default time before running or aborting the commands. Select the time for the user to
respond and then either continue with the operation or abort the operation.
Time to wait for response. If
one of the Prompt the user before performing actions is selected and the
user is not at the computer to respond, you need to decide whether to continue or abort. Select the
amount of time you want to wait for a response, and then select one of the following:
Select when the Deployment Server is denied access to the Deployment Agent. Select the days and then
set the start and end times when access to the Deployment Agent is denied.
Security
This page lets you secure data between the Deployment Server and the Deployment Agent, or to set
a password so that the user on the client computer can only view and modify the User Properties of
the Altiris Client Settings on the managed computer.
Select to allow encryption from this
managed client computer to the Deployment Server. This allows encrypted data transmissions
between the Deployment Server and the Deployment Agent on the client computer. If selected, then
the client computer can connect (but is not required to connect) using encryption.
Encrypt session communication with Deployment Server.
341
To enable encryption protocols, you must open the Deployment Configuration tool (Start > Programs
> Altiris > Deployment Server > Deployment Configuration tool), and select the Transport tab. Select the
Allow encrypted sessions with the servers checkbox to allow Deployment Server to transmit using
encryption protocols.
Require encrypted sessions with the servers. Select to require encryption between the managed client
computer and the Deployment Server. If this option is selected and the option to allow encryption in
the Deployment Configuration tool is not selected, then the Deployment Server will not
communicate with the Altiris Client on the managed client computer.
Note: Selecting encryption options will slow down the communication path between Deployment
Agent for Windows and the Deployment Server, so do not use encryption unless it is necessary for
high security environments.
Select the Edit Password button to change the password settings for users trying to access the
Admin properties.
Hide client tray icon. Select to hide the Altiris Client icon in the system tray of the managed computer.
If you hide the icon then you will be required to run AClient.exe -admin to view and modify the
complete administration properties from the managed client computer.
Log File
The Log File property page controls how data is logged and saved in a Deployment Server system,
allowing you to save different types and levels of information to the log files. You can save a text
file with log errors, informational errors, and debugging data using this dialog box.
If the log exceeds the specified size then older data will be dropped from the files. You can maximize
the size of the log file to save all selected data.
Save log information to a text file.
File name. Enter the name and path of the log file. The default is to save the log file to the \Program
Files\Altiris\AClient\AClient.log file.
Maximum size.
Log errors.
Select this option to save only the errors returned when running a job or operation
between the Deployment Server and the Deployment Agent.
computer.
Select this option to save a list of procedural steps run on the client
Log debugging information. Select this option to list comprehensive debugging information in the text
file.
Use this tab to save the Deployment Agent for Windows log file. By default, the option Save log
information to a text file is cleared. Select it to enter a file name for the log and the maximum size for
the log file.
Note: If the log exceeds the specified size then older data will be dropped from the files, so it is
recommended to provide maximum file size.
Proxy
Typically, remote networks on the other side of a router or switch cannot receive multicast or Wake
On LAN packets from the Deployment Server. Setting the managed computer as a proxy client
computer will forward or re-create the multicast packets. A managed client computer set up as a
multicast proxy will simply act as a Deployment Server and advertise the servers name and IP
address through multicasting. Or you can set the managed computer as a proxy to send Wake On
LAN packets.
342
Set these options to control how the managed computer will act as a proxy agent, identifying the type
of traffic this managed computer will forward from the server.
Foward Wake-On-LAN packets.
packages.
Forward Deployment Server multicast packets. Select if you want to advertise the Deployment Server
to client computers on another LAN segment or if the client computer is on the other side of the
router.
Send multicast advertisement every. Set the time by seconds, minutes, hours, or days for managed
computers send multicast advertisement.
Startup/Shutdown
Delay starting jobs after system startup. Set the time by seconds, minutes, hours, or days for managed
Specify the Windows boot drive. Specify the drive that the client computer will boot from. The default
is C:
Force all programs to close when shutting down. Select this option to shut down applications when
using Power Control features. The user will still be prompted to Abort or Continue the shutdown.
Synchronize date/time with Deployment Server. Select this option to synchronize the system clock of
managed computers with the time of the Deployment Server.
Prompt for a boot disk when performing automation jobs.
Advanced
Disabled direct disk access for Deployment Agent for DOS (BootWorks) communication.
Select this
settings
Drive Mappings
Set drive mappings used by the Automation Agents to access hard disk image files and other
packages from a specified network drive. It is required that the F Drive be mapped to the Deployment
Share. You can also map other file server directories when storing large numbers of image files or
deployment packages.
Drive.
Note: You must select a shared folder in this field. From the browse window you are allowed to
select any type of folder, but the Automation Agents can only map and access files from a shared
folder.
Path.
343
Authentication
Enter the login credentials that Automation requires to map network drives. The associated
credentials for each network drive must have the appropriate rights for the Automation Agents to
access files.
Domain/Workgroup. Enter the name of the Domain or Workgroup of the user that the Automation
Agents will log on to map the network drives.
User name. Enter the user name that the Automation Agents will use to log on so they can map to the
Password.
Network
These settings allow you to match the IP address with the computer name, as maintained in the
LMHosts file in automation partition.
1
Enter the IP Address. You can click Lookup IP and the IP address field will automatically fill in
the IP address of the computer you entered in the Computer Name field.
Click Apply.
Security
This features lets you enable or disable security for the Deployment Server. You can also add local
users and local groups, import both Active Directory users and groups, and then assign rights for
users to perform Deployment Solution operations.
Use the Security tab to provide enable/disable security and to add local users and local groups. You
can also import both Active Directory users and groups and assign rights to all of them. You can
create users and groups and set scope-based rights.
Enabling Security
You can enable security by first creating a user with Administrative rights or selecting a user who
belongs to a group having Administrative rights, and then selecting Enable Security.
To enable security
1
Click the Deployment Servers link in the Computers pane. This displays a list of all available
Deployment servers appears in the Details pane.
Select or click the specific Deployment server in the Details pane to view the Deployment Server
Options page.
Click New User to add new user information. Type the user details.
Note: The first user automatically gets the administrative rights. Any subsequent users will have
You can also import new users from the Active Directory. See Importing user groups from
Active Directory on page 345.
5
Click Membership to view the membership groups and all available groups.
344
Now that you are an administrator, select the Enable Security checkbox. Security is now enabled.
You can now create users and groups and assign permissions to computer groups and job folders.
Click Import User on the toolbar to view the Import Active Directory User page.
Add users from Active Directory (not groups) by providing the user names and domain to which
they belong. The users will be added to the Deployment Database.
Notes:
If you add Active Directory Syntax name, such as sam@abc.com, then the field Domain name
will become disabled. No default group membership is applied nor any default rights are applied
unless this is the first user that you have imported. However, you still need to assign the users to
security groups with appropriate rights and permissions.
When logging on with the imported AD account, Deployment Web Console will access the
Windows Active Directory server to validate the user password.
Membership Groups
Assign the user to previously created groups. If enabling security, you can assign the user to a group
with Administrative rights.
1
Enter a name for the group and a description, and click Apply.
Click Import Group on the toolbar to view the Import AD Group page.
Add groups from Active Directory by providing the group names and domain to which they
belong. The groups will be added to the Deployment Database.
DS Authentication
If the user is already in the DS database, and it tries to access the Deployment Server Console, then
DS checks the authentication with the logged on user, and upon matching doesn't prompt for user
credentials. Similarly, if a group has already been added in the DS database, and any user who is a
part of the group tries to access the Deployment Server Console, then DS doesn't prompt for
credentials. This method of authentication is the same for AD user and AD group also.
Rights
Rights allow you to set general rights for a user or group. To verify, add or change the rights assigned
to each console user, use the following steps:
1
After selecting all applicable rights, click Apply to save your changes.
A brief explanation of each deployment server right that can be assigned is detailed below:
345
Description of Rights
Administrator
Options Console
Options Global
Options RapiDeploy
Refresh Clients
Import/Export
Setting Permissions
Set permissions for jobs, job folders, computers, computer groups, and physical devices.
1
Select or click a specific Deployment server in the Details pane to view the Deployment Server
Options page.
Log on as a user with administrative privileges. A list of all computers belonging to the selected
Deployment Server is displayed.
Click a specific computer to view its property, inventory, and scheduled jobs status.
If you do not have administrator privileges, you cannot view Permissions option.
You can set permissions for all jobs and computers by clicking in the Jobs pane or Computers
pane without selecting a job or computer object.
A list of users or user groups is displayed. You can select a user or a group and grant permissions
accordingly.
Select the checkbox for the permission group to allow the permissions that you want to grant for
the selected user or user group.
Notes:
346
Administrators have access to all objects with unrestricted rights and permissions.
You cannot explicitly deny permissions to computer or job objects for users with administrator
rights.
9
Click Advanced to view the advanced options associated with the selected permission group. This
page contains Allow as well as Deny checkboxes. For information on evaluating permissions, see
Evaluate Permissions (page 347).
10
To assign permissions to multiple groups, click Apply permissions recursively to all child objects
to assign the permissions.
11
Notes:
If a user does not have the Schedule this job permission for a particular job, then the user
cannot schedule it. This is irrespective of any other privileges.
If a user has Schedule this task permission for a certain task and the user schedules the job, and
then the user modifies the job by adding another task, for which the schedule task permission is
not allowed, then the second task also gets executed. This is because the web console checks the
permissions only before scheduling the job, and not after the execution of the job.
Permission Rules
Permissions received through different sources may conflict with each other. The following
permission rules determine which permissions will be enforced:
Permissions cannot be used to deny the user with Administrator console rights access to use any
console objects or features.
Deny overrides Allow. When a user is associated with multiple groups, one group could be
allowed permission at a particular level while the other group is denied the same permission. In
this scenario, the permission to deny the privilege will be the one enforced.
Permissions do not flow down an object tree. Instead, the object in question looks in the current
location, and then up the tree for the first permission it can find, which is the one it will use.
If a Web Console user does not have permissions to run all of the tasks the job contains, the user will
not be allowed to run the job.
Evaluate Permissions
Identify the combined permissions of groups and containers with contrasting permissions. You can
identify effective permissions for each object by resolving any possible conflicts.
Permissions are represented in three different stages according to the state of the checkbox, which
is called tri-state checkbox. This tri-state displays a full check mark when all of the permissions in
the selected group are allowed. It displays a partial check mark (check mark with a grey background)
when at least one, but not all permissions in the selected group are allowed. And finally, it displays
no check mark if none of the permissions in the selected group are allowed.
You can evaluate permissions in three ways:
If none of the Allow or Deny options are selected for a permission associated with a subfolder,
then it inherits the options specified for the permission associated with its parent group. This type
of inheritance can be confirmed with the message that is displayed for the sub folder.
If a user group is associated with some permission, then the users belonging to that group inherits
the same permissions as that of the group. This is true only if none of the 'Allow' or 'Deny' options
are specified for a permission for that user.
The Deployment Web Console displays the simple as well as advanced options of granting
permissions. The simple option displays only the Allow column, whereas the Advanced option
displays both the Allow and Deny column. Security permissions are grouped together and
displayed as a single Permission group under Simple option. You can use the Advanced option
to view all the individual permissions that together form the Permission Group. This grouping of
permissions varies from object to object.
347
Example: a Modify permission for a job folder will contain different security permissions than a
Modify permission for a computer group. To view all the permissions related to a specific
permission group, select the checkbox for a specific permission, and then click Advanced to view the
individual permissions related to the selected permission group.
If you want to exclude a specific security permission, then click Advanced to view the individual
permissions related to the selected permission group. A list of all permission with Allow and Deny
checkboxes are displayed. Select the Deny checkbox or clear the Allow checkbox for the specific
security permission, and click Apply.
Logon
This option lets you set user credentials for the Deployment Server, but only if Role Base Security
is enabled for the server you selected. The user can then access the server through the Deployment
Web Console. If you want to change the Task Password for multiple Deployment Servers, select the
servers from the Details pane and click the Task Password icon on the toolbar.
Username.
Password.
Confirm Password.
Domain.
An ADS Controllers collection will appear in the Computer and Jobs pane.
3
In the Jobs pane, click ADS Controllers. Enter credentials and ADS paths as in step 4.
All of the ADS controllers, devices and job templates will be displayed. You can then manage
computer devices using standard ADS features.
Integrate with other IT solutions. Deploy and manage computers from the Deployment tab while
managing other aspects of your organization such as inventory reports, software delivery,
application management, remote control, patch management and other administration tasks.
Generate Reports.
From the Reports tab, create reports for all Deployment Servers computers
devices and deployment tasks across all sites. By setting polling intervals on the Altiris Agent
348
and the Deployment Server Agent, you can transmit data from the Deployment Database to the
Notification Database from which you can generate reports.
Organize using Deployment Collections. Computer devices can now be grouped on criteria such as
operating system, computer type, workstation or server, mobile computers, and other groupings.
Set Security. From the Configuration tab, set NS security to limit users from using the
Deployment tab. All other Deployment security is set from the Deployment Server Console (the
Windows console).
From the Tasks tab, open the Schedule Wizard to select computer
groups, assign jobs, and schedule jobs to run immediately or at a specified time.
Click Add Deployment Server in the Computers or Jobs action list, or click the New Server icon.
From the Deployment Servers page, type the name of an existing Deployment Server. This is
the computer name of the Deployment Server, in most cases.
Enter the Deployment servers port number if it is different than the default value.
Click Credentials. If Deployment Solution security is enabled for the Deployment Server, enter
a username, password, and Domain name.
Click Speed. Select the speed of the network connection for the Deployment Server from the
drop-down list.
349
Click Deployment Servers in the Computers pane. This displays the Deployment Servers available
in the Details pane.
Click one or more Deployment Servers that you want to change the task user passwords.
Enter the user information for all 4 fields on the page. Click Apply.
Select to enable communication between the Deployment Database and the Notification
Database.
Resynchronize all Deployment Server computers/tasks for this configuration. Click to completely
transmit all Deployment Server data to the Notification Database. For large Deployment Server
systems, this process can take several minutes and require large amounts of bandwidth. Use this
feature carefully.
Select the Deployment Server to configure. You can select all Deployment Servers or identify
an individual Deployment Server. The new agent configuration will appear in the list.
Select a Deployment Server. Select a polling interval for that Deployment Server from the list in
the Computer/Job Polling Interval box.
Role-based user name. Enter credentials if Deployment Solution security has been enabled using the
Select reports specific to Client Information, Job Information, Job Status, Server Information, or
Software Deliver Execution Status. A description of each report will appear in the Details pane
after it is selected.
350
simple install, where all Deployment Server components are on a single computer.
Replication of packages from a central Deployment Server to other Deployment Servers is a oneway process: You can build and copy packages from the Library of a central Deployment Server to
replicate to other Deployment Servers; however, any changes made to a destination Deployment
Server will not be replicated back to the central Deployment Server. After the package files have
been copied once (per each package server), they will never be copied again unless the files are
updated, new files are added to the package, or files are set manually to be copied down to other
destinations again.
When the Deployment is installed and enabled on the Altiris Console (on Notification Server),
default packages, collections, and policies are created to take advantage of Package Server
technology. To complete the setup process, however, additional configuration steps are required.
351
Note: Before delivering packages, check the Package Server settings and the package settings to
make sure that the package can be delivered. The DS install package by default is not set to use any
Package Servers. There is a global configuration variable that says not to allow any package
downloads from the server, leaving the DS Install in a state where there is no way to access the
package.
Files\Altiris\eXpress\Deployment Server).
Under the Library directory, create subdirectories to use for images, RIPs, or other package files.
Create a Temp directory for deployment tasks that require a temp directory.
Copy into this structure any required files accessed during execution of the jobs.
Note Any job that is automatically created will need to be modified before running or the default
directories will not be correct. Example: if you choose to change the configuration of a computer by
choosing the Configure option in the Deployment on Notification Server, the task will create a CFG
file in the temp directory located in the Deployment Server directory. For this task to replicate
correctly, you will have to copy the file into a temp directory under the Library structure and edit the
task to point to the file in the Library\temp directory. Remember that only the files under this
structure will be replicated to the other Deployment Server installations.
After installing Deployment from the Altiris Console, you will have two packages and one policy
created to help facilitate replication. You can manually modify the packages and enable the policy.
Windows NT (with MDAC 2.5), Windows 2000, Windows XP, Windows Server 2003
Altiris Agent
Deployment Server software (if you are planning to run exported deployment tasks from a
central Deployment Server).
From the left pane, select Server Settings > Notification Server Infrastructure > Package Servers.
Select the Add Package Server button from the bottom of the page.
352
Locate and select the Deployment Server computer (or the Deployment Share for each
installation) and click Add. Use the search feature if required.
The programs that will run after the files are copied to the Package Servers.
Select the Tasks tab and then select Deploy and Migrate > Deployment > Deployment Server
From the right pane, select the Package Source option to configure the path to the files that will
be included in this package.
Select the applicable Package Source method and enter the correct path to the Central
Deployment Server Library.
Use this option when the central Deployment Server is installed on the same computer as the
Notification Server. Fill in the Package Location box with the correct path for the Library.
Use this option when the Deployment Server that has been configured as the Central
Deployment Server Library is not installed on the same computer as the Notification Server.
When using this option, read and follow the instruction on this page.
Note:
Depending on the amount of data in the Central Deployment Server Library, a message
warning you about the size of the files in the Package may be displayed. This message is to remind
you that all of the files in this directory will be sent when this package is used.
To identify the destination directory (where the package files will be sent) on the destination
Deployment Server, select the Advanced tab.
As soon as the Notification Server Clients Configuration request interval time (on the destination
Deployment Servers) has elapsed, the files in the central Deployment Server will be sent to the
Package Servers on other Deployment Servers.
353
Note Replicated deployment tasks will need to reference files created in the Library directory
structure. Example: a deployment task that deploys an image named NT4.img would use the file
path of .\Library\Images\NT4.img instead of the standard .\images\Nt4.img path.
Right-click the jobs that you want to export. Select Export (or click File > Import/Export > Export
Jobs).
The Deployment Server jobs exported are not saved in a file called Task.bin.
The method of handling duplicate job names on the destination Deployment Server needs to
be changed.
Security for the Deployment view on Notification Server is enabled on the destination
Deployment Server.
The DS Task Import Utility package runs the aximport.exe program to import deployment jobs.
When the Deployment view on Notification Server is installed, the aximport.exe program file is
copied to the \Notification Server\nscap\bin\win32\x86\DSUtil directory. This is the
same directory where you saved your exported tasks.bin file from the central Deployment Server.
When all steps are completed, no changes are required for this package.
To configure or modify how the DS Task Import Utility package is configured, complete the following
steps:
1
Open a Notification Server Administration console and select the Tasks tab. Select Deploy and
Migrate > Deployment > Deployment Server Replication > DS Task Import Utility.
If needed, change the name of the file on the command line to match the name of the export file
created when the Deployment Server tasks from the central Deployment Server were exported.
As can be seen in the figure above, the default command-line parameters for the aximport.exe
program are configured to use the Task.bin file. This file contains the exported Deployment
Server deployment tasks (jobs).
Note The /o switch causes the import to replace any tasks with the same name as those being
imported. If this is not the desired result, change the command-line options.
If you have Console Security enabled, the username (/u) and password (/p) command line options
will need to be included for this process to work correctly.
