• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Mass Image deployment, on the cheap

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

I.M.O.G.

Glorious Leader
Joined
Nov 12, 2002
Location
Rootstown, OH
So my latest project has been kinda cool because the place I'm working at let's me do whatever I want. They gave me domain admin rights on my second day. I picked up the part time work, where they intended to hire a few people to deploy a couple hundred new PCs in this business. Replacing XP machines with Win7, however they had no deployment method established - they usually just install windows and apps from scratch. That wasnt my idea of fun when looking at a 200 machine rollout, even if I had other monkeys to help me mash keyboards.

So I started by observing their configuration process, capturing all the details, noting opportunities for improvement, and documenting it. Specifically on improvements, I preloaded print drivers and tcpip printer ports through print server properties - when installing printers later, this is a huge time saver with no locating, downloading, and extracting drivers. All of that is preloaded. I also preloaded windows updates - rather than downloading 450MB of updates and waiting for configuration, or letting the updates install on their own later, its all done up front. There were also over a dozen customizations in configuration they wanted, and several complex application setups that went to every machine - I built these in as well.

So once that was all documented in a step by step checklist I made, I could estimate time requirements for their existing process. This worked out to about 4 hours per machine, including updates, setups, and configurations - my doing multiple machines at once, one person could finish about 8 a day.

The big improvement however was designing an image based deployment process. Initially I wanted to use Ghost - it was familiar, easy, and it can multicast images to many machines simultaneously at gigabit speeds. However, ghost is licensed per machine and at 23 bucks a pop, 200 machines would cost over $5000. I noted this in the documentation, then looked at alternatives for multicast imaging. I found that clonezilla can do multicast imaging, when ran in server mode on DRBL Linux... I had never used clonezilla or DRBL, but it wasnt too complex especially if you know Linux. So I set that up, and documented it for them so they could use it and do it themselves in the future - without knowing linux, drbl, or clonezilla.

The image process is custom, and goes against Microsoft recommendations - Microsoft deployment tools are complex, and really are overkill for small business environments. Sysprep must be used when deploying images however, and it can only be ran 3 times on an install before it is locked out - this prevents circumventing the need to activate windows. However it also means you can't update an image, sysprep, and deploy it more than 3 times - after 3 times you have to start from a fresh OS install.

So to get around the sysprep limitation and keep the image process very simple, I used a two image deployment process. First I created a reference image - this is a fully configured Windows setup, with all updates, apps, and custom settings... But the reference image is captured before running sysprep. Once the reference image is captured, it can be restored at any time, updated, and recaptured to keep the reference image up to date. Then to deploy systems, a deployment image is created - this is done by restoring the reference image to a machine, running "sysprep /oobe /generalize /shutdown", and then capturing an image. The resulting deployment image is sysprepped, so it can be deployed to as many machines as needed without any problems. You can also update it as many times as you wish - restore reference image, update, save reference image. Sysprep is only ran for the deployment image, which can be done as many times as needed. You never have to start over from scratch.

So finally, I created a reference image, created a deployment image, then fired up DRBL-Live from the flash drive. Once booted, I fired up clonezilla server and set it to do a multicast restore - due to network equipment and space limitations, I could only image 12 machines at once, but in only 9 minutes a batch of 12 PCs were fully imaged - all that was left to do after imaging is assign the PC name, assign the Username, and install the printers the user needs.

I imaged 96 machines in an 8 hour work day, which was actually tough still, because most my time was spent unboxing, moving PCs, and plugging in cables. Now the PCs can be configured and put on users desks in less than an hour. Alone I can do 10-20 a day, which is fast enough that they dont want to hire anyone else to assist - which is good for me, because I need the work and they will work around my school schedule. Perhaps more important than anything else, I took the time to ensure they knew how long this could take doing it their way by documenting their process, how much it could cost doing it in a professional manner, then slam dunking the process by building a better process for free with open source tools. Only downside is I'm not making any money doing it - with the cost of gas, I would actually be further ahead sitting on the couch collecting unemployment... But working beats unemployment, and they will work with my school schedule.

This is mostly for my own reference later, but if anyone would find benefit for their own work, I can share my full documentation for making DRBL/clonezilla and how to implement the two image process (and a condensed explanation for sysprep). There is a lot of work currently with companies rushing to replace XP systems in light of the April deadline.
 
