Symantec ALTIRIS DEPLOYMENT SOLUTION 6.9 SP4 - V1.0, ALTIRIS DEPLOYMENT SOLUTION 6.9 SP4 User Manual

Altiris Deployment Solution™ 6.9 SP4
from Symantec Admin Guide

Copyright © 2008, 2009, 2010 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, Altiris and any Altiris or Symantec
trademarks used in the product are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other
countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse
engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec
Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,
INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE
DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION,
INCLUDING WITHOUT LIMITATION ITS AFFILIATES AND SUBSIDIARIES, SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL
DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN
THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to
restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in
Commercial Computer Software or Commercial Computer Software Documentation," as applicable, and any successor regulations. Any use,
modification, reproduction release, performance, display, or disclosure of the Licensed Software and Documentation by the U.S. Government
shall be solely in accordance with the terms of this Agreement.

Symantec Corporation

20330 Stevens Creek Blvd.

Cupertino, CA 95014

http://www.symantec.com

Document Date: March 18, 2010

Deployment Solution 2

Contents

Chapter 1: About Altiris® Deployment Solution™. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Deployment Solution Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Deployment Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Deployment Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Deployment Share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Management Consoles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Automation Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Part I: Planning and Installing Your Deployment System. . . . . . . . . . . . 23

Chapter 2: Preparing To Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Step 1: Log on to Your Deployment Server Computer as an Administrator . . . . . . . . . . . . . . . 24

Step 2: Create a Services Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Step 3: Gather Automation Operating System Install Files . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Step 4: Obtain a License File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Step 5: Install .NET and MDAC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Step 6: Start Microsoft’s Internet Information Server (IIS) . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Chapter 3: Installing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Simple or Custom Install? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Simple Install. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Custom Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Running the Setup Program. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Enable Microsoft Sysprep Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Enable Microsoft Windows Vista Sysprep Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Remotely Install Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Chapter 4: Post-Installation Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Step 1: Grant Full Control of the Deployment Share to Your Service Account. . . . . . . . . . . . . . 29

Step 2: Create Domain Join and Deployment Share Accounts . . . . . . . . . . . . . . . . . . . . . . . . 29

Domain Join Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Deployment Share Read/Write Account. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Step 3: Grant Services Account the db_owner Role to Your Deployment Database . . . . . . . . . . 30

Step 4: Configure Your Deployment System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Add Your Domain Join Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Enable Security and Add Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Grant Console Rights to Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Grant Database Rights to Administrators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Configure Deployment Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Step 5: Configure Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Step 6: Install the Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Step 7: Configure Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Step 8: (Optional) Configure PXE Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Chapter 5: Deployment Agent Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

About the Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Installing the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Deployment Solution 3

Using the Remote Agent Installer (Windows-only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Windows XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Step 1: Disable Simple File Sharing on Windows XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Step 2: Allow File and Printer Sharing in Windows XP SP2 Firewall . . . . . . . . . . . . . . . . . . 35

Step 3: Get Local User Rights (admin$ Share) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Step 4: Run the Remote Agent Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Using a Script, E-Mail Link, or Manual Installation (All Platforms) . . . . . . . . . . . . . . . . . . . . . . 35

Step 1: Provide Users Access to the Agent Installation Program. . . . . . . . . . . . . . . . . . . . 36

Step 2: Create the Input File for a Silent Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Step 3: Run the Installation Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Agent Auto Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Part II: Booting Computers to Automation . . . . . . . . . . . . . . . . . . . . . . . 38

Chapter 6: What is Automation? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Chapter 7: Automation Boot Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Which Automation Boot Method Should I Use? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

PXE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Automation Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Boot Media (DVD/CD, USB Device, Floppy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Chapter 8: Automation Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Which Automation Operating System Should I Use? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

WinPE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Chapter 9: Installing and Configuring Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Configuring Automation Operating Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Obtaining and Installing WinPE, Linux, or DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Adding Additional Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Adding Mass Storage Drivers for WinPE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Adding Large Files to a Linux Boot Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Configuring Automation Boot Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Configuring PXE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Configuring Automation Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Configuring Boot Media (DVD/CD, USB device, Floppy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Deploying Automation to Managed Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Using Automation Partitions or Boot Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Using PXE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Chapter 10: Setting Up the Altiris PXE Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

What is PXE? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Why Use PXE? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

PXE Services and Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

How PXE Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Part 1: DHCP Request and PXE Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Part 2: PXE Bootstrap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

PXE Planning and Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Enabling PXE on Managed Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Installing and Configuring DHCP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

How Many Altiris PXE Servers Do I Need? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Deployment Solution 4

Number of Client Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Network Speed. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Physical Layout of your Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

PXE Request Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Installing Altiris PXE Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Configuring PXE Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

PXE Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Shared vs. Local. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Session Timeout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

DHCP Server Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Boot Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Shared vs. Local. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

PXE Redirection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Part III: Using Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Chapter 11: Deployment Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Computers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Creating Jobs and Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Context Menus (Right-click). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Find a Computer in the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Using Lab Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Computer Import File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Chapter 12: Managing from the Deployment Console . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Deployment Console basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Features of the Deployment Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Computers pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Jobs pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Details pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Shortcuts and resources view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Thin client view of the Deployment Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Installing the thin client view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Switching between two views. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Computers pane. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Resources pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Software packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Inventory pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Toolbars and utilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Deployment Solution utility tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Software Virtualization Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Using SVS admin utility with Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Extending the tools menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Computer filters and job conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Creating conditions to assign jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Creating a computer group filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

General options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Console options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Global options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Sysprep settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

OS product key dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Task password options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Domain accounts options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Deployment Solution 5

RapiDeploy options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Agent settings options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Custom data sources options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Allowed stored procedure list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Virtual centers options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Security in Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Best practices for Deployment Solution security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Enabling security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Adding groups from the Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Importing groups from the Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

DS authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Restricting the number of computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Setting permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

Connecting to another Deployment Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Rejected computers in Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Refresh Deployment Solution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Chapter 13: Managing computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Viewing computer details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Adding new computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Creating a new computer account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Importing new computers from a text file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Computer configuration properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

General configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

Microsoft networking configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

TCP/IP configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

TCP/IP advanced options - IP interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

TCP/IP advanced options - gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

TCP/IP advanced options - DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

TCP/IP advanced options - WINS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

TCP/IP advanced options - static routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

NetWare client configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Operating system licensing configuration settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

User account configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Deployment agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Deployment agent settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

Server connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Startup and shutdown. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Deployment Agent for Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Deployment Agent settings for DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Drive mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Managing client connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Computer properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Deployment Solution 6

Network configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Bay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Server deployment rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Lights-Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

Remote operations using Deployment Solution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

Restoring a computer from its deployment history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Configuring computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Quick disk image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Power control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

Remote control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

DS remote control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Remote desktop connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Additional remote control programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

Execute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

User account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

Chat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

Prompt user for properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

Install automation partition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

Change agent settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Deploying and managing servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Server management features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Server deployment options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Managing server blades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Managing new server blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Virtual bays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Hewlett-Packard server blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Dell server blades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Fujitsu-Siemens server blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

IBM server blades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Finding a computer in the database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Using lab builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

Chapter 14: Building and scheduling jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Viewing job details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

New job wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

Migrating computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

Selecting computers in the new job wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

Applying computers to a job . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

Associating destination computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

Setting up conditions in the new job wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

Installing software packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

Option summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

Building new jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

Job scheduling wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Select a job . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Select a computer or computer groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Setting conditions for task sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Order condition sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Scheduling jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Deployment Solution 7

Deployment tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Task names in a mixed-language environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Common Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Supported Live Task Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

Creating a disk image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

Creating a Mac image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

Creating a Ghost image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

Advanced Sysprep settings for creating a disk image . . . . . . . . . . . . . . . . . . . . . . . . . . 161

Advanced Sysprep settings for creating a disk image in Windows Vista . . . . . . . . . . . . . . 162

Create disk image advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

Distributing a disk image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

Distributing a Mac image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

Distributing a Ghost image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

Advanced Sysprep settings for distributing a disk image . . . . . . . . . . . . . . . . . . . . . . . . 166

Advanced Sysprep settings for distributing a disk image in Windows Vista. . . . . . . . . . . . 166

Distribute disk image-resizing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

Distribute disk image-additional options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

Imaging computers from USB disk on key (DOK) devices (JumpDrives) . . . . . . . . . . . . . 167

Scripted OS install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

Scripted install for Windows. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Select OS version and language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

Installation source files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Operating system-source files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Partition and format disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Import an answer file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

Answer file setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

Add a new section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

Delete a section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Add a new variable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Command-line switches for scripted install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Deployment agent settings for scripted install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Scripted install summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

Scripted install for Windows Vista and 2008 server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

Scripted install for Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

Scripted install summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

Distributing software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

Distribute software advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

Managing the SVS layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

Importing package advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

Capturing personality settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

Capture personality advanced options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Distributing personality settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

Distribute personality advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

Modifying configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

Backing up and restoring registry files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

Getting inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

Running a script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

Script information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

Using LogEvent and WLogEvent in scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

Copying a file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

Copy file to advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Power control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Waiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

Modifying tasks in a deployment job . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

Deployment Solution 8

Modifying multiple modify configuration tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Creating new script files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

Copy and paste jobs and job folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

Importing and exporting jobs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

Setting up return codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

Sample jobs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

DAgent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

Uninstalling DAgent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197

Upgrading AClient to DAgent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

Symantec Backup Exec System Recovery (BESR) sample jobs . . . . . . . . . . . . . . . . . . . . . . . . . . 197

Initial deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

Advanced Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

Part IV: Best Practices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

Chapter 15: Securing Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

Part 1: Deployment Server Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

Service Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

Domain Join Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

Deployment Share Read/Write Account. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

Part 2: Deployment Administrator Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

Role and Scope Based Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

Deployment Console Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

Manage By Exception . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

Rights and Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

Grant Rights to Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Grant Permissions to Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Permission Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Part 3: Database Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Required Database Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

Rights Required to Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

Rights Required for the Services Account. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

Rights Required for Deployment Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

Part 4: Securing Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

Deployment Agent Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

Key Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

Additional Agent Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

Keyboard Locks in Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

Appendix A: Remote Agent Installer Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

Appendix B: Managing Task Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

Appendix C: Managing Key-Based Agent Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Backing up the Server Private Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Enabling Key-based Authentication with Redirection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Chapter 16: Migrating Application Data and User Settings . . . . . . . . . . . . . . . . . . . . . 215

Chapter 17: Capturing and Deploying Disk Images . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

What is a Disk Image? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

Imaging in Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

How Imaging Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

Deployment Solution 9

Partitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

Partition Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Spanning Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Multicasting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

How Multicasting Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

HTTP Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

Capturing Images. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

Deploying Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

Post-Imaging Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

Managing Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

Chapter 18: ImageX Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

Obtaining and Installing ImageX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

Capturing and Distributing ImageX Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

Chapter 19: Mac Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

Creating an Automation Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

Step 1: Configure a Source Computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

Step 2: Provide Credentials to Access Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

Step 3: Image the Source Computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

Configuring the NetBoot Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

Step 1: Configure the NetBoot Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

Step 2: Start the NetBoot Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

Chapter 20: Symantec® Ghost® Imaging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

Chapter 21: Software Packaging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

Why Use Software Packaging? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

Overview of the Software Packaging Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

Setting up a Reference Computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

Accessing Wise SetupCapture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

Capturing a Software Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

What Can I Capture?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

The Capture Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

Customizing a Software Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

Distributing a Software Package. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

Appendix A: Migrating From RapidInstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

Appendix B: Windows Installer Format Explained . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

Advantages of Windows Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

Appendix C: SetupCapture Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

Chapter 22: Deploying Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

Writing a Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

Server Scripting Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

Retrieving Database Values Using Tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Running Scripts on the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Reporting Errors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

DOS/CMD Error Handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

Visual Basic Error Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

Linux Shell Error Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

Chapter 23: Creating an Image Distribution Framework . . . . . . . . . . . . . . . . . . . . . . . 241

Why Use an Image Distribution Framework? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

PXE Redirection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

Deployment Solution 10

What if I Am Not Using PXE? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

Creating a Distribution Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

Step One: Set Up Local Image Stores . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

Step Two: Replicate Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Step Three: Configure the Server Lookup Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Create a Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Create a Server Lookup File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

GetSRV.EXE Parameter Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

Step Four: Create a Boot Disk Creator Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

Modify Mapdrv.bat to call Getsrv.bat. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

Deploy the Boot Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

Step Five: Distribute an Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

Chapter 24: Deploying and Managing Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

Server Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

Server Deployment Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

Managing Server Blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

Managing New Server Blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

Hewlett-Packard Server Blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

Virtual Bays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

Dell Server Blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

Fujitsu-Siemens Server Blades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

IBM Server Blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

Part V: Operating System and Platform Reference . . . . . . . . . . . . . . . . 252

Chapter 25: 64-bit Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

64-bit Job Conditions and Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

64-bit PXE Boot Images & Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Adding Files to a Boot Disk Creator Configuration for 64-bit. . . . . . . . . . . . . . . . . . . . . . . . . 253

Chapter 26: Linux and Unix Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

ADLAgent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

Installing and Configuring ADLAgent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

Distributing Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

Imaging Linux and Unix Filesystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

Linux Bootloaders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

Chapter 27: Managing Thin Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

Supported Thin Client Manufacturers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Thin Client Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Windows XP Embedded (XPe) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

The Enhanced Write Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

Using the EWFMGR Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

Windows CE .NET . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

Licensing Thin Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

Chapter 28: Windows Vista. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

Install the Deployment Agent on Vista . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

Silent Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

UnInstallation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

Start and Stop the DAgent Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

Deployment Solution 11

Vista Software Distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

Vista Run Script Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

Vista Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

Chapter 29: Mac Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

Installing The Mac Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

Removing the Mac Deployment Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

Part VI: Reference: Deployment Solution Help Files . . . . . . . . . . . . . . . 264

Chapter 30: Deployment Server Configuration Utility . . . . . . . . . . . . . . . . . . . . . . . . . 265

Service Logon Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266

General Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

Drive Mappings Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

Transport Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

Disk Imaging Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270

Authentication Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

Connections Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

Debug Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

Chapter 31: Introduction to Altiris® Boot Disk Creator . . . . . . . . . . . . . . . . . . . . . . . . 273

Boot Configuration Creation Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273

Toolbar Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274

New Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

Configuration Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

File Server Type (DOS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

Multi-Network Adapter Configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276

Network Adapters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276

Have Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277

Internet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277

Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277

TCP/IP Protocol Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

Altiris Deployment Server Communication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

Network Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

Network Drive Mappings and Mount Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

WinPE Boot Option Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281

Optional Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281

Configuration Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281

Edit Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281

Additional Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282

Create PXE Boot Image Files (PXE). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283

PXE Boot Image Creation Complete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283

Automation Partitions, Network and Automation Boot Disks. . . . . . . . . . . . . . . . . . . . . . . . . . . . 283

Create Boot Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283

Create Automation Partition Install Package. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284

Create Automation Boot Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285

Create Network Boot Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286

Remove Automation Partition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

Missing Files for Processor Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

Install Pre-boot Operating System Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

FreeDOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

MS-DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

Deployment Solution 12

WinPE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290

Set Default Pre-boot Operating System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290

Chapter 32: PXE Configuration Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291

Boot Menu Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

New Shared Menu Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

Edit Shared Menu Option. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296

Import Boot Menu Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296

Regenerate Boot Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

Install Pre-boot Operating System Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

FreeDOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

MS-DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

WinPE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

Set Default Pre-boot Operating System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

New Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

Configuration Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300

File Server Type (DOS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300

Multi-Network Adapter Configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301

Network Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301

Have Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302

Internet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302

Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302

TCP/IP Protocol Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

Altiris Deployment Server Communication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

Network Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304

Network Drive Mappings and Mount Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305

Optional Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305

Configuration Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306

Edit Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306

Additional Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306

Create PXE Boot Image Files (PXE). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307

PXE Boot Image Creation Complete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308

PXE Server Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308

DS Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

MAC Filter Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310

Define MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311

Multicast Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311

Data Logs Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

Status Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314

Remote PXE Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314

Chapter 33: Altiris® ImageExplorer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316

Using ImageExplorer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320

View Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320

General Properties for an Image File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321

General Properties for a Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321

General Properties for a Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321

General Properties for Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321

Description Properties for an Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321

Open a File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321

Open Split Image Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322

Find Missing Split Image Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322

Deployment Solution 13

Add New Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322

Convert an Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322

Create an Image Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323

Extract a Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324

Find Files and Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324

Filter Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325

Make Self-Extracting Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325

Not Enough Free Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

ImageX Sample Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

Print Folder Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

Print Preview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328

Print a File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328

Set a Password on an Image File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328

Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329

Split an Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330

Command-Line Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331

Chapter 34: Installing Deployment Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334

Platform support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334

Enabling SQL Server 2008 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335

Deployment Server components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335

Deployment Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335

Deployment Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336

Deployment database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337

Support for multiple database instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337

Deployment share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338

PXE server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338

Deployment Web console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339

Deployment Server system requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340

Simple install for Deployment Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341

Custom install for Deployment Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344

Thin client install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347

Component install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349

Installing Deployment Solution agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351

Client connectivity and network adapters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352

Installing the Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353

Remote agent installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353

Enter administrator account information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353

Specify install directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354

Automatically add to a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354

Select computers on the network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354

Download Microsoft sysprep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355

Change settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355

Get server security key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355

Installing Deployment Agent for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355

Automating the installation of Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356

Editing the sample.inp file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356

Using remote agent installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356

Using the template file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356

Installing Deployment Agent on Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357

Installing the automation agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358

Managing licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358

Using the license utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359

Install a regular license for products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360

Deployment Solution 14

Install multiple licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361

Adding a license from the Deployment Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361

Rapid Deployment Pack licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362

Finding the number of used licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362

Computers not using a regular license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362

Detecting an expired license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362

Expired licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363

Installation help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364

Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364

Installing Deployment Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365

Deployment Server install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366

Pre-boot operating system (simple) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367

Pre-boot operating system (custom) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367

Deployment database install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368

PXE server install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368

Client connection to server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369

Deployment web console information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369

Sysprep. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370

Installing components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370

Installation information summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370

Add components summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370

Deployment database authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

Add components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

Console install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

Part VII: Technical Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372

Appendix A: Command-Line Switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373

Job Utilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373

Job Export Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373

Job Import Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374

Create Job Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375

Schedule Job Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377

Import Computer Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378

axengine.exe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378

Deployment Agent for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379

Aclient.exe Command-line Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379

Aclient.inp Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380

ADLAgent.config Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383

AClient.config Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

Deployment Agent for DOS Command-line Switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398