/u Database user name
/p Database user password
354
See the command-line chapter in the Altiris eXpress Deployment Solution User Guide for additional
command-line options for aximport.exe.
4
Select Apply.
You can choose to force an update of the package to ensure that the task export file is in the package.
Modify and Enable the DS Task Import Utility Policy
You must enable the DS Task Import Utility policy to allow the Deployment Server tasks to be
replicated to the destination Deployment Servers.
1
Open a Notification Server Administration console and select the Tasks tab. Select Deployment
and Migration > Deployment > Deployment Server Replication > DS Task Import Utility.
The Identification section of the Advertisement page will be displayed by default.
Verify that the Applies to Collection option has been configured to use the DS Package Servers
collection. This collection is selected by default.
Before enabling the DS Task Import Utility policy, ensure that the task.bin file has been created
and saved in the \Notification Server\nscap\bin\win32\x86\DSUtil directory.
Select Apply.
The policy is now enabled. The next time the Notification Server Clients configuration timer
elapses on the Deployment Servers with Package Server installed, the policy will be executed. On
the destination Deployment Servers, a DOS box will open on this computer and aximport.exe will
run.
Synchronize Deployment Server Tasks
You can update deployment tasks by creating a new task.bin file and placing it in the DSUtil
directory. After all timers elapse, Notification Server will compare and detect the new export file by
its time stamp. When the Altiris Agent checks for new policies, this policy will run on the destination
Deployment Servers.
To avoid waiting for Notification Server to detect that the file has been modified, the package can
be refreshed manually by selecting the DS Task Import Utility package (from the Solutions tab of
the Notification Server Administration Console) and selecting the Update Distribution Point option.
From a destination Deployment Server, the policy to import the Deployment Server jobs can be
forced to run again by manually scheduling the policy.
355
Setting polling intervals and configuration request intervals requires that you plan how often you
want to refresh console and deployment information based on network traffic requirements. If you
set frequent updates (such as setting a polling interval to 1 minute), then your console information
will be relatively up-to-date, but network traffic will be heavy because data is extracted and
transmitted every minute from every Deployment Database to update the Notification Database.
In contrast, if you set polling intervals and configuration requests for a larger polling interval (such
as one day), then your network traffic will be light--and you can plan the polling updates for offhours--but report data will be more static and out-of-date.
The balance between timely deployment information displayed in the Deployment view on
Notification Server and the level of network traffic should meet your IT policies, organizational
requirements, and network design.
Select Solution Settings > Deploy and Migrate > Deployment > Deployment Server Agent
Configuration > Deployment Server Agent Configuration.
Multiple policies to configure or install Deployment Server Agents are provided.
Click Apply.
Select Altiris Agent > Altiris Agent Configuration > All Windows Servers.
In Agent Basic Settings, select new values in the Request new configuration field. You can also set
inventory updates, if required.
356
Send basic inventory every: ______. This feature transmits all inventory data from the computer
running Deployment Server. This field is only used by Deployment Server when first installing
the Deployment from the Altiris Console. By sending basic inventory (including information that
Deployment Server is installed on the computer), Notification Server identifies that the DS
Agent needs to be installed.
4
Click Apply.
357
Chapter 19:
Manage with Computer icons. Major computer types are identified by a computer icon in the
console, with a listing of scheduled jobs and operations associated with each computer. In the
Deployment Web Console, you assign and schedule deployment jobs to computers or groups with
easy-to-use web features. See Viewing Computer Details on page 360.
Add new computers. Deployment Solution lets you add new computer accounts and set
configuration properties for new computers before they are recognized by the Deployment Server
system. Preset computer accounts will automatically associate with new computers when they start
up, or can be associated with virtual computers. See Adding New Computers on page 361.
Deploy to groups of computers. Organize computers by department, network container, hardware
configuration, software requirements, or any other structure to meet your needs. You can then
deploy and provision computers on a mass scale. To filter computers in a computer group to
schedule jobs only to the appropriate computer types, see Creating a Computer Group Filter on
page 372.
Configure Computer Agents. See the property pages for modifying Deployment Agent settings.
View and configure computer properties. You can modify computer settings for each computer
from the console. See Computer Configuration Properties on page 363. Or you can view the
Computer Properties page for detailed access to a computers hardware, software, and network
property settings. See Computer Details on page 368.
358
Chapter 19: Managing Computers from the Deployment Web Console Managing Multiple Deployment Server Systems
Run remote operations from the console. Perform operations quickly in real-time from a
Deployment console. Configure property settings, send a file, run deployment jobs or select from
additional management commands. See Remote Operations on page 71.
Build and schedule jobs. Build deployment jobs with one or more management tasks to run on
selected computers. Create jobs and add tasks, then assign the job to computer groups. Jobs can be
organized and assigned for daily tasks or to handle major IT upgrades. See Building and Scheduling
Jobs on page 102.
In the Computers pane, select Add Deployment Servers from the drop-down list, or click the
on the Details page.
Note: To push down a new installation of Deployment Server using Deployment from the Altiris
Console, see Installing Deployment Solution from the Altiris Console on page 69.
Enter the computer name for the computer running Deployment Server. Enter the port number if
it is different from the provided default.
Use Logon tab to set security options, if required. This lets you authenticate to a role if security
has been set up in the Deployment Server Console.
The Deployment Server will appear in the Computers pane with its job folders listed in the Jobs
pane.
Note: This feature is valid only for the Copy File To, Distribute Software, Run Script, Distribute
Click Deployment Servers link in the Computers pane. This displays the available Deployment
Servers in the Details pane.
Select Deployment Servers for which you want to perform Change Task User Password
operation.
Click Change Task User Password from the toolbar. This displays the Task Password page.
Click Yes to the summary message to update the password of specified user.
359
Note: This tab will be visible only to the administrators and those users who have the rights to
modify password.
From the Computers pane, select another Deployment Server system. Computers and computer
groups of the selected Deployment Server site will appear in the Details pane.
Select the checkbox for each computer or computer group that you want to run the job.
The job from the original Deployment Server will appear in the Deployment Share of the targeted
Deployment Server. If the job includes associated files, a linked icon will appear with the job
identifying that the associated files are referenced from the original Deployment Server system.
Replicating Jobs to Other Deployment Server Systems
1
Click Move in the Select Action list. The Job/Folder Selection page will open with all of the
Deployment Server systems and their job folders.
Select a folder in another Deployment Server system from this page and click OK. The job will
be replicated from the original Deployment Server system to the targeted Deployment Server
system. If the job includes associated files, a linked icon will appear with the job identifying that
the associated files are referenced from the original Deployment Server system.
Important: To successfully replicate a job from one Deployment Server to another Deployment
Server, both Create and Modify Permissions are required for the Job objects if security is enabled.
Otherwise, the job will not appear in the target Deployment Server Console, and an error will be
displayed in the Altiris Console Manager log in the Event Viewer.
Computer connected to Deployment Server but the user is not logged on.
360
Managed Computers
Computer not currently connected to the Deployment Server but known to the
Deployment Database.
The computer is designated as a master computer and will be used to broadcast images
to other client computers.
A virtual computer with values defined in advance using the New Computer feature. As
soon as the computer connects and the Deployment Server recognizes the new
computer and changes the icon. See Adding New Computers on page 63.
A client computer waiting for user interaction before running deployment tasks. This
icon appears if the Workstations checkbox is selected on the Advanced tab of Initial
Deployment. See Advanced on page 131.
A connected handheld computer.
A managed server connected to the Deployment Server with a user logged on.
Additional icons identify different states of server deployment.
A managed Linux computer connected to the Deployment Server with a user logged on.
Additional icons identify different states of Linux computer deployment.
View the Physical Devices by clicking the drop list in the Computers pane and
selecting Show Physical Devices. Physical view of Rack/Enclosure/Bay
components for high-density server systems. These icons will appear as
physical representations to allow management of different levels of the server
structure. In addition, server icons identify logical server partitions.
See Bay on page 70 for properties and rules to deploy Rack/Enclosure/Bay
servers.
Computer Groups
Select the New Computers or All Computers group to run jobs or operations for these
default groups identified by an icon in the Computers pane.
Additional computer groups can be added to the Computers pane to organize similar
computer types or to list computers of similar departments or locations. Click the New
Group button or select New > Computer Group to create a new group.
See also Deployment Agents on page 67.
361
Install the Deployment Agent on a Windows or Linux system. If you install the Production
Agent (Deployment Agent) to a computer with the operating system already installed, then the
computer will be added automatically to the Deployment Database at startup. New computers
with the Deployment Agent installed will be added to the All Computers groups (unless otherwise
specified in the Deployment Agent configuration). You can move the computer to another group
listed in the Computers pane.
Use Initial Deployment to configure and deploy new computers booting to automation.
Starting up a new computer in automation lets you image the hard drive, assign IP and network
settings, distribute personal settings and software, and install the Deployment Agent for new
computers. Using Initial Deployment you can associate new computers with pre-configured
virtual computer accounts. These newly configured computers will appear in the New Computers
group. See Initial Deployment (page 391).
Create or import computer accounts from the Deployment console. You can add new
computers using the New Computer feature or import computers using a delimited text file. You
can pre configure computer accounts by adding names and network settings from the console.
See Creating a New Computer Account on page 362.
The New Computer icon displays for a new computer if the MAC Address is
provided when creating a new computer account using any import or new
computer account feature.
A virtual computer icon displays if specific hardware data (MAC Address) is not
known. As soon as the computer starts up and is associated with a virtual
computer account, then Deployment Server recognizes the new computer and
the icon changes.
A virtual computer account can be associated with a new computer using the Initial Deployment
feature. You can create multiple virtual computer accounts and then associate the account with a new
computer when it boots to automation. At startup, the configuration settings and jobs assigned to the
virtual computer can be associated with the new computer.
Virtual Computers
Deployment Solution provides features to create a virtual computer to pre-define a computers
configuration settings and assign customized jobs to that computer even if you do not know that
computer's MAC address. This type of computer is known as a virtual computer.
Virtual computers offer a great deal of power and flexibility, especially when you need to deploy
several computers to individual users with specific needs. The virtual computer saves time because
you can configure the computer before it arrives on site. You can set up as much configuration
information (computer name, workgroup name, and IP address, for example) that you know about
the computer and apply it to the new computer as it comes online. You can also prepare jobs prior
to the arrival of the new computer to deploy the computer using customized images, MSIs and RIPs
based on a user's specific needs.
When the new computer finally arrives, you will be ready to deploy it because have done all the work
ahead of time. Just set the managed computer option in PXE or automation and the new computer
will connect to the server as a managed computer. The virtual computer that you created now turns
into a managed computer in the console.
362
To add one or more new managed computers, first select the desired Deployment Server system
in the Computers pane and select New computer(s) from the Computer actions drop-down list or
click the new computer button in the Details pane.
The Computer Configuration Properties will open.
Type the name of the new computer (up to 15 characters) and configure settings. A virtual
computer icon will appear in the selected group.
When a new computer starts up, you can assign it to this preset account.
To create multiple computer accounts
Define a name range and create accounts in the Deployment Database for multiple new computers.
1
Enter the number of computers to be placed in the name range. Enter the core name in Fixed text
and a numeral for the range start.
Select Append to incrementally add the numeral to the end of the Fixed text. If you clear this box,
the numeral will be added to beginning of the name.
Click the Action drop-down list in the Computers pane and select Import Computers.
A dialog box will open, allowing you to select files from the Deployment Share. You can import:
.txt; .csv; or .imp type of files.
If a correctly formatted computer import file is selected, then a message box appears, informing
you that the computer import is complete and identifies the number of computers added. Click
OK on this message box.
Note: Jobs can be added to the import file. They can be created and associated with the new
computers.
If the computer import file is incorrectly formatted, a warning will appear stating that the
computer import file is incorrect.
4
The imported computers appear in the Computers pane of the Deployment Web Console.
Networking Settings
TCP/IP Settings
363
OS Licensing Settings
Networking Settings
Use the SIDgen or SysPrep utilities to generate unique SIDs. This can be done by manually using
these utilities or when installing the Deployment Agent.
Computer name
This is the NetBIOS name for the computer. The name must be unique in the
network and is limited to 15 characters.
Computer Name box will be disabled for multiple computer configurations.
Define name range Create a sequential range of computer names. You can identify a root name
Fixed text. Enter the text portion of the name that you want associated with
Use Token
Select the checkbox to specify the computer name using tokens. Selecting this
option enables Fixed text combo box and disables the Range start, Label, and
Append options.
Note: This option is applicable for multiple computers and not for single
computer.Fixed Text: You can select one of the six tokens from the dropdown list.
%NAME%- Complete computer name.
Range start.
Marketing1.
Append
Select to add the range after the fixed text in the computer name. If you clear
this box then the number will be added as a prefix to the fixed text.
Microsoft
networking
364
TCP/IP Settings
Host name
Network adapter
Add.
If a computer in the group has only one network adapter, then it will be
configured only with the IP settings listed first. If IP settings are provided
for additional network adapters not present in the computer, then they will
be disregarded.
MAC.
Domain suffix.
server.
365
Ignore NetWare
settings
Select to disregard all Novell NetWare client settings for this computer.
Preferred tree
Preferred server
Click and enter the name of the NetWare server, for example: \\OneServer.
This is the primary login server for the NetWare client.
Click and enter the name of the user object for the NetWare client.
NDS Context
Click and enter the organizational unit context for the user.
OS Licensing Settings
Enter or view the license information for your Windows operating system software (Windows 95,
98, NT, 2000, XP, and 2003 Servers).
Registered user
Organization
License key
Enter the alpha-numeric license key. This is the hash value rendered from the
OEM key or 25-digit license key required when installing the operating
system.
User name
Full name
Password
Specify the Windows groups that this user will belong to as a commadelimited list, for example: Administrators, Marketing, Management
User must change Select to force the user to change the password after setting the configuration
password at next properties.
logon
User cannot
Prohibit the user from changing their password at any time.
change password.
Password never
expires.
366
Deployment Agents
Deployment Agents
To remotely manage computers from a Deployment console, a Deployment Agent is installed on each
computer in the Deployment Server system. Deployment Agents are provided for various computer
types, including Windows, Linux, DOS, and PPC Handhelds.
The following Deployment Agents reside on the client computer and communicates with the
Deployment Server.
Deployment Solution Agents
Automation Agents
Deployment Agent for Pocket PC This Deployment Agent runs on the host computer for a
handheld running the Pocket PC operating system.
Deployment Client for Pocket PC This agent runs on the handheld computer.
Deployment Agent for CE .NET This agent runs on the HP T5000 computer devices running the
CE .NET 4.2 operating system.
Notification Server Client
367
Computer Details
To reset a client connection, right-click a computer and click Advanced > Reset connection. When the
computer disconnects, its icon will turn gray. The computer should then reconnect and its icon color
will return to its original active status color.
Reject or Retrieve a Rejected Computer
If a computer that you do not want to manage connects to your Deployment Server, you can reject
it. This removes the unwanted computer from the Computers pane in the Web Console. Further
attempts by the computer to connect will be denied. Although the computer is not deleted, any
history or schedule information associated with the computer is deleted.
1
Click the computer you want to reject from connecting to the Deployment Server.
Click OK.
Rejected Computers
The rejected computers are prohibited from being active in the Deployment Database. They are
identified and rejected by their MAC address.
You can remove computers from the Rejected Computers list by selecting it, and clicking Accept
Computer(s) icon from the toolbar. This allows the computer to attach again and be managed by the
Deployment Solution system.
Computer Details
View and edit the computer properties and inventory for each managed computer.
See Properties on page 368 and Inventory on page 369.
Properties
The following are the general properties of the selected managed computer.
General
View or change the name of the computer as it appears in the console. View logged in user name,
operating system installed, name of the Deployment Server, whether or not an automation partition
is installed, version of the Deployment Agent, and other client information.
Network
View Microsoft Networking, Novell Netware settings, and user information for the selected
managed client computer.
368
Computer Details
TCP/IP
View TCP/IP information, including a list of all installed network adapter cards (up to eight) for the
selected computer. Click Change to open the configuration window allowing you to modify settings.
Location
View and edit user-specific properties such as contact name, phone number, e-mail address,
department, mail stop, and site name. As the administrator, you can enter this information manually
or you can let the user populate this screen using Prompt User for Properties.
Bay
View location information and other properties for Rack / Enclosure / Bay components for highdensity and blade servers. Set rules for automatic re-deployment of blade servers based on physical
location changes.
Action
Re-Deploy Computer
The server will process any specified job. Select a job to run automatically
when a new server is detected in the bay.
This option lets you move blades to different bays without automatically
running jobs. The server blade placed in the bay is not identified as a new
server and no jobs are initiated. If the server existed in a previous bay, the
history and parameters for the server are moved or associated with the new
bay. If the server blade is a new server (never before identified), then the
established process for managing new computers will be executed.
(default) No job or tasks are performed (the Deployment Agent on the server
blade is instructed to wait). The icon on the console changes to reflect that the
server is waiting.
Lights-Out
View information about the remote management hardware installed on the selected computer (most
often a server) used to power up, power down and restart the computer remotely, or to check server
status. You can also enter the password for the remote management hardware by clicking Password.
Note: This feature is currently only available for selected HP Integrated Lights Out (ILO) and
Remote Insight Lights-Out Edition (RILOE) features.
Inventory
The following are the inventory details of the selected managed computer.
369
Remote Operations
Hardware
View processor make and type, processor count, RAM installed on the computer, display
configuration, manufacturer, model, product name, MAC address of each network adapter installed,
serial number, asset tag, UUID, and whether or not Wake On LAN and PXE are installed and
configured.
Drives
View information about each drive on the computer. If you have multiple drives, you can select a
drive from the list box to view its settings, such as capacity, serial number, file system, volume label,
and number of drives installed.
Applications
View the applications that are installed on the computer, including description, publisher, version
number, product ID, and systems components.
Services
View the services installed on the computer as well a description, start type, and path for each
service.
Devices
View the devices installed on the computer, including display adapters, disk drives, ports, storage
volumes, keyboards, and other system devices.
Remote Operations
After selecting a specific computer device, click the Computer actions drop-down list and select a
remote operation to perform on the selected computer. This menu provides a variety of commands
to remotely manage all computers in your site or network segment.
Computer actions
Configure
Select a computer and image its hard disk. This will create and store the
image to distribute now or later. To run a disk image job you must have
have an Automation Partition installed on the client computer. You can
also manually boot a client computer using bootable media created in
Boot Disk Creator, or create a boot menu option in PXE Server.
When you finish this computer operation, a new job will appear in the
Jobs pane of the Deployment console under the System Jobs > Image
Jobs folder. The job name will have a generic format of Create
Image: <computer name>.
Copy File to
Run command
History
370
Computer actions
Reject Connection
Wake Up
Restart
Log off
Clear Status
Clear computer status as shown in the Status field on the Details page.
Query for computer location and user information. This feature sends a
form to the user to fill out and then writes it directly to the database,
appearing in the Location properties for the selected computer.
If the user changes the computer name, then the name in the Computers
pane of the Deployment console will also change. These settings are
stored directly to the Deployment Database.
Install Automation
Partition
Click Install Automation Partition from the drop-down list, and select a
pre-boot OS for the automation partition. You can select DOS, Linux,
or Windows as the pre-boot OS.
