Altiris Deployment Solution™ 6.9 SP4
from Symantec User’s Guide
Copyright © 2008, 2009, 2010 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, Altiris and any Altiris or Symantec
trademarks used in the product are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other
countries. Other names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse
engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec
Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,
INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE
DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION,
INCLUDING WITHOUT LIMITATION ITS AFFILIATES AND SUBSIDIARIES, SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL
DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN
THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to
restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in
Commercial Computer Software or Commercial Computer Software Documentation," as applicable, and any successor regulations. Any use,
modification, reproduction release, performance, display, or disclosure of the Licensed Software and Documentation by the U.S. Government
shall be solely in accordance with the terms of this Agreement.
Symantec Corporation
20330 Stevens Creek Blvd.
Cupertino, CA 95014
http://www.symantec.com
Document Date: March 18, 2010
Altiris Deployment Solution™ from Symantec User’s Guide 2
Contents
Introduction to Altiris Deployment Solution™ from Symantec . . . . . . . . . . . . . . . . . . . . . 9
Managing from the deployment console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Managing computers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Building and scheduling deployment jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Migrating computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Deploying and managing servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Get started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Installing Deployment Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Platform support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Enabling SQL Server 2008 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Deployment Server components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Deployment Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Deployment Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Deployment database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Support for multiple database instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Deployment share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
PXE server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Deployment Web console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Deployment Server system requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Simple install for Deployment Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Custom install for Deployment Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Thin client install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Component install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Installing Deployment Solution agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Client connectivity and network adapters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Installing the Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Remote agent installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Enter administrator account information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Specify install directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Automatically add to a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Select computers on the network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Download Microsoft sysprep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Change settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Get server security key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Installing Deployment Agent for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Automating the installation of Deployment Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Editing the sample.inp file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Using remote agent installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Using the template file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Installing Deployment Agent on Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Installing the automation agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Managing licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Using the license utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Install a regular license for products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Install multiple licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Adding a license from the Deployment Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Altiris Deployment Solution™ from Symantec User’s Guide 3
Rapid Deployment Pack licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Finding the number of used licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Computers not using a regular license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Detecting an expired license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Expired licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Installation help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Installing Deployment Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Deployment Server install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Pre-boot operating system (simple) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Pre-boot operating system (custom) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Deployment database install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
PXE server install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Client connection to server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Deployment web console information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Sysprep. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Installing components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Installation information summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Add components summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Deployment database authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Add components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Console install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Managing from the Deployment Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Deployment Console basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Features of the Deployment Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Computers pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Jobs pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Details pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Shortcuts and resources view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Thin client view of the Deployment Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Installing the thin client view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Switching between two views. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Computers pane. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Resources pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Software packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Inventory pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Toolbars and utilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Deployment Solution utility tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Software Virtualization Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Using SVS admin utility with Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Extending the tools menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Computer filters and job conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Creating conditions to assign jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Creating a computer group filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
General options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Console options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Global options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Sysprep settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
OS product key dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Task password options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Domain accounts options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
RapiDeploy options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Agent settings options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Altiris Deployment Solution™ from Symantec User’s Guide 4
Custom data sources options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Allowed stored procedure list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Virtual centers options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Security in Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Best practices for Deployment Solution security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Enabling security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Adding groups from the Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Importing groups from the Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
DS authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Restricting the number of computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Setting permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Connecting to another Deployment Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Rejected computers in Deployment Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Refresh Deployment Solution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Managing computers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Viewing computer details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Adding new computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Creating a new computer account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Importing new computers from a text file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Computer configuration properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
General configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Microsoft networking configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
TCP/IP configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
TCP/IP advanced options - IP interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
TCP/IP advanced options - gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
TCP/IP advanced options - DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
TCP/IP advanced options - WINS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
TCP/IP advanced options - static routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
NetWare client configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Operating system licensing configuration settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
User account configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Deployment agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Deployment