Bootwork.exe. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399

Deployment Agent for DOS Install (Bwinst.exe) Switches . . . . . . . . . . . . . . . . . . . . . . . . . . 401

Keyboard and Screen Lock Utility (Kbdsclk) Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403

Deployment Server Install Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405

Silent Install Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406

Simple Install Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407

Custom Install Entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409

Add Component Entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411

Client BIOS Settings for Wake-On LAN and PXE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412

Command-line Switches for the Pocket PC Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413

Command-line Install Switches for Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413

Command-line Install Switches for WinPE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414

Deployment Solution 15

Appendix B: RapiDeploy Technical Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416

RapiDeploy Executable Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416

Running RapiDeploy from the Command-line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416

RapiDeploy Command-line Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417

Using Command-line Switches with Executable Images. . . . . . . . . . . . . . . . . . . . . . . . . . . . 429

Using File System Independent Resource Management (FIRM). . . . . . . . . . . . . . . . . . . . . . . . . . 429

How FIRM Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430

Running FIRM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430

FIRM Command-Line Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431

Appendix C: Tokens: Dynamic Database Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436

System Tokens. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436

Finding the Right Token Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438

Creating Unique Files Using Tokens. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439

Tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439

Token Replacement Template Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439

Template File Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440

The Token Replacement Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440

Custom Tokens. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441

Appendix D: Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443

General Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444

Client Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446

Communication Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447

Critical Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447

Memory Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449

Partition Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450

Installer Return Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451

Appendix E: System Jobs for Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . 456

Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457

Create Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457

Distribute Disk Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457

Simple Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457

DIR Command at DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457

DIR Command at Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457

Distribute RapidInstall Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458

Migrations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458

Capture User Application Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458

Capture User Desktop Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458

Capture User Microsoft Office Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459

Capture User Printer Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459

Misc Jobs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459

Install Office XP from Mapped Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460

Install Office XP from UNC Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460

SQL 2000 Unattended Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461

SQL 2000 Unattended Install Using a RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461

Copy WLogevent to Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462

Install MSI 2.0 Runtime. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462

Repair Office XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462

Restart Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462

Shutdown Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462

Start SQL Server Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

Stop SQL Server Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

Deployment Solution 16

Uninstall Office XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

Wake up Computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

Pocket PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

Distribute Software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464

Install Altiris Pocket PC Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464

Scripted OS Installs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464

Create W2K Install Disk Image (Target HD). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464

W2K Scripted Install (Target HD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466

Create RH7 Install Disk Image (Network) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467

Create RH7 Install Disk Image (Target HD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468

RH7 Scripted Install (Network). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468

RH7 Scripted Install (Target HD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469

Create RH8 Install Disk Image (Network) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470

RH8 Scripted Install (Network). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470

Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471

Send Email if Disk Space Low (Linux) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472

Logevent Script (Linux). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472

Restart HTTPD Service (Linux) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472

Move Computer to Default Container (Windows) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472

Move Computer to Specific OU (Windows) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473

Send Error Email (Windows) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473

Server-side Embedded VBScript (Windows) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473

WLogevent CMD Script (Windows) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473

WLogevent VB Script (Windows) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

XP Embedded . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

Disable Enhanced Write Filter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

Enable Enhanced Write Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

Distribute RapidInstall Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

Agent Update. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475

SVS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475

Appendix F: Network Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476

PXE MTFTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477

PXE Manager and PXECfg Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477

Deployment Web Console (Web Console) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478

DB Management (Middle Man) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479

Deployment Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479

Deployment Console (Win32 Console). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480

Deployment Agent on Windows (AClient) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480

Deployment Agent on Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481

Client/Server File Transfer Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481

RapiDeploy Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482

Appendix G: Deployment Agent Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483

Appendix H: Windows Registry Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486

Key in the Security Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490

Appendix I: Pocket PC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491

Appendix J: Managing Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495

LAN Switch Support List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496

Using Deployment Solution Switch Add-On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496

Adding a Switch Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497

Deployment Solution 17

Discovering a Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498

Deleting a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498

Viewing and Setting Device Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498

Setting the VLAN for a Switch Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498

Assigning Connectivity to a Switch Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499

Command-line Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500

GUI Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500

Deployment Solution Switch Add-On (Command Line Options) . . . . . . . . . . . . . . . . . . . . . . 501

Command-line Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502

Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503

Deployment Solution 18

Chapter 1

About Altiris® Deployment Solution™

Altiris® Deployment Solution™ software provides a suite of tools to quickly install
operating systems and software. Deployment Solution leverages a number of Altiris
technologies to provide extensive management capabilities:

Altiris Technology Description

RapiDeploy® Imaging Capture and deploy computer images using PXE,

DVDs, CDs, or USB drives.

Scripted OS Installation and
Sysprep Integration

PC Transplant® Personality
Migration

Software Virtualization and
Software Distribution

Wise Package Studio® and Wise
SetupCapture

Script deployment engine Remotely execute Visual basic and Linux shell

Perform automated scripted operating system
installations using sysprep.

Migrate user data and application settings to new
hardware and operating systems.

Deploy, activate, and manage SVS layers, and
install other software packages.

Build and capture custom installation packages
using the latest Windows Installer technology.

scripts.

In addition, the following technologies are integrated with the features of Altiris®
Deployment Server® software to provide comprehensive deployment and migration:

Deployment Server Feature Description

Task-sequencer Management tasks provided by Deployment

Server can be grouped and executed in order,
enabling you to perform complex management
operations in a single job.

Computer groups Computers can be organized into multiple groups

to simplify job deployment. Drag and drop a
computer group onto a job and the job runs on all
computers in the group.

Dynamic insertion of database
values (tokens)

Computer discovery Quickly install the Deployment Agent on large

Inventory Managed computers are inventoried for software

Scripts, Sysprep configuration files, and other
values can use tokens to retrieve database values
at run time.

numbers of Windows computers using the
Remote Agent Installer.

and hardware, and conditions and filters can be
created based on this inventory. Example: a
distribute software task could check the operating
system and distribute the correct software
version.

Deployment Solution 19

Deployment Server Feature Description

Extensive supported platforms Support for 32- and 64-bit architecture, servers,

blades, thin clients, and Itanium, running
Windows and Linux operating systems.

Power control, Wake on LAN Managed computers can be started or shutdown

remotely.

Deployment Solution Architecture

Before installation, you should become familiar with the different components of a
Deployment System and how these components interact. The following diagram
provides an overview of the Deployment System components:

About Altiris® Deployment Solution™

Depending on the needs of your environment, multiple Deployment System components
can be installed on the same computer. A single dedicated server could host your
Deployment Server, Deployment Share, Deployment Database, Management Consoles,
and PXE Server.

Deployment Solution 20

About Altiris® Deployment Solution™

Deployment Server

The Deployment Server is the central component of a Deployment System and manages
the Deployment Database, the communication between the different components, and
schedules jobs to run on managed computers.

Deployment Database

The Deployment Database provides the back-end datastore and stores details about the
computers, groups, and jobs in your Deployment System. Most of the time, you do not
need to interact directly with the database.

Deployment Share

The Deployment Share stores all files, such as installation programs, disk images, and
SVS layers you want accessible to managed computers.

This share can reside on your Deployment Server or on another computer, and is often
replicated to different locations to provide better access, especially in distributed
networks or when sharing large files.

Management Consoles

Deployment Solution provides three management consoles:

z Deployment Console: A Windows application that provides complete access to the

Deployment System administration.

Deployment Solution 21

About Altiris® Deployment Solution™

z Deployment Web Console: A Web application that provides browser-based

administration. This console can be executed remotely using any Web browser, and
has built-in tools to manage multiple Deployment Servers.

z Deployment Tab in the Altiris Console: This interface is integrated into the Altiris

Console to provide integrated management with other Altiris Solutions. Its features
are the same as the Deployment Web Console.

Automation Tools

Automation is the preboot environment loaded by Deployment Server to perform tasks
which need to happen outside of the normal operating system. If you have ever used a
disk imaging utility, or booted a computer using an installation CD, you are probably
familiar with running computers in a similar environment.

Deployment Solution provides several tools to boot computers to this environment and
supports several automation operating systems.

Deployment Agent

This agent runs on managed computers to report inventory, run software and scripts,
perform power control, and boot the computer into automation.

A Remote Agent Installer is provided to quickly install the agent on multiple Windows
computers. Linux computers can install the agent using startup scripts and other
automated processes.

Deployment Solution 22

Part I
Planning and Installing Your

Deployment System

Deployment Solution is designed to meet deployment, management, and migration
needs for small, medium and large organizations with diverse topologies and varying
computer management requirements. This section provides steps for installing
Deployment Solution components, but also includes system architecture details and
discusses planning strategies to install and optimize your Deployment Solution system.

The installation process is divided into the following sections:

z Preparing To Install (page 24)

z Installing (page 27)

z Post-Installation Configuration (page 29)

z Deployment Agent Installation (page 34)

Deployment Solution 23

Chapter 2

Preparing To Install

This sections lists the tasks you need to complete before you install Deployment
Solution.

z Step 1: Log on to Your Deployment Server Computer as an Administrator (page 24)

z Step 2: Create a Services Account (page 25)

z Step 3: Gather Automation Operating System Install Files (page 26)

z Step 4: Obtain a License File (page 26)

z Step 5: Install .NET and MDAC (page 26)

z Step 6: Start Microsoft’s Internet Information Server (IIS) (page 26)

Step 1: Log on to Your Deployment Server Computer as an
Administrator

The account you use to install Deployment Solution must be a Windows Administrator
and must possess System Administrator rights on the SQL server that will host your
Deployment Database to install the Deployment Database. These database rights can be
granted temporarily and revoked after the installation completes.

If you want to use a different account to create the database, you must select a custom
install and provide SQL credentials instead of Windows NT authentication.

Important

In SQL Server 2005 TCP/IP is disabled by default. This must be enabled before you
install Deployment Solution.

To grant database rights

1. Open Enterprise Manager and connect to your SQL Server.

2. Browse to Security > Logins:

Deployment Solution 24

Preparing To Install

3. Select the Administrator account you are using to install Deployment Solution. If it
does not exist, add it.

4. Click the Server Roles tab, and enable System Administrators:

5. Click OK and verify that the role was added.

MSDE Database Engine

Optionally, in smaller installations, you can use the MSDE database engine instead of
SQL Server. This is typically not recommended due to the lack of database management
tools. MSDE must be installed on the same computer as the Deployment Server
component.

If you decide to use MSDE, it can be installed by selecting the Simple Install Helper
option in the installation program. We recommend using the Simple Install Helper to
install MSDE as this version is usable by Deployment Solution immediately after
installation and requires no additional configuration on your part.

Step 2: Create a Services Account

Create an account to run the services and connect to the database. This account is used
only by Deployment Server, and is not tied to a user. For security reasons, we don’t
recommend using an existing administrator account which might possess rights beyond
those needed by Deployment Server. The account should not be part of a group and
should not posses interactive login privileges.

If your Deployment Database, Server, and Share are installed on the same computer,
create a local account on that computer.

If your Deployment Database or Share will be on a different computer than your
Deployment Server, create a domain-level account, or create local accounts with the
same credentials on each computer hosting a Deployment Solution component.

Example:

If your SQL Server is on another computer and you are not using a domain-level
account, create a local account with the same credentials on your SQL Server computer.
The same situation applies if your Deployment Share is hosted on another computer.

Deployment Solution 25

Preparing To Install

To create a services account

1. On each computer where you host a Deployment System component, click Start >
Administrative Tools > Computer Management.

2. Browse to Local Users and Groups, and add a new user:

The process for creating domain-level accounts is similar. This is the only account that
needs to be created before you install.

Step 3: Gather Automation Operating System Install Files

If you are ready to install an automation operating system, this can be done during the
installation. If you are new to Deployment Solution and are not familiar with
automation, we recommend skipping this step and installing automation operating
systems later.

Place your automation install files (BDC*.frm) in the same folder as the Deployment
Solution installation program (by default, this is c:\DSSetup). During install, these files
are detected automatically.

Step 4: Obtain a License File

For evaluation, you can use the integrated 7-day license, or you can use the 30-day 10­node trial license that is sent automatically when the software is downloaded. If you
have purchased a license, you need to have the .lic license file available during
installation.

Step 5: Install .NET and MDAC

Your Deployment Server computer requires .NET 1.1 and MDAC 2.7 SP1 or later. This
software is available on the Microsoft download site.

Step 6: Start Microsoft’s Internet Information Server (IIS)

If IIS is running during the Deployment Solution installation, the Deployment Web
Console is installed automatically.

Deployment Solution 26

Chapter 3

Installing

Simple or Custom Install?

If you plan to install your Deployment Server, Database, and Share on the C drive of the
same computer, select the Simple install. Otherwise, select Custom.

Simple Install

z Installs to the C drive.

z Installs each of the Deployment System components (with the exception of the

Deployment Agent) on the computer where the install was launched.

z Lets you install a single automation operating system (more can be added later).

z The Simple Install Helper installs the MSDE database engine if no database is

detected.

Custom Install

z Installs to a drive other than C.

z Lets you select a computer other than the computer the install was launched from to

install each Deployment System component. If you select to do this, certain values
regarding the installation are stored in the local Windows registry. This simplifies
adding components or installing add-ons such as the Altiris packaged WinPE.

z Lets you select a custom name and instance for the Deployment Database.

z Lets you select a different computer to host the Deployment Share. If you plan on

doing this, you must create the share and grant the account you created in Step 2:

Create a Services Account (page 25) full control before installation.

z Lets you install multiple automation operating systems (more can be added later).

Running the Setup Program

After you have completed the steps outlined in the previous section, launch setup.exe.
Use the administrator account you configured in the previous section to perform the
installation, and provide the services account you created when prompted. If you need
clarification during any of the installation steps, click Help.

After Deployment Solution is installed, you have the option of enabling Sysprep support
and remotely installing the Deployment Agent.

Enable Microsoft Sysprep Support

If you plan on using Sysprep to deploy standard images and scripted operating system
installs, provide the location of the deploy.cab file for the operating systems for which
you want to enable Sysprep. These are located on your Windows installation CDs.

Deployment Solution 27

This can be installed later by running setup.exe and selecting Component Install.

Enable Microsoft Windows Vista Sysprep Support

Microsoft Windows Vista Sysprep lets Sysprep run on a Vista Client after an Imaging
event.

Vista Sysprep lets Administrators prepare generic images for deploying images to
different types of systems within an environment to eliminate the support for multiple
images. After building the basic image, the Administrator can run Microsoft Sysprep on a
computer to delete unnecessary information and prepare the system for imaging and
distribution to other systems.

Remotely Install Deployment Agent

After the installation completes, you have the option of remotely installing the
Deployment Agent.

Unless you are familiar with Deployment Solution and the Remote Agent Installer, we
recommend you do not install the agent at this time. A full discussion of Deployment
Agent rollout is contained in Deployment Agent Installation (page 34).

Installing

Deployment Solution 28

Chapter 4

Post-Installation Configuration

This section contains the tasks you should perform after installation to complete the set
up of your Deployment System:

z Step 1: Grant Full Control of the Deployment Share to Your Service Account

(page 29)

z Step 2: Create Domain Join and Deployment Share Accounts (page 29)

z Step 3: Grant Services Account the db_owner Role to Your Deployment Database

(page 30)

z Step 4: Configure Your Deployment System (page 31)

z Step 5: Configure Security Settings (page 33)

z Step 6: Install the Deployment Agent (page 33)

z Step 7: Configure Automation (page 33)

z Step 8: (Optional) Configure PXE Server (page 33)

Step 1: Grant Full Control of the Deployment Share to Your
Service Account

If your Deployment Share was created during the installation, grant the services account
full control of this share. By default, this folder is C:\Program
Files\Altiris\eXpress\Deployment Server.

Step 2: Create Domain Join and Deployment Share Accounts

After installation, we recommend creating some additional accounts. These accounts are
different than the accounts used by the people who are going to manage computers.
These accounts are not tied to users, and should not possess interactive login or any
rights beyond what is recommended here.

The domain join account is used to join or re-join computers to a domain after imaging
or initial deployment. The Deployment Share read/write account is used to access this
share from the automation environment.

Domain Join Accounts

Create a separate domain-level account for each domain in which you
manage computers, granting the rights recommended in the following
table:

Rights Description

Domain Grant privileges to add computer to domain.

Deployment Solution 29

Post-Installation Configuration

Deployment Share Read/Write Account

Create this account on the computer hosting your Deployment Share,
granting the rights in the following table:

Rights Description

File System Grant read/write privileges to your Deployment Share.

Step 3: Grant Services Account the db_owner Role to Your
Deployment Database

1. Open Enterprise Manager and connect to your SQL Server.

2. Browse to Security > Logins:

3. Double-click the account you are using to run the Deployment services. If the login
is not listed, add it.

4. Click the Database Access tab, select the eXpress database, and enable the
db_owner role:

Deployment Solution 30

5. Click OK and verify that the change was successful.

Step 4: Configure Your Deployment System

The majority of tasks you perform in your Deployment System use the Deployment
Console.

To open the Deployment Console

1. Click Start > Programs > Altiris > Deployment Solution > Console.

Add Your Domain Join Accounts

If you are using accounts to join computers to a domain you need to provide the account
credentials.

To add domain join accounts

1. In the Deployment Console, click Tools > Options > Domain Accounts.

2. Provide the accounts you created in Step 2: Create Domain Join and Deployment

Share Accounts (page 29).

Post-Installation Configuration

Enable Security and Add Administrators

By default, the Deployment Console can be used on your Deployment Server by any
user who possesses rights to log in and run applications. This works well in situations
where you already have policies in place to control server access, and you have a group
of administrators who will have full access to deployment functionality.

If you want to provide more granular access to configuration options, jobs, and
computers, you can enable security.

To enable security

You must add at least one user or group to enable security.

Deployment Solution 31

Post-Installation Configuration

1. In the Deployment Console, click Tools > Security.

2. Add a new user or group. We recommend clicking AD Import and importing Active
Directory groups, as this simplifies rights management. The first user or group
added is granted administrator rights. Each additional user or group after the first
are granted no rights and must be assigned rights explicitly.

Security is automatically enabled after a user or group is added. Additional users or
groups can be added using this same method.