Get Inventory
Rename
Delete
Change Production
Agent Settings
Change Automation
Agent Settings
Move to Group
Computer Name
371
MAC Address
IP Address
ID
Serial Number
Asset Tag
UUID
Registered User
Product Key
Logged On User
A list of computers meeting the search filter requirements will be listed in the Details pane. This
search is not case-sensitive and allows wildcard searches using the *.
Click a computer group in the Computers pane. The Filter feature will open in
the Details pane for the selected computer group. Click the Setup button to add
new filters, or modify and delete existing computer filters.
To create or modify a computer filter
1
Click any computer group. In the Details pane, you can view Filter by on the toolbar.
Click Add Filter icon from the toolbar to create a new filter.
Type a name for the filter in the Filter Name box, and click Edit Filter Name.
By default, the filter name is Filter N, where N is a sequentially generated numerical.
372
Chapter 20:
Job icons appear in the Jobs pane of the Deployment Web Console. To run a job,
select a job and select a computer or computer group from the Computers pane.
Then select the Schedule Job(s) option from the Select action drop-down list.
The Job Scheduling Wizard on page 375 guides you through common deployment and
management jobs. It provides three easy steps to select computers, select a job, and then schedule
the job to run.
Jobs include one or more Deployment Tasks on page 376. You build jobs by adding tasks to a job
and then customizing the task for your specific needs. You can add tasks to capture and distribute
images, software packages, and personality settings. Or you can write and run a script task, or run
scripted installs, configure settings, copy files and back up registry settings. You can also modify
existing jobs by adding, modifying, or deleting tasks to fit your needs. See Building New Jobs on
page 374.
Set conditions on jobs to run only on computers with properties that match the criteria that you
specify. You can build one job to run on different computer types for different needs, and avoid
mistakes by ensuring that the right job runs on the right managed computer.
Initial Deployment lets you run predefined jobs and configuration tasks on new computers when
they start up. You can automatically deploy new computers by imaging and configuring TCP/IP,
SIDs, and other network settings and then installing basic software packages. See Initial
Deployment on page 391.
Sample jobs are installed with Deployment Solution and appear in the Samples folder of the Jobs
pane. You can run many sample jobs as they are, or you can set environmental variables and run.
Job status icons that update to display the state of the job in running deployment tasks. These
icons are graphical symbols in the Deployment console used to identify the status of an assigned
job.
373
.
Indicates that a job is scheduled to run on a computer or computer group.
Indicates that a job is associated with a computer or group of computers but is not
scheduled.
Indicates error conditions when individual tasks run.
If a job defines error conditions when individual tasks run, the Status field displays any errors
incurred and the tasks that completed successfully.
View all jobs, failed jobs, pending jobs, jobs not scheduled, scheduled jobs, and successful jobs
from the Details pane.
Job Schedule details. This is the job's run time, beginning when the job started and ending when
it completed successfully.
Currently applied conditions. You can add conditions to different task sets for different computer
properties within a job. Conditions specify characteristics that a computer must have before the
job will run.
A list of tasks assigned to the job and task descriptions are also be displayed. Change the order
of the task execution with the arrow buttons. Tasks are executed in the order they are listed. See
Deployment Tasks on page 376.
Create a new job by selecting the New Job command from the drop-down list in
the Jobs pane. You can then add tasks and create condition sets in the Details pane.
Create and build jobs by adding tasks and setting conditions to run the job.
1
Click a Deployment Server in the Jobs pane. The job will be created in the selected Deployment
Server system and saved to the shared folder in its Deployment Share.
Select the New job action from the list in the Jobs pane. The Job Details page will open.
Enter a unique name for the job and click the apply button
Description.
Enter a description for the job and click the apply button
.
.
374
At Condition sets, select a previously created condition set from the list to run the job only on
managed computers meeting specified criteria.
Click the expand button in the Conditions area to create a new condition set.
Note: The Tasks area is not selectable when the Conditions area is expanded.
In the Task type field, select from the list of tasks to add to the job. The configuration page for
the selected job will open. Enter the configuration information for each job and click OK. See
Deployment Tasks on page 376.
From the Job Details page, set the order of Tasks to run in the job.
After creating and building a job, click the Job Actions list and select Schedule job or another
option.
Delete Job.
Schedule Job. Select to schedule the job to run immediately or at another time. If no computers
are selected, then the Computers page will open to select a computer or computer group. The Job
Scheduling page will open.
Move Job.
10
Schedule the job to run immediately or at another time. If no computers are selected, then the
Computers page will open to select a computer or computer group. Then the Job Scheduling page
will open.
After scheduling a job, the selected computers assigned to the job will appear in the Scheduled
list box.
computers
Select Computers
1
Click a Deployment Server group and then select individual computers or computer groups. If
you are running Deployment from the Altiris Console, you can select by defined computer
collections in the Altiris Console Collections. See Managing Computers from the Deployment
Web Console on page 358.
Click Next.
Select a Job
1
Select a job in the left pane to assign to the selected computers. Select a pre-defined condition to
run the job in the Conditions list.
Click Next.
Schedule Job
1
Click Close.
375
Scheduling Jobs
Scheduling Jobs
After a job has been created, assign it to computers or computer groups. Then click Run Now or
Schedule to schedule the job to run immediately, at a scheduled interval, or assigned but not
scheduled. Job and job folders selected from the Jobs pane of the Deployment Web Console are
scheduled in the order they were selected, even across multiple Deployment Servers.
Note: When a software package or deployment job is scheduled to run on client computers, users
will see the Altiris Client Service Message dialog display, warning them that a job is about to
execute. If a user clicks the Abort button when the message displays, an event is logged to the client's
history so that Deployment Solution administrators know when users abort a scheduled event.
To schedule a job
From the Schedule Job page, select the appropriate options:
Assign but do not schedule or run. This option lets you apply jobs to computers but does not run the
job until you return to the Schedule Job dialog box and set a run time.
Run immediately. This
Schedule to run at a later time. This option lets you type the date and time to run the job at a specified
time and date. When you select this option, Date and Time fields will open to specify a time and date
to repeat.
Repeat this job every x.
A job can be deferred when the server is busy executing other jobs, setting a
lower priority for particular jobs. By default all jobs are deferred up to five minutes.
Click OK.
Deployment Tasks
A task is a subordinate action of a job. After creating a job, you will add tasks to perform basic
operations, including:
Create a disk image from a reference computer and save the image file (IMG or
EXE files) for later distribution. See Creating a Disk Image on page 377.
Distribute Disk Image. Distribute previously created disk images (IMG or EXE files) or create a disk
image from a reference computer on the network and simultaneously distribute it (IMG or EXE) to
other managed computers on the network. See Distributing Disk Image on page 379.
Distribute RIPs, MSI files, scripts, personality settings and other package files
to computers or groups. See Distributing Software on page 381.
Distribute Software.
Capture Personality. Capture the personality settings of a selected computer on the network using the
PC Transplant software. PC Transplant ships as a part of Deployment Server. See Capturing
Personality Settings on page 383.
Distribute Personality Package. Send a Personality Package to computer or groups. It identifies valid
Altiris packages and assign passwords and command-line switches to Personality Packages. See
Distributing Personality Settings on page 384.
Modify the IP address, computer and user name, domains and Active
Directory organizational units, and other network information and computer properties. See
Modifying Configuration on page 385.
Change Configuration.
Get Inventory. This lets you gather inventory information from client computers to ensure that the
Deployment database is up-to-date with the latest computer properties information. See Get
Inventory on page 385.
376
Deployment Tasks
Restore Registry Files. Restore registry settings previously saved for a selected computer. This lets
you recover from a hard disk crash or other disaster. See Backing up and Restoring Registry Files
on page 385.
Create custom commands using scripts to perform jobs outside the bounds of the pre
configured tasks. Use the Run Script dialog box to select or define a script file to run on specified
computers or groups. See Run Script on page 385.
Run Script.
Copy File to. Copy a file from the Deployment Share or another source computer to a destination
computer. See Copy File on page 387.
Shutdown/Restart. Perform power control options to restart, shutdown, power off, and log off. See
Power Control on page 388.
Tasks are listed for each job in the task list box. Each task will execute according to its order in the
list. You can change the order using the up and down arrow keys.
Enter the path and name to store the image file. You can store image files to access later when a
managed computer is assigned a job that includes the image file.
The default file name extension is IMG. Saving image files with an EXE extension makes them
self-extracting executable files (it adds the run-time version of RapiDeploy in the file).
Click Local image store if you want to store the image file locally on the client computer's hard
drive. Be sure to enter the path relative to the managed computer (example, c:\myimage.img).
This is optional.
When you store an image locally on a computer instead of a file server, you save server disk
space and decrease network traffic. If you are imaging multiple computers or if you image
computers frequently, there is a strong advantage in storing images locally.
Prerequisite: Make sure you have an embedded (recommended) or hidden automation partition
installed on the computers hard disk with enough disk space to hold the images you want to
store.
Note: When imaging computers where labs are cached, do not use the option to remove the
automation partition unless you want to clear the lab from the computer.
Select Prepare using Sysprep to use a Sysprep answer file when creating an image. Then, click
the Sysprep Settings button.
You can use an existing Sysprep answer file or create a new one by entering the information on
the Computer Information tab. Regardless of the Sysprep file used, you must select an operating
system and enter product key information.
Note: You must enter global values for Sysprep before you select the Prepare using Sysprep
option. To enter global values for Sysprep, navigate to the Deployment Servers > RHS Deployment
Servers pane, click server name > Global Tab, and click the Sysprep Settings button.
Answer File/OS tab
By default, Deployment Solution uses an Altiris answer file unless you select the Use following
as answer file for sysprep checkbox. Click the Folder button and browse to an existing Sysprep
answer file. The Modify answer file button lets you edit the selected answer file.
Click the drop-down arrow and select an Operating System from the list. Then, click the Add
button to enter product key (up to 29 characters) information. Add as many product keys as
needed, and then select a product key from one of the keys listed.
377
Deployment Tasks
Select the Use following names for this Job checkbox if you want Sysprep to use the values you
define. Otherwise, the Sysprep global values are used.
Computer name. This is a token value that will be replaced with information read from the
Deployment database when an image is created. If this field is modified, the Suffix and Current
Suffix fields are reset to zero.
Suffix.
Current Suffix.
In the Licensing Information area, specify the user and organization name. You can provide the
licensing mode by selecting the number of concurrent connections per server or per seat.
Per Server. Per Server indicates that the end user purchased client access licenses for each server,
which allows a certain number of concurrent connections to the server.
Per Seat indicates that the end user has purchased a client access license for each
computer accessing the server.
Per Seat.
4
Select the required pre-boot environment from the Automation - PXE or BootWorks environment
(DOS/Windows PE/Linux) drop-down list to perform the Create Disk Image task in selected preboot environment. By default the DOSManaged Boot Option type will be selected.
Click Advanced to select Media Spanning and additional options. See Create Disk Image
Advanced on page 378. This is optional.
Set Return Codes. See Setting Up Return Codes on page 390. This is optional.
Click OK. The task will appear in the Task list for the job.
Troubleshooting Tip: If an imaging Job fails on a managed computer, the Deployment agent
configuration screen will appear on the client with a prompt asking if the user wants to configure the
client or restore the original settings. Select Cancel > Restore Original Settings on the client screen.
RDeploy.
Text Mode (RDeployT). Click this option if you want to choose the imaging executable as RDeployT.
The Maximum file size supported is 2 GB. To save an image larger than 2 GB,
Deployment Server will automatically break it into separate files regardless of your storage capacity.
From the Maximum file size list, select a media type.
If the preferred type is not on the list, enter the file size you want in the field.
Additional Options
Do not boot to Windows. Select this option to create an image of the hard disk while booted to DOS
without first booting to Windows to save network settings (TCP/IP settings, SID, computer name,
etc.). If you select this option, these network settings will not be reapplied to the computer after the
imaging task, resulting in network conflicts when the computer starts up.
378
Deployment Tasks
Select Optimize for Size to compress the image to the smallest file size. Select Optimize for Speed to
create a larger compressed image file with a faster imaging time. The default setting is Balanced for
Size and Speed.
Command-line switches.
Click Select a disk image file to select a stored image file. This lets you lay down a new image file
from a previously imaged computer. This is a common way to distribute an image file.
Note: When entering Linux mount points, you must put a single quote around folders or
filenames that contain either a period (.) or a space. These are considered special characters in
Linux and must have single quotes around the name so that the directory path can be found.
Example: //ImageServer/DS Images/mnt/z.
If you want to image a source computer on the network, click Select a computer on the network.
Enter the name and location of the source computer to both create an image and distribute the
newly created image file. This is optional.
This option saves an image of a selected computers hard disk in its current state each time the
job executes. You can schedule the job to image a specified computer every time it runs, allowing
the image to be updated each time.
Note: Network mapping must exist on the source computer before imaging. UNC paths are not
supported in DOS.
Select the Save the disk image as a file while distributing option to save the newly created image
file to a specified disk drive. If you use a reference computer as the image source, you can also
choose to save the image as a file for later use. Select the checkbox to save the image and type
in or browse for the location where you want to store the file.
3
Select Local image store if you stored the image file on the client computers hard drive. With
local image store, the image file is stored on a partition on the computer being imaged.
Consequently, the server cannot validate the image when a local image store is used. This is
optional.
Select Prepare using sysprep to use a Sysprep answer file when distributing an image. Then, click
the Sysprep Settings button.
You can use an existing Sysprep answer file or create a new one by entering the information on
the Computer Information tab. Regardless of the Sysprep file used, you must select an operating
system and enter product key information.
Note: You must enter global values for Sysprep before you select the Prepare using Sysprep
option. See SysPrep Settings on page 339.
Answer File/OS tab
By default, Deployment Solution uses an Altiris answer file unless you select the Use following
as answer file for sysprep checkbox. Click the Folder button and browse to an existing Sysprep
answer file. The Modify answer file button lets you edit the selected answer file.
Click the drop-down arrow and select an Operating System from the list. Then, click the Add
button to enter product key (up to 29 characters) information. Add as many product keys as
needed, and then select a product key from one of the keys listed.
Computer Information tab
Select the Use following names for this Job checkbox if you want Sysprep to use the values you
define. Otherwise, the Sysprep global values are used.
Computer name. This is a token value that will be replaced with information read from the
Deployment database when an image is created. If this field is modified, the Suffix and Current
Suffix fields are reset to zero.
Suffix.
379
Current Suffix.
Deployment Tasks
In the Licensing Information area, specify the user and organization name. You can provide the
licensing mode by selecting the number of concurrent connections per server or per seat.
Per Server. Per Server indicates that the end user purchased client access licenses for each server,
which allows a certain number of concurrent connections to the server.
Per Seat indicates that the end user has purchased a client access license for each
computer accessing the server.
Per Seat.
5
Click Automatically perform configuration task after completing this imaging task to boot the
computer again and push down configuration settings to the newly imaged computer. This is
optional. By default the DOSManaged Boot Option type will be selected.
Select the required pre-boot environment from the Automation - PXE or BootWorks environment
(DOS/Windows PE/Linux) drop-down list to perform the Distribute Disk Image task in selected
pre-boot environment. The option reported by the PXE Manager is the default pre-boot
environment option.
Click Advanced to resize partitions and set additional options. See Distribute Disk ImageResizing on page 380 and Distribute Disk Image-Additional Options on page 380.
Set Return Codes. See Setting Up Return Codes on page 390. This is optional.
Click OK.
Percentage.
occupy.
Select this option and enter the percentage of free space that you want the partition to
Min.
Max.
Note: FAT16 file systems have a 2 GB limit and cannot be resized larger than that (although it can
be sized smaller than the minimum value). HP partitions remain a fixed size.
RDeploy Options:
Graphical Mode (RDeploy). Click
RDeploy.
Text Mode (RDeployT). Click this option if you want to choose the imaging executable as RDeployT.
Automation Partition:
Leave the client's existing Automation partition as it is. If
380
Deployment Tasks
Replace the client's existing Automation partition from the image file [-forcebw]. Select this option if you
want to replace the existing Automation partition on the client computer with the Automation
partition from the image file.
OEM Partition:
Leave the client's existing OEM partition as it is. If the image file contains no OEM partition
information, by default, this option is selected. The OEM partion will remain unchanged when
distributing disk images.
Delete the client's OEM partition [-nooem]. Select
Replace the client's existing OEM partition from the image file [-forceoem]. Select this option if you want
to replace the existing OEM partitions on the client computer with the OEM partition from the image
file.
Additional Command-line switches.
Note: The checkdisk command-line switch should not be used from a Deployment console. The
post-configuration task will fail after an image restore.
Distributing Software
Send MSI, CAB, EXE, and other package files to selected computers or computer groups, including
EBS, and RPM files for Linux computers. This task identifies valid Altiris packages and assigns
passwords and command-line switches.
1
Enter the name and location of the package to distribute in the Name field.
Note: Information about the package will be displayed in the Title area for valid packages. If no
Note: The Import Software Delivery Packages option is enabled only if the Notification Server is
A dialog box appears containing a list of all available Software Delivery packages and programs.
Note: To import Notification Server package on a remote Deployment Server, the DataManager
service should be installed on the computer where Notification Server has been installed. Ensure
that the DataManager service is running.
Select the Software Delivery package from the Software Delivery Packages drop-down list. After
you select the package, all available programs for that package are listed in the Software Delivery
Programs drop-down list. Select the required program from the Software Delivery Programs dropdown list.
Select Run in quiet mode to install the package without user interaction.
Select Apply to all users to run the package for all users with accounts on the computer. If
sending the package to a managed computer with multiple users and if you only want it
installed for certain users with a unique password, clear the Apply to all users box.
If distributing an install package or other types of packages with associated support files, you
can select Copy all folder files to install all peer files in the directory.
Select Copy sub folders to distribute peer files in the directory and all files in associated
subdirectories.
381
Deployment Tasks
Important: Some clients may have software installed on the client computer that, for
protection against harmful software, only allows software programs on a list of wellknown executable to run. Therefore, whenever the system administrator wanted to install a
patch on client computers, he or she would have to update the well-known-executable list on
all the client computers, which could be a lot of work.
To save the work of updating that list, or of manually renaming distribution packages, the
RenameDistPkg feature was added. Now, the system administrator may update the wellknown-executable list once with a filename of their choosing. The well-known filename may
then be entered into the Windows registry of the Deployment Server computer (the computer
running axengine.exe), as the Value data of a string value named RenameDistPkg under
the HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris eXpress\Options key. If the
RenameDistPkg registry entry is set, then Deployment Server will rename installation files
that are copied to the client computers.
This feature only affects files that are temporarily copied to the client computer as part of a
Distribute Software task. The file that is to be executed only during the installation,
sometimes referred to as the package, is the file that gets renamed, not the files that actually
get installed to various locations on the target computer.
If the Copy all folder files option is enabled, only the main (installable) file will be renamed.
For RIPs, if you set the Package password option when you created the RIP, you must enter the
password for the package to run.
command-line options, such as RIPs and Personality Packages. For a complete list of commandline switches, see the Wise MSI Editor and the Altiris PC Transplant Pro Reference Guide.
Click Advanced to specify how files are distributed to the managed computer. You can copy
through Deployment Server, or copy and run directly from the Deployment Share or from
another file server. See Distribute Software-Advanced on page 382. Click Next.
Set Return Codes. See Setting Up Return Codes on page 390. This is optional.
Click OK.
