HP thin clients running Microsoft®
Windows Embedded Standard 2009
(WES) and
Windows® XP Embedded (XPe)
Table of Contents:
Introduction ........................................................................................................ 2
Installing SIDGen on a WES- or XPe-based HP thin client ...................................... 2
Executing Altiris SIDGen Utility ............................................................................. 4
Introduction
Note
Although the Altiris Client agent is preinstalled, a free
license will no longer be included on the t574x and all
new platforms going forward. To purchase a license,
contact Altiris at http://www.altiris.com.
Altiris Deployment Solution uses a program called Altiris Rapideploy for image
deployment. Upon image deployment, you must create a unique System ID (SID) for
each WES- and XPe-based thin client to prevent security vulnerabilities. To
accomplish this, a utility called SIDGen is provided with Deployment Solution that
you can install on the thin client with the Aclient Deployment Solution agent.
This document outlines the steps to install SIDGen on a WES- or XPe-based thin
client and handle the Microsoft Enhanced Write Filter (EWF) or File Based Write
filter (FBWF) correctly. Current WES and XPe images for thin clients preinstall the
SIDGen utility.
Installing SIDGen on a WES- or XPe-based HP thin
client
The following steps show the correct procedure for installing Altiris SIDGen on a
WES- or XPe-based thin client. Upon completing these steps, any Deployment
Solution Capture or Deploy image job will automatically create a unique SID on the
target unit.
1. Install Altiris Deployment Solutions 6.9 Service Pack 2.
Older versions of Altiris such as Deployment Solutions 6.1 SP1 Hotfix C, 6.5 or
6.8 have a SIDGen that works with XPe Service Pack 2 (SP2) and prior versions
of XPe; however the SIDGen from 6.9 SP2 is required for XPe SP3 and WES.
The SIDGen file from a Deployment Solutions 6.9 SP2 or later installation can
be copied to and replace the existing SIDGen on a prior version of Deployment
Solutions, if you wish to use a version of Deployment Solutions older than SP2
to manage the XPe Sp3- or WES-based thin clients. The current Deployment
Solution product is available at the following Web site:
http://www.altiris.com/hptc.
2. On a thin client with the Altiris agent installed, log on as an administrator.
3. From the run line, type regedit and press Enter.
4. Click HKEY_Local_Machine.
5. Click Software.
6. Click Altiris.
7. Right-click Client Service and choose Export.
8. Name the file sidgen and save it. Accept the default file extension, .reg.
9. Close regedit.
10. Use Notepad to open sidgen.reg created in step 8.
11. Delete everything in the file except the following lines:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Client Service]
"UpdateFileSystemSids"=dword:00000001
12. Add the following line immediately below the last line:
"ProcessFileSystem"=dword:00000001
13. Save sidgen.reg. Do not change the file name.
14. Copy sidgen.reg to the following directory on the Deployment Server:
c:\Program Files\Altiris\express\Deployment Server.
15. Right-click in the Job window of the Deployment Server console and select New
Job.
16. Type a name for the job, such as Deploy SIDGen.
17. In the upper right corner of the Job window, select Add > Run Script.
18. If the thin client is using the
EWF write filter, type ewfmgr c: -disable in the script window, and
then select the option that the script must run in Windows.
FBWF write filter, type fbwfmgr /disable in the script window, and
then select the option that the script must run in Windows.
19. Click Next, then Next, and then Finish.
20. Select Add > Power Control in the upper right corner of the Job window.
21. Select the options for Restart and Force Applications closed.
22. Click Next, and then Finish.
23. Select Add > Copy File To in the upper right corner of the Job window.
24. Enter the source and destination of SIDGen.exe, and then click OK.
Note
The default source path is c:\Program
Files\Altiris\express\Deployment
Server\SIDGen.exe and the default destination path
on the thin client is
c:\Program
Files\Altiris\Aclient\SIDGen.exe.
25. Select Add > Copy File To in the upper right corner of the Job window.
26. Click Next, and then Finish.
Note
The default source path is c:\Program
Files\Altiris\express\Deployment
Server\SIDGen.exe and the default destination path
on the thin client is c:\Program
Files\Altiris\Aclient\SIDGen.reg.
27. Select Add > Run Script in the upper right corner of the Job window.
28. Type regedit /s “c:\program
files\altiris\aclient\sidgen.reg” in the script window, and then
select the option that the script must run in Windows.
29. Click Next, then Next, and then Finish.
30. Select Add > Run Script in the upper right corner of the Job window.
31. If the thin client is using the
EWF write filter, type ewfmgr c: -enable in the script window, and
then select the option that the script must run in Windows.
FBWF write filter, type fbwfmgr /enable in the script window, and then
select the option that the script must run in Windows.
32. Click Next, then Next, and then Finish.
33. Select Add > Power Control in the upper right corner of the Job window.
34. Check the option buttons for Restart and Force Applications closed.
35. Click Next, and then Finish.
36. Drag-and-drop this newly created backup job to the selected machine. A
Schedule Computer Job window is displayed with the following three options:
Do Not Schedule
Run this Job Immediately
Schedule this job
37. Select an option, and then click OK.
Upon completing these steps, SIDGen will automatically execute after any future
Rapideploy Imaging Job. The program will execute after the Post Configuration Task
and will add an extra reboot to the imaging process.
Executing Altiris SIDGen Utility
You can execute the Altiris SIDGen utility in several different ways. The most
common execution allows the utility to run silently within a Deployment Solution
imaging job. If the SIDGen utility is present in the same folder as the Aclient on the
client, the utility automatically executes during the Post Configuration Task without
user interaction or knowledge. Use this method with Deployment Solution 6.1 SP1
Hotfix C or later versions, which resolve cleanup failures. Insure that post
configuration runs, either by itself or in combination with an image capture/deploy
job, only when the FBWF writer filter is not in use (because either no writer filter is
in use or the EWF is in use). The sample jobs section of the Altiris console can be
used to send out a disable FBWF job before running the image capture/deploy job
or running a post configuration job by itself. Be sure to re-enable the FBWF by
using the sample jobs or other means afterwards, if desired.
You can also execute SIDGen through a command line or by double-clicking the
icon anytime the user wishes to generate a unique SID.
© 2008--2010 Hewlett-Packard Development Company, L.P. The information contained
herein is subject to change without notice. The only warranties for HP products and
services are set forth in the express warranty statements accompanying such products
and services. Nothing herein should be construed as constituting an additional
warranty. HP shall not be liable for technical or editorial errors or omissions contained
herein. Microsoft and Windows are trademarks of Microsoft Corporation in the U.S.
and other countries.
382042-006, October 2010
Loading...