Grant Console Rights to Administrators

1. In the Deployment Console, click Tools > Security.

2. Select a user or Group and click Rights.

3. Enable the rights you want granted. For a more complete discussion, see See
Securing Deployment Solution 6.8 on the Altiris Knowledgebase.

Grant Database Rights to Administrators

Each Administrator with console access must be granted public rights to your
Deployment Database. The best way to do this is by assigning public access to the
Active Directory groups containing your Deployment administrators.

This prevents you from manually granting this access to individual administrators as
they are added or removed from Deployment management responsibilities.

1. Open Enterprise Manager and connect to your SQL Server.

2. Browse to Security > Logins.

3. Add a login for each user or group that will manage computers using Deployment
Solution.

4. For each user or group, on the Database Access tab, grant the public role for the
eXpress database:

Deployment Solution 32

Configure Deployment Server

The Deployment Server Configuration Utility lets you configure advanced settings for the
Deployment Server component.

You can stop, start, or restart the Deployment Server services, update the services
account, and configure additional options. You do not need to perform any configuration
at this time, though you should become aware of the configuration options provided.

To Open the Deployment Server Configuration Utility:

1. Click Start > Programs > Altiris > Deployment Solution > Configuration.

Step 5: Configure Security Settings

See Securing Deployment Solution 6.8 on the Altiris Knowledgebase for an in-depth
discussion of Deployment Solution security.

Step 6: Install the Deployment Agent

The Deployment Agent needs to be installed on all computers you want to manage using
Deployment Solution.

Post-Installation Configuration

See Deployment Agent Installation (page 34).

Step 7: Configure Automation

If you plan on imaging computers or deploying computers using scripted installs you
need to configure your automation environment.

See Deployment Solution 6.8 Preboot Automation Environment on the Altiris
Knowledgebase for an in-depth discussion of automation.

Step 8: (Optional) Configure PXE Server

Preboot Execution Environment (PXE) is an open industry standard that enables
computers to boot remotely using a network card.

Deployment Solution 33

Chapter 5

Deployment Agent Installation

The Deployment Agent runs on managed computers to perform local management tasks
as directed by Deployment Server. Some of these tasks include:

z Software installations

z SVS layer management

z Script execution

z Remote control

z Inventory and configuration

If you plan on doing more than computer imaging or scripted installations, you should
install the Deployment Agent on managed computers. Without installing the Deployment
Agent, you can still boot computers to automation using PXE, embedded partitions, or
boot media to perform some tasks.

The agent simplifies these tasks by automatically restarting the computer and
controlling when to boot the embedded partition, but it is not required.

About the Deployment Agent

The Deployment Agent can be installed in the production environment of all the
computers you want to manage. Additionally, the Deployment Agent is automatically
included in each of the automation boot configurations you create using PXE,
automation partitions, or boot media.

There are three versions of the Deployment Agent:

z DAgent - Windows Vista, Windows 2008

z AClient - Windows XP and previous

z ADLAgent - Linux, UNIX, Solaris, Mac

DAgent provides experimental support for Windows XP, see the release notes for details.

References in this document to the Deployment Agent refer to all versions; references to
DAgent, AClient, or ADLAgent refer to the specific executable.

Installing the Agent

There are two standard methods to install the Deployment Agent on multiple
computers:

z Using the Remote Agent Installer (Windows-only) (page 35)

z Using a Script, E-Mail Link, or Manual Installation (All Platforms) (page 35)

For Additional details on the Vista, Linux and Mac agent see Operating System and

Platform Reference (page 252).

Deployment Solution 34

Deployment Agent Installation

Using the Remote Agent Installer (Windows-only)

Advantage: Browse your network to quickly select computers, monitor installation

status in real time, and retry failed installations.

Disadvantage: Requires Local User rights on each computer. Does not work with
simple file sharing in Windows XP.

Windows XP

Step 1: Disable Simple File Sharing on Windows XP

1. In Windows Explorer, click Tools > Folder Options > View tab.

2. Clear the Use simple file sharing check box in the Advanced settings section.

Step 2: Allow File and Printer Sharing in Windows
XP SP2 Firewall

1. Open the Security Center from the Windows Control Panel.

2. Manage the security settings for the Windows firewall to add an exception for File
and Printer Sharing.

Step 3: Get Local User Rights (admin$ Share)

To initially install the agent on managed computers, you need an account with Local
User rights. You need access to this account only when performing the one-time agent
installation, so either use your domain administrator, a domain account with local user
rights, or any other account with local rights. After the agent is deployed, you no longer
need access to this account.

To determine whether you have sufficient rights, browse to:

\\hostname\admin$

Replacing hostname with the name of the computer where you want to install the
Deployment Agent. If you can access this share you have sufficient rights.

Step 4: Run the Remote Agent Installer

In the Deployment Console, click Tools > Remote Agent Installer. If you need
clarification during any of the installation steps, click Help.

Using a Script, E-Mail Link, or Manual Installation (All
Platforms)

Advantages: You do not need Local User rights to install if you have individual logged-

in users initiate the install, works for Linux and Unix computers.

Disadvantages: Not as automated as the Remote Agent Installer, troubleshooting will
likely require direct intervention.

The remaining installation methods are grouped together because they perform the
same functions: Execute the agent installation while providing a configuration file for a
silent install.

Deployment Solution 35

Deployment Agent Installation

Step 1: Provide Users Access to the Agent
Installation Program

The agent installation programs are stored in the Agents folder on your Deployment
Share. Copy this file to a location that your users can have access.

For security purposes, we do not recommend granting any users direct rights to your
Deployment Share, especially if you are storing software or computer images on this
share.

Tip

If you are managing 32- and 64-bit computers, you can install the 32-bit agent on both
hardware types. After connecting, the 32-bit computers automatically update to the 64­bit version.

Step 2: Create the Input File for a Silent Install

To configure new computers using a silent install, you can specify an input file
containing configuration settings.

Windows computers installing AClient use aclient.inp file. Linux and UNIX computers
installing ADLAgent use adlagent.conf. Details on the options are contained within each
file and are also described in the Deployment Solution Reference Guide.

When modifying adlagent.conf, ensure you use a text editor that properly handles UNIX­format line endings.

Configure each file and place a copy with the agent installation program.

Optionally, for Windows computers, you can use the Force Deployment Agent Settings
on New Computers feature to reduce the amount of configuration you need to perform
in the input file. When this is enabled, the agent receives global settings you have
specified when it connects for the first time.

To force agent settings on new computers:

1. In the Deployment Console, click Tools > Options.

2. Click the Agent Settings tab and select the Force new agents to take the
default settings check box.

3. Click Change Default Settings to define default settings.

Step 3: Run the Installation Program

On each computer, you need to run a command similar to the following:

\\myshare\AClient.exe aclient.inp -install

or

./adlagent

To run this, you could:

z Have users copy and paste it into the Windows Run dialog, or send the link in an e-

mail message.

z Place it in a startup script.

z Execute it remotely using Telnet or SSH.

Deployment Solution 36

Agent Auto Update

The Deployment Agent has the ability to update itself to a newer version automatically,
and is set to update computers in batches to prevent network overload. This greatly
reduces the effort required when upgrading.

See the release notes on the Altiris Knowledgebase for specific information on Agent
upgrades.

Troubleshooting

See the following article on the Altiris KnowledgeBase:

18248 Remote Agent Installer Fails for AClient

Additional articles can be found by searching the Altiris KnowledgeBase.

Deployment Agent Installation

Deployment Solution 37

Part II
Booting Computers to Automation

Deployment Solution has the ability to perform work on computers before the normal
operating system loads. To do this, a managed computer is booted into an environment
where it can communicate with your Deployment Server to perform tasks.

This preboot environment is called automation. In order to perform image capture and
deployment, scripted installs, or execute certain scripts, you must implement a way to
boot computers into this environment.

This section provides the information you need to configure a boot method, including
PXE, and select an operating environment for automation tasks.

Deployment Solution 38

Chapter 6

What is Automation?

Deployment Solution uses two modes to manage computers:

Automation Automation is to the pre-boot environment loaded by

Production The normal operating system of the computer.

Several of the tasks you perform to manage your network can be completed in the
production environment. However, other tasks, primarily imaging, must be performed
before the operating system boots. In Deployment Solution, this pre-boot environment
is called the automation environment, or booting into “automation mode”.

Deployment Server to perform tasks which need to take
place outside the normal operating system.

If you have ever used a disk imaging utility, or booted a
computer using an installation CD, you are probably
familiar with running computers in a similar
environment.

Production tasks include software installation and
personality capture.

The following table contains a list of Deployment Solution tasks and the environment in
which they execute:

Production Tasks Automation Tasks

Distribute Software Create Disk Image

Capture Personality Distribute Disk Image

Distribute Personality Scripted OS Install

Get Inventory Run script

SVS

Copy File to

Modify Configuration

Power Control

Run script

In order to manage computers in automation, you must select a method to boot
computers to automation and decide which operating to use in the automation
environment.

Deployment Solution provides support for a broad range of boot methods and
automation operating systems; this section helps you decide which works best for your
environment.

In order to set up automation, you must make the following decisions:

z Which Automation Boot Method Should I Use? (page 41)

Deployment Solution 39

z Which Automation Operating System Should I Use? (page 44)

What is Automation?

Deployment Solution 40

Chapter 7

Automation Boot Methods

Which Automation Boot Method Should I Use?

Deployment Solution supports a broad range of methods to boot computers into the
automation pre-boot environment: PXE, automation partitions, or boot media (CD/DVD,
USB device, or floppy).

This section provides an overview of the available boot methods to help you select the
method that works best for your environment, and contains the following:

z PXE (page 41)

z Automation Partitions (page 42)

z Boot Media (DVD/CD, USB Device, Floppy) (page 42)

PXE

Pre-boot Execution Environment (PXE) is an industry standard developed to boot
computers using a network card. PXE can boot computers regardless of the disk
configuration or operating system installed, and doesn’t require any files or
configuration settings on a client. After PXE boot is turned on in the BIOS, a computer
can communicate with your DS PXE server to receive automation jobs.

PXE provides a number of advantages, especially when you are using the initial
deployment features of DS, which enables you to remotely deploy an image to a
computer which has no software installed.

Example: the receiving department of your company could have PXE enabled on their
subnet. When a new computer arrives, a technician could quickly unpack and plug the
computer into the network, and possibly enable PXE boot if it was not enabled by the
manufacturer.

When this unknown computer contacts the Deployment Server, it is assigned an initial
deployment job, which could image the computer with the corporate standard image,
install additional packages, and power off the computer. The computer is now ready for
delivery with minimal effort.

PXE also provides an advantage if you need to use multiple automation operating
systems in your environment. Since the image containing the automation operating
system is downloaded when a task is executed, different operating system
environments can easily be assigned to different tasks.

At the same time however, this can be a disadvantage if you are using an operating
system with a large footprint, such as WinPE, since the entire image must be
downloaded each time you run an automation task. If you often run automation jobs,
especially on several computers simultaneously, embedding the automation operating
system on the disk is faster and significantly reduces network traffic.

It is also possible to use PXE for initial deployment and install an automation partition as
part of the deployment. In this case, you could use the initial deployment features of
PXE for arriving computers and install an automation partition in case you need access
to automation at a later time.

Deployment Solution 41

This configuration does not require PXE in your general network environment, but still
provides access to the automation environment without physical access.

When using the DOS automation environment, PXE provides an additional advantage:
multicast boot. This enables your PXE server to simultaneously boot up to 100
computers in a single session to perform automation work.

Although multicast imaging is supported in WinPE and Linux, multicast PXE booting is
not provided in WinPE and is not supported in Linux. That means that after each
computer has booted to automation, an imaging task can be multicast, but you cannot
use multicast to boot these computers.

Automation Partitions

An automation partition is a sector of your hard disk drive partitioned and managed by
DS. This partition contains the automation operating system and the files needed to
contact your Deployment Server, and must be present on each managed computer.

The biggest advantage to an embedded partition is that it does not require PXE, yet it
still enables you to boot into automation remotely. The biggest disadvantages to
embedded partitions are that they consume space on the drive, they require an existing
partition on the drive, and they must be manually installed from a disk on Linux and
Unix operating systems.

Automation Boot Methods

Another drawback, depending on your configuration, might be the fact that only one
automation operating system can be installed to a managed computer that is using an
automation partition. If you have tools that are supported only in DOS, this might limit
you to DOS for all automation tasks on a particular managed computer.

Automation partitions have an additional advantage in some configurations. Optionally,
you can create a different type of automation partition, called a hidden partition, to
store an image (or other files) locally.

This provides advantages in environments where computers need to be re-imaged often
or in environments where there is limited bandwidth or network connectivity. Since the
image is stored locally, the time needed to create and restore images is greatly reduced
and network traffic is significantly reduced as well.

Boot Media (DVD/CD, USB Device, Floppy)

Generally, the biggest drawback to boot media is that it forces you to physically access
the managed computer. However, if you are managing smaller numbers of computers or
do not plan to access the automation environment often, it might be a good choice.
Also, if you have employees with the ability and access to boot their own computers
using disks you provide, this could also be a good solution.

Boot media has some configuration limitations though. Deployment Solution is designed
to manage computers remotely, even in the automation mode, and several tasks and
jobs require access to both the production operating system and the automation
environment.

Example:

An imaging operation first captures configuration details from the production operating
system before booting to automation to capture the image. After imaging, this
configuration is restored.

Because of this, it is often difficult to schedule a job and coordinate booting the
managed computer to the right environment at the right time. If you assign a job which

Deployment Solution 42

Automation Boot Methods

requires booting into automation mode, the boot disk must be present at the right time
to boot automation. If a complex job requires access to the production environment
during this time, the BIOS will most likely continue to boot to automation until the boot
media is removed. If this job, or a subsequent job, requires automation access again,
the boot media must be re-inserted.

To avoid these issues, some customers load the automation operating system, the
RapiDeploy imaging executable, and the image on bootable physical media. They boot a
computer, execute the necessary commands, and provide the required image files. In
this circumstance, the remote management capabilities of Deployment Server are not
being used, so the process is more manual, but it does not require network access.

This works especially well when managing thin clients or other computers where all
necessary files can fit on a single disk or USB device.

Deployment Solution 43

Chapter 8

Automation Operating Systems

Which Automation Operating System Should I Use?

After you have selected a method to boot computers into automation, you need to
decide which operating system you want to use. In the past, MS DOS was the only
supported option. Deployment Solution now supports WinPE, Linux, MS DOS, and
FreeDOS.

This section provides an overview of the available automation operating systems so you
can find an environment (or environments) that suit your needs.

An important thing to note is that the automation environment you use is not
constrained by the production operating system on the computer. All of the DS
automation tools support these operating systems, so you can perform DS automation
tasks in any operating system (Linux computers can be imaged from DOS, Windows
computers can be imaged from Linux, and so on).

You might even use two automation operating systems for different tasks within the
same job. Example: you might use a vendor-supplied tool to perform a BIOS update in
DOS, boot to WinPE or Linux to perform an imaging task.

When you set up your test environment, you might want to run automation jobs in
multiple operating systems to see if one performs better in your environment.

The following sections contain an overview of the automation operating systems:

DOS

z DOS (page 44)

z WinPE (page 45)

z Linux (page 45)

Although you can use these environments to perform a wide-variety of management
using scripts and other tools, support for these environments is limited to the task
performed by Deployment Solution.

DOS is still used often today as a pre-boot environment, though new technologies have
emerged that might better suit your environment, such as WinPE.

The largest roadblocks most companies face when using DOS are access to drivers that
support modern hardware, and security concerns. DOS still performs well for several
tasks though, and can be a good choice if you have the proper driver support.

DOS typically requires only around 1 MB of space.

DOS provides an additional advantage in a PXE environment. When performing an
automation task on multiple computers, the PXE server can use multicast to boot
automation, which enables large numbers of managed computers to boot DOS
simultaneously.

Deployment Solution 44

WinPE

Linux

Automation Operating Systems

WinPE (Windows Pre-boot Environment) is the next generation boot environment for
Windows computers. WinPE provides several advantages over DOS, including better
driver support (WinPE uses the same drivers used by the other modern versions of
Windows), increased speed, and generally more functionality.

The biggest drawbacks are its size, which causes increased boot time, especially when
booting over the network using PXE.

Linux provides an alternate pre-boot environment to DOS or WinPE. Many vendors
provide gigabit and wireless drivers for Linux that are not available in DOS.

Deployment Solution 45

Chapter 9

Installing and Configuring Automation

This section explains:

z Configuring Automation Operating Systems (page 46)

z Configuring Automation Boot Methods (page 49)

z Deploying Automation to Managed Computers (page 50)

Configuring Automation Operating Systems

The following sections guide you through installing and configuring the automation
operating systems supported by Deployment Solution.

Obtaining and Installing WinPE, Linux, or DOS

Automation operating systems are installed using the Boot Disk Creator, which is
available in the Deployment Console by clicking Tools > Boot Disk Creator.

The following files are required to install the listed automation operating system:

WindowsPE WinPE is available on the Deployment Solution for Client

or Servers download page at http://www.altiris.com/
Download.aspx.

Linux The Linux 32 and 64-bit and FreeDOS preboot

environments are available on the Deployment Solution
for Clients or Servers download page at http://
www.altiris.com/Download.aspx.

Click the Linux and FreeDOS Automation Environment
link and save the file. Browse to the downloaded file
when prompted during the installation, or when adding
preboot operating systems using the Boot Disk Creator.

MS DOS A Windows 98 installation CD (Windows 98 SE is

preferred), and the proper licensing to use this on the
intended computers. Files are copied from the win98
folder from this installation CD.

FreeDOS The FreeDOS preboot environment is contained in the

same file as the Linux preboot, see the Linux
instructions for details. For additional information on
FreeDOS visit www.freedos.org.

To install

1. In Deployment Console, click Tools > Boot Disk Creator.

2. In Boot Disk Creator, click Tools > Install Pre-Boot Operating Systems.

Deployment Solution 46

Installing and Configuring Automation

3. Click Install and complete the wizard, providing the files listed in the previous table
when prompted.

For complete details on this process see the Boot Disk Creator help.

Adding Additional Files

Occasionally, you might need to make additional files available within an automation
environment, such as utilities or mass storage drivers. These files can be added to every
automation configuration of a specific type, or to select configurations only. This is
determined by the location you add the files in Boot Disk Creator:

Deployment Solution 47

Installing and Configuring Automation

The following example provides an overview of this process.