Notes:
When a RIP or Personality Package is executed through Deployment Server, the quiet mode
command-line switch is applied. This means the user will not be able to interact with the user
interface on the managed computer.
If the Personality Package is configured to run only if a particular user is logged in and only if
the user has an account on the managed computer, the package will run the next time that user
logs in. If the user does not have an account, the package aborts and sends an error back to the
console via the Deployment Agent. If the package is not run through Deployment Server, a
message is displayed on the managed computer and the user is prompted to abort or continue.
Distribute Software-Advanced
Copy files using Deployment Server. Click this option to distribute packages through Deployment
Server to the managed computer, requiring two file copy transactions if the Deployment Share is on
another file server. This option is run for Simple installs and is the default option.
Copy directly from file source. Click this option to copy packages directly from the Deployment Share
if this data store is located on another server (a custom install). It will copy the file and then run it,
avoiding running through Deployment Server and diminishing processor output.
Run directly from file source.
Click this option to run files remotely from the Deployment Share or
File source logon. Enter the user name and password for the client computer and the Deployment
Share. Both must have the same user name and password (this is not an issue if both are on the same
domain).
382
Deployment Tasks
Note: Windows 95/98/ME computers have security limitations when copying files directly from the
source to the Deployment Agent using the UNC path name. It is suggested that you use the Copy files
for these types of computers or plan a proper security strategy for
direct copying.
In Personality template file, enter the name of a personality template. A default personality
template is included in the PCT folder of the Deployment Share (DEFAULT.PBT).
In Store package in folder, enter the name of the folder where you want to save the personality
package.
In User account and folder login, enter the login credentials for the managed computer from which
the personality settings will be captured, and the file server where the Personality Package will
be stored.
In Package login, enter a password for the Personality Package. This is a run time password that
is required when the Personality Package runs on the destination computer.
Click OK.
Notes:
To capture a personality on a Windows 95, 98, or ME computer, make sure that all users have
Write access to the Deployment Server share (by default at C: Program
Files\Altiris\eXpress\Deployment Server in a Simple install). Also, make sure
that the User account and folder login boxes are blank. A user must also be logged on at the
client computer to capture the client profiles. An error will be returned if you attempt to
capture personality settings on Windows 9x computers that are not authenticated. It is
recommended that you don't capture personalities for mixed groups of Windows 9x and
Windows NT/2000/XP/2003 computers.
Set the conditions on the job for either Windows 95/98/ME or Windows NT/2000/XP/2003
computers to ensure that the appropriate Capture Personality task runs on the appropriate
computers.
Capture Personality-Advanced
Domain users. Select this option to capture personality settings for all domain users on the computer.
Local users.
Select this option to capture personality settings for all local users on the computer.
Custom. Specify users or groups to capture personality settings. Select the Custom checkbox and
enter the Users or Groups you want to capture personality settings. Also, instead of specifying
names, you can also select users that have been either created or last accessed in a specified number
of days.
Use condition. Set conditions for personality files that were accessed (a user logged on) or created (a
Command-line switches. You can add command-line switches specifically for the PC Transplant
program that migrates personality settings. See the Altiris PC Transplant Guide in the docs folder
of the Deployment Share.
383
Deployment Tasks
In the Name box, enter the file name and location of the PCT file.
Note: Information about the Personality Package will be displayed in the Title area for valid
Personality Packages (PCT files). If no description is displayed, then the file is not a valid
package.
2
Select Run in quiet mode to install the package without displaying the PC Transplant screens.
Click Apply to all users to run the package for all users with accounts on the specified
computer.
If sending the package to a managed computer with multiple users and if you only want it
installed for certain users with a unique password, clear the Apply to all users box.
Example: to install a Personality Packages for a specific user accounts on a computer, add
values to the Command-line switches field:
-user: JDoe; TMaya; BLee
Note: The command-line switches are specifically for Personality Packages. For a complete
list of command-line switches, see the Altiris PC Transplant Pro Reference Guide.
In the Package Password box, type the password set for the PCT file when created.
Click Advanced to specify how Personality Packages are copied to the managed computer. You
can copy through Deployment Server, or copy and run directly from the Deployment Share, or
from another file server. See Distribute Personality Advanced on page 384.
Click OK.
For more information about capturing a computer's personality settings, see the Altiris PC
Transplant Pro Reference Guide.
Click this option to run files remotely from the Deployment Share or
File source logon. Enter the user name and password for the client computer and the Deployment
Share. Both must have the same user name and password (this is not an issue if both are on the same
domain).
384
Deployment Tasks
Modifying Configuration
You can add a task to configure or modify the configuration of computer property settings using the
Modify Configuration task. The Deployment Agent will update the property settings and then restart
the computer for changes to take effect.
1
Enter or edit the property settings in the Modify Configuration page. Click a tab to set additional
values for each property setting group. See Computer Configuration Properties on page 363.
Select the Reboot after Configuration checkbox to restart client computer after the configuration
changes are complete. By Default, the Reboot after configuration checkbox is selected.
Set Return Codes. See Setting Up Return Codes on page 390. This is optional.
Click OK.
In the Folder field, enter the directory path to back up or restore registry files. The default is to
create a RegFiles folder in the Deployment Share. All computers with registry files in this folder
will be displayed in a list.
Select the required pre-boot environment from the Automation - PXE or BootWorks environment
(DOS/Windows PE/Linux) drop-down list to perform the Backup and Restore task in selected preboot environment. The option reported by the PXE Manager is the default pre-boot environment
option. By default the DOS Managed boot menu option type will be selected.
Click Advanced if Windows was installed on client computers in a directory other than the
default path. Enter the correct path to the root of the Windows directory.
Select Include registry information for all users to back up registry keys for all user accounts.
Note: If you clear this checkbox, then only the Administrator and Guest user accounts will be
backed up or restored.
Click OK.
Get Inventory
Use this task to gather inventory from an individual or group of client computers. This ensures that
the Deployment database is up-to-date with the latest computer properties information. The status of
the task will display Received Inventory and Received Inventory in the Scheduled Details pane below
the task list on the Jobs page.
1
Click the New Task icon, and then select Get Inventory from the Task type drop-down list.
Click OK.
Run Script
Select an existing script or write a new script file to run on selected managed client computers.
1
If you have a script file defined, click Run script from file and then browse from the folder icon to
select the file. You can now modify the script in the edit box.
To create a new script, click Run this script. Type the script in the provided text box.
385
Deployment Tasks
In the Choose the script operating system area, select Windows, DOS, or Linux as the operating
system for running the specified script.
Click Advanced to provide the advanced details. See Advanced Run Script Options on
page 386.
Click OK.
Notes:
When a computer is in Automation mode using the DOS Automation Agent, it does not see DOS
partitions. To run a script from Automation, use FIRM (File-system Independent Resource
Manager) commands. FIRM can only copy files and delete files; it cannot run code on a drive.
Deployment Server assumes a return code of zero (0) as a successful script execution. Some
programs return a code of one (1) to denote a successful script execution. If a program returns a
one (1), you will see an error message at the Deployment console even though the script ran
correctly. To modify the return codes, you can edit the script file to return a code that the console
interprets correctly.
job.
Locally on the Deployment Server. This option runs a server-side script on the Deployment Server of
the managed computer. In most cases you will want to create a server-side script task that runs in
context with other tasks. Example: you can add a task to image a computer and then add a task to
execute a server-side script to post the imaging return codes to a log file stored on the Deployment
Server computer.
Use the -id switch for running scripts on Deployment Server when using the WLogEvent and
LogEvent utilities.
Important: Scripts requiring user intervention will not execute using this feature. The script will run
on the Deployment Server of the managed computer, but will not be visible. Example: if you run a
DOS command locally on the Deployment Server, the Command Prompt window will not open on
the Deployment Server computer when the script executes.
When running the script on the Deployment Server, it will execute specifically for the assigned
managed computer. Example: if you create a job with a script to run locally on the Deployment
Server and assign the job to 500 computers, then the script will run on the Deployment Server 500
times.
Select the environment for your client. You can run in either production or automation mode.
Production - Client-installed OS (Windows/Linux). Click
computers.
Enter a name and valid password for the user to manage client
386
Script Window. This determines how the Script Window displays when
Minimized, Normal, Maximized, or Hidden from the drop-down list.
Additional command-line switches. Enter any commands that you want to execute when the script
Automation - PXE or Bootworks environment (DOS/Windows PE/Linux). Click to run the script in the
automation environment. Select a pre-boot automation environment from the drop-down list.
If you select Linux as the OS type, then the Locally on the Deployment Server option will be disabled
and only the Additional command-line switches under the Production Client installed OS(Windows/
Linux) will be enabled.
If you select DOS as the OS type, then the Locally on the Deployment Server option and the Production
- Client-installed OS (Windows/Linux) option will be disabled.
Example Script
The process to convert NT4 from FAT16 to NTFS normally returns a 1 after a successful
completion. Here is an example of the file that is modified to return a code of 0 (which is the success
code recognized by the Altiris Console and utilities). You can make similar changes to your script
files as needed.
CONVERT /FS:NTFS
if ERRORLEVEL 1 goto success
goto failure
:success
set ERRORLEVEL = 0
goto end
:failure
echo Failed
set ERRORLEVEL = 1
goto end
:end
Copy File
Copy all types of files to managed computers. You can send selected files or directories to a
computer or computer group.
1
Click either the Copy file or Copy folder option. Click Copy sub folders to copy all subdirectories.
Enter the directory path and name of the file or directory. The Source path defaults to the
Deployment Share, but you can type or browse to another file or directory.
To copy files or directories through Deployment Server from the Deployment Share, you can
enter a relative path in this field. To copy files or directories directly from the Deployment Share
to the managed computer, you must enter the full UNC path name (see Copy File Advanced
on page 388 features).
387
Deployment Tasks
Note: When entering the source path for copying files through the Deployment Server, you can
only access the shared directories through an established user account. Specifically, you can only
use UNC paths when you have sufficient authentication rights established.
Type the destination path. The Destination field automatically enters a sample path, but you can
enter the directory path that you require. If the destination path does not exist on the destination
computer it will be created.
Click Advanced to specify additional features to copy files through Deployment Server or
directly from a file server. See Copy File Advanced on page 388.
Click OK.
File source logon. Enter the user name and password for the client computer and the Deployment
Share. Both must have the same user name and password (this is not an issue if both are on the same
domain).
Note: Windows 95/98/ME computers have security limitations when copying files directly from the
source to the Deployment Agent using the UNC path name. It is suggested that you use the Copy files
for these types of computers or plan a proper security strategy for
direct copying.
Power Control
Start the computer using Wake-on-LAN or run standard power control options to restart the
computer, shut down, or log off the current user.
1
Select the Force applications to close without prompting checkbox to force applications to close
without saving unsaved data,.
If you use this option, any unsaved data in open applications will be lost. If you do not use this
option, open applications with unsaved data will not close until the user chooses to save or not
388
save the data. As a result, the managed computer will not complete the selected power option
until the user makes a selection.
3
Click OK.
Set Return Codes. See Setting Up Return Codes on page 390. This is optional.
Click the Job Actions drop-down list, and select Copy job/folder.
In the Select a folder dialog box, select a destination job folder, and then click OK.
From the Deployment Web Console, click a job or job folder in the Jobs pane.
Click the Job Actions drop-down list, and select Backup/Restore job. The Backup Job Restore Job
dialog box is displayed.
By default the Backup Job(s) option is selected. Click the Restore Job(s) option.
On the Backup or Restore Jobs(s)/Folder(s) page, enter a path and file name in the File name field,
or browse to the file you want to import. The file must be a valid .bin file or have been created
with a current version of the database schema.
By default the job or job folder name you selected in the Jobs pane is displayed in the Restoring
to selected folder field. If you did not specify a job or job folder, the Deployment Server will
import the file at the root level in the Jobs pane.
Select the Overwrite existing Jobs and Folders with the same name checkbox to replace jobs and
folders with the imported data.
Select the Delete existing Jobs in folder checkbox to delete all the jobs in the folder you selected.
The folder will be populated with the jobs from the imported file. If you did not specify a specific
job folder to import (restore), this option will be disabled.
Click OK. The import file will restore the jobs on the Deployment Server.
To export jobs
1
2
From the Deployment Web Console, click on a job or job folder in the Jobs pane.
Click the Job Actions drop-down arrow and select Backup/Restore job. The Backup Job Restore
dialog box is displayed. By default the Backup job(s) option is selected.
Job
3
On the Backup or Restore Jobs(s)/Folder(s) page, enter a path and file name in the File name field,
or browse to a directory where you want to save the exported file. If you do not enter a file
extension, the file will save with a .bin file extension. Click Save.
389
Select a job or folder in the dialog box, and then click OK.
Click OK. The jobs or folders on the Deployment Server will back up to the file name you
specified.
When creating a task, the Return Codes dialog box will open to allow you to set a response if the
task was successful or to determine a default response if the task failed. Because Deployment Server
returns a 0 (zero) if the task runs successfully, any other return code value denotes some type of
failure in running the task. As a result, in the Success box you can select an action if the return code
is 0 (zero), or select an action in the Default box if the return code is not a 0 (zero).
Return codes are first evaluated to be successful (zero) or failed (non-zero). If the task returns as
successful, then it will run the action in the Success box. If it is not successful, then it determines if
the return code has been assigned a custom code value. If the return code is defined as a custom code,
then the selected action for that custom code is executed. If no custom code is assigned to the return
code, then the action set in the Default list is executed.
Note: If using LogEvent and WLogEvent in Scripts, you can only generate return codes when the
level 3 message is specified. Specifying a severity level 3 will cause the script job to fail and allow
you to respond using this return code feature.
This action will stop the job after the task runs. Subsequent tasks will not run.
Continue.
This action will continue with subsequent tasks in the job after the task runs.
Select a job.
This action will allow you to select existing jobs to run after the task.
These actions also apply to custom return codes designed specifically for your system.
Custom Return Codes
In the Specific return codes area, you can view custom return codes set specifically for your system.
Type a custom code in the Code box, and then select a response action in the Response list. Specify
the interpretation of this return code as Success or Failure from the Result list, and give appropriate
message in the Status field, if required. These custom codes can respond to any return codes set up
in scripts or batch files in the Run Scripts task, or these custom codes can respond to system return
codes thrown from Deployment Server or external codes generated when distributing applications,
personality settings, or disk images. Any task can have custom codes that respond to different return
code values.
New. This lets you add a new custom return code for the task. You can also choose to add the
return code to the Master Return Codes list.
Add Existing Return Codes. This is a list of all the return codes existing in the Deployment
database. You can add, modify, and delete the codes and their values so that setting codes for other
tasks is easier.
Delete. This lets you delete return codes listed in the Other return codes area, but not from the
Master Return Codes list.
390
Initial Deployment
Modify. This lets you modify the return codes listed in the Other return codes area. The changes
you make do not update the Master Return Codes list.
In the Success list, keep the default value Continue. This allows the job to continue running
additional tasks in the job after successfully completing this task.
Select Select a job from the Default list to select a job to be executed when a default condition is
reached. The Select a Job dialog box opens, allowing you to select an existing job that runs if the
task returns a failed system return code (non-zero) or a return code not defined as a custom return
code.
Click the Response drop-down arrow, and select Continue from the list.
Click the Result drop-down arrow, and select Success from the list. This displays that even if the
return code was not zero, success by default, the task will be considered a success as per users
choice.
Enter a description for the return code in the Status field. This is the message that will be
displayed when the task, within a selected job, executes.
Select the Add to master return code list checkbox to add the custom code to the master return code
list. The code is then listed in both, the Other return code and Master Return Codes list. This is
helpful if you want to use the return code again.
Click Apply.
Note: The status of the tasks executed in a job is also displayed in the history of a computer.
Initial Deployment
Initial Deployment is a default job designed to aid in the process of setting up computers that do not
yet exist in the Deployment Database. Initial Deployment lets you define how computers are initially
set up after being identified by the Deployment Server.
You can define various computer configuration sets and deployment jobs to present to the user
during startup, allowing the user to select the computer settings and hard disk images, software, and
personality settings for their specific needs and environment. New computers will appear in the New
Computers group in the Computers pane of the Deployment Web Console.
Initial Deployment is ideal for small-scale deployments (1 to 10 computers). This feature is not
recommended for large deployments (10 to 100 computers) or mass deployments (100 to 5,000)
where you would use virtual computers, customized jobs, and the computer import feature.
Although Initial Deployment is most commonly used on computers that support PXE, you can
also configure a boot disk to run Initial Deployment. In this case, the image deployed must
include automation pre-boot environment so that post imaging tasks can run successfully.
391
Initial Deployment
Installing an Automation Partition on the client computers hard disk will ensure that future
imaging deployment jobs run.
Important: To completely deploy and configure a computer using Initial Deployment, you must
Initial Deployment consists of three dialog boxes with separate features to deploy new computers:
Configurations
Jobs
Options
Configurations
Click the Configurations tab in Initial Deployment to configure different sets of computer properties.
Each configuration set will be presented to the user in a menu. The user will be able to select the
configuration set designed for their environment. Compare the Configuration tab with the Jobs tab.
Important: If you do not create any configuration sets, the deployment process will automatically
set TCP/IP information to use DHCP and will name the computer to match the computers asset tag,
serial number or MAC address (in that order, depending on what is available).
Name the configuration in the Configuration set name field. You will want to provide a
descriptive name that identifies the configuration set for the user.
Click the default Menu item button to select the configuration set that you want to be the default.
Click Timeout after ___ seconds and proceed so that the default job runs automatically after a
specified amount of time.
Jobs
Click the Jobs tab in Initial Deployment to add existing jobs or create new jobs to run on the new
computer. The jobs you add or build using this dialog box will be listed in a menu and presented to
the user during startup. The user will be able to choose deployment jobs to image the computer and
install applications and personality settings. Compare the Jobs tab with the Configurations tab.
Conditions on jobs are limited to the data that can be accessed at the DOS level (i.e., serial number,
manufacturing number, NIC information, manufacturing name, etc.).
1
Double-click Initial Deployment in the Jobs pane drop list. The Initial Deployment page will open.
Click New to build a new job. See Building New Jobs on page 374.
Click the Default menu choice button to select the job as a default.
Select Timeout after ___ seconds and proceed and type the number of seconds to wait before the
computer will automatically start the default job. The default setting is 300 seconds.
392
Initial Deployment
Click OK, or click the Options tab to stop either servers or workstations from running
configuration task sets and jobs automatically.
Options
Click the Options tab to set options to stop Initial Deployment from running the default configuration
task sets and jobs automatically. This will avoid accidental re-imaging or overwriting of data and
applications for either workstations (desktop, laptop, handheld computers) or servers (web and
network servers identified by Deployment Server).
When a computer not yet known to the Deployment Database is first detected, it will be placed in
the New Computers group and run an Initial Deployment configuration set and job. However, in
many cases you do not want web or network servers to be automatically re-imaged without
confirmation from IT personnel.
Servers. Stop servers from automatically running Initial Deployment configuration jobs. Servers are
identified as those managed computers running multiple processors or identified as a specific server
model from specific manufacturers. Example: both a HP Proliant and a Dell computer with multiple
processors will be identified as a server. (Identifying a computer as a server by OS cannot be
accomplished for new computers until the server OS has been installed.)
Select Workstations to force desktop, laptop, and handheld computers to stop before automatically
running Initial Deployment.