Very nice process there. If you have a standard naming convention (we use Cancer-service tag) you can use a couple of scripts to further automate the naming, a reboot, automatic domaining and moving to an area of AD that you keep the workstations. Let me know if you want the scripts we use. A bit of power shell, batch scripts, and vbs.
 
I've been through one Vista migration and two Win 7 deployments in the last few years. To put it bluntly - it was a nightmare.

I'd definitely be interested in checking out your documentation. Always looking for ways to improve :)
 
Pretty awesome roll.

While you state you're not making any money at this gig, you are making a reputation. Which can be worth more than any currency standard. Just be sure that the business owners understand that spreading the word amongst their friends was part of the "discount" that they received. :D
 
Very nice process there. If you have a standard naming convention (we use Cancer-service tag) you can use a couple of scripts to further automate the naming, a reboot, automatic domaining and moving to an area of AD that you keep the workstations. Let me know if you want the scripts we use. A bit of power shell, batch scripts, and vbs.

Yes, I would love to have those scripts! Thanks!

Currently I'm precreating computer objects in the proper container so when joined they bind to the existing object. Domain join is manual. The final setup with username and domain join is the second slowest part of the process, after unboxing and plugging in cables. Except for migrating data which takes time - shouldn't be necessary, but users are notoriously bad at keeping data on the server where it belongs, and they dont want to push scripts to move data up to the server.
 
Last edited:
Pretty awesome roll.

While you state you're not making any money at this gig, you are making a reputation. Which can be worth more than any currency standard. Just be sure that the business owners understand that spreading the word amongst their friends was part of the "discount" that they received. :D

Thanks, thats how I'm looking at it. Its current IT experience, which my past experience is a few years old so that helps. Mostly though, its something I can talk about in an interview for how I approached a problem and resolved it - hard to sit there and convince someone "I do smart stuff" or "I am just good with this stuff", but easier to demonstrate it by example. Most the stuff Ive done SysAdmin wise hasn't been stuff I'm an expert on, but doing cool things with stuff I just figure out quickly... I Didnt have days to plan this, we were ready to roll now so my choices were start churning manually or get something better going in a couple hours. Fortunately I found a solution quick because I had an ides of what to look for (multicast imaging support), and then experience helped me execute (guys around here that taught me ubuntu/gentoo helped me know i could spin up a DRBL server simply at a glance).
 
have you looked into serva? its actually the best software i used for deployment. they are selling the supporter version for 30 dollars which they claim gives you access to allot of handy things.
 
I'm currently doing it via Server 2012 and MDT. MDT is a free license, so it is just the server license, and once you set up the images, it is very easy to keep them updated so that new deployments are up-to-date. Add in a WSUS setup, and you are good to go.
 
what about FOG?


i'm running a FOG deployment right now, best thing ever!!!!!!


it even renames and joins the domain on its own if you choose.
 
I'm currently doing it via Server 2012 and MDT. MDT is a free license, so it is just the server license, and once you set up the images, it is very easy to keep them updated so that new deployments are up-to-date. Add in a WSUS setup, and you are good to go.

Thanks for sharing, cool to hear it from someone I know. It is my suspicion that MDT isn't that bad to do what needs done - but without trying to actually do it and skip all the bull**** in the Microsoft documentation, it looks more complex than it really is judging by reading. The problem is the simple approach isn't too obvious from reading the documentation. In comparison, I knew I needed multi casting, clonezilla clearly supported it, and I could see how the whole deployment would work at a glance even though I was unfamiliar with DRBL/Clonezilla until I googled multicast options.

Also for our situation, I wasnt going to install an MDT server - a flash drive running a live OS on a spare PC worked perfect, and I wasnt going to hack around with MDT on the DC or exchange server, and I wasnt clear if I could just out it on a spare PC without having to install a server OS. We also didnt have install media, just the dell restore disks, which might have worked fine for the base image but not sure.

Having designed a process this way, I would be even more interested to try it the Microsoft way. Still have 96 more machines we havent ordered yet, so I suppose I could do the other half a different way, but not sure I want to try it that much. Also office 365 installation is a headache, couldn't figure out an offline local installation for the version we are using, and it also likes to switch the sign in status for office apps between our private domain address and the on microsoft.com address that is actually licensed for office 365.

Only reason I mention office 365 is because that is the last part of our setup process, while I wait for that to finish, I just do the domain join and set the account as an admin, and put the computer object in the right AD container.
 
Back