Adding Mass Storage Drivers for WinPE

1. Select either the WinPE Additional Files folder, or a specific Boot Disk Creator
configuration.

2. Right-click and select add > Folder. Using this add folder command, create the
following path: i386\system32\diskdrivers

3. Within the diskdrivers folder, create the necessary folders to contain your drivers.
The folders you add should contain a txtsetup.oem file, and at least one *.sys file,
and possibly additional files. You must also ensure that any sub-folders specified by
txtsetup.oem are included, and that the [defaults] section references the proper
device driver (some textsetup.oem files might support multiple devices and drivers,
and the proper device must be specified in the [defaults] section).

The diskdrivers path is for adding mass storage drivers. If you are adding different
driver types, you might need to modify this path.

Adding Large Files to a Linux Boot Configuration

Linux automation is typically loaded into RAM. Due to limitations on the amout of RAM
available on most computers, there is a size constraint on the files that can be included.

If you need to access larger files locally (such as a disk image), Boot Disk Creator
provides a mechanism to mount a folder outside of the ramdisk, letting you access files
that are too large to fit on the ramdisk.

This is done by creating a folder named “.” in the root of your boot configuration.

1. Right-click your configuration and select New > Folder.

2. Name this folder “.” (do not include the quotes, just .).

Deployment Solution 48

Installing and Configuring Automation

Files placed in this folder are mounted in Linux automation at /mnt/atrsboot.

Example

You can place a disk image and the rdeployt executable in this folder, create a boot
DVD, and restore the included image without network access, using a command similar
to the following:

/mnt/atrsboot/rdeployt -md -f/mnt/atrsboot/[imagename].img

Configuring Automation Boot Methods

When pre-boot tasks need to be performed, DS sends a message to the client computer
to restart in the automation environment. This includes a shutdown command issued
from DS, and a modification to the MBR if using an automation partition.

After the managed computer reboots, the automation environment is loaded from PXE,
an automation partition, or from boot media. The deployment agent now contacts the
Deployment Server.

After a connection is established, the Deployment Server sends the client computer its
assigned jobs and tasks. After the automation tasks run, a status message is sent to the
Deployment Server indicating that all work is complete. The Deployment Server sends a
message that the client computer should reboot back to the Production environment
(the MBR is restored when using automation partitions).

The following sections guide you through the process of setting up PXE, automation
partitions, or media to boot your computers into the automation mode:

z Configuring PXE

z Configuring Automation Partitions

z Configuring Boot Media (DVD/CD, USB device, Floppy)

Configuring PXE

PXE is a server-based technology, and requires additional components on your DS
server, and possibly other computers. Setting up and configuring PXE is covered in
detail in a separate document, PXE in Deployment Solution.

Configuring Automation Partitions

DS provides two types of automation partitions:

Embedded
Partition

Hidden Partition A larger partition installed on the hard drive of a

A small embedded section installed on the production
partition of a managed computer which contains the
automation operating system. Depending on the
operating system, the size varies from 5 to 200 MB (you
can specify the size when the partition is created based
on recommendations).

managed computer to contain not only the automation
operating system, but to provide room to store images
and other files. This partition is not normally viewable in
the production operating system.

Deployment Solution 49

Installing and Configuring Automation

An embedded partition doesn’t create an actual disk partition, it reserves space on an
existing partition by marking the sectors on the disk as unusable. The target drive must
have an existing partition before an embedded partition can be installed.

A hidden partition creates an actual disk partition, but this partition is hidden from
normal view within the production system, though it is still viewable by FDISK or by an
administrator. The partition is listed as a non-DOS partition.

When a computer using an automation partition is assigned jobs, the Master Boot
Record (MBR) of the computer is modified to boot to this hidden partition. After the work
is completed, the MBR is restored to the previous configuration.

Hidden partitions are very useful for computers which are imaged often, such as those in
a test lab or provided for general use (such as a hotel or a library). After the visiting
person is done using this computer, you may want to quickly re-image to ensure that
the next visitor finds the computer in good working order. In these circumstances, a
hidden partition enables you to quickly restore an image without needing access to a
high bandwidth network.

Automation partitions can be installed using an installation package deployed from DS
(windows only), or installed from a CD, USB device, or floppy. This is different than
using boot media to access automation, because the automation partition media is used
once per computer to install, later the partition is used to perform tasks.

Using boot media to access automation doesn’t leave any files on the computer, but the
media must be used each time you want to access automation.

Configuring Boot Media (DVD/CD, USB device, Floppy)

Creating and using boot media is a straightforward process. Boot media boots a
managed computer to automation without leaving any files on the computer, and can be
installed to DVDs, CDs, USB devices, or floppy disks.

Boot media is created directly from the Boot Disk Creator utility.

Deploying Automation to Managed Computers

Automation partitions and boot media configurations are created using the Boot Disk
Creator utility. PXE configurations are created using the PXE configuration utility.

This difference is due to the way in which the automation operating system is deployed
to the managed computer. Automation partitions and boot media use install packages or
boot disks, while PXE uses a configurable menu to provide boot options, with each
option on the PXE menu linked to a specific automation configuration.

This section contains guidelines to create PXE, automation partitions, or boot media
configurations and deploy these configurations to managed computers.

Using Automation Partitions or Boot Media

1. Install the automation operating systems you want to use, as explained in Obtaining

and Installing WinPE, Linux, or DOS.

2. In Boot Disk Creator, Create a new configuration. The wizard is accessed by clicking
File > New configuration.

Deployment Solution 50

Installing and Configuring Automation

This configuration contains the automation operating system files, network drivers,
IP address of your server, and other settings which control how the managed
computer communicates with your Deployment Server.

This configuration does not specify how this automation configuration is installed.
This is done using the Create Boot Disk wizard, which is launched automatically
after you create a configuration.

3. The Create Boot Disk wizard provides three options:

Create an automation
partition install
package

Create an automation
boot disk

Create a network boot
disk

Creates an executable, or configures a CD, USB
device, or floppy to install the automation
environment. This process is executed once per
device. After that, the computer uses the files from
the automation partition.

Select this if you are using automation partitions.
For managed linux computers, you need to use a
CD, USB device or floppy because no executable is
provided for this platform.

Configures a CD, USB device, or floppy with the
files necessary to boot a computer to automation
mode. After booting, the computer executes any
automation work previously scheduled, or waits for
work to be assigned.

Select this if you are using boot media to boot
computers to automation. None of these files are
installed, so the media must be used each time you
need to access automation.

Configures a CD, USB device, or floppy with the
files necessary to boot to a prompt.

This is useful if you have management task to
perform that doesn’t require interaction with DS, as
your Deployment Server is not contacted in this
scenario. None of these files are installed to the
managed computer.

4. After selecting how you want to install automation, complete the wizard.

See the Boot Disk Creator help for additional details.

You can also uninstall an automation partition using an install package, or configure a
CD, USB device, or floppy from Boot Disk Creator.

Using PXE

1. Install the automation operating systems you want to use, as explained in Obtaining

and Installing WinPE, Linux, or DOS.

2. In the PXE Configuration utility (Start > All Programs > Altiris > PXE Services
> PXE Configuration Utility), create a new menu item to correspond to the

automation configuration you want to install.

Deployment Solution 51

Installing and Configuring Automation

3. Click Create Boot Image to launch the configuration wizard. This wizard is identical
to the wizard used when creating configurations for automation Partitions or boot
media.

When this option is selected from the PXE menu, the necessary files are loaded, the
job is performed, the computer boots to the production operating system. None of
these files are saved on the managed computer, they are downloaded each time the
computer boots to automation.

4. Provide any additional configuration options and click Save.

Deployment Solution 52

Chapter 10

Setting Up the Altiris PXE Server

What is PXE?

Preboot Execution Environment (PXE) is an open industry standard which enables
computers to boot remotely using a network card.

PXE uses standard network protocols to establish a communication channel between a
computer and an Altiris PXE server during the boot process. Using this channel, an Altiris
PXE server sends an execution environment to the computer so that work can be
performed in a pre-boot state.

In Deployment Solution, this pre-boot state is called the automation environment, and
DOS, Linux, and WinPE are currently supported as pre-boot operating systems. An
overview of the automation boot methods and environments is contained in a separate
document, Deployment Solution: Automation Preboot Environments.

An advanced, tightly integrated PXE environment is provided with Deployment Solution.
Deployment Solution leverages PXE to provide the following advantages:

z When a managed device needs to boot into automation, Deployment Solution

restarts the computer and notifies the Altiris PXE Server. Altiris PXE Server now
boots the computer into the automation environment indicated in the Deployment
Solution job automatically.

z PXE can perform an initial deployment of a new system by checking to see if a

computer exists in Deployment Solution.

z All PXE configuration is done using the PXE Configuration Utility from the

Why Use PXE?

PXE is used in Deployment Solution to perform two tasks:

z Boot managed computers into the automation environment

z Perform initial deployment of new managed computers

How you implement PXE is partially dependent on what you plan to do with it. Many
organizations use PXE only on a subnet in a receiving department to deploy corporate
images and initial configuration of new computers. After this computer is assigned to a
user, PXE is not used in the normal production environment.

This limits the extent of the PXE environment, but prevents you from accessing the
automation environment to capture images and perform other automation-only tasks.

Other companies which often use automation select PXE because it leaves no footprint
on the managed computer, and has several other advantages such as image
multicasting and tight Deployment Solution integration.

Deployment Solution console, enabling you to remotely configure all PXE servers in
your network.

Deployment Solution 53

Regardless of how broadly you implement PXE, Deployment Solution provides tools and
services to simplify management of PXE in your environment. This section contains the
following topics providing an overview of PXE in Deployment Solution:

z PXE Services and Architecture

z How PXE Works

PXE Services and Architecture

PXE services use a tiered-architecture which enables you to provide global settings and
boot options shared across all Altiris PXE Servers, override configuration and expand
boot options on a local level.

Boot options and PXE settings can be applied to a shared configuration. This shared
configuration is inherited by all Altiris PXE Servers in your environment. Each Altiris PXE
Server still has its own specific configuration, so you can override settings and add
additional boot options as needed.

New services have been provided to replicate settings and data automatically, making it
unnecessary for you to individually configure each PXE server.

The following table contains an overview of the PXE services:

Setting Up the Altiris PXE Server

Service Description

PXE Manager z Provides all boot options and configuration settings

for each Altiris PXE Server in your environment.

z Interfaces with the PXE Config Utility to replicate data

and apply PXE configuration.

z Manages all communication between your

Deployment Server and your Altiris PXE Servers.

The PXE Manager Service is installed on your Deployment
Server regardless whether or not you have also installed
an Altiris PXE Server.

PXE Config Helper

Altiris PXE Server

MTFTP

The PXE Manager service interacts with Deployment Server, PXE Helper service, and the
PXE config utility to perform centralized PXE management:

z Interfaces with PXE Manager to receive data and

configuration.

z Configures, starts, and stops the additional PXE

services on the Altiris PXE Server.

z Provides the PXE listener and proxy DHCP to respond

to PXE requests and send the location of bootstrap
files.

z Sends bootstrap files to managed computers using

TFTP.

Deployment Solution 54

Setting Up the Altiris PXE Server

On each individual Altiris PXE Server, the Altiris PXE Server service and the MTFTP
service are installed to perform the work of an Altiris PXE Server. These services are
configured, started and stopped by the PXE Config Helper service. Clients connect
directly to these services during the PXE boot process:

How PXE Works

Before a computer can boot over a network, it needs two things: an IP address to
communicate, and the location of an Altiris PXE Server to contact for boot instructions.

The following sections outline the PXE boot process:

z Part 1: DHCP Request and PXE Discovery

z Part 2: PXE Bootstrap

Deployment Solution 55

Part 1: DHCP Request and PXE Discovery

Request and Receive an IP Address

Initially, the boot agent directs the execution of normal DHCP operations by
broadcasting a DHCPDISCOVER packet (255.255.255.255) to port 67 on its local
physical subnet to discover a DHCP server.

Any available DHCP servers respond with a broadcast DHCPOFFER packet indicating
their server IP.

When the client has chosen a target DHCP server, it broadcasts a DHCPREQUEST packet
that includes its MAC address and the IP address of the selected DHCP server. The
DHCPREQUEST also contains option 60 to identify the client as a PXE client.

PXE Option 60

DHCP lets clients to receive options from the DHCP server indicating various services
that are available on the network. A number of standard and custom options are
available that can convey a vast amount of information to DHCP clients. Option 60 deals
specifically with PXE related services. Both PXE clients and servers use option 60 to
convey specific information about the PXE services they need or are providing.

Contacting the Altiris PXE Server

All DHCP servers examine the DHCPREQUEST packet. If the request is intended for a
different server, the IP address they offered is reclaimed. The DHCP server providing the
accepted offer supplies a DHCPACK packet to the client to acknowledge the client’s
receipt of its IP.

During this process, the Altiris PXE Server monitors the wire for DHCPREQUEST packets
with an option 60 (PXE client). When a packet is recognized, the client’s MAC address is
used to find any pending automation work in Deployment Server. If no automation work
is required, the Altiris PXE Server does not respond to the client and it boots normally.

Setting Up the Altiris PXE Server

If there is work to do, the Altiris PXE Server responds with its address using a DHCPACK
with option 60.

At this point, the client has received a DHCPACK containing an IP address, and a
DHCPACK with option 60 containing an Altiris PXE Server. If the Altiris PXE Server is
located on the same server as DHCP, both are contained in the same DHCPACK packet.

Part 2: PXE Bootstrap

The client is ready to contact the Altiris PXE Server for boot files. After this request,
clients are provided with a boot menu containing all boot options that the Altiris PXE
Server can provide. Most of the time, the correct boot option has already been selected
by the Deployment Server, so this is transfered to the client.

After the selection is made, the client requests the necessary boot files using MTFTP.
This consists of a .0 and a .1 file.

The .0 file functions as a bootstrap loader. It creates a RAM disk and manipulates the
BIOS interrupt vectors, interrupt structures and hardware information tables to make
the RAM disk function exactly like a typical floppy disk. This file copies the .1 file byte by
byte into the newly created RAM disk.

Deployment Solution 56

Setting Up the Altiris PXE Server

The .1 file is an image of a boot disk floppy with modifications to the autoexec.bat and
additional files which ultimately provide the automation environment on the managed
computer.

The following diagrams contain a basic outline of this process:

PXE Planning and Installation

This section contains an overview of the PXE deployment process, in the following
sections:

z Enabling PXE on Managed Computers

z Installing and Configuring DHCP

z How Many Altiris PXE Servers Do I Need?

z Installing Altiris PXE Servers

Deployment Solution 57

Enabling PXE on Managed Computers

Each computer you plan to manage using PXE must have PXE boot enabled (sometimes
called network or NIC) and set to the correct sequence in the BIOS. It is also a good idea
to apply the latest BIOS updates, especially if your network card is integrated on the
motherboard.

Deployment Solution also supports Wake on LAN to power on managed computers
remotely. If this is enabled, a Wake on LAN signal is sent to the managed computer if
the device is disconnected from Deployment Server when a job is scheduled to start.

Installing and Configuring DHCP

DHCP is an integral part of the PXE process, and must be installed and configured in
order to use PXE. A DHCP server is not provided with Deployment Solution, you must
obtain, install, and configure this component separately.

After DHCP is set up and your Altiris PXE Servers are installed, you need to configure
how your Altiris PXE Servers interact with the DHCP server. This is done using the PXE
Configuration Utility.

How Many Altiris PXE Servers Do I Need?

Setting Up the Altiris PXE Server

Number of Client Connections

Altiris PXE Servers do not typically require a lot of resources. By using multicast, a single
Altiris PXE Server can deploy a DOS boot image to up to 100 computers at a time, and
not consume any more resources than it would while deploying a single image. If you
are using WinPE or Linux however, multicast boot is not available.

Usually a single Altiris PXE Server in a specific location is enough if you either use
multicast to deploy images or spread out your image capturing jobs to be in line w ith th e
capabilities of your server. Additional Altiris PXE servers can easily be added if
necessary.

Network Speed

Since the majority of the resources on an Altiris PXE Server are used for transferring
files over the wire, the faster the network, the more work a single Altiris PXE Server can
do. A single Altiris PXE Server on a gigabit network can capture and deploy several times
as many images over a period of time than even multiple servers on a slower network.

Physical Layout of your Network

Your PXE configuration might be set up according to the physical layout of your network.
If you have three offices in different locations, it might make sense to install an Altiris
PXE Server at each location to reduce traffic and resolve routing issues (see PXE
Request Routing).

In these configurations, the deployment share can be mirrored to a local server, and
images are usually taken from and restored to local file servers. See PXE Redirection
(page 61) for an example of this type of configuration.

Deployment Solution 58

Setting Up the Altiris PXE Server

PXE Request Routing

PXE clients use broadcast packets to find DHCP and PXE services on a network, and
multicast packets (MTFTP) to transfer files. These packet types can present challenges
when planning a PXE deployment because most default router configurations do not
forward broadcast and multicast traffic.

Because of this, either your routers need to be configured to forward these broadcast
and multicast packets to the correct server (or servers), or you need to install an Altiris
PXE Server on each subnet.

Routers generally forward broadcast traffic to specific computers. The source subnet
experiences the broadcast, but any forwarded broadcast traffic targets specific
computers.

Enabling a router to support DHCP is common. If both PXE and DHCP services are
located on the same computer, and DHCP packet forwarding is enabled, you shouldn’t
have any problem transferring broadcast packets.

If these services are located on different computers, additional configuration might be
required.

If you are going to forward packets, ensure your router configuration lets DHCP traffic to
access the proper ports and IP addresses for both DHCP and Altiris PXE servers.

Once the broadcast issues are resolved, the routing of multicast traffic must be
considered. Multicasting leverages significant efficiencies in transferring files but also
introduces challenges similar to broadcast packet forwarding. Like the broadcasting
solution, routers can be configured to support multicast traffic between PXE Clients and
Altiris PXE Servers.

Please consult the documentation provided by your router vendor for additional
information on packet forwarding.

Installing Altiris PXE Servers

After you have determined the PXE needs of your network, you must to determine
where to install these Altiris PXE Servers.