Select Process as each agent becomes active if you want to run the job as soon as the computer
connects to the Deployment Server. Use this option for imaging 1 to 5 new computers.
Select Process in batch mode if you want to run the job once a certain number of computers are
connected to the Deployment Server. Enter the minimum number of agents in Minimum agents field.
You can set a timeout deadline so that the job will not run if the number of computers you specify
fail to connect during a certain amount time. Multicast technology sends the image over the network
once, and all of the computers listen for and accept the image, reducing network traffic and
increasing speed. Enter the timeout in Timeout field.
Select Hold all agents until this time if you want to process the job on all computers at a particular time
of day. All clients are held before the task sets. The message states: Deployment server has
instructed Automation to wait.
393
Reference
The reference section provides identification information for command-line switches, return code
values and other detailed information for Deployment Solution components.
Quick Links
Managing Deployment Servers on
page189
Managing Thin Clients on page409
Tokens and Import Files on page429 Set variables to input values from the DS database
into scripts, scripted install files, and more.
Command-Line Switches on
page 436
394
Chapter 21:
395
Deployment Solution is easy to customize for your environment. You can quickly set up a test
environment from a specified computer and remotely install Deployment Agents to each client
computer simultaneously. To move Deployment Solution to a production environment, set up
Deployment Solution components on a single computer or use a distributed model, and then use
Initial Deployment features to automatically install agents directly or through Package Servers. You
can then scale a system and make modifications to meet the needs of your enterprise.
To install only a Deployment Server system, see Installing Deployment Server (page 37) . To install
the complete Deployment Solution system, including Notification Server and the Altiris Console,
see Installing Deployment Solution from the Altiris Console (page 69) . Deployment Solution
components web and Windows can be distributed across multiple nodes on your system or
installed on a single computer.
See Deployment Server Architecture (page 396) and Deployment from Notification Server
Architecture (page 398) .
Note You can install each Deployment Server component on separate computers for a Custom
Install for Deployment Server, or use a Simple Install for Deployment Server to install components
on a single computer.
Deployment Server provides wizards to simplify the most common tasks and drag-and-drop features
to assign and schedule predefined tasks to target computers. Tasks can be executed immediately or
scheduled for later execution. A feature-rich database tracks deployment jobs and ongoing status for
all managed computers.
396
Deployment
Server
Database
Console
PXE
DHCP
1
3
4
8
7
Client to be imaged
System jobs
1. From the Deployment Console a job is created 2. The console sends the job to the MS SQL
3. From the console, the job is scheduled to run 4. The console updates the Deployment Database
397
Client
Access
Point
Deployment
Server
Database
Console
PXE
12 & 16
11 & 15
10 & 13
14
Client to be imaged
System events
9. PXE Server downloads the boot image to the RAM of the
computer (DOS, LAN drivers, autoexec.bat, etc.).
10. The computer executes the commands in the boot image.
and tells the console to check the database for new status.
computer is imaged.
status.
398
Notification Server relies on Microsoft Transaction Services (MTS) and Microsoft Internet
Information Servers (IIS) to execute services across HTTP protocols. It also includes Package
Servers and other built-in features to provide an enterprise-level system that is scalable and
expandable.
Notification Server lets you specify and set up a Notification Server managed computer as a Package
Server (any agent computer running the Altiris Agent software is eligible to be a Package Server).
Package Servers let you distribute your software packagesimages, RIPs, executables, scripts and
moreto different servers across your network to reduce the network load when downloading
packages to each site. It allows you to create the packages in one location and replicate them
automatically to other Package Servers. (See Setting Up Package Servers on page 352.)
Notification Database
The Notification Database integrates data from multiple Deployment Databases and displays it in
the Deployment tab on the Altiris Console. When Deployment is enabled, the DS Agent plugs in to
the Altiris Agent on with the Deployment Server computer to transmit data between the Notification
Database and the Deployment Database at specified polling intervals.
Package Servers
Package Servers allow you to set up Notification Server client computers as distribution points to
disperse software packages. Distributing packages first to a local Package Server and then to the
client computer reduces network traffic. When a managed client computer downloads a package, it
considers the list of available Package Servers as possible sources from which it can download the
package. The Package Server selected for downloading the package is based on availability
parameters, such as proximity and line speed of the source. See Using Package Servers to Replicate
Deployment Jobs (page 351) .
399
For a Notification Server client to be designated as a Package Server, the computer must be running
Windows 2000/XP/2003, Microsoft IIS, and have the NS Client installed.
Altiris Agent
The Altiris Agent is the client software that runs on each Notification Server managed computer,
including the Deployment Servers. Among other duties, the Altiris Agent queries the Notification
Database to identify how often a computer checks to see if there is work to be performed. The Altiris
Agent resides on all Notification Server managed computers and writes to the Notification Database.
This information is then displayed in the Deployment Web Console or in another Notification Server
console.
An Altiris Agent must be installed on each Deployment Server managed by the Deployment view
on Notification Server. A DS Agent will be installed automatically to all Deployment Servers
running an Altiris Agent. The DS Agent extends features of the Notification Server Agent to interact
between Deployment from the Altiris Console and the Deployment Server. In effect, the DS Agent
is a snap-in to the Altiris Agent for Deployment Server integration.
The DS Agent residing on a Deployment Server queries the Deployment Database at defined
intervals to identify updated deployment tasks or computer information. These intervals can be set
globally for all Deployment Server installations or set at different intervals for each Deployment
Server installation. Set these polling and request intervals to manage network traffic and the refresh
rate of Deployment from the Altiris Console. See Setting Up Package Servers (page 352) .
You can also schedule existing jobs from the Deployment tab on the Altiris Console. The
Notification Server Agent sends scheduling and configuration information set in the Deployment
view on Notification Server down to the Deployment Database. This updates the Deployment
Database with scheduling information to run deployment tasks against selected computers.
DS Agent
DS Agent is the client software required specifically for managing Deployment Server. It
synchronizes the Deployment Database with the Notification Server Database and allows the
transmission of data between the Deployment Server system and Notification Server. All
Deployment Servers consolidated in a Deployment Solution system running Deployment from the
Altiris Console must have the DS Agent installed.
Note Both the Altiris Agent and Deployment Agent can reside on the same computer if the computer
is managed by both a Notification Server system and a Deployment Server installation. When both
are installed, only the Deployment Agent for Windows icon appears in the system tray. See the
properties on the Deployment Agent to view properties of the Notification Server Agent.
400
Chapter 22:
401
You can install multiple Deployment Solution systems to keep your images and software packages
close to your managed computers. Administrators at remote locations can manage only the objects
in their local Deployment Server system. From there, each Deployment Server system will replicate
all information to a parent Notification Server to scale both management and inventory capabilities.
From a Regional perspective, an administrator can manage and report on all managed computer
resources in the organization.
Reporting resource data from each region provides central administration and reporting capabilities
to administrators at Corporate Headquarters. This multi-tiered architecture is a common design for
Altiris eXpress systems. This design works well because it can all be installed on one server for a
small company (5-2,500 nodes), for large enterprises (100,000+ nodes), or for organizations with a
combinations of large sites, branch offices, and remote users.
As new offices or users are added, administrators can add new servers to meet emerging needs.
Within the Altiris infrastructure, you simply deploy another Deployment Server or Notification
Server based on your needs, management design, or network topology. You can also add new
solutions to each Notification Server to meet emerging requirements for each network segment or
site.
402
Design Scenarios
Notification Servers can be configured to report any inventory class registered tables to Microsoft
SMS. This means that many solutions, such as Application Metering, Inventory, Deployment
Solution, Asset Control, TCO, Contract Management, and others collect data that can be forwarded
and integrated into Microsoft's SMS database. Inventory data can also be reported to multiple
Notification Servers for environments that require it (backup/redundant servers, reporting servers,
etc.).
See About Deployment Solution Hierarchy (page 412) .
Design Scenarios
To constrain environment variables when evaluating different design strategies and to provide
comparable data for optimization and scalability practices, example scenarios of organizational
types are used throughout this guide to standardize environmental variables and provide a structure
for baseline statistics. Generic organizations are used to reference standard practices and illustrate
common problem areas for each solution or combination of solutions in the Client Management
Suite.
403
Design Scenarios
The two-tier model has direct management through both Notification Server (and the Inventory, SW
Delivery, App Management, and other solutions) and Deployment Solution for day-to-day
management of local computers from both regional and local branch offices.
Notification Servers
Notification Servers will be located at each regional office:
Each Notification Server has its own database, although these databases can exist on a common
Microsoft SQL Server.
Dial-up users will access the Notification Server at designated regional offices.
Package Servers will reside in each branch office. A Deployment Server at the regional level will
manage multiple small branch offices.
Deployment Servers
Deployment Servers will be located at the branch offices:
One Deployment Server will reside in each branch office with a Package Server.
Deployment Server shares will be set up on a storage device (file server, network attached
storage). Images, RIPs, Personality packages and large Software Delivery packages will be
placed on the storage device.
Inventory Solution
Inventory will flow up from individual computers to the assigned Notification Server.
SW Delivery Solution
SW Delivery will be the primary method of package distribution to dial-in users and to
Deployment Servers.
Package Servers are distribution points for the Notification Server. Packages will be
automatically distributed to the Package Servers (PS). Clients will access packages from the
closest package server.
404
Design Scenarios
Common design scenarios are included within the comprehensive three-tier model. The basic
organization includes a main campus, small and large remote locations, and itinerant users that
connect across the WAN. This organizational model breaks down into three basic subordinate
models:
1
Enterprise model represents a large organizational setting with many hundreds or thousands of
client computers on multiple subnets in a single location. It has few eXpress servers managing
many computer resources.
Large Branch model represents international offices or other remote locations with many
employees with an IT technician on site.
Small Branch model represents geographically dispersed offices within an organization. These
branch offices contain few employees and do not have an IT technician on site.
The Dial-up model represents traveling users who connect sporadically to download data,
drivers, and applications from the central office.
This guide applies Altiris solutions to the three-tier model scenario and identifies problem areas for
each identified solution across large and small Branch models, Enterprise, and Dial-up scenarios
represented in the example.
405
Design Scenarios
To plan a strategy for your organization, identify a model (Enterprise model, Branch model, Dialup model, etc.) defined within this comprehensive example and extrapolate differences in specific
environmental variables for your organization.
Notification Servers
Notification Server installations will be located at headquarters for central reporting and
management of dial-up users, at each large international site, at a regional site to manage small
branch sites, and at the main campus.
Each Notification Server has its own database, although these databases can exist on a common
Microsoft SQL Server.
One Notification Server will be used to manage all remote branch offices and one will be used
to manage the main campus.
One Package Server will reside in each small branch office. A Deployment Server at the regional
level will manage multiple small branch offices.
Important Inventory data flows from the lower level NS servers to the Central Reporting
Notification Server. In the Notification Server 5.5. product, there is no downward flow of
collections, packages, advertisements, or policies from the Central Reporting Notification Server
to the lower level NS servers.
406
Design Scenarios
Deployment Servers
Deployment Servers will be located at multiple locations:
There will be multiple Deployment Servers and Package Servers on the Main Campus.
Deployment Server shares will be set up on a storage device (file server, network attached
storage). Images, RIPs, Personality packages and large Software Delivery packages will be
placed on the storage device by a TBD process.
For international locations, Package Servers will be set up on the eXpress share on the
Deployment Servers. Images, RIPs and Personality packages will be distributed to the eXpress
shares using SW Delivery Solution on Notification Server.
Inventory Solution
Inventory will flow up from individual computers to the assigned Notification Server.
Inventory data will be forwarded to the Central Reporting Notification Server for centralized
reporting.
SW Delivery Solution
Deployment Server will be the primary mechanism for imaging and for migration of images, user
data and settings to managed computers.
For headquarters and large branch locations (international sites), Deployment Servers will act as
the Package Servers. SW Delivery Solution will be used to deliver images, personality packages
and RIPs to the Express shares on the Deployment Servers.
For small branch sites, images and personality packages will be distributed to the storage devices
using an existing system. Deployment Server will then deliver images and collect and deliver
personality packages from and to the managed computers at the small branch sites.
Installation Variables
This section allows you to identify some of the variables that must be considered when designing an
Altiris system for each organization. These values must be established to determine optimization and
scalability design strategies and configuration settings.
The major design and scalability variables in designing a system are listed in order of importance.
For example, when there is enough RAM, then CPU speed and processing power will affect
throughput:
1
RAM
CPU
407
General Guidelines
Bandwidth
Network Bandwidth
Network Speed
Number of Network Segments
Network topology
Number of Network Domains
Number of computers per domain
Wireless nodes
VPN connections
Dial-up connections
Altiris Servers
Processor speed
Type and number of processors
RAM
Type of OS
Deployment Packages
Average size of package
Average number of packages
Database location and configuration
Frequency of Reports
History collection
Notification Server placement
Database size
Nodes in database
Number of NSEs reporting to a central Notification Server
SQL 7 or SQL 2000 (with support packs)
Type of connections: Direct LAN, wireless, Dial-up, VPN
Transport time to Package Servers
Deployment Server placement
Database size
Nodes in database
Number of Deployment Servers reporting to eXpress servers
Total Number of clients being rolled up to NS
Size of packages used
Transport time to Package Servers
General Guidelines
This section provides general recommendations for designing, optimizing, and scaling information
for Deployment Solution.
408
General Guidelines
Database Recommendations
Database placement, configuration, and sizing constraints are important when designing a scalable
system for Deployment Solution. This section provides recommendations for configuring and
placing Microsoft SQL Server databases in your system.
Available RAM to SQL Server
Limit the available amount of RAM in the system to 65% available for SQL Server.
If SQL is going to be run on the same computer (which is recommended for best performance on
servers managing clients), limit SQL usage to 65% of the total available RAM. This will optimize
your system with the correct balance of processing power for the Microsoft SQL Server while
allowing you enough processor power for other services and applications. In a large environment,
SQL Server performance is enhanced with 3GB or more of RAM total.
SQL Server Enterprise Edition can use up to 4 Gb of RAM and supports additional processors.
Database Size and Disk Space
In designing an Altiris eXpress system, you first need to estimate the size of your database. MS SQL
has a default ability to automatically grow the database as needed. While this is helpful if you run
out of space in the database, it usually means that SQL server will start to partition the database and
will soon become fragmented all over your server's hard drive. This will drastically affect your
server performance. Starting with a drive that's been defragmented and automatically assigning the
drive space for your database will help performance a great deal.
The following is a quick recommendation for estimating the database size:
Install your Notification Server and check the database size. Do this by highlighting the database
within SQL Enterprise Manager, usually AeXNS. Click on AeXNS > right-mouse click > Properties
to see the actual database size and how much space is available.
You can then use the NSE Generator, located on the Technical Resource Kit, to generate some NSE
inventory files (NSE Generator has its own documentation). Create 50 NSE files and once they have
all been processed, check the properties to see how the database has grown. Generate another 50 and
see how it grows again. Then extrapolate your size by taking the increased growth for 100 PCs times
the number of managed computers (count by 100, 2000 PCs = 20 X 100) and multiply by 2 to give
yourself room for other data gathered besides inventory (e.g., Application Metering, Inventory, and
other installed solutions).
For example: 9MB (growth of DB for 100 PCs) X 42 (4200 clients) X 2 = 756 or approximately
750MB of disk space.
Go back into Properties, click Data Files and edit the Space allocated (MB) field to read 750. Then
clear the box below marked Automatically grow file under the File Properties section. This will grow
the database to 750MB now. When you have reached that limit, instead of letting SQL automatically
409
General Guidelines
grow the size of the database and start to defragment it all over your server's hard drive, you will
receive a SQL error. You can then defragment the drive, go back into Data Files and increase the
size again.
Going back into the Properties dialog box, you can now see that the database size has been changed
from 23MB to 753MB.
Memory
Microsoft has designed SQL Server to use any and all available memory that it can take. This
includes swap space and RAM. If SQL Server is the only application running on your server, and
you have 1 Gb of RAM, it will use all of it. It's made to release memory as other processes load and
need resources. This memory grabbing, however, is very taxing on the utilization and performance
of eXpress servers. Swapping information to disk is obviously a huge performance consideration as
well.
There are two basic ways to lock down the amount of memory SQL will use on your server. The first
is to assign a range of RAM that SQL will automatically use if necessary, trying to use the least
amount specified but using the maximum defined amount. The second one is to assign a fixed
amount of RAM to use. This is our recommended option.
To calculate how much RAM you will need, divide your server RAM in half and assign it to the SQL
Server. We recommend at least having 512 Mb of RAM in your server, leaving 256 Mb for SQL.
Click on the Use a fixed memory size (MB) setting and set the value to half of your RAM. Then select
the Reserve physical memory for SQL Server check box. This option will assign the above RAM as the
only memory available for SQL processes. This will prevent SQL from swapping information to
disk and only use the above memory for all transactions. This will drastically increase performance.
410
Multiple Deployment Server sites can be managed and integrated using the Deployment view on
Notification Server. This web-based management console acts as a second-level user interface that
consolidates administration of multiple Deployment Server sites and allows integration of multiple
software solutions, including Package Servers. For IT management of multiple Deployment Server
installations, the Deployment view on Notification Server furnishes complete reporting, scheduling,
package distribution, and solution integration across the organization.
411
for the Deployment on Notification Server, which requires communication between the Deployment
Database and the Notification Server Database. Polling intervals are set to send updates between the
two databases.
Scalability margins and optimization values are provided primarily for two separate network
transactions within the Deployment Solution system:
Data transmission from Deployment Server to Notification Server. Data packets with
deployment tasks (events), computer information, and scheduling information are transmitted
from multiple Deployment Server databases to a central Notification Server database to be
displayed in the Deployment Web Console.
412
Direct, real-time management over the LAN is performed from the Deployment Server Console in
a Deployment Server installation. When the organization grows, more Deployment Servers are
added to manage growing network segments. To integrate and centralize management of
Deployment Server systems, you add the Deployment view on Notification Server and combine
other web solutions for a complete Altiris system.
Each level of management both centralizes and expands your deployment and reporting capabilities.
Integrating Windows and Web solutions allows you to scale vertically to centralize Web reporting
and management, while extending laterally with new network segments and sites. Systems can be
scaled to conform to geographical location, network topology, company organization, remote access
needs, and additional requirements unique to each organization.
Deployment Solution performs tasks specific to each level of IT administration across your
organization. At a local level, IT technicians remotely deploy and manage computers across the
LAN using tools and applications in Deployment Server. At a district level, IT managers can access
and manage multiple Deployment Server installations and centralize deployment tasks. And at the
corporate level, additional inventory, help desk, and asset reports can be generated for executive
planning.
At a LAN level, an IT technician can manage in real-time thousands of computers per Deployment
Server installation. IT personnel can perform low-level, real-time deployment tasks for large or
small LAN segments. Throughout their lifecycle computers can be installed, configured,
reconfigured, and retired. Each Deployment Server installation can manage high-density server
farms, desktop computers across multiple domains, and remote handheld and notebook computers
for specified network segments or sites.
At a district level, another level of management can be established using the Deployment view on
Notification Server to centrally view, report, and deploy computers across multiple Deployment
Server installations. From a central IT location, standard packages can be built and automatically
distributed, reports can be generated for all sites, and additional solutions can be integrated.
From the corporate office level, a third level of control and reporting can be added by integrating
Helpdesk Solution, TCO Mgmt (total cost of ownership management), Asset Management solution
(for non-computer assets), Inventory Solution, and other Altiris eXpress solutions.
413
414
Test Results: 25,000 managed computers (5 DS x 5,000 managed computers) can be managed by
a single Deployment on Notification Server.
415
Best Practices
The following are recommendations to assist in optimizing and scaling Deployment Solution
components:
Consoles
With many clients being managed, performance may be affected by the number of open
consoles.
Recommend a Deployment Server per site or network segment to optimize bandwidth, PXE
connections, and other limiting factors.
Installations of 1,000 clients per server or less can use MSDE. Larger sites should use Microsoft
SQL Server.
Deployment Server installations that are initially deployed from within NS should not cause a
performance impact. (It was reported anecdotally that one company successfully rolled out 50
Deployment Servers around the country from a single Notification Server in approximately 1 hour.)
416
Chapter 23:
A native Linux and Unix agent, called ADLAgent, in the Linux production and automation
environments.
This section contains considerations you must be aware of when managing Linux and Unix systems,
and contains the following topics:
ADLAgent
ADLAgent is the client software which provides connectivity to Deployment Server from Linux and
Unix. It can be installed on any of the supported platforms, and is
Supported Platforms
The following Linux and Unix platforms are currently supported by ADLAgent:
Red Hat 8, 9
ADLAgent is also supported in the Fedora Linux automation environment provided by Altiris.
Agent installation binaries are located in C:\Program Files\Altiris\eXpress\Deployment
Server\Agents\ADLAgent. The following binaries are provided:
Agent
Architecture
altiris-adlagent-*.i386.bin
altiris-adlagent-*.ia64.bin
Intel Itanium
altiris-adlagent-*.x86_64.bin
AMD Opteron
altiris-adlagent-*.sunOS.sparc.bin
Solaris (SPARC)
417
Distributing Software
Distributing Software
The software distribution task now supports a number of Linux and Unix filetypes. When using this
task with these formats, the file is copied to the system, extracted, The configure script is executed
(./configure) then the make install command is executed.
A large number of software packages can be installed using this process. If you have software which
requires configuration beyond this, or if you are using a package management system, use a file copy
task along with a shell script to install the software.
Linux Bootloaders
There are a few considerations you must use to preserve the functionality of Linux bootloaders. First,
if your bootloader is located on a reiserfs partition, you must use the -raw switch when imaging this
partition to preserve the structure.
Second, if you are using an automation partion, your MBR is modified to boot this partition. If you
install a new version of a bootloader, your MBR is modified and you might not be able to access
your automation partition.
If this occurs, you can reinstall the automation partition. To prevent this, do not update any software
which modifies your MBR without uninstalling the automation partition first. The automation
partion can be reinstalled after the software update.
418
Chapter 24:
Deploying Scripts
Altiris Deployment Solution provides a number of pre-defined tasks you can combine to create
complex management jobs.
When you need to perform a management task that isnt covered effectively by the predefined tasks,
DS provides an environment to pre-process, deliver, and execute VBScripts, batch files, and shell
scrips. These scripts have access to the full processing capability of the OS command processor, as
well as several additional features provided by Deployment Server:
Access to your eXpress share and any other network resources available in the production or
automation environment.
Intelligent access to values stored in your DS database. DS retrieves values based on the
computer currently running the script, so a single script can provide unique values for 1000s of
computers.
When creating a script, you target it for the automation or production environment, and specify the
OS for the script. When a scripting task runs, the server pre-processes the script for database tokens,
delivers and executes the script, then returns any error messages generated by the script.
Using the flexibility of tokens and the processing power of the command processor of your OS, you
can develop and deploy scripts ranging from a simple file search to a full system customization.
The following diagram illustrates how scripts are processed by DS. Each step of this process is
discussed in greater detail in this section:
This chapter discusses how to effectively create and deploy scripts in your DS environment.
419
Writing a Script
Writing a Script
Scripts can be deployed to the DOS, WinPE, and Linux automation environment, or to the Windows
or Linux production environment. Unlike other tasks, the scripts you write vary greatly depending
on the target environment and OS.
The core of each script you write uses the functionality provided by the command processor of your
OS. There are utilities and commands for each environment to perform a broad range of management
tasks.
One of the biggest advantages to deploying scripts using DS is that a script is processed
independently for each computer. Database values specific to each computer can be retrieved using
the same token in your script, saving you from polling the computer and executing a database query
before you can perform a task. The same %COMPNAME% token can provide a unique value for
each computer that runs this script.
When a script is processed, DS first parses each script for two things: tokens, and predefined server
scripting commands. Tokens are replaced, then additional action might be taken based on the
commands found before the script is delivered to the target.
The predefined server scripting commands are keywords defined for replacing tokens in other files,
running vbscripts, performing scripted installs, unloading BootWorks, and a special deployment
command for Blade servers. These additional keywords are discussed in the Server Scripting
Commands section.
Flag
Location Used
REM
Batch files.
REM [servercommand]
# [servercommand]
[servercommand]
Command
Description
BootWorks Unload Unloads BootWorks to provide additional memory for complex scripts.
ReplaceTokens
ScriptedInstall
Indicates that this script is launching a scripted install. 394k of free memory
is required for the Windows scripted install to run. BootWorks is
automatically unloaded for scripted installs.
ScriptedInstall
420
Writing a Script
Command
Description
Deployment Start When using blade servers, this option places a note in the history to mark a
starting point.
If a redeployment is later executed on this computer, the computer is
restored from the deployment start mark in the history.
Deployment Start
vbscript
Indicates that this script contains vbscript. If this appears anywhere in your
script, the entire script is executed as a vbscript (you cannot execute batch
commands and vbs commands in the same script).
The comment flag is always used with the vbscript server command when
writing Visual Basic scripts to ensure that it is ignored by the VB processor.
vbscript
When replacing tokens, the server creates a temporary file in the \tmp folder, named machinename
with the same extension as the original script. This file contains a copy of the script with all token
replacements made by the server, and is a valuable tool for troubleshooting.
After replacing tokens in the script itself, the server processes the next command in this script:
ReplaceTokens. Since the token replacement process already replaced the compname token, the
ReplaceTokens command works as expected and creates a unique system.inf file for each computer,
containing values unique to that computer.
The script is then delivered to the client, and the Firm utility finds the correct file on the eXpress
share to copy to the production drive. A similar process can be used to deploy configuration files to
Linux computers, as a large number of Linux configuration files are text-based.
If you perform Linux configuration often, you might want to set up an additional database containing
common configuration values you can retrieve using tokens.
If we marked this script to execute on the server, the initial token replacement still contains the name
of the computer targeted by the scripting task. However, the command in the second line fails
because the server looks for the paths specified by Firm on the server, not the client.
421
Reporting Errors
This is valuable when you want to retrieve tokens specific to a number of computers, but the script
can execute successfully on the server. This can relieve network traffic and prevent interruptions on
managed computers.
However, when a script runs server-side, the script is executed separately for each computer
assigned to the task. A task assigned to 500 computers causes any server-side scripts in the task to
execute 500 times on the server. If you have processor intensive commands, you might want to avoid
server-side execution to prevent disruptions on your server, or perform the task during off-hours.
Also, when running scripts server-side, avoid commands that require interaction. The DS service
does not have interaction with the desktop, so there is no way to provide even simple feedback in
scripts that run server-side.
Reporting Errors
One of the biggest challenges when running scripts is implementing effective error reporting and
feedback.
In DS, every task has the ability to handle error codes returned from a job, and take action based on
this code. By default, a scripting task returns a 0 for success, and a 1 if the script fails to execute.
This might be sufficient for a simple script, but scripts can often execute successfully yet still fail to
perform the intended tasks.
Additionally, if you create a batch file with three commands, the status reported on completion is the
status of the final command in the script. The first two commands might return errors, but if the final
command is successful you receive a status of success.
To provide additional feedback when running scripts, Altiris provides an error logging utility, called
logevent, for DOS, Windows, and Linux.
This utility lets you send error, warning, and informational messages back to your server from within
scripts, and job execution can be stopped based on the messages you return.
When executing scripts, it is important to note that DS cannot stop script execution directly; DS
delivers the script and returns the execution status, but the OS handles the actual execution. DS does
not automatically stop script processing when an error is encountered, you must provide that logic
in your script.
Usage:
LOGEVENT
Logevent
Parameter
Description
[-c:#]
[-l:#]
[-ss:Msg]
[-n:Prog]
422
Reporting Errors
On DOS, events are queued until the script completes, then they are returned to the server. The
Windows and Linux utilities return messages as soon as they are encountered.
The following script uses GOTO commands to control how a script is processed based on the
outcome of executed commands, and uses logevent to return the script status:
@ECHO OFF
REM Call requestNewHardware.exe. This fails and returns an error.
requestNewHardware.exe
IF ERRORLEVEL 2 GOTO TWO
IF ERRORLEVEL 1 GOTO ONE
GOTO END
:TWO
LOGEVENT -c:2 -l:3 -ss:Bad command or file not found.
GOTO END
:ONE
LOGEVENT -c:1 -l:1 -ss:Error 1.
:END
423
Reporting Errors
Similar to Visual Basic script, Linux provides a powerful method to track error values. When
running scripts on Linux, use logevent to report the status to the server after you have used the builtin mechanisms to retrieve errors.
The following script contains an example of error handling on Linux:
#!/bin/sh
export PATH=$PATH:/opt/altiris/deployment/adlagent/bin
grep foo foo.txt
ERRVAL = $?
if [ $ERRVAL -ne 0 ]; then
logevent -c:$ERRVAL -l:3 -ss:error executing grep"
fi;
424
Chapter 25:
Modify Computer Configuration (the computer name and TCP/IP Setting only)
Distribute software (.CAB and .EXE files)
Execute and run scripts (DOS and WIN batch files) *no VBS support
Copy files and directories
Create disk images
Distribute disk images
Remote Control clients (24 bit color depth only. No chat or send file features)
Power Control (restart/shutdown/wake up jobs)
Set computer properties
Create conditions to run jobs and filter computers
Modify client properties via Windows and Linux agent settings
425
Model
Fujitsu-Siemens
HP
HP t5000 thin client series, which includes the t5300, t5500, and
t5700 clients. Thin clients come pre-installed with Windows XP
Embedded, Windows CE .NET, or Linux, depending on the
model of the device. All HP thin clients come pre-installed with
the Deployment Agent.
Neoware
CapioOne G150 and Eon E100 series thin client models. The
thin clients come pre-installed with Windows XP Embedded,
CE. Net 4.2 or 5.0, or NeoLinux. All Neoware thin clients come
pre-installed with the Deployment Agent, but if your device is
missing the agent, contact Neoware for a Snap-In.
426
Some of the tasks Deployment Solution tasks that are impacted by the Enhanced Write Filter are
certain deployment jobs, and installing the Deployment Agent for Windows. Other tasks such as,
creating and distributing images, and modifying the configuration (computer name or IP address)
already have scripts to handle EWF. These jobs disable EWF first, run other scripts or tasks, and then
re-enable EWF as the last step of the deployment job. This ensures that data written to thin clients
during the deployment job will not be lost when clients reboots.
For example, from the Deployment Console in the Jobs pane, located in Samples > Windows XP
is a job called Create Disk Image. The script reads as follow:
Embedded,
Notice that the first line item disables the Enhanced Write Filter, and the second line item checks to
verify that EWF is disabled. The Create Image task creates a copy of the thin clients image and stores
it in the Images folder on the Deployment Share. When the image task completes, the Enhanced
Write Filter is re-enabled, and the thin client reboots. Because this script handles EWF
automatically, thin clients can be managed from the Deployment Console without concern that data
tasks will not be saved to managed thin clients.
When creating your own Deployment jobs, use the Samples in the Job pane of the Deployment
Console to help you create your own scripts to handle EWF automatically. If EWF is not disabled
and enabled properly, after you run a Deployment job, the next time a thin client reboots, data will
be lost.
See also: Building and Scheduling Jobs (page 154) , Deployment Agents (page 118) .
Filter. See the Sample Jobs folder in the Jobs pane in the Deployment Console for examples, or
contact Neoware.
Switch
Description
-all
-disable
427
Switch
Description
-enable
-commitanddisable
The following are a few examples of how to use the ewfmgr.exe program.
Example
Description
ewfmgr -all
ewfmgr c: -disable
ewfmgr c: -enable
Although the enhanced Write Filter manager can be run from a thin client, it is more efficient to
include it as part of your Deployment Job.
Windows CE .NET
Microsoft Windows CE .NET is designed for a broad range of intelligent hardware devices that
require a small-sized operating system, and usually run disconnected from other computers.
Window CE .NET can run on multiple processors, supports Win32 Application Program Interface
(API), and runs in Realtime right out of the box. Application developers can choose from a wide
range of modules and components, creating small image footprints booting the basic image from
350KB.
Deployment Solution lets you mange thin clients running Windows CE .NET from a centralized
location, but the Deployment Agent for Windows CE .NET must be installed on each device. Many
of the thin clients supported by Deployment Solution come pre-installed with the Deployment Agent
and can be managed after they are connected to the network. However, due to limitations of the
Deployment Console, you cannot push the Deployment Agent for CE .NET to thin clients running
the Windows CE .NET operating system. Rather, you must run the Deployment Agent installation
from the thin client directly. See Deployment Agent on CE .NET (page 129) .
Linux
HP and Fujitsu-Siemens distribute their own proprietary versions of Linux for thin clients supported
by Altiris. Contact the manufacturer for more information.
428
Chapter 26:
Leaving the job name blank will not assign the computer to any job.
Leaving the start time blank will make an entry in the job for the computer, but will not schedule
it for a specific time.
You can populate your computer database using the format provided below. The Import Computers
text file can then be imported into Deployment Solution using the File > New Computer > Import or
File > Import/Export > Import Computers.
Tips for creating a new computers import file
When using Boolean references, do not use quote marks. These fields are marked with a B:
1=On/True and 0=Off/False.
For some fields, this input format supports multiple IP Addresses, delimited by a ; (semicolon)
within the field. These fields are marked with a (;).
For example the gateway field could read, 30.11.11.2, for a single IP address
or, 30.11.11.2;30.11.11.3;30.11.11.4, to support three IP addresses.
All fields (up to and including site) must be present in the file, but all data except for Name
is optional.
To use optional fields for multiple network adapters, the preceding fields are required. For
example, to use Nic3 fields, all fields for Nic2 are required.
For Deployment Server to read the import text correctly, make sure there is a final hard return at
the end of the file.
429
System Tokens
System Tokens
These are variable tokens that can be inserted in scripts (see Run Script on page 177) or answer
files (in Scripted OS Install on page 167) to extract information from the Deployment Database.
For example, the token named %ASSETTAG% contains the asset tag of a computer. Tokens are
most commonly used when creating custom scripts (using the Run Script Task) or answer files when
doing unattended operating system installations. The custom script is unique to the computer in
which it is applied.
The following table lists all of the predefined system tokens supported by Deployment Solution 5.6
or higher. System tokens are case sensitive. The percent symbol % at the beginning and end of
each token is part of the token name and must be included.
Token
Description
%ASSETTAG%
%BWIPADDR%
%CALLINGJOBNAME%
The name of the job that called this job (as used when
Setting Up Return Codes) or the name of this job if not
called by another job
%COMPNAME%
%CONTACT%
%DATE%
%DEPT%
430
System Tokens
Token
Description
%DOMAIN%
%DOMAINOU%
%DSSERVER%
%EMAIL%
%ID%
%IPNAME%
%JOBNAME%
%JOBUSER%
%LDAPDOMAINOU%
%MAILSTOP%
%MANUF%
%NAME%
%NETBIOSDOMAIN%
%NICyIPADDR%
%NICyIPDNSx%
%NICyIPGATEWAY%
%NICyIPHOST%
%NICyIPNETMASK%
%NICyIPWINSx%
%NICyMACADDR%
%NODEFULL%
%NODENAME%
%NWCONTEXT%
%NWSERVER%
%NWTREE%
%OS%
%OSTYPE%
%PHONE%
431
Token
Description
%PROCDESC%
%PROCSPEED%
Processor Speed
%PROCCOUNT%
%PROD_LIC%
%RAMTOTAL%
%SERIALNUM%
%SITE%
%TIME%
%USER_NAME%
%UUID%
If a job using the above script was assigned to the PC-1 computer (with the computer_id of 500001),
the values specified are located in the database and displayed on the clients computer. The message
display shows the DS database search results.
Users Display Message
C:\
This computer has 213 MB of free RAM
Press any key to continue...
432
To meet the demands of this challenge, Deployment Server has the ability to automatically create
and distribute a unique text file to meet these needs. This process is known as the Token
Replacement Process.
The token replacement process is accomplished using a template (reference) file which is
automatically customized as needed through the use of tokens (variables) and saved as a unique file.
This unique file is then sent to the individual computer. (See Figure below.)
Tokens
An Altiris token is a type of variable that can be replaced with unique data from the Deployment
Server database. Each computer can have its own unique value for each token. For example, the
token name of %NAME% stores the name of a computer being managed as seen in the Deployment
Server console view, while the token name of %DOMAIN% stores the Microsoft Workgroup/
Domain a computer belongs to. Depending on the individual computer, there may or may not be a
value stored in the Deployment Server database for every possible token.
Token names are case sensitive.
See System Tokens on page 430. for a list of tokens available.
The template file needs to be saved in the Deployment Server directory or in one of its
subdirectories. For example, the template file may be saved in the \Deployment Server\temp
directory.
By default, the Deployment Directory is located at C:\Program
Files\Altiris\eXpress\Deployment Server and is the directory where Deployment Server was
installed. It is also referred as the Deployment Share.
433
The template file (in this example - Sysprep.inf) is created with the necessary tokens and is
placed in theDeployment Server\temp subdirectory.
The template file (Sysprep.inf) is examined and all of the tokens are located.
The unique token values for each computer are located in the Deployment Server database and
are used to create a new file for each computer.
The tokens in the new files have now been replaced with their applicable values and the files are
saved in the Deployment Server directory path specified in the task.
The name of the new file created is determined by a token variable used in the task allowing each
new file to have its own unique name.
Each unique file is then copied to the applicable target computer. As the files are copied, they are
renamed back to the correct name needed. In other words, all of the computers will end up with
a file by the exact same name (this may or may not be needed depending on what this process is
being used for.)
The destination of the file on the target computer and its final name are determined by the Run
Script task in the Job.
Custom Tokens
Custom tokens can be defined in a script or answer file to extract data from any MS SQL Server
database table. This is most commonly used when creating custom tables to store additional
computer inventory information. This token replacement feature allows you to specify any SQL
database, look up a specified value, and replace the custom token with the value from the selected
database (whether it resides on the local computer or not).
Syntax One
%#Alias^!table name@column name%
%
#
Alias
Specify the alias for an external database set up in the Tools > Options > Custom
dialog box. See Custom Data Sources options on page 99.
When used, this will provide the information and credentials to gain access to an
external SQL database. If the Alias option is not used, the values will be obtained
from the same Deployment Server database the Job containing this token is
using.
Indicates that this is a global identifier token. All tokens by default will be
looked up using the Computer_ID value for which the token ID is being
replaced. This global identifier tells Deployment Solution to NOT use the value
in the computer_ID column. Instead, it will use the first value found in the
specified table.
434
Custom Tokens
Specifies that the following text is the table name in the Deployment Database.