An Altiris PXE Server can be installed on your Deployment Server, on your DHCP server,
on another server in your network (such as a file server), or as a standalone server. You
can also use a combination of these (example: an Altiris PXE Server on your Deployment
Server and your DHCP server).

The actual installation process is straightforward. You can install an Altiris PXE Server at
the same time as you install Deployment Solution, or you can install one later by
running the installation program and selecting the add additional components option.

After these servers are installed an running, they are configured using the PXE
Configuration Utility. See the following section.

Configuring PXE Settings

All PXE configuration is done using the PXE Configuration Utility. The PXE config utility is
used to create and modify two things:

z Global and local configuration settings. These settings include timeout values,

replication and logging options, and so on.

Deployment Solution 59

z Boot options. Each boot option corresponds to a specific configuration which

This section contains a brief overview of selected PXE configuration and boot options.
For complete details, see the help for the PXE Configuration Utility.

PXE Settings

Shared vs. Local

Deployment Solution provides a PXE settings hierarchy enabling you to provide shared
and local PXE configuration values. All Altiris PXE Servers inherit the shared values
unless they are overridden on the local server.

Session Timeout

The PXE configuration utility connects the PXE Manager service on Deployment Server.
To ensure your changes are not overwritten by another instance of the PXE
Configuration Utility, only one instance of PXE config can connect to PXE manager at any
given time.

Setting Up the Altiris PXE Server

includes an operating system, network and other drivers, utilities, mapped drives,
and so on.

If you attempt to launch PXE Configuration when another instance is running, you
receive an error. To prevent you from being completely locked out for extended periods
(example: an instance is inadvertently left open on another computer), a timeout has
been added which terminates a connection after 30 minutes of inactivity after someone
else attempts to connect.

This timeout only applies if someone else is attempting to launch PXE Configuration. If
no other connections are attempted, the timeout is never enabled and your session
remains active.

DHCP Server Options

For most circumstances, you want option 1. If you have DHCP installed on your
Deployment Server but it is not active, Deployment Server might still attempt to
communicate with that instance. This is changed by selecting option 3. If you are using
a 3rd party DHCP server which automatically sends the client 60 message, select option

2.

Boot Options

Boot options are the boot configurations provided to a client by an Altiris PXE Server.
Each boot option has a corresponding automation operating system, network drivers,
and other settings.

Shared vs. Local

Deployment Solution provides a PXE boot option hierarchy enabling you to provide
shared and local PXE boot options. Shared boot configurations are available on all Altiris
PXE Servers, while local boot options are available on a specific Altiris PXE server.

Deployment Solution 60

PXE Redirection

Setting Up the Altiris PXE Server

Lets you redirect a global PXE menu option to a local PXE menu option. Redirection
settings are not available globally, they are always specific to an individual Altiris PXE
Server. This is due to the role redirection plays in your PXE environment.

Consider the following example:

You manage computers in three locations: Two offices in Ontario, and one office in
Alberta. To limit transfer between each site, each office has a local Altiris PXE Server,
and a file server with a mirror of the deployment share. This enables clients at each
location to contact the local Altiris PXE Server to boot and use the local deployment
mirror to access the network tools and to store images.

You need to create a job to capture an image of each managed computer on Friday
evening, once a month. To create this job, you add an imaging task, select a PXE boot
option, and set the schedule.

Hold on. If you select the same PXE boot option for each office, you are going to have
problems. The Alberta office uses a mirror of the deployment share on alb1\eXpress,
and stores captured images on alb1\images. The two Ontario offices use the ont1 and
ont2 servers respectively.

You could go ahead and create three global configurations and three different jobs, but
that is confusing and could potentially cause problems if the wrong selection is made. If
you took this route, on each Altiris PXE Server, two of the three global configurations
could potentially cause problems (they are mapped to drives in remote offices). To avoid
problems, select a single global configuration for a job and update it based on the
location of the Altiris PXE Server.

This is exactly what redirection does. You create a global configuration (example:
named “Imaging Environment”). On each Altiris PXE Server, you create a local
configuration for each office with the correct server mappings.

The “Imaging Environment” global option is redirected to the local option, and the
process is simplified. Now the imaging job can be applied to all computers at once,
simplifying the process and reducing the chance of errors.

Deployment Solution 61

Part III
Using Deployment Solution

This section provides feature identification and basic procedures for deploying and
managing computers using Altiris® Deployment Solution™ software.

Deployment Solution 62

Chapter 11

Deployment Basics

Deployme nt S olution pro vid es a g raphical, obj ect-ba sed interfa ce t o manage compute rs.
After you have installed the Deployment Agent and the computer has connected, the
computer can be managed using the Deployment Console.

Computers

Each computer and computer group in your environment is represented in the
computers pane:

Jobs

Computers can be dragged into a group, or automatically assigned to a group when the
agent is installed. Computers can belong to only one group.

When a new computer connects, it is placed in the New Computers group.

Jobs contain a sequence of tasks to perform work on managed computers. Example: a
job might be “install and activate Winzip 10.” This job might have a condition specifying
that it should only execute on Windows XP computers with 500 MHZ or greater
processors.

Deployment Solution 63

Deployment Basics

Each job that can be assigned to a computer or computer group is represented in the
jobs pane:

Computers are assigned jobs by dragging and dropping computers onto a job. Jobs can
also be scheduled by right-clicking and selecting the Job Scheduling Wizard.

Creating Jobs and Tasks

Jobs are created by adding one or more tasks to a job. Tasks include create disk image,
distribute software, manage SVS layer, and run script.

These tasks run sequentially and can trigger other events, such as a stop job or execute
other job depending on the return code of the task.

Context Menus (Right-click)

In the Deployment Console, you can right-click almost any object for a context-specific
list of management options.

Example: if you right click a computer or group, you are given the option of viewing
computer details or job history, remote controlling or opening a chat session, renaming,
power control, and several other options.

Find a Computer in the Database

This search filter lets you type a string and query specified database fields for specific
computer properties. You can search for user or computer names, licensing or location
information, or primary lookup keys: MAC address, serial number, asset number, or
UUID. This search filter queries the property values appearing in the Computer

properties (page 119).

Deployment Solution 64

Click <CTRL> F or click Find Computer on the console toolbar to search
the Deployment Database for computers by property settings.

The computers that match the search will be highlighted in the
Computers pane.

1. In the Search For field, type all or part of the computer’s property values you
would like to search for. This alpha-numeric string will be compared with specified
database fields.

2. In the In Field box, select the field you want to search in the Deployment
Database.

Example: to find a computer by searching for its IP address, type the address in the

Search For field and select IP Address from the In Field drop-down list.

Name BIOS name of the computer.

Computer Name Deployment Solution name of the computer.

MAC Address Example: 0080C6E983E8.

IP Address Example: 192.168.1.1.

ID Example: The computer ID. 5000001.

Serial Number Serial number installed in BIOS. A primary lookup key.

Asset Tag Asset number in BIOS. A primary lookup key.

UUID A primary lookup key.

Registered User Name entered when the operating system was installed.

Product Key Product Key for the operating system.

Logged On User Name of the user currently using the computer.

Physical Bay
Name

The actual bay number. Example: 7x.

Deployment Basics

The computer you are looking for appears highlighted in the Computers window in the
console.

Note

This search is not case-sensitive and lets wildcard searches using the *.

Using Lab Builder

Use the Lab Builder to set up jobs under the Lab folder in the Jobs pane to set up a
classroom or lab environment.

Click Lab Builder on the console toolbar or click File > New > Lab
Builder to set up jobs specifically created for managing multiple
computers in a lab environment.

Deployment Solution 65

Deployment Basics

You can set up jobs to:

z Create Disk Image

z Deploy Lab

z Restore Lab

z Update Configuration

z Upload Registries

Each job contains a default list of tasks. Lab Builder places these five new jobs under a
folder (which you name) located under the Lab folder. All tasks in the jobs are assigned
default paths and file names that let them use the same images and configuration
information, registry data, and so on. We recommend that you do not change the file
names and paths. If you change the default settings (Example: changing the image
name), you must change it in all jobs where the image is used.

To use Lab Builder

1. Click the Lab Builder icon on the toolbar, or choose File > New > Lab Builder.

2. Enter the name of the lab setup.

Note

The lab name must be unique because the program creates a default image file
name based on the name, and the image file name must be unique. The default
image name is synchronized in all lab jobs, so if you change the name later you
must change it in all jobs that use the image.

3. Enter a lab description to help you differentiate the lab from others. This field is
optional. Click OK.

4. Identify an image in the Create Disk Image job.

5. Set computer names and addresses in the Update Configuration job.

The following information describes the default jobs. To run one of these jobs, drag it to
the computer or computer group you want it applied to.

Create Disk Image. This job uploads an image of a computer to the server and an
image name is created automatically based on the lab name. However, there is no
actual image in the job until you drag the image source computer to this job.

Deploy Lab. This job has three default tasks: Deploy image, Apply configuration
settings, and Back up registry files. The image that is uploaded using the Create Disk

Image job is deployed when you use this job. The configuration settings you specify in
the Update Configuration job are applied to the computers, and the computer registry
files are uploaded to the Deployment Server.

Restore Lab. This job restores the image and registry files to a computer where a lab
was previously deployed. You can quickly get a computer running again by restoring the
lab on that computer.

Update Configuration. This job lets you to set unique configuration information (such
as computer names and network addresses) for client computers. When a lab is
deployed, each computer has an identical image, but not the same configuration
settings. This means you don't have to visit each computer to reset IP addresses and
other settings when you deploy an image.

Upload Registries. This job backs up computer registry files to the Deployment Server.

Deployment Solution 66

Computer Import File

Use the following format to import new computers from a text file. You can easily create
a computer import file by entering data in the provided Microsoft Excel spreadsheet

ImportComputers55.xls) located in the Samples folder of the Deployment Share.

(

z A semicolon as the first character denotes comment lines.

z Quotes around fields are optional.

z Leaving the job name blank does not assign the computer to any job.

z Leaving the start time blank makes an entry in the job for the computer, but does

not schedule it for a specific time.

z Only the Name field is required.

z Quotes around fields are optional.

You can populate your computer database using the format provided below. The Import
Computers text file can be imported into Deployment Solution using the File > New

Computer > Import or File > Import/Export > Import Computers.

Tips for creating a new computers import file

z When using Boolean references, do not use quote marks. These fields are marked

with a B: 1=On/True and 0=Off/False.

Deployment Basics

z For some fields, this input format supports multiple IP Addresses, delimited by a “;”

(semicolon) within the field. These fields are marked with a “(;)”.

Example: the gateway field could read, 30.11.11.2, for a single IP address
or, 30.11.11.2;30.11.11.3;30.11.11.4, to support three IP addresses.

z All fields (up to and including “site”) must be present in the file, but all data except

for “Name” is optional.

z To use optional fields for multiple network adapters, the preceding fields are

required. Example: to use Nic3 fields, all fields for Nic2 are required.

z For Deployment Server to read the import text correctly, ensure there is a final hard

return at the end of the file.

Format for the New Computers text file

Outlined below is the field order for the database input. Fields marked “(ignored)” are
not used by version 5.5 and later, but are included to support previous versions.

;Name,MAC Address 1,Serial Number,Asset Tag,Computer Name,Domain(B),Domain/
Workgroup Name,Domain Controller Name(ignored),DHCP(B),IP
Address(;),Netmask(;),Gateway(;),Preferred DNS(;),Alternate DNS,Alternate 2
DNS,Preferred WINS,Alternate WINS,Hostname,Domain Suffix,Use Preferred
Tree(B),Preferred Server,Preferred Tree,Netware User,NDS Context,Run
Scripts(B),User,Organization,Key,Password Never Expires(B)(ignored),Cannot Change
Password(B)(ignored),Must Change Password(B)(ignored),Username(ignored),Full
Name(ignored),Groups(ignored),Password(ignored),Contact,Department,Email,Mailstop
,Phone,Site,Computer Group,Job,Job Start Time,NIC2 MAC Address,DHCP(B),IP
Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC3 MAC
Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain
Suffix,NIC4 MAC Address,DHCP(B),IP
Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC5 MAC
Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain

Deployment Solution 67

Deployment Basics

Suffix,NIC6 MAC Address,DHCP(B),IP
Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix,NIC7 MAC
Address,DHCP(B),IP Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain
Suffix,NIC8 MAC Address,DHCP(B),IP
Address(;),Netmask(;),Gateway(;),DNS(;),WINS(;),Domain Suffix

Example Import File

DB Computer
1,00a0c95c2640,6X18FHGZP21P,6X18FHGZP21P,Computer1,1,Altiris,,1,,,,,,,,,computer
1h,altiris.com1,1,server1,tree1,user1,context1,1,John Doe,"Altiris, Inc.",12345-OEM­1234567-12345,,,,,,,,John Doe,Engineering,jdoe@altiris.com,111,(801) 805­1111,Lindon,Test Group,Test Job,12/31/2001
17:30,00a0c95c2641,0,172.25.10.180,255.255.0.0,172.32.0.4,172.32.0.1;172.32.0.7,

172.32.0.4,altiris.com2,00a0c95c2642,1,,,,,,altiris.com3,00a0c95c2643,0,1.1.1.1;2.2.2

.2,255.255.255.255;255.255.255.0,1.1.1.2;2.2.2.1,3.3.3.3;4.4.4.4,5.5.5.5;6.6.6.6,alti
ris.com4,00a0c95c2644,1,,,,,,altiris.com5,00a0c95c2645,0,1.1.1.1,2.2.2.2,3.3.3.3,4.4.

4.4,5.5.5.5,altiris.com6,00a0c95c2646,1,,,,,,altiris.com7,00a0c95c2647,0,5.5.5.5,4.4.4

.4,3.3.3.3,2.2.2.2,1.1.1.1,altiris.com8

Deployment Solution 68

Chapter 12

Managing from the Deployment Console

Deployment Solution provides both Windows and Web user interface consoles to deploy
and manage computer devices across local or wide area networks. It also provides a
Thin Client view of the Deployment Console. As an IT administrator, you can manage all
computer devices from one of these Deployment Consoles:

The Deployment Console is a Windows-based console with complete deployment and
management features, including remote control, security, PXE Server configuration,
image editing, and other deployment utilities and features. See Deployment Console

basics on page 70.

The Deployment Web Console provides basic deployment and management
functionality from a Web browser, including the ability to remotely access and manage
computer devices, build and schedule jobs, and view multiple Deployment connections.

The Thin Client View of the Deployment Console provides a simplified experience when
dealing exclusively with Thin Clients. The functionality of the Thin Client Console is
identical to that of the current Deployment Console. However, you can toggle from Full
View to Thin Client View.

Deployment from the Symantec Management Console combines management and
reporting features across multiple Deployment Server systems and lets you integrate
additional Web applications in the client and server management suites, including
Inventory, Software Delivery, Recovery, HelpDesk, Patch Management, and Application
Metering solutions.

To launch the Deployment Console, click the icon on the desktop, or click

Start > Programs > Altiris > Deployment Solution > Console.

Features of the Deployment Console. The Windows console for Deployment Solution

provides standard Computers, Jobs, and Details panes to drag and drop icons, view
properties, and identify the state and status of Deployment objects. In addition, the
Deployment Console also includes a Shortcuts and Resources view and provides the
tools, utilities, and features required for complete computer resource management. See

Deployment Console basics on page 70.

Set program options. From the Tools > Options dialog, you can set preferences for
each Deployment Server system. See General options on page 82.

Set security. From the Tools > Security dialog, you can set security rights and
permissions for all Deployment Consoles. See Security in Deployment Solution on
page 87.

Connecting to other Deployment Server systems. Connect to other Deployment
Server connections from your current Deployment Console and manage computers
outside of your current network segment or site. See Connecting to another Deployment

Server on page 93.

Deployment Solution 69

Customize the Tools menu. You can add commands to the Tools menu to open
commonly-used deployment programs and utilities. See Extending the tools menu on
page 79.

Deployment Console basics

The Deployment Console is your main portal to Deployment Solution. It is a feature-rich
Win 32 program with real-time access to computer resources, deployment jobs, and
package files, each represented by distinct icons to identify the status and settings.
From the Deployment Console, you can build simple or complex deployment jobs, assign
them to a computer group, and verify deployment execution.

Because the Deployment Console can reside on its own computer, you can have multiple
consoles running from different locations. The Deployment Console needs to be running
only while creating assignments or viewing information about the managed computers.
You can turn on the console, run management tasks, and turn off the console.

Scheduling information is saved in the Deployment Database and tasks are executed at
their scheduled time. If an assignment to a managed computer is made from two
different consoles at approximately the same time, the computer is assigned those tasks
in the order they are received. See Console options on page 82 to set refresh intervals
for the Deployment Console.

Features of the Deployment Console

The Deployment Console is divided into several panes to organize computers,
deployment jobs, and software packages and scripts. It gives you a graphical view of
your network and provides features to build jobs, drag and drop icons to schedule
operations, store and access jobs and packages, and report the status and state of your
computer resources. The Deployment Server includes three main panes, toolbars,
wizards, shortcuts, and utility programs.

Computers pane

Use this area to view and select managed computers for the Deployment Server system.
You can select and right-click a computer in the Computers pane to run remote
operations using Deployment Solution or to view the computer properties. You can also
create computer groups to organize collections of similar computers. See Remote

operations using Deployment Solution on page 122 and Computer properties on

page 119.

Create computer groups by clicking Computer Groups on the toolbar, or
right-clicking in the Computers pane and selecting Groups. Click View >
Show Computers to display only computer group icons and not individual
computers.

When you select a computer or group, a list of the computers in the group appears in
the Details pane and provides the basic information about each computer. The Filter
detail bar appears in the Details pane that helps to view computers according to set
criteria. When a computer is selected, you can view the computer status in the Details
pane, including a list of jobs that are running or are scheduled to run on the computer
and the status of each job.

Altiris Deployment Solution™ from Symantec User’s Guide 70

Jobs pane

To get more details about all tasks that are run on computers, click Status Detail.
Status Detail displays a more detailed breakdown of the tasks that the job has executed
and a status message indicating the status of the tasks.

You can also import new computers from a text file or add security rights and privileges
for a specified computer or group of computers. See on page 95 for complete
information about setting up, importing, and managing computers from the Computers
pane.

Use this area to create and build jobs using specific deployment tasks. You can select
and right-click a job in the Jobs pane when building new jobs or running the New Job
Wizard. You can also import new jobs from a text file or add security rights and
privileges for a specified job or collection of jobs. See Building new jobs on page 150
and New job wizard on page 146.

Set up folders to organize and access jobs according to your specifications. To create a
new folder, right-click in the Jobs section and select the New Folder option. You can
also create folders by selecting File > New > Folder.

Click View > Jobs View to show or hide the Jobs pane.

When you select a job, the Details pane displays a list of computers in the folder and
gives a basic information about each job, such as its state and status. It also shows the
computers or computer groups to which the job is assigned.

z The Conditions detail bar also appears, letting you assign jobs to computers. See

Setting conditions for task sets on page 151.

z In System Jobs, folders are created to store jobs that are created when running

operations from the console.

Drag-n-Drop Jobs. Jobs are created and automatically placed in this folder when
you drag an .MSI, .RIP, or other package files from the Resources view to a
specific computer or group. See Shortcuts and resources view on page 72.

Image Jobs. Jobs are placed in this folder when you create a Quick Disk Image.
See Quick disk image on page 125.

Restoration Jobs. Jobs are placed in this folder when you restore a computer from
its Deployment history. See Restoring a computer from its deployment history on
page 124.

From the Jobs pane, you can drag job icons to computer icons to run jobs, such as
creating images, deploying computers, changing configurations, or installing software.
After you create a job, you can change it by adding, modifying, or deleting tasks. You
can run jobs immediately, schedule them to run at a particular time, or save them for a
later time. See on page 145 for complete information about setting up, importing, and
managing computers from the Jobs pane.

Altiris Deployment Solution™ from Symantec User’s Guide 71

Details pane

The Details pane extends the user interface features when working in the Computers,
Jobs, or Shortcuts panes.

z When you select a computer in the Computers pane, the Details pane changes to

a Filters section (if you click a group icon) and displays the status of all jobs
assigned to the selected computer.

z When you select a job icon in the Jobs pane, the Details pane displays the

information about the job to set up conditions, order tasks, and to add, modify, or
remove tasks.

z When you select a computer or computer group in the Computers pane, the

Details pane displays the information about a computer, such as its IP address,

MAC address, and status.

z When you select a batch file, you can click Modify to update the file.

z When you select a hard disk image file (.IMG), the Details pane displays a

description of the image file and information about the included partitions.

z When you click on the package files, the Details pane displays the title, description,

version, creation date, and platform of an .RIP file or Personality Package.

Shortcuts and resources view

The Shortcut and Resources pane provides easy access to the computers and job
objects identified in the console and the software packages stored in the Deployment
Share. In the Shortcuts view, you can drag computers, computer groups, jobs, and job
folders to organize and access commonly-used console objects. In the Resources view,
you can identify and assign package files.

Click View > Shortcuts View to open the Shortcuts and Resources
pane. You can drag the jobs and computer icons to this pane. Click

Resources in the Shortcuts and Resources view, or click View >
Resources or CTRL+R to open a filtered list of packages on the

Deployment Share.

The Shortcuts view provides quick links to view and access computers, jobs and
packages. It can act as a palette of Deployment Solution icons that you can drag to
other working panes in the console, or as a storage to save commonly-used jobs and
computer icons.

The Resources view lets you see a filtered view of the package files — .MSI files, .RIPs,
image files, Personality Packages, and other resource packages — stored in folders in
the Deployment Share. From the Resources view, you can drag packages directly to
the computers in the Computers pane to deliver the software. This automatically
creates jobs in the System Jobs > Drag-n-Drop Jobs folder in the Jobs pane. The
Resources view lets you identify packages assigned to each job and assign those
packages to create new jobs.

Altiris Deployment Solution™ from Symantec User’s Guide 72

Using resources directly

If you do not want to create a shortcut to a resource, but still want to use a resource to
assign a job to a computer, you can move the resource to a designated computer. To do
so:

1. Enable the Shortcuts view.

2. Click Resources at the bottom of the Shortcuts window.

3. Browse to the selected resource and drag it to the appropriate computer.

You can create a new script file from the Resources view and use it directly to schedule
it on a computer. See Creating new script files on page 192.

See Console options on page 82 for options to set refresh intervals for the Resources
view.

Thin client view of the Deployment Console

The Thin Client view of the Deployment Console provides a simplified experience when
dealing exclusively with Thin Clients. The functionality of the Thin Client view is identical
to that of the current Deployment Console. However, you can switch from Full view to
Thin Client view.

The Thin Client Console has the following panes:

z Computers

z Resources

z Software Packages

z Inventory

The Computers, Resources, and Software Packages pan es a re on the lef t si de of the
Thin Client view, while the Inventory pane is on the right side of the Thin Client view.

Installing the thin client view

During installation, you can install the Deployment Solution Thin Client view. By default,
the traditional Deployment Console is installed.

If you select Thin Client view, a Thin Client Jobs system folder is created. All the jobs
created from the Deployment Solution Thin Client view are stored in this folder. During
the installation process, the following folders are created in this hierarchy for the Thin
Client resources:

z Configuration Packages

z Images

z Software Packages

Deployment Solution for Thin Clients uses the same installation program as Deployment
Solution. No licensing is required even if you select Thin Client Install.

To install thin client

To install Thin Client, choose one of the following options:

z On the Deployment Server Install Configuration dialog, select the Thin Client

Install option. The Deployment Console Thin Client View appears.

Altiris Deployment Solution™ from Symantec User’s Guide 73

z On the Deployment Server Installation dialog, select the Simple Install option.

The Deployment Console appears. Click View > Show Thin Client View. The
Deployment Console Thin Client View appears.

Switching between two views

When you switch between the traditional view and the Thin Client view, you can
maintain the last state in which you viewed the console. This ensures that you open the
console in the same view that you last closed it in.

To switch between the traditional and the thin client view

1. Click View.

2. Select Show Thin Client View.

Note

By default, the Thin Client view is visible if you select Thin Client Install.

When you switch to the Thin Client view, all the menus and items that are not necessary
for the Thin Client view are unavailable. These are visible when you switch to the
traditional view.

Computers pane

This pane is the same as that in the traditional view. However, only thin clients are
displayed. You can right-click this pane to view a new menu. When you right-click a thin
client, you can view the following options:

z Capture Configuration

z Capture Images

z Deploy Configuration

z Deploy Image

z Install Automation Partition

z Get Inventory

z Power Control

z Properties

z Remote Control

z Delete

z Manage Inventory View

If you select a Capture option, a text field appears, prompting you for the name of the
captured resource. By default, the name is the same as the serial number on the Thin
Client, which you can change.

If you select a deploy option, a list of the available resources appears for the selected
type, such as Configurations, Images, or Software Packages. You can select a resource
from this list.

To create a job

You can create a job in one of the following ways:

Altiris Deployment Solution™ from Symantec User’s Guide 74

Resources pane

z Select any of the first six options from the Computers pane. All these jobs are

scheduled at the current time.

Note

The Schedule Computers for Job dialog does not have the Job Schedule tab.
Also, all the automation jobs have the default option selected for boot image.

z Drag resources to the Computers pane or computers to the Resources pane to

schedule jobs at the current time.

Note

Ensure that you have the required permissions to drag and drop resources.

All thin client job details are saved in the Thin Client Jobs system folder. You cannot
delete or rename this new system folder from the console.

All the above options, except Properties, are disabled when the client is not active.

Note

All the jobs on the thin clients are automatically created and scheduled by the console,
and this happens only when the clients are active. When creating the jobs, the console
refers to the operating system type (platform) of the client.

This pane is a treeview listing all the resources that you can drag and drop to the thin
clients and vice versa. The following types of resources appear in this pane:

z Configuration Packages. Example: Captured Registry Settings.

z Images

z Software Packages. Example: HP Tools.

Note

All these resources reside in the eXpress share in the ThinClient directory.

When you click any of the submenus corresponding to the subdirectories within the
ThinClient directory, the tree expands and displays all the resources included in the
directory. If the folder is empty, an appropriate message appears. You can rename or
delete the resources.

Software packages

The Software Packages pane displays the software packages that can be created for
the available computers. You can drag and drop this resource to the thin clients and vice
versa.

When you right-click the Software Packages pane, you can view the following options:

z New folder. Select this option to create a new folder.

z Import. Select this option to import a job. See To import a job on page 76.

z Rename. Select this option to rename a folder.

Note

You cannot rename the Software Packages pane. You can only rename a folder.

Altiris Deployment Solution™ from Symantec User’s Guide 75

z Delete. Select this option to delete folders.

z Find Software Packages. Select this option to find software packages.

To import a job

1. Open the Thin Client view.

2. Right-click the Software Packages pane and select Import.

The Import Job dialog appears.

3. In the Job file to import field, browse and specify the file that you want to import.

Note
By default, the Import to Job Folder, Overwrite existing Jobs and Folders
with the same names, and Delete existing Jobs in folder options are disabled.

To preserve the source operating system file paths of Scripted Install, select the
Preserve Scripted Install OS source paths option.

Click OK.

To delete the Software Packages option from the Deployment Console

1. Open the Deployment Console.

2. In the Jobs pane, select System Jobs > Thin Client Jobs > Software Packages.

3. Right-click Software Packages and select Delete.

Inventory pane

A confirmation dialog opens.

4. Click Yes to confirm the deletion.

The Software Packages option is deleted from the Deployment Console view.

Note
The Software Packages option is automatically added in the Jobs pane in System
Jobs > Thin Client Jobs when you switch from the Deployment Console view to

the Thin Client view.

This pane displays a table that lists all the thin clients identified by the console. The
following columns appear in the Inventory pane:

z Name

z Computer Status

z Action Status

z Product Name

z Operating System

z Image Version

z Flash Size

z Memory Size

z BIOS version

Altiris Deployment Solution™ from Symantec User’s Guide 76

You can select which columns to view. The following columns are available, but do not
appear:

z Automation Partition

z CPU

z Domain name

z IP address

z MAC address

To view Inventory columns

1. Right-click the Inventory pane. The Manage Inventory Columns dialog appears.

2. You can add columns to either the Selected columns list or the Available columns
list by clicking the required arrows.

3. Click OK.

Toolbars and utilities

The toolbars and menus on the Deployment Console provide major features and utility
tools to deploy and manage computers from the console. From the Main toolbar, you
can create new jobs and computer accounts and run basic deployment tasks. On the
Tools toolbar, you can launch Deployment Solution administration tools and package
editing tools. It also includes icons to quickly run commonly used remote operations.
See Remote operations using Deployment Solution on page 122.

Deployment Solution utility tools

The Deployment Console lets you open utility programs from the Tools menu or from
the Tools toolbar. You can launch Deployment Solution administration tools (Boot Disk
Creator, PXE Configuration, Wise SetupCapture and Remote Agent Installer) and
package editing tools (Wise MSI Editor, PC Transplant Editor, and Image Explorer) from
the toolbar.

Administration tools

Boot Disk Creator. Use this tool to create boot disk configurations, and

automation and network boot media to image client computers. The Boot Disk Creator
can maintain several different boot disk configurations for different types of network
adapter cards. See Altiris Boot Disk Creator help.

PXE Configuration. After installing the PXE Server, you can create and modify
configurations, which make up the boot menu options that appear on client computers.
This is another another option to boot computers to automation. See the Altiris PXE
Configuration help.

Altiris Deployment Solution™ from Symantec User’s Guide 77

Remote Agent Installer. Remotely install the Deployment Agent on client
computers from the console. This utility lets you push the agent installation to client
computers from the Deployment Console. DAgent is the default agent for all Windows
platforms.

PC Transplant Editor. Use this tool to edit a Personality Package to add or
remove data. See the Altiris PC Transplant Help located in the Deployment Share.

Image Explorer. After a disk image is saved to the Deployment Share, this
tool lets you view and manage data in the image file. You can edit and split an image,
create an index, and more. See the Altiris Image Explorer help file located in the
Deployment Share.

Wise MSI Editor. Edit .MSI packages generated from the Wise Setup Capture

tool or other .MSI files used to distribute software and other files.

SVS Admin Utility. Create, import, and manage virtual software layers. See

Software Virtualization Solution on page 78.

DeployAnywhere Driver Database Management. Lets you run DeployAnywhere to
create hardware independent images. This functionality is provided by Symantec Ghost
Imaging Foundation (GIF). To add and manage drivers, on the Tools menu, click the
new DeployAnywhere option. To enable this functionality, select the DeployAnywhere
option from the deploy image task. For more information about DeployAnywhere or
Ghost, see the Symantec Ghost Imaging Foundation documentation.

Software Virtualization Solution

Altiris® Software Virtualization™ Solution (SVS™) is a revolutionary approach to
software management. SVS places applications and data into managed units called
virtual software packages. You can use SVS to activate, deactivate, or reset applications
to avoid conflicts between applications without altering the base Windows installation.

The SVS Admin Utility is a part of SVS. It creates, imports, and manages virtual
software layers, which are part of the packages. For information on installing and using
the SVS Admin Utility, see the Software Virtualization Solution Reference Guide.

For information on the integration of the SVS Admin Utility with Deployment Solution,
see Using SVS admin utility with Deployment Solution on page 79.

Altiris Deployment Solution™ from Symantec User’s Guide 78

Using SVS admin utility with Deployment Solution

On a Deployment Solution computer, you can capture application and data files. The
installed application, data files, and settings are captured into the virtual software
layers.

The Deployment Solution computer should have a clean installation of the Windows
operating system. The computer should not have any background processes or
programs running that can be captured into the layers. Your base computer should not
be running an antivirus program or any other computer management program. If
possible, the computer should not have an active Internet connection.

You can create layers on a virtual computer. (See Managing the SVS layer on page 177.)
This lets you disconnect a computer from the network and reset the computer after each
capture. This ensures that you have a clean operating system.

You can also distribute .RIPs, .MSI files, scripts, personality settings, and other package
files to computers or groups. See Distributing software on page 175.

Extending the tools menu

You can add commands to the Tools menu on the Deployment Console to quickly access
additional management applications. This lets you easily access applications commonly
used with Deployment Solution.

Commands are added by modifying or adding new .INI files. You can insert commands
to the root ATools.ini file for the main menu or add new .INI files to create submenus.
Place both types of .INI files in the directory where the Deployment Console executable
(eXpress.exe) is located. The default location is Program Files\Altiris\
eXpress\Deployment Server.

You can add up to eight menu items to the main menu, and eight menu items for each
submenu.

These .INI fields are included for each application added to the “Tools > Altiris Tools”
menu:

[Application name or submenu declaration]

MenuText=<the application name displayed in the menu>

Description=<the name displayed when you mouse over the menu item>

WorkDir=<directory set as default when executable is run>

Executable=<path to the executable files>

The ATools.ini file extends the main Tools menu on the console. This sample file
contains one submenu, Web Tools, and two additional menu items, Notepad and
Netmeeting. The .INI files are located in the Deployment Share.

[Submenus]

Web Tools=wtools.ini

[Notepad]

MenuText=Notepad Editor

Description=Simple Editor

Altiris Deployment Solution™ from Symantec User’s Guide 79

WorkDir=.

Executable=C:\WINNT\notepad.exe

[NetMeeting]

MenuText=NetMeeting

Description=NetMeeting

WorkDir=.

Executable=C:\Program Files\NetMeeting\conf.exe

Another Tools .INI file is wtools.ini. It is a submenu file referenced by the main
ATools.ini file. On the main menu, this is titled “Web Tools” (see Tools.ini) and contains

two applications, Internet Explorer and Adobe Acrobat.

[Explorer]

MenuText=Explorer

Description=Windows Explorer

WorkDir=.

Executable=C:\Program Files\Internet Explorer\explorer.exe

[Acrobat]

MenuText=Acrobat Reader

Description=Acrobat Reader

WorkDir=.

Executable=C:\Program Files\Adobe\Acrobat\acrobat.exe

Computer filters and job conditions

Use this dialog while creating a computer group filter to filter only the specified
computers in a computer group, or while setting conditions for task sets when running a
job only on the specified computers in a group. See Creating a computer group filter on
page 81 and Setting conditions for task sets on page 151.

Creating conditions to assign jobs

You can set conditions on a scheduled job to run only on the computer devices that
match a defined criteria. As a result, you can create a single job with tasks defined for
computers with varying properties, including the type of the operating system, network
adapters, processors, free disk space, and other computer properties. For each job, you
can now create task sets that are applicable only to the computers matching those
conditions.

Altiris Deployment Solution™ from Symantec User’s Guide 80

Click a job in the Jobs pane. The Condition feature appears in the Details
pane. Click Setup to add new conditions or edit existing conditions. When
you are setting conditions to schedule a job, select from a list of predefined
database fields or create custom tokens that key on other fields in the
database.

Creating custom tokens

You can create custom tokens to set conditions based on the database fields that are not
provided in the available preset conditions in the Conditions dialog. Example: Select

User Defined Token from the drop-down list in the Fields box. Select contains in the
Operation field, and enter Milo in the Value field. In the Token field, enter the

following custom token:
with the registered license user named Milo. The job runs only on the computers that
meet the specified criteria.

Filter Name Description

Active
Computers

Inactive
Computers

Computers With
Faile d Jo bs

Windows 2003
or 2008

Windows XP/
Vista

Windows CE
(PDAs)

Linux Displays only the computers with Linux operating systems.

Windows XP
Embedded

Windows CE
.NET

Pocket PC
(PDAs)

%#!computer@lic_os_user%. This filters out only the jobs

Displays all the active computers.

Displays all the inactive computers.

Displays all the computers where jobs have failed to execute.

Displays only the computers with Windows 2003 or 2008
operating systems.

Displays only the computers with Windows XP or Vista operating
systems.

Displays only the computers with Windows CE operating systems.

Displays only the computers with Windows XP Embedded
operating systems.

Displays only the computers with Windows CE .NET operating
systems.

Displays only the Pocket PC computers.

Creating a computer group filter

The Computer Filters dialog displays a list of all computers in a group according to the
specified criteria. Example: You can create a filter to view all the computers in a
particular group that have Windows 2008, 256 MB of RAM, and 20 GB hard disks only.
By applying the filter, you can view all the computers that meet the specified criteria in
the Details pane of the Deployment Console.

Altiris Deployment Solution™ from Symantec User’s Guide 81

To create or modify a computer filter

1. Click the All Computers group or any other computer group.

2. On the Filter bar in the Details pane, click Setup > New to create a new filter.

Or

Click Setup > Modify.

3. Type a name for the filter and click Add. The Filter Definition page appears.

4. Define the conditions you want to filter.

Click the Field box to see a list of computer values stored in the Deployment
Database. Select a computer value and set the appropriate operation from the
Operations list. In the Value box, enter an appropriate value for the selected
database field. Example: You can choose Computer Name as the Field, Contains
as the Operation, and Sales as the Value.

5. Repeat to include other conditions. Click OK.

General options

Use the Program Options feature to set the general options for Deployment Solution.
Click Tools > Options to view the Program Options dialog.

Click a computer group in the Computers pane. The Filter feature appears
in the Details pane for the selected computer group. Click Setup to add
new filters, or to modify and delete existing computer filters.

z Console options

z Global options

z Task password options

z Domain accounts options

z RapiDeploy options

z Agent settings options

z Custom data sources options

Console options

Set basic console features for miscellaneous refresh actions and warning messages.

Scan resource files for changes every ____ seconds. Specify how frequently (in
seconds) the Deployment Console updates its view of package files in the Resources
view. See Shortcuts and resources view on page 72.

Warn user when no tasks are assigned to the 'default' condition. When a job is
assigned to computers and the default condition has no tasks assigned, a message
appears. The job has no secondary default tasks assigned if a computer in the group
does not meet the primary conditions. See Setting conditions for task sets on page 151.

Refresh displayed data every ____ seconds. Refresh the display of data accessed
from the Deployment Database. This lets you refresh console data at defined intervals

Altiris Deployment Solution™ from Symantec User’s Guide 82

Global options

instead of updating every time the Deployment Console receives a command from the
server, which can be excessive traffic in large enterprises.

Set global options for the Deployment Server system.

Delete history entries older than _____ days. Specify the number of days entries
are kept in the history before they are deleted. Enter any number between 1 and
10,000. If you don’t select this option, log entries remain in the history.

Remove inactive computers after ____ days. Specify the number of days you want
to keep inactive computers in the Deployment Database before they are deleted. The
default value is 30 days, but any number between 1 and 10,000 is valid.

Synchronize display names with computer names. Automatically update the
displayed name of the managed computer names in the console when the client
computer name changes. If this option is not selected, changes to the computer names
are not reflected in the console. Synchronization is off by default. The names do not
have to be synchronized for the Deployment Server to manage the computer.

Reschedule failed image deployment jobs to immediately retry. Immediately
retry a failed image deployment job. The program continues to retry until the job
succeeds or until the job is cancelled.

Client/server file transfer port: _____. Specifies a static TCP port for file transfers
to the clients. The default value is 0 and causes the server to use a dynamic port. This
setting is useful if you have a firewall and need to use a specific port rather than a
dynamically assigned port.

Automatically replace expired trial licenses with available regular licenses. Lets
Deployment Solution automatically assign a permanent license to the computer after the
trial license expires.

Note

Be careful when using this option. Ensure that you do not give a permanent license to
computers you do not want to manage after their trial license expires.

Display Imaging status on console. Displays the status of the imaging job on the
Deployment Console.

Remote control ports. Specifies ports for using the Remote Control feature. You have
the option to enter a primary port address and a secondary port address (Optional).

Remove task passwords when exporting or copying jobs. Specifies that you must
remove the task password when exporting or copying jobs.

Display only computers and jobs the user has rights to manage. Displays only the
computers and jobs that the user has rights to manage. If this option is not selected, all
of the computers and jobs are displayed. If this option is selected when security is
enabled and the logged-on user has administrator rights, all computers and jobs are
displayed. However, if this option is selected when security is enabled and the logged-on
user does not have administrator rights, that user’s view is restricted to see the jobs and
computers that the user only has rights to. A computer is displayed if the logged-on user
has any permission on the computer’s group or if the computer’s group inherits any
permissions from a parent folder.

Altiris Deployment Solution™ from Symantec User’s Guide 83

Do not update configuration data on a failed configuration task. If checked, does
not overwrite the data in the Deployment Solution database if a configuration task fails.
The database is not updated until a successful configuration task finishes running.

Primary lookup key(s). Specifies the lookup key type(s) used to associate a new
computer with a managed computer. The options are Serial Number, Asset Tag,

UUID, or MAC Address.

Sysprep Settings. This lets you enter global values for Sysprep. See Sysprep settings

on page 84.

Sysprep settings

View and configure the Sysprep settings for the Deployment Server.

OS product key dialog

In the OS Product Key dialog, select the suitable operating system from the
Operating System drop-down list. After you select the operating system, a list of all

product keys for the selected operating system appears. Select an operating system
from the Operating System drop-down list, and click Add to type the Product Key. You
can type up to 29 characters for the Product Key. The new product key is added to the
list of available keys of the selected operating system.

To modify a product key, select the product key to be modified, and click Edit. To
remove a product key, select the product key to be deleted, and click Remove.

Note

If the product key is being used by another task, you cannot delete the product key. You
are prompted with a message stating that the product key is being used by another
task.

Task password options

According to the network and security properties, the passwords for administrators and
users change after a certain number of days. In such a scenario, the password becomes
invalid and all jobs and tasks using the user name whose password changes must be
modified to use the new password. The Task Password option provides administrators
with a simple option to manage all password changes from a centralized location.

This feature lets you set or change user passwords from a central location, so you can
modify the password for the Copy File to, Distribute Software, Run Script,
Distribute Personality, and Capture Personality tasks when creating or modifying
jobs. However, this tab is enabled only to administrators and select users who have
been granted the appropriate privileges.

The Status field displays the results of password updates. Example: User A’s user name
and password is used in ten tasks. If you want to update the password for these ten
tasks, you can do so through the Task Password option. After the password is
updated, the Status field displays the message: Password for 10 tasks updated.

Domain accounts options

This sign-on feature retrieves the name of the administrator (or the user with
administration rights) and the password for each domain. This feature lets you avoid

Altiris Deployment Solution™ from Symantec User’s Guide 84

needing to log on for each managed computer when you run imaging and configuration
jobs.

You can provide the user credentials for the parent domain or a trusted domain in this
window. Deployment Solution supports the UPN and SAM formats, and it accepts either
the parent domain user’s credentials or the domain user’s credentials for any
configuration jobs.

Click Add to enter the Domain name. The Add Domain Account page appears. Enter
the name of the selected domain and provide the administrator credentials. Click OK.
The administrator name and domain are listed in the Domain Accounts list box.

Note

To enter the administrator user name for a Windows XP domain, you must add both the
domain name and the user name. Example: Instead of entering only the user name

jdoe, you must enter domainName\jdoe.

RapiDeploy options

This feature optimizes the multicasting ability of the RapiDeploy application in the
Deployment Server, letting you deploy images to a group of computers simultaneously,
download an image from a file server, or access a local hard drive, and manage the
imaging of several client computers concurrently.

Because RapiDeploy is more efficient when writing directly to the IP address of the
network adapter driver, you can enter a range of IP addresses when using the
multicasting feature for faster computer deployment and management. The Deployment
Server accesses the range of computers using the defined IP pairs and avoids retrieving
the computers through the port and operating system layers.

However, because some network adapter cards do not handle multiple multicast
addresses, you can also identify a range of ports to identify these computers. On the
first pass, the Deployment Server accesses the selected computers using the list of IP
numbers. On the second pass, the Deployment Server accesses the selected computers
using the port numbers or higher level operating system IDs.

Note

Multicasting images are not supported when using the UNDI driver on PXE, and are
disabled on the client.

Click Reset to set the default values.

Agent settings options

These are the default agent settings for new computers. Click Change Default
Settings to change Windows Agents Settings for Windows and DOS. The Change
Default Settings option is enabled only if you select the Force new agents to take
these default settings or the Force new Automation agents to take these
default settings option. Set Deployment Agent settings for new computer accounts or

set Deployment Agent settings for DOS for new computers. See Deployment agent

settings on page 110 and Deployment Agent settings for DOS on page 116.

These default settings are applied only for new client computers that have never
connected to the Deployment Server, and have no information stored in the Deployment
Database. These settings are not for the existing managed computers, nor are these
settings applied when setting properties using the Remote Agent Installer.

Altiris Deployment Solution™ from Symantec User’s Guide 85

When the Deployment Agent connects, the Deployment Server verifies if the computer
is a new or an existing computer. If the client computer is new and if the Force new
agents to take these default settings option is selected, the Deployment Agent on
the client computer receives the default settings established in the Options > Agent
Settings dialog. If the computer is recognized as an existing managed computer, it
uses the existing agent settings. The same process occurs for automation agents if the

Force new Automation agents to take these default settings option is selected.

Force new agents to take these default settings. Select this option to force the

default settings when adding a new computer.

Force new Automation agents to take these default settings. Select this option to
force the default settings when adding a new automation agent connects.

Custom data sources options

This option lets you set up credentials to authenticate to external Deployment
Databases and other Microsoft SQL Server databases to extract data using custom
tokens. Click Add to enter an administrator alias and other login information for the
Microsoft SQL Server (or MSDE) hosting the desired Deployment Database.

The information required to create a custom data source entry is listed below:

Alias. The alias name you want to use when referencing the external SQL database.

Server. The name of the external SQL database server or IP address.

Database. The name of the external database from which you want to extract data.

Use Integrated Authentication. This option authenticates to the external

database using the domain account you are currently logged on as.

User name and Password. When the integrated authentication is not being used,
you must provide a user name and password to authenticate to the external
database.

Allowed Stored Procedures. Click this tab to modify the existing list. See Allowed

stored procedure list on page 86.

Allowed stored procedure list

Click Allowed Stored Procedures to identify the stored procedures from the selected
custom data source. You can now select from the list of available stored procedures in
the data source. This lets you call stored procedures outside of the Deployment
Database (eXpress database) using custom tokens within scripts or answer files.

Virtual centers options

You can keep a list of all VMware Virtual Center Web services. The hosts and virtual
computers from each Virtual Center that have corresponding computers in the
Deployment Database appear in the computer tree. These virtual computers appear
under the Virtual computers node in the Computers pane.

Click Add. On the Virtual Center page, enter the Display name, Server hostname,
and Username. By default, the port number is displayed. You can also set up a
password for the selected user.

Altiris Deployment Solution™ from Symantec User’s Guide 86

Security in Deployment Solution

Deployment Solution provides a security system based on associating job and computer
objects with user and group permissions, letting IT personnel be assigned to different
security groups to manage operations on specific computer groups or job folders. Each
security group can perform only a defined scope of deployment operations on each
computer group or job folder. Additionally, each user can be assigned rights to access
general console features. You can also choose whether to specify that scripts on run only
on the Deployment Server.

Note

Security rights and permissions set in one console are enforced in all Deployment
Consoles.

To set general security rights, click Tools > Security and add a user name
and password. You can create users and groups and set scope-based rights.

See Best practices for Deployment Solution security on page 87, Enabling security on
page 88, Setting permissions on page 92, Groups on page 89, and Rights on page 90.

To set feature-based permissions for specific computers or jobs, select the
object in the console, right-click and select Permissions.

Best practices for Deployment Solution security

Deployment Solution is based on defining groups of users and groups of computers and
jobs, and associating one with another. We recommend that you first create user groups
based on administration duties or access to levels of deployment operations. For
example, You probably set up a group with full Administrator rights. This group has
access to run all operations on all computers using all types of jobs. No permissions
need to be set on each computer group or job folders for the Administrator group
because this has full rights to all features and resources.

However, you can also set up a Technician group that has only basic access and
permissions limiting deployment operations. This prohibits members of the group from
re-imaging the Server computer group or scheduling Distribute Disk Image jobs. You
can explicitly Allow or Deny the group from running these operations for each
computer group in the Computers pane or each job folder in the Jobs pane.

After creating the Technician group, you can limit their rights to set General Options and
set permissions on each computer groups and job folder for the group. See General

options on page 82. You can select the computer group, right-click it and select

Permissions. Select the group name in the left pane, and click Allow or Deny for a list
of deployment operations. Example: You can select the Deny check boxes for Restore,
Schedule Create Disk Image, and Schedule Distribute Disk Image.

Additional groups can be created with different rights and permissions depending on the
needs and responsibilities in the IT team. If users are assigned to multiple groups, the
Evaluate Permissions and Evaluate Rights features are sorted and display effective
permissions and rights.

Altiris Deployment Solution™ from Symantec User’s Guide 87

Enabling security

You can enable security by first creating a group with Administrator rights, adding a user
to the Administrator group, and selecting Enable Security.

Note

When the Administrator Right is selected, you do not need to select any other rights
because the Administrator Right implies that all other rights are selected.

1. Click Tools > Security.

2. Click the Manage User Groups tab and click Add. The Add User Group dialog

3. Select the authentication type. You can add a DS group or a group from the Active

4. Click DS Group.

5. Type a name and description in the Add User Group dialog. Click OK.

The Security dialog appears.

appears.

Directory. To add groups from Active Directory, see Adding groups from the Active

Directory on page 90.

Note

The Browse option is disabled for Local Group.

The group name appears in the window.

6. Select the new group name and click Rights.

7. Select Administrator in the Rights dialog. This assigns complete rights and

permissions to the group. Click OK, and click Close.

8. On the main Security dialog, click the Manage Users tab, and click Add.

The Add User Account dialog appears.

9. Select the authentication type. You can add a DS user or a user from the Active

Directory. To add users from the Active Directory, see Adding users from the Active

Directory on page 89.

10. Select the DS User option in the Add User Account dialog.

Note

The Browse option is disabled for DS User.

11. Type the user name, full name, and password. Retype the password, and enter a

description for the user. Click OK.

12. Select the user name in the main Security dialog. Click Rights.

13. Click the name of the new Administrator group in the Groups window. This assigns

the new user to the new group with Administrator rights. Click OK.

Note

You can assign the user Administrator rights directly, but we recommend you to
assign users to groups. See Best practices for Deployment Solution security on
page 87.

Altiris Deployment Solution™ from Symantec User’s Guide 88

14. Now that you have a user with administrator rights, select the Enable Security

box.

Security is now enabled. You can now create users and groups and assign permissions
to computer groups and job folders.

Adding users from the Active Directory

You can add users from the Active Directory.

1. In the main Security dialog, click the Manage Users tab, and click Add.

2. Select the AD User option in the Add User Account dialog.

3. If you know the user name, type it in the User name field, or click Browse to

select the user from the Active Directory.

The password field is deactivated because the user is being added from the Active
Directory.

Note

You can add only one user at a time. To import users, see Importing users from the

Active Directory on page 89.

4. Enter a description for the user in the Description box.

5. Click OK.

Importing users from the Active Directory

You can also import users from the Active Directory. To open a standard Windows Active
Directory dialog, from the main Security dialog, click the Manage Users tab, and click
AD Import. Add users from Active Directory, not groups. The users are added to the
Deployment Database. However, you still need to assign the users to security groups
with appropriate rights and permissions.

Groups

Note

When logging on with the imported AD account, Deployment Solution accessed the
Windows Active Directory server to validate the user password.

Evaluate rights

Click Evaluate Rights to identify the combined rights of the selected user and its user
group(s). This feature identifies effective rights for each user by resolving any possible
conflicts between multiple group settings.

Assign the user to previously created groups. If you are enabling security, you can
assign the user to a group with Administration rights.

To add groups, from the Security dialog, click the Manage User Groups tab, and click
Add. Select the authentication type, and type the required details. You can view the
members of any group by clicking the group in the Manage User Groups dialog and
clicking View Members.

See also Best practices for Deployment Solution security on page 87 and Enabling

security on page 88.

Altiris Deployment Solution™ from Symantec User’s Guide 89

Adding groups from the Active Directory

You can add users from the Active Directory.

1. In the main Security dialog, click Manage User Groups tab, and click Add.

2. Select AD Group in the Add User Group dialog.

3. If you know the group name, enter it in the Name field, or click Browse to select

the group from the Active Directory. A list of groups, along with their descriptions,
appears in a new dialog. Select a group from the list and click OK.

4. The Name, Domain, and Description are displayed. However, you can modify the

description. Click OK.

The newly added group appears in the main Security dialog.

Importing groups from the Active Directory

You can also import users from the Active Directory. In the main Security dialog, click
the Manage User Groups tab, and click AD Import to open a standard Windows
Active Directory dialog. Add groups from Active Directory. You can choose a domain
from the Domain List, and select a group from the displayed list. The group is added to
the Deployment Database. However, you still need to assign the users to security
groups with appropriate rights and permissions.

DS authentication

Rights

If the user is already in the Deployment Database and tries to access the Deployment
Console, the Deployment Server checks the authentication with the logged on user, and
upon matching does not prompt for user credentials. Similarly, if a group is already
added in the Deployment Database and if a logged-on user, who is a part of the AD
group, tries to access the Deployment Console, the Deployment Server does not prompt
for credentials.

This dialog lets you set general rights for a user or group. To verify, add, or change the
rights assigned to each console user, use the following steps:

1. On the Security page, select a user and click Rights.

2. Click the Rights tab.

3. Select the check box for each right you want to grant.

4. After selecting all applicable rights, click OK to save your changes.

A brief explanation of each Deployment Server right that can be assigned is given
below:

Administrator. Lets the user access all features available on the Deployment
Console. You must have Administrator rights to enable security. See Enabling

security on page 88.

Options Console. Lets you set the view and the Console options. See Console

options on page 82.

Options Global. Lets you set the view and the Global options. See Global options
on page 83.

Altiris Deployment Solution™ from Symantec User’s Guide 90

Options Domain Accounts. Lets you set the view and the Domains Accounts
options. See Domain accounts options on page 84.

Options RapiDeploy. Lets you set the view and the RapiDeploy options. See

RapiDeploy options on page 85.

Options Agent Settings. Lets you set the view and the Agent Settings options.
See Agent settings options on page 85.

Options Custom Data Sources. Lets you create Custom Data Sources options.
See Custom data sources options on page 86. You can view, create, and set
database aliases.

Manage Rejected Computers. Lets you view rejected computers in Deployment
Solution and change their status. See Rejected computers in Deployment Solution
on page 94.

Refresh Clients. Lets you refresh Deployment Solution clients. See Refresh

Deployment Solution on page 94. You can use the View > Refresh clients <CTRL

+F5> feature to disconnect and reconnect client computers.

Allow Scheduling on All Computers Group. Lets you schedule jobs on All

Computers. If you have administrator rights, by default, you have the rights to
schedule job on all computers, irrespective of the check box state. You can grant
this right to a specific user or a group.

Import/Export. Lets you import and export jobs and import computers as well.
See Importing and exporting jobs on page 193 and Importing new computers from

a text file on page 100.

Options Task Password. Lets you centrally update passwords for users and
groups so they can access the Copy File to, Distribute Software, Run Script,
Distribute Personality, and Capture Personality tasks. You must have administrative
rights to access this option. See Task password options on page 84.

Use PXE Configuration Utility. Lets you use the PXE Configuration Utility.

Options Virtual Centers. Lets you view and add options for Virtual Centers. See

Virtual centers options on page 86.

Run Script on DS. Lets you choose to run scripts either on the server or on the
client.

Access to Master Return Code. If unchecked, restricts access to the master
return code list. If checked, lets you modify the master return code list.

Allow DeployAnywhere. Lets you run DeployAnywhere to create hardware
independent images. This functionality is provided by Symantec Ghost Imaging
Foundation (GIF). To add and manage drivers, on the Tools menu, click the new
DeployAnywhere option. To enable this functionality, select the DeployAnywhere
option from the deploy image task. For more information about DeployAnywhere or
Ghost, see the Symantec Ghost Imaging Foundation documentation.

Restricting the number of computers

This dialog lets you restrict the maximum number of computers that can be selected.

Restricing the number of computers

1. On the Security page, select a user and click Rights.

2. Click the Restrictions tab.

Altiris Deployment Solution™ from Symantec User’s Guide 91

3. Type the maximum number of computers that each job can be scheduled on.

4. Check the box if you want this user to be able to schedule jobs to run immediately.

5. Click OK to save your changes.

Setting permissions

Set permissions for jobs, job folders, computers, and computer groups. See Best

practices for Deployment Solution security on page 87 for additional design tips.

Setting permissions

1. Right-click on a computer group or job folder (or individual computers and jobs) and

select Permissions. The Object Security dialog appears.

2. Click the Groups tab and select a group name. Or click the User tab and select a

user name.

3. From the list in the right pane, select if you want to Accept or Deny permission to

run the operations on the selected computer or job objects. These permissions
include access to remote operations using Deployment Solution and features for
scheduling Deployment tasks. See Remote operations using Deployment Solution on
page 122 and Deployment tasks on page 155.

4. Select the Allow or Deny check box to explicitly set security permissions for these

Deployment Solution features for the selected objects.

Note

Administrators have access to all objects with unrestricted rights and permissions.
You cannot explicitly deny permissions to computer or job objects for users with
administrator rights.

5. To assign permissions to multiple groups, click Set permissions on all child

objects to assign the values without closing the dialog.

Note
You can set permissions for all jobs and computers by clicking in the Jobs pane or
Computers pane without selecting a job or computer object.

Permission rules

Permissions received through different sources may conflict with each other. The
following permission rules determine which permissions are enforced:

 Permissions cannot be used to deny the user with Administrator console rights

access to use any console objects or features.

 User permissions take precedence over Group permissions.

 Deny overrides Allow. When a user is associated with multiple groups, one

group could be allowed a permission at a particular level while the other group
is denied the same permission. In this scenario, the permission to deny the
privilege is enforced.

 Permissions do not flow down an object tree. Instead, the object in question

looks in the current location and up the tree, and uses the first permission it
finds.

Altiris Deployment Solution™ from Symantec User’s Guide 92

 If a console user does not have permissions to run all tasks the job contains,

the user cannot run the job.

Evaluate permissions

Click Evaluate Permissions to identify the combined permissions of groups and
containers with conflicting permissions. This feature identifies effective permissions for
each object by resolving any possible conflicts.

If a job includes multiple tasks and one of the tasks does not have sufficiently assigned
permissions, the whole job fails due to lack of access permissions.

Note

Permissions to schedule jobs also lets a user delete jobs in the Details pane after a job
runs. Example: If a job contains errors and does not run, no other jobs can be
scheduled. The user must delete the job before scheduling a new job.

Connecting to another Deployment Server

From the Deployment Console, you can connect to other Deployment Servers on your
LAN and manage computers outside of the network segment you are currently logged on
to. To open a connection, you must connect to the Deployment Database of the
preferred Deployment Server connection using the ODBC Data Source Administrator.

Click File > Connect to or press CTRL+O to open the Connect to
Deployment Server dialog. Enter the required information to connect to the
external Deployment Server connections using an ODBC driver.

Note

Although you are accessing another connection (another Deployment Database),
Windows remembers the last place you browsed to, which would be the Deployment
Share of the previous Deployment Server connection. You need to browse to the new
connection’s Deployment Share to access its shared folder that contains its RIPs,
images, executables, and other resources.

Connecting to a new deployment database

1. Click New. The Define Connection Information dialog appears.

2. Enter a name for the connection to be opened.

3. Establish an ODBC data source.

a. Click ODBC Administrator.

b. Click the System DSN tab, and click Add.

c. Select the SQL Server driver source and click Finish.

d. In the Create a New Data Source to SQL Server dialog, enter a name and

description for the data source.

e. If an entry for your server already exists, select it from the menu. Otherwise,

Altiris Deployment Solution™ from Symantec User’s Guide 93

enter the name of the server hosting your remote SQL server in this field. Click
Next.

f. Click Next in the Create a New Data Source to SQL Server dialog to accept

the default settings for authentication.

g. Select the Change the default database to option and select eXpress from

the drop-down list. Click Next.

h. Click Finish. The specifications for the new ODBC data source appear.

i. Click Test Data Source to verify that the source is reachable.

j. Click OK. You return to the main ODBC Data Source Administrator dialog

with your new data source listed in the System DSN tab. Click OK.

4. From the ODBC Data source name drop-down list in the Define Connection

Information dialog, select the new Data Source name you just created.

5. In the Installation Directory path field, enter or browse the full UNC path (or

path using any locally mapped drive) to the directory of the required Deployment
Server, such as:

\\server\express or H:

6. Click OK.

Rejected computers in Deployment Solution

When an unwanted managed client computers attaches to your Deployment Solution
system, you can right-click the computer in the Computers pane and select Advanced

> Reject Connection. You can view these rejected computers by clicking View >
Rejected Computers.

The rejected computers are prohibited from being active in the Deployment Database.
They are identified and rejected by their MAC address.

You can remove computers from the Rejected Computers list by selecting it and clicking
Accept Computer(s). This lets the computer to attach again and be managed by the
Deployment Solution system.

Refresh Deployment Solution

You can refresh the Deployment Console by clicking View > Refresh Console (or
pressing <F5>) to update data from the Deployment Database. You can also click View
> Reset Client Connections (or press Ctrl+<F5>) to disconnect and reconnect all
managed computers in a Deployment Server system.

When you refresh the managed client computers, you are asked if you want to
disconnect all computers. Click Yes. This tells the Deployment Agent to shut down and
restart. It also creates additional network traffic when all computers connect and
disconnect. By refreshing the managed client computers, you ensure that you are
viewing the current status and state of all computers resources in your system.

Altiris Deployment Solution™ from Symantec User’s Guide 94

Chapter 13

Managing computers

From the Computers pane of a Deployment Solution console, you can identify, deploy,
and manage all computer resources across your organization, including desktop
computers, notebook computers, network and Web servers, and network switches. You
can quickly modify any computer’s configuration settings or view its complete
management history. Or you can take on big projects, such as completely re-image the
hard drive, restore software, and migrate personality settings for a whole department.
You now have management of all your computer resources available from a Windows or
Web console from any location.

All computer resources can be accessed and managed as single computers or organized
into computer groups with similar hardware configurations or deployment requirements,
letting you run deployment jobs or execute operations on multiple computers
simultaneously. You can use search features to locate a specific computer in the
Deployment Database, or set filters to sort computers by type, configuration, operating
system, or other criteria.

Manage with computer icons. Major computer types are identified by a computer icon
in the console, with a list of scheduled jobs and operations associated with each
computer. In the Deployment Console, you can assign and schedule deployment jobs to
computers or groups by dragging the computer icon to a job in the Jobs pane, or vice
versa.

See Viewing computer details on page 96.

Computer icons appear in the Computers pane of the Deployment
Console, where they can be organized into groups. To assign and schedule
a job on a computer in the Deployment Server Console, drag a computer

Add new computers. Deployment Solution lets you add new computer accounts and
set configuration properties for new computers before they are recognized by the
Deployment Server system. Preset computer accounts automatically associate with new
computers when they start up, or can be associated with pre-configured computers.

See Adding new computers on page 98.

icon or group icon to a job icon.

Click New Computer on the console to create a new computer account.
You can also click File > New > Computer or right-click in the
Computers pane and select New Computer.

When the new computer starts up, you can assign it a preset account.

Click New Group on the console to add a new group in the Computers
pane of the Deployment Console. You can also click File > New >

Computer Group or right-click in the Computers pane and select New
Group.

Altiris Deployment Solution™ from Symantec User’s Guide 95

Deploy to groups of computers. Organize computers by department, network
container, hardware configuration, software requirements, or any other structure to
meet your needs. You can deploy and provision computers on a mass scale.

To filter computers in a computer group to schedule jobs only to the appropriate
computer types, see Computer filters and job conditions on page 80.

Configure Computer Agents. See the property pages for modifying Deployment Agent
settings.

See Deployment agents on page 109.

View and configure computer properties. You can modify computer settings for
each computer from the console. Or you can view the Computer Properties page for
detailed access to a computer’s hardware, software, and network property settings.

See Computer configuration properties on page 101 and Computer properties on
page 119.

Run remote operations from the console. Perform operations quickly in real time
from a Deployment Console. Restore a computer to a previous state, configure property
settings, send a file, remote control, chat, set security, run deployment jobs, or select
from additional management commands.

See Remote operations using Deployment Solution on page 122.

Build and schedule jobs. Build deployment jobs with one or more management tasks
to run on selected computers. Create jobs, add tasks, and assign the job to computer
groups. Jobs can be organized and assigned for daily tasks or to handle major IT
upgrades.

See on page 145.

Manage Servers. Deployment Solution also manages network or Web servers to
administrate high-density server farms or server network resources across your
organization.

See the Deployment Solution Reference Guide.

Viewing computer details

In Deployment Solution, a computer resource is identified in the console with a
distinctive icon to display the computer type — Windows desktop or notebook, server, or
Linux operating system — and its current status. These computer icons change to
convey the state of the computer, such as the log on status, server waiting status, or
user with a timed license status. You can also view the status of the jobs assigned to the
selected computer in the Details pane of a Deployment Console.

See Viewing job details on page 145.

The following is a sample list of computer icons displayed in each Deployment Console,
identifying the computer type and state.

A computer connected to the Deployment Server with a user logged on.

Altiris Deployment Solution™ from Symantec User’s Guide 96

A computer connected to the Deployment Server, but the user is not logged
on.

A computer with a time-limited user license and a user logged on.

A computer not currently connected to the Deployment Server, but known to
the Deployment Database.

A pre-configured computer with values defined in advance using the New
Computer feature. As soon as the computer connects, the Deployment
Server recognizes the new computer and this icon appears. See Adding new

computers on page 98.

A managed computer waiting for user interaction before running deployment
tasks. This icon appears if the Workstations check box is selected in Initial
Deployment. See Sample jobs on page 196.

A computer identified as a master computer used to broadcast images to
other client computers.

A managed server connected to the Deployment Server with a user logged
on. Additional icons identify different states of server deployment.

A managed Linux computer connected to the Deployment Server with a user
logged on. Additional icons identify different states of Linux computer
deployment.

Physical view of Rack/Enclosure/Bay components for high-density
server systems. These icons appear as physical representations to
allow management of different levels of the server structure. In
addition, server icons identify logical server partitions. See Bay on

Select the New Computers or All Computers group to run jobs or
operations for these default groups identified by an icon in the Computers
pane.

page 121 for properties and rules to deploy Rack/Enclosure/Bay
servers.

Additional computer groups can be added to the Computers pane to
organize similar computer types or to list computers of similar departments
or locations. Click the New Group icon on the toolbar or select File > New >

Altiris Deployment Solution™ from Symantec User’s Guide 97

Computer Group to create a new group.

See also Deployment agents on page 109.

Adding new computers

Computers can be added to the Deployment Database using the following methods:

z Install the Deployment Agent. If you install the Deployment Agent to a computer

with the operating system already installed, the computer is added automatically to
the Deployment Database at startup. New computers with the Deployment Agent
installed are added to the All Computers groups (unless otherwise specified in the
Deployment Agent configuration). You can move the computer to another group if
required.

z Use Initial Deployment to configure and deploy new computers booting to

automation. Starting up a new computer with the Automation Agent lets you
image the hard drive, assign IP and network settings, distribute personal settings
and software, and install the Deployment Agent for new computers. Using Initial
Deployment, you can associate new computers with pre-configured computer
accounts. These newly configured computers appear in the New Computers group.
See Sample jobs on page 196.

z Create or import computer accounts from the Deployment Console. You can

add new computers using the New Computer feature or import computers using a
delimited text file. You can pre-configure computer accounts by adding names and
network settings from the console. See Creating a new computer account on
page 99.

About new computers

When a new computer starts up, if Deployment Server recognizes the MAC address
provided in a New Computer account or import file, it automatically associates the user
account at startup with the New Computer icon. If this value is not provided, the
computer appears as a pre-configured computer account, letting you associate it with a
new computer.

The New Computer icon appears for a new computer if the MAC Address is
provided when creating a new computer account using any import or new
computer account feature.

A pre-configured computer account icon appears if specific hardware data
(MAC Address) is not known. As soon as the computer starts up and is
associated with a pre-configured computer account, Deployment Server
recognizes the new computer and this icon appears.

Pre-configured computer account

A pre-configured computer account can be associated with a new computer using the
Initial Deployment feature. You can create multiple pre-configured computer accounts
and associate the account with a new computer when it boots to automation. At startup,
the configuration settings and jobs assigned to the pre-configured computer account can
be associated with the new computer.

Deployment Solution provides features to create a pre-configured computer account to
pre-define a computer’s configuration settings and assign customized jobs to that

Altiris Deployment Solution™ from Symantec User’s Guide 98

computer even if you do not know that computer's MAC address. This type of computer
is known as a pre-configured computer account.

Pre-configured computer accounts offer a lot of power and flexibility, especially when
you need to deploy several computers to individual users with specific needs. Pre­configuring a computer account saves your time because you can configure the
computer before it arrives on site. You can set up as much configuration information
(such as computer name, workgroup name, and IP address) as you have about the
computer and apply it to the new computer when it comes online. You can also prepare
jobs prior to the arrival of the new computer to deploy the computer using customized
images, .MSIs, and .RIPs, based on a user's specific needs.

Example: A user might request Windows 2003 with Office and virus scanning software
installed on the new computer. The user also might request that the computer
personality (customized user settings, address books, bookmarks, familiar desktop
settings) be migrated from the old system. You can build any job, including any of the
available tasks, and assign it to a pre-configured computer account.

When the new computer finally arrives, you are ready to deploy it because you have
done all the work in advance. Boot the client computer to automation, and the new
computer can connect to the server and become a managed computer. Now you can
perform an Initial Deployment or run a deployment imaging job on the new computer.

Creating a new computer account

You can create computer accounts for individual computers or for computer groups.
When creating new accounts for computer groups, you can automatically assign new
names and associate them with existing computer groups or the New Computer group.

Click the New Computer icon on the console to create a new computer
account. You can also click File > New > Computer or right-click in the

Computers pane and select New Computer.

To create a new computer account

1. In the New Computers dialog, click Add. The New Computer Properties page

appears.

2. Enter names and configuration settings for each new computer account using the

Computer Configuration screens. See Computer configuration properties on
page 101 for a description of the configuration settings.

Note

If you do not enter a MAC address, the computer you create or import becomes a
virtual computer.

3. (Optional) Click Import to add new computers from a delimited text file. See

Importing new computers from a text file on page 100.

4. Click OK.

A pre-configured computer account icon appears in the Computers pane.

When a new computer starts up, you can assign it to this preset account.

Altiris Deployment Solution™ from Symantec User’s Guide 99

To create and associate multiple computer accounts

You can create computer accounts and automatically assign predefined names. These
computer accounts can be associated with computers in a selected computer group.

1. Select a computer group, including the New Computers group (empty groups

cannot access features). Right-click and select the Configure command. The
Computer Configuration Properties dialog appears.

2. Enter names and configuration settings for each new computer account using the

Computer Configuration screens. See Computer configuration properties on
page 101.

3. (Optional) Click the Microsoft Networking category and click Define Range.

a. In the Fixed text field, enter a base computer name. Example: Sales.

b. In the Range start field, enter a numeral or letter to add to the Fixed Text

name. This creates a unique name for a group of computers starting with the
specified character. The range of numerals and letters is assigned to the
computer name. Example: Enter 3.

c. Select Append to add the range of numerals after the computer name. Clear

the check box to add names before the computer name.

In the above example, the Result field displays computer names beginning
with Sales3 and ending with Sales12.

4. Click Associate. You can now associate computers in a group (including the New

Computers group) with the multiple computer accounts.

5. Click OK.

Importing new computers from a text file

You can import computer configuration data using delimited text files (.TXT, .CSV, or
.IMP files) to establish multiple computer accounts in the Deployment Server database.
This file contains all configuration data for a new computer, including all settings in the
Computer Properties of a selected computer. See Computer properties on page 119.

1. Click File > Import/Export > Import Computers.

A dialog appears, letting you select import files. These files can have .XML, .TXT,
.CSV, or .IMP extensions.

2. Select the import file. Click Open.

If a correctly formatted computer import file is selected, a message appears,
informing you that the computer import is complete and identifying the number of
computers added. Click OK.

New computers appear as pre-configured computer accounts in the Computers
pane of the console (as single computers or in groups), and any jobs imported from
the import file are listed in the Jobs pane.

Note

Jobs can be added to the import file. They can be created and associated with the
new computers.

If the computer import file is incorrectly formatted, a warning appears, stating that
the computer import file is incorrect.

Altiris Deployment Solution™ from Symantec User’s Guide 100