This field is required for all user-defined tokens.
Specifies that the following text is the column name in the table. This field is
required for all user-defined tokens.
Examples:
To return the names of the computers:
%#!computer@computer_name%
To return the color column from a custom database and table that has the computer_id column in it:
%#DBAlias!table@color%
To return the color column from the first record from a custom database and table:
%#DBAlias^!table@color%
Syntax Two
%#Alias*SQL query statement%
Examples
To return the names of the computer with an SQL statement:
To return the color column from a custom database and table with a computer_id column:
%#DBAlias*SELECT color from table where computer_id = 1234567%
To return the color from the first record from a custom database and table:
%#DBAlias*SELECT color from table%
435
Chapter 27:
Command-Line Switches
This section provides detailed information about command-line switches for specific executables
within Deployment Solution.
Job Utilities
The Job Utility applications allow you to import, export, create and schedule jobs from the
command line. Each action is performed from separate binaries installed in the Deployment Share
file directory.
axExport.exe Exports jobs from Deployment Server. See Job Export Utility (page 436) .
axImport.exe Imports jobs in to Deployment Server. See Job Import Utility (page 437) .
axEvent.exe Creates jobs in Deployment Server. See Create Job Utility (page 438) .
axSched.exe Schedules jobs in Deployment Server. See Schedule Job Utility (page 439) .
axComp.exe Imports computers to the Deployment Server from a DOS mode. Axcomp allows
you to import .csv and .txt files that are in a comma separated format. ImportComputers55.txt in the
Samples folder off of the eXpress share is an example of the format needed. There are various
command-line options available depending on whether the user is in a Trusted or Non-Trusted
account environment. See Import Computer Utility (page 440) .
Each utility connects to the Deployment Server Database to perform specific operations. As a result,
the appropriate ODBC and security rights are required. Each job utility supports the /o /d /u /p
switches.
The /o option (ODBC datasource) allows connectivity to the Deployment Server SQL database
using a different DSN. By default the standard Deployment Database DSN is used. This is helpful
when connecting to a second system from a common machine.
The /d /u /p options can be used if no DSN is set up for a particular server. However, the SQL driver
must be installed for any of these utilities to work. Each utility has the /? switch to display the
version of the utility and all command line options.
/f <folder-name>
/e <job-name>
Job to be exported
436
Job Utilities
/s
/i
/y
/dsn <odbc-dsn-name>
/d <db-server>
/u <db-user>
/db <db-databaseName>
Database name
/p <db-password>
/lu <login-user>
/lp <login-password>
Example 1:
axExport /s /i backup.dat
Example 2:
/f <folder-name>
/r
/n
/o
/y
/dsn <odbc-dsn-name>
/d <db-server>
/u <db-user>
/db <db-databaseName>
Database name
/p <db-password>
/lu <login-user>
/lp <login-password>
Note When new jobs are created in a console, by default, Deployment Server will notify all other
consoles that changes have been made so they can refresh and show the newly imported jobs. If
several batches of jobs are imported, the '/n' option should be used until the last batch to reduce the
amount of refreshes performed.
Example 1:
axImport /r backup.dat
437
Job Utilities
Example 2: Restore jobs from a backup file into pre-created folder (named Test Jobs).
axImport /f "Test Jobs" backup.dat
/tci <filename>
/tdi <filename>
/tds <filename>
Distribute software
/tbr <path>
/trr <path>
/trs <path>
Run Script
Copy file
/tgi
Get Inventory
/tre
Restart
/tsd
Shutdown
/tlo
Logoff
Options
/a
/r
/x <parameters>
/f <folder-name>
/i
/w
/lnx
/n
/nc
/de
/y
/dsn <odbc-dsn-name>
/d <db-server>
/u <db-user>
/db <db-databaseName>
Database name
/p <db-password>
/lu <login-user>
/lp <login-password>
438
Job Utilities
Note: To use the Run Script option (/trs), a script must be created in a file first. Then if you want the
script to be embedded, include the /i option. Otherwise, the task will link to the script filename.
Example 1: Create a Job that makes an image of a computer named "Oscar" and run it immediately.
axEvent CreateOscar /tci .\Images\oscar.img
axSched oscar CreateOscar /t "2000-12-31 08:00"
Example 2: Shutdown Oscar's computer right now.
axEvent Shutdown /tsd
axSched oscar Shutdown /t "2000-12-31 08:00"
Example 3: Run a Windows program on all computers right now. (Calc.exe is the only line in
script.txt.)
axEvent /w /i RunCalc /trs script.txt
axSched oscar RunCalc /t "2000-12-31 08:00"
Example 4: Create a Job (named Win2000 and Off2000) that reimages a computer with Windows
2000 and deploys an Office 2000 Rapid Install Package.
axEvent "Win2000 and Office 2000" /tdi .\Images\w2000.img
axEvent "Win2000 and Office 2000" /a /tds .\RIPs\off2000.exe
To then migrate Oscar to Windows 2000:
axSched Oscar "Win2000 and Off2000" /t "2000-12-31 08:00"
/t <yyyy-mm-dd hh:mm>
Time to schedule
/n
/f <folder-name>
/q <filename>
/y
/dsn <odbc-dsn-name>
/d <db-server>
/u <db-user>
/db <db-databaseName>
Database name
/p <db-password>
/lu <login-user>
/lp <login-password>
Note: The format for <time> is yyyy-mm-dd hh:mm. If the date is omitted, the current date is
assumed.
439
axengine.exe
If the /t switch is not used, the job is assigned to the computer but not scheduled. As a result, it will
not execute.
If you would like the job to run immediately, choose a date in the past.
If you have a group or computer name which include spaces, put the name in quotes.
All Computers can now be used as a group option.
Example 1: Schedule a job called Office2000 to run on Oscars computer at midnight on 12-312002.
axSched Oscars Office2000 /t "2000-12-31 00:00"
Example 2: Schedule a job called Office2000 to run on the Accounting Group computers tonight at
10PM.
axSched Accounting Office2000 /t "2001-2-15 22:00"
Example 3: Schedule a job called ShutDown to run on all computers at tonight at 10 PM.
axSched "All Computers" ShutDown /t "2001-2-15 22:00"
/n
/y
/dsn <odbc-dsn-name>
/d <db-server>
/u <db-user>
/db <db-databaseName>
Database name
/p <db-password>
/lu <login-user>
/lp <login-password>
axengine.exe
The Altiris eXpress Server (axengine.exe)is the Deployment Server component of the
Deployment Solution infrastructure. Command-line start parameters for this service are set in the
registry setting rather than in the Start Parameters property of the service.
If you want to add start parameters after the install, you can modify the registry settings. The registry
key is LOCAL_MACHINE\SYSTEM\ControlSetXXX\Services\Altiris Express Server.
440
Details
-ver
-install
-remove
-start
-stop
aclient -remove
Aclient.inp Parameters
You can use this input file to set installation parameters for aclient.exe, so you can install the
client program from a script file. The file is copied to the Deployment Server program directory
when you install the product. Command-line parameters are included in the file, but are marked with
a REM statement.
To use the input file, open it and remove the REM commands from the parameters you want to use.
When you have the file set up the way you want it, you can run it by entering the file name as the
first parameter after the aclient command.You can also put the same line in a script file if you want
to run it from a file. Type
aclient aclient.inp
The input file name (aclient.inp) and InstallDir parameters are required; all others are optional.
Parameters are case sensitive.
441
Note: Many parameters will work after setting other parameters first. For example, you can only use
ServerName after the multicast parameters, MCastAddr and MCastPort, are set.
Parameters
Details
ForceReboot
Function: Specifies how the system should be shut down and rebooted.
Applications are forced closed and the system shuts down even if
programs hang. (User data could be lost.)
Example: To force clients to reboot when a reboot task is assigned, type
ForceReboot=Yes
The default is No.
HardTimeout
InstallDir
(required)
Function: Specifies the full path name to the directory where aclient.exe
will be installed. The default location is c:\altiris\aclient.
Example: To change the default location, replace it with a new path. Type
InstallDir=c:\programs\aclient
LogFile
LogSize
MCastAddr
MCastPort
Password
PromptExecute
Function: Sends output (messages) to the client when tasks are being
executed.
Options: Yes, No
Examples: To allow prompts and messages to be sent to the client, type
PromptExecute=Yes
PromptOverride
442
Parameters
Details
PromptReboot
PromptSeconds
Function: Specifies the length of time (in seconds) that the client will
wait for a response from the user.
Example: To wait 30 seconds for user input, type
PromptSeconds=30
ShowTrayIcon
Function: Specifies whether or not to show the Altiris client icon in the
system tray. If the icon is not in the tray, users cannot access Aclient.
Example: To not show the icon, type
ShowTrayIcon=No
The default is Yes, which loads the icon into the system tray.
SpeedLimit
Function: Sets the minimum transfer rate accepted from the Deployment
Server (in bytes per second). If aclient.exe cannot receive data from the
Server at this rate, it will disconnect and retry at specified intervals. See
HardTimeout below.
Example: To set a minimum ransfer rate of 7500 bytes per second, type
SpeedLimit=7500
TcpAddr
TcpPort
TTL
UseRCDrivers
443
Parameters
Details
UserName
ServerName
Note: A CR/LF (blank line) is needed at the end of the aclient.inp file in order for it to be utilized
Bootwork.exe
You can use either a forward slash (/) or a dash (-) with the command-line options. Commands are
not case sensitive.
Switch
Details
-dsbios
-f
444
Switch
Details
-hr
-ip<address>
Function: Specifies the IP address of the Deployment Server you want the
client to connect to. Use this if the network is not configured for multicasting,
or if there is more than one Deployment Server on the network. Specifying
the Servers IP address prevents the client from connecting to the wrong
Deployment Server. The port number must also be specified if you change
this parameter. (See -p<port>.)
Example: To connect a client directly to a Deployment Server, type
bootwork -ip207.197.28.38
-mcdelay[xx]
Function: Sets the number of seconds the client waits between multicast
requests for a Deployment Server. The default is 5 seconds.
Example: To set the interval for multicast requests to10 seconds, type
-mcdelay10
-mcwait[xx]
Function: Sets the length of time (in seconds) that the client searches for a
Deployment Server before rebooting to production. The default is 30
seconds. This parameter applies to multicast sessions only. It does not apply
if the clients connect using the Console IP address.
Example: To have the client search for a Deployment Server for 45 seconds,
type
-mcwait45
-mip<IPaddress>
-mp<port>
-name
Function: Prompts the user to enter the name of the client computer. This
name will be registered in the Console Computers list. If no name is specified,
the client computers MAC address will be used.
Example: To prompt for a computer name, type
bootwork -name
The client computer will prompt you to enter a name. The name appears in
the Computers list on the Console.
-new
-nologin
Function: Loads the LAN drivers on the client so BootWorks can check the
Deployment Server for work without completing a user login.
Example: To load the network drivers and check the Deployment Server,
type
bootwork -nologin
445
Switch
Details
-p<port>
Function: Specifies the port number of the Deployment Server you want the
client to connect to. The default port number is 402. If you have changed the
port number of the Deployment Server, use this parameter to change the
number in BootWorks. (Any unassigned number that is less than 65536 is
valid.) The IP address must also be specified if you change this parameter.
(See -ip<address>.)
Example: If the Deployment Servers port number has been changed to 1026
and clients are not multicasting to find the Server, type
bootwork -p1026
-pause
-s<name>
Function: Specifies the computer name of the Deployment Server you want
the client to connect to. Otherwise, if you have more than one Console on the
network, clients will connect to the first one they find.
Example: If you want a client to connect only to a Deployment Server
named ServerOne, type
bootwork -serverone
-sr
-wb
Details
-mbr
-u
-c
446
Switch
Details
-s[x]
Function: Works with the -old switch to set the partition size (in MB) for hidden
BootWorks partitions. The minimum size is 5 MB, which is the default.
Note: If you install embedded BootWorks (new style for 4.x versions), this switch
does not apply. A 5MB embedded partition is always installed.
Example: To set the BootWorks partition size at 10 MB for a hidden partition,
type
bwinst -s10 -old
-old
-q
-f=
Function: Specifies the source path to the BootWorks files. The default is drive a:.
Example: To install BootWorks from a directory named bootfile on a network
drive, type
bwinst -f=f:\bootfile
-b
Function: Reads the BIOS settings for the hard drive if IDE settings fail or return
incorrect values. If you get the message, Error creating drive map when
installing BootWorks, run bwinst with this switch to correct the problem.
Example: To solve the Error creating drive map error and install bwinst, type
bwinst -b
447
The screen and keyboard can be locked by setting the security option when you use the Boot Disk
Creator to make BootWorks boot files. Or, you can change the settings in the BootWorks
autoexec.bat file. Just remove the REM statements for the commands you want to use. You can
also add commands to set and clear keyboard and screen locks in multiple places in the batch file.
This is useful for enabling input when applications are loaded (such as the Microsoft client, which
prompts for a password), and then relocking the screen and keyboard to complete the boot processes.
You can also use KBDSCLK on the command line if you want to temporarily override the batch file
settings.
Keyboard and Screen Lock Utility Usage
Commands are not case-sensitive. The syntax is as follows:
kbdsclk [p=password] [+|-k] [+|-s] [x [h#]] [c|t] [w=file] [b]
If options are added to the batch file, they are executed in the order they appear in the file.
Option
Description
p=pwd [b]
+|- k
+|- s
x [h#]
Function: Displays wallpaper or graphic and then exits the KBSCLK utility.
Once the utility has exited (no longer running as a TSR), the keyboard and screen
are not locked.
Default: 3 second graphic/wallpaper display, then unload TSR.
Options:
h Allows use of the Home key to bypass BootWorks and begin production boot
processes.
# Specifies the time (in seconds) for the graphic to display (a maximum of 34
seconds is possible). During that time, you can use the Home key to bypass the
BootWorks processes. If zero is used, the graphic is displayed for 3 seconds and
no bypass is allowed.
Function: Clears the screen and exits the program. Used mostly for
troubleshooting.
Function: Sets video text mode (MODE CO80) and exits. Used mostly for
troubleshooting.
w=file
448
Order Of Operations
The order of operations and utility behavior when KBDSCLK is run from the command line is as
follows:
When c or t is used, it performs its functions and exits without performing any other functions,
regardless of order. KBDSCLK does not remain loaded as a TSR, so the keyboard is not locked
and no screen output is displayed.
Use w to specify the name of a wallpaper/graphic file to replace the default. See the table above
for details on using graphics files.
When x is used, the wallpaper/graphic is displayed and the KBDSCLK program exits, ignoring
all other commands except w and h, regardless of order. KBDSCLK does not remain loaded as
a TSR, so the keyboard is not locked.
If the utility is loaded as a TSR (in the autoexec.bat file), and you execute KBDSCLK on the
command line and specify the k and s options, it changes the keyboard and screen lock settings
of the TSR instance. Options w, p, and b are ignored, regardless of order. If the TSR is not
loaded, w, p, and b can be used with k and s in any order.
The p option can be used on the command line to set a password for unlocking the screen and
keyboard.
Details
-s
Function: Runs a Simple install where all components are installed on a single
computer.
Example: axinstall -s
-a
-t
Function: Allows you to run a silent install (where the install application
executes without asking for user input.
Example: axinstall -t
-i -
Function: Allows you to create a setup.ini file used for automation or a silent
install
Example: axinstall -i
-t <INI file
location>
Function: Allows you to run a silent install (where the install application
executes without asking for user input) and read setting from an INI file.
See Silent Install Options (page 450) .
Example: axinstall -t c:\silent.ini
Sample Silent.INI file:
[SilentInstall]
ProgramFiles=C:\Program Files\Altiris\eXpress\Deployment
Server\
LicenseFile=axinstall.lic
Username=Administrator
Password=
DOSBootFilesPath=
449
value pairs.
[SilentInstall]
Version=3
SEDataManagerPort
WCLocation
WCPath
WCRemoteComputerName
WCUsername
WCPassword
WCEncryptedPassword
WCConsoleManagerport
The Version and InstallType entries are both required in the new SILENT.INI file. If the Version
entry is missing, it is assumed that it is an old SILENT.INI file (implicitly assumed to be version 1).
If the InstallType entry is missing for a new version of SILENT.INI, an error will be logged to the
log file and the installation will be aborted. Depending on the value of InstallType, different entries
will be expected in the SILENT.INI file. The expected entries are listed in the following sections.
Note: A validator checks all input values during a silent install. It ensures that all of the user input
(such as the user name, password, data path, and so on) is valid before starting the silent install. The
validator inherit its behavior from the validation in the wizard pages of a non-silent install. If the
validation fails, an appropriate error message writes to a log file and the installation process is
aborted.
450
OR
DAEncryptedPassword=z%l$qry^w
InstallPXE=0
CreateExpressShare=FALSE | TRUE
DOSFilesPath=c:\dos
SQL Server is installed and SQL Server has a password for the "sa" account, then it will not work.
OR
DAEncryptedPassword=z%l$qry^w
CreateExpressShare=FALSE | TRUE
DOSFilesPath=c:\dos
SEPath= C:\Program Files\Altiris\eXpress\Deployment Server
SELocation=local | remote
SERemoteComputerName=DESKPRO1
SEUsername=administrator
SEPassword=password
OR
SEEncryptedPassword= z%l$qry^w
SEIPAddress=172.16.2.123
SEDataManagerPort= 8080
SEDBLocation=local | same | remote | sqlserver
SEDBRemoteComputerName=DESKPRO2
SEDBSQLPortNumber=<Enter SQL Port Number here>
SEDBEnginePath=c:\mssql7
SEDBDataPath=c:\mssql7\data
SQLAuthentication=FALSE | TRUE
SQLMachineUsername=administrator
SQLMachinePassword=password
OR
451
SQLEncryptedMachinePassword= z%l$qry^w
InstallPXE=FALSE | TRUE
PXLocation=dos | local | remote
PXRemoteComputerName=DESKPRO3
PXMakeMasterServer=FALSE | TRUE
PXIPAddress=172.16.2.123
PXDSIPAddress=172.16.2.123
PXPath=c:\Program Files\Altiris\express\Deployment Server
PXUsername=Administrator
PXPassword=password
OR
PXEncryptedPassword= z%l$qry^w
PXCreateDefaultPXEBootFiles=FALSE | TRUE
SQLAuthentication=FALSE | TRUE
SQLUsername=Administrator
SQLPassword=password
OR
SQLEncryptedPassword=zlq%r*x+y
DSConnectionMethod=multicast | tcpip
DSConnectionServerName=* | <server name>
DSConnectionDSIPAddress=172.16.2.123
DSConnectionDSPort=402
COLocation=local | remote
CORemoteComputerName=DESKPRO4
COUsername=Administrator
COPassword=password
OR
COEncryptedPassword=zlq%r*x+y
WCLocation=local | remote | none
WCPath= c:\Program Files\Altiris\express\Deployment Server
WCRemoteComputerName=DESKPRO5
WCUsername=Administrator
WCPassword=password
WCEncryptedPassword= zlq%r*x+y
WCConsoleManagerPort=8081
452
OR
COEncryptedPassword=zlq%r*x+y
PXLocation=dos | local | remote
PXRemoteComputerName=DESKPRO3
PXMakeMasterServer=FALSE | TRUE
PXIPAddress=172.16.2.123
PXDSIPAddress=172.16.2.123
PXPath=c:\Program Files\Altiris\express\Deployment Server
PXCreateDefaultPXEBootFiles=FALSE | TRUE
PXUsername=Administrator
PXPassword=password
OR
PXEncryptedPassword= zlq%r*x+y
WCLocation=local | remote | none
WCPath= c:\Program Files\Altiris\express\Deployment Server
WCRemoteComputerName=DESKPRO5
WCUsername=Administrator
WCPassword=password
WCEncryptedPassword= zlq%r*x+y
WCConsoleManagerPort=8081
453
Power Management
ON/ENABLED
Suspend/Wake-up Features
ON/ENABLED
Wake On LAN
ON/ENABLED
Remote Power Up
ON/ENABLED
Power Switch/Wake-up
ON/ENABLED
be installed automatically. If the agent was previously installed, it will simply load the agent.
Command Line Switches for the Pocket PC Agent
Option
Function
-install
-silent
-stop
-start
-restart
-remove
To use more than one command-line parameter, separate the parameters with a space. For example,
ppcagent -install -silent.
454
455
Chapter 28:
456
Description
"Too many clients for current Explanation: More clients connected to the Console or Master
license count."
computer than the license allows.
Action: Upgrade your license to support more nodes. Call your
authorized reseller for more information.
457
Error Message
Description
"This program is not licensed Explanation: Multicasting works only when the license count is
for multicasting (peer-to-peer greater than one.
imaging)."
Action: Upgrade your license to support more nodes. Call your
authorized reseller for more information.
"Exiting with error code . . ."
Description
458
Description
Description
"Unable to send packet: buffer too Explanation: The program tried to send a packet that was
big."
larger than the internal limit.
Action: Isolate the system from the network and try to
reproduce the error. This will determine if the error is on the
network or in the Altiris program. If the problem recurs on the
isolated system, report the error to Altiris.
"Unable to register multicast
cleanup function."
"Error: Missing chunk number . . . Explanation: Indicates an internal error in the client.
too big."
Action: Isolate the system from the network and try to
reproduce the error. This will determine if the error is on the
network or in the Altiris program. If the problem recurs on the
isolated system, report the error to Altiris.
459
Error Message
Description
"Error: Received non cluster map Explanation: The client received a block of data containing
block type 0x . . ."
unexpected information.
Action: Isolate the system from the network and try to
reproduce the error. This will determine if the error is on the
network or in the Altiris program. If the problem recurs on the
isolated system, report the error to Altiris.
"Out of range index . . . in
removeItem. ElementCount is . . ."
"Error removing child subtree."
"Invalid item to remove."
"Error: Attempted removal of toplevel container segment."
"Error: unable to copy source
segment."
"Error getting download info space
requirements."
"Error getting image info space
requirements."
"Error getting bitmap space
requirements."
"Error encoding image info into
buffer."
"Error encoding bitmap."
Description
460
Description
"Collision in partition-table . ." Explanation: More than one partition was defined for a given
partition table slot. It can mean one of two things:
"Collision with . . ."
Possible cause: The on-disk partition-tables (including partition
tables in extended partitions) are corrupt.
The program was unable to merge an image file with the local disk
contents because both the image and the local disk contain a
partition definition that must reside in the same slot.
"No partitions to process."
"Error: No partition-table
segment to update."
"Error: Expected container
segment not found."
"Collision at beginning of disk Explanation: The program was unable to place the boot record on
while trying to place boot
the disk.
record."
Possible cause: Another partition may be defined to cover the
required space. This usually indicates corruption in the target
disk's partition table, because it is illegal for a partition to occupy
the space required by the boot record.
Action: Run FDISK to remove all partitions, then reboot the
computer and run FDISK/MBR. Also check for viruses.
"This image requires that the Explanation: The image being transferred contains a geometrydestination drive have the same dependent partition, and the geometry of the source disk does not
geometry . . ."
match the geometry of the target disk. This means the disks are not
seen as identical drives by the drive controller.
"Error flushing MBR sector."
461
Error Description
1000
1001
1002
1003
1004
1005
IDS_ERR_CONNECTING
1006
1007
1008
1009
462
Error Description
1010
1011
1012
1013
1014
1015
1016
IDS_ERR_CONNECTING
1017
1018
463
Error Description
1019
IDS_ERR_CONNECTING
1020
1022
IDS_ERR_CONNECTING
1023
1024
1025
1026
1027
IDS_ERR_COPYING_ISS
1028
IDS_ERR_MONITORING
464
Error Description
1029
1030
465
Index
Symbols
A
access 341
account settings 366
account, domain 98
AClient 299, 308
AClient. see Deployment Agent for
Windows
AClient.exe 296, 299, 308
installing 287
Aclient.exe 308
command line switches 441
Aclient.inp
parameters 441
adapter
network 241, 270
add
add component entries 453
command 93
component 68
computer 108, 361
files for automation 233
group 102
server 85, 349, 359
user 101
ADLAgent 417
configuration 418
installation 418
supported platforms 417
administrative tools 92
administrator credentials
remote user 68
ADS
options 336
set up 348
agent
see also Deployment Agent for...
ADLAgent 417
automation 236
configuring 350
installation overview 47, 367
polling interval 356
production agent settings 340
requirements 42
settings 98, 143, 340, 343
Altiris Agent
configuration 86
deploying 80
deploying from a web page 82
overview 400
Altiris Console
B
baseline system 284
basics, Deployment Web Console 334
bay properties 369
deployment rules 369
server deployment 133
bays, virtual 192
best practices 100
C
capture settings 174
advanced 383
application 198
desktop 198
Microsoft Office 199
packaging 383
printer 199
CE.NET agent 129
central deployment server library 352
change password 359
chat feature 141
clcfg.exe 299
clear after scheduling 336
clear status
action 371
operation 135
client
BIOS setting 454
Client PC configuration 285
client/server communication 83
466
Index
general 221
initial deployment 392
modify 183, 385
mulit-network adapter 241, 270
name 239, 268, 392
new 268
PC 296
properties 363
request, Notification Server 356
summary, Boot Disk Creator 244,
272
utility 220
confirmation settings 328
connections 225
rejection 337
to other sites 104
console
Altiris Console 23, 69
Deployment Console basics 89
extending tools menu 93
installation 68
management 24, 89
options 96
overview 23
web console. see Deployment Web
Console
converting images 323
copy
file 180, 388
folders 184, 389
jobs 184, 389
copy file 387
creating
boot disks 284
disk images 163, 377
floppy disk sets 286
image files 288, 290
new script 184
creation date of document 2
credentials, logon 221
custom
data sources 99
installation 44
installation entries 451
token syntax 434
tokens 429
D
database
authentication 225
deployment see Deployment
Database
synchronization 85
debug 225
default
filters 95
pre-boot operating system 64, 65
defining subnets addresses and
interfaces 225
delete
history entries 96
jobs 375
jobs folder 389
return codes 390
Dell server blades 147, 193
deployment
agents 42, 118, 120, 367
Altiris Agent 80
automation 235
deploy Agent from web pages 82
deploying servers. see server
management
deployment servers overview 27
from Altiris Console 23, 70, 348
on Notification Server 23
reports,generating 350
scripts 419
server deployment 133
Deployment Agent (AClient) 299, 308
Deployment Agent for CE.NET 129
Deployment Agent for DOS 444
autoexec.bat file 448
command line switches 444
installation 53
installation switches 446
Deployment Agent for Linux
install 52
Deployment Agent for PocketPC 127
install 54
uninstalling 57
Deployment Agent for Windows 283,
296, 299, 308
aclient.exe 441
aclient.inp parameters 441
command line switches 441
install 48
installing 287
overview 400
Deployment Console
basics 89
managing from 89
Deployment Database 38
authentication 68
connecting to new 104
installation 65
Microsoft SQL Server and 42
multiple instances 39
recommendations 409
Deployment Server
adding 349
agent configuration 350
communication 242, 270
components 37
configuration 338
console basics 334
install switches 449
installation 37, 42, 44, 46, 63, 64
library 352
requirements 41
rights 38
systems, managing multiple 359
Deployment Share 39
requirements 42
Deployment Solution Design
Scenarios 403
deployment tasks. see tasks
deployment view on Notification Server
(Altiris Console) 332
Deployment Web Console 41, 67
basics 334
computers pane 335
details pane 336
icons 334
jobs pane 335
jobs, assigning 337
managing from 333
options 336
requirements 42
description property 322
design, installation 411
details
computer 368
467
Index
E
editing
autoexec.bat 448
packages 93
shared menu 265
editor
PC Transplant 93
enabling
ADS 336
Deployment Solution 70
security 100, 344
errors 317, 456
attempted removal of top level
container segment 460
bad file version number. cannot read
the file 457
bad image number. buffer doesnt
contain image data 457
bad image number. file is not an
image file 457
bad version number. buffer doesnt
contain image data 457
client and master versions do not
match 458
F
FAT 311
16 312
32 312
file systems 281
features 22
new 28
file
copying 180
properties 322
sharing 82
transfer port 97
file server
requirement 42
type 240
file server type 268
file systems 281, 311, 312
EXT2 281
EXT3 281
468
Index
FAT 281
NTFS 281
filters
computer group 94
creating computer group filter 95
default 95
results 325
finding
computers 148, 194, 371
computers and jobs 338
files 325
licences used. see licenses
FIRM 311
firm.exe 299
tokens 313
folder property 322
folder, extracting 324
Fujitsu-Siemens server blades 148, 193
G
general properties 132, 368
generating deployment reports 350
get inventory 177, 385
global options 96, 338
groups 102
adding 102
computer 90
importing 102
selecting with wizard 159
H
handhelds
connection 128
managing 127
hard disks 281
hardware 370
hardware properties 132
Hewlett-Packard server blades 147
history
computer 136
deleting 96
restoring 136
HTTP imaging 287
I
IBM
server blades 148, 193
icons
assinging jobs 25
Boot Disk Creator 92
computer 24, 107, 360
Deployment Web Console 334
Image Explorer 93
jobs 154, 373
PC Transplant Editor 93
PXE Configuration 93
Remote Agent Installer 93
toolbars 92
utilities 92
ImageExplorer 93, 297, 318
convert image 323
create image index 324
flags 325
imgexpl.exe 299
not enough free space 326
open file 322
self-extracting image 325
settings 328
split image 329
using 321
simple 42
simple install entries 450
software packages 158
step 1, verify installation
requirements 71
step 2, install server software 73
steps 70
summary 67
switches 449
unattended 167
variables 407
InstallHelper 73
intervals, polling 87, 355
introduction to Deployment Solution 21
inventory
details 369
get 177, 385
update 221
IP
interfaces 115
settings for Linux 116
IP address 284
J
jobs 154
applying computers 157
assigning 25, 94, 337
associating computers 157
building 25, 154, 158, 374
condition set 375
conditional 94, 158
create disk image 197
create job utility command line
switches 438
defined 154
delete 375
delete jobs in folder 389
desctiption 374
details 154, 373
distribute disk image 197
exporting 184, 353, 389
filtering computers and jobs 338
finding 338
icons 154
imaging 196
importing 184, 353, 389
Initial Deployment 392
job export utility command line
switches 436
job import utility command line
switches 437
Job Scheduling Wizard 375
misc 199
naming 374
options 392
pane 90, 335
removing 161
replicating jobs 360
running 161
sample 186, 196, 213
schedule job utility command line
switches 439
scheduling 25, 154, 160, 161, 338,
360, 376
scheduling wizard 159
selecting 159
selecting computers 157
simple tests 197
software installation 158
using package servers 351
wizard 155
469
Index
K
Kbdsclk
command line switches 447
kbdsclk
keyboard and screen lock utility 447
Keyboard and Screen Lock Utility
switches 447
keyboard lock 447
L
Lab Builder 149, 195
library
package 353
setting up 352
license
settings 296, 366
licenses
adding 60
expired 61
finding 57
replacing 97
lights out 134
properties 369
lights out properties 369
Linux 417
agent. see Deployment Agent for
Linux
bootloaders 418
distributing software 418
imaging 418
IP interface 116
scripted install 172
location properties 133, 369
log file 342
LogEvent utility 180
logon 221, 348
lookup key primary 97, 339
M
MAC
addresses, add new 277
maintenance 339
making self-extracting image files 297
managing
access 24
computers 24, 106, 358
from Altiris Console 23
from Deployment Console 23, 89
from Deployment Web Console 333
groups 102
handhelds 127
licenses 57
servers 27
system diagramed 21
user groups tab 102
managing servers. see server
management
managing switches 213
map drives 225
mappings, drive 222, 243, 272, 343
Master PC 284
configuration files for 285
menu
extending 93
menu, editing shared 265
messages, error 456
Microsoft
N
name, configuration 239, 268
naming jobs 374
NetWare client settings 366
NetWare Server Authentication 225
NetWare settings 296
network
adapter 47, 241, 270, 284, 285
adapter configurations 241, 270
configuration 132
discover computers 78
drive mappings 243, 272
properties 368
settings 296, 364
new
computer 109, 361, 362
computer account 362
configuration 268
configuration wizard 239
features 28
Job Wizard 155
server blades 146, 191
shared menu 264
Notification Server
configuration request 356
deployment from 398
install wizard 74
installing 70
management components 399
updating 72
upgrading 77
Novell
client driver 48
NTFS 311, 312
file systems 281
O
OEM system partitions 282
open
site 104
P
package
editing tools 93
personality 174
Package Server
jobs 351
overview 351
setting up 352
pane
computers 90, 335
details 91, 336
jobs 90, 335
shortcuts and resources 91
partitions 252, 282
automation 231, 235
automation partition
configuration 234
BootWorks 282
OEM 282
properties 322
selecting 289, 291, 292, 294, 295
password 344
change 359
image file 327
options for tasks 349
password options
for tasks 98
paste
folders 184
jobs 184
PC Transplant Editor 93
permissions 99, 103, 346
evaluating 104
rules 103, 347
personality 174, 383
distributing 175, 384
physical devices options, show 336
ping time-out 221
Pocket PC Agent
command line switches 454
PocketPC agent 128
command-line switches 454
installing 54
modifying 127
PocketPC Client 129
470
Index
Q
quick disk image 137
R
RapiDeploy
errors 456
RapiDeploy options 98
RapidInstall
distribute package 198
RIP, distributing 172
rd.log 317
rdeploy.exe 288, 291
command-line switches 299, 301,
307
creating an image file 288
creating an image while sending it to
client PCs 290
executable files 299
images created by 281
making self-extracting images 297
restoring images 293, 295
using removable media 283
redirect shared boot menu options 265
refresh
displayed data 96
view 105
registry settings 283
backing up and restoring 177, 385
reject connection 337
rejected computers 105
remote
Agent Installer 49
computer operations 370
control 138, 140
operations 134
Remote Agent Installer 93
remote installation 83
remote user
administrator credentials 68
removing
computers 96
computers from jobs 161
jobs 161
tasks 161
replicating jobs 351, 360
reports,generating 350
requirements
agent 42
client 73
Deployment Web Console 42
Depoyment Server system 41
disk space 41
file server 42
installation 71
server 72
software 73
system 72
rescheduling jobs 97, 161
resizing disk image 380
resources view 91
restoring
computers history 136
restoring image files 294
return codes 185, 390
delete 390
return codes for installer 461
return codes, setting 390
rights 99, 345
evaluation 101
security 102
RILOE properties 134, 369
S
sample jobs 186, 196, 213
scaling Deployment Solution 411
scanning 96
scheduling jobs 338, 360, 375, 376
scheduling jobs. see jobs
screen lock 447
script 178
creating 184
options, advanced 178
scripting 180
task 177, 385
scripted OS install 167
Linux 172
Windows 167
scripting 419
DOS/CMD errors 422
reporting errors 422
retrieving values with tokens 421
running scripts on the server 421
server scripting commands 420
Visual Basic error handling 423
writing scripts 420
searching
for computers 148, 194, 371
for files 325
security 341, 344
authentication 102
best practices 100
enabling 100, 344
importing from Active
Directory 101
Notification Security 349
permissions 99, 103
rights 99, 102
select
computer 159, 375
group 159
job 375
jobs 159
sending images 291
server
access 341
adding 85, 349, 359
Altiris servers 402
communication 83, 242, 270
connection to client 66
deployment 27, 133, 145
Deployment Server 38, 41
DHCP Server 40
file server 42
file server type 240, 268
install 83
library 352
management 27
Microsoft SQL vs MSDE 73
package 351
package server setting up 352
PXE 40
requirements 72
471
Index
software installation 73
server blades 146, 191
Dell 147, 193
Fujitsu-Siemens 148, 193
Hewlett Packard 147
IBM 148
new 146
server deployment
rules 134, 369
server deployment rules 369
server install
remote 83
server management 144, 189
deployment 190
features 189
services 370
services properties 133
setting
polling intervals 355
settings
account 366
agent 340
Automation Agent 343
backing up 177
changing agent 143
conditions 94, 159
Deployment Agent 118
license 296
NetWare 296
NetWare client 366
network 296
networking 364
OS licenses 366
permissions 103, 346
personality 174, 175
production agent 340
restoring 177
return codes 390
rights 345
Sysprep 97
TCP/IP 296, 365
TCP/IP protocal settings 242, 270
user accounts 296
setup
installation 70
Share, Deployment 39
shared menu 264
edit 265
sharing, file 82
shortcuts view 91
show
computers 90
physical devices 336
shutdown settings 343
SIDgen 308
command-line switches 309
memory requirements 309
sidgen.exe 299
SIDs
generating 310
silent install options 450
command line switches 450
simple install 42
simple install entries 450
simple tests 197
DIR command at DOS 197
DIR command at Windows 197
Distribute RapidInstall Package 198
software
T
tabs
computer information 97
manage user groups 102
OS product key 97
rights 102
tasks 376
building jobs 158
change configuration 183
copy file to 180
get inventory 177
list of 162
migration 26
power control 182
removing 161
rescheduling 97
run script 177
setting conditions 159
task password 98
user password change 359
TCP/IP
address 283
advanced 116
properties 132, 369
protocol settings 242, 270
settings 284, 296, 365
tests 197
text file, importing from 363
tokens 429, 430
create unique files 432
finding the right value 432
replacement 434
retrieving database values 421
template file rules 433
token replacement template
files 433
tokens and import files 429
tools 92
administrative 92
Boot Disk Creator 92, 239
extending tools menu 93
Image Explorer 93
package editing 93
PC Transplant Editor 93
PXE Configuration 93
Remote Agent Installer 93
toolbar icons 92
Transplant Editor,PC 93
transport 223
troubleshooting 317
U
unattended install 167
Unix 417
distributing software 418
imaging 418
updating
Deployment Solution 72
Notification Server 72
upgrading previous version of NS 77
user account settings 296
user name 344
users
add 101
defined token 95
importing 101
utilities 92
icons 92
kbdsclk 447
keyboard and screen lock 447
LogEvent 180
V
verify comunication 83
version 2
view
refreshing 105
resources 91
shortcuts 91
virtual
bays 192
centers 99
computer. see pre-configured
computer account
Virtual Bays 146
virtual computers 362
VMware
Virtual Center web services 99
volume property 322
W
Wake-On LAN
BIOS settings 454
Wake-on-LAN
BIOS settings 454
warn user 96
web console. see Deployment Web
Console
Win32 console. see Deployment
Console
window. see pane
wizard
new configuration 239, 268
New Job 155
Wtools.ini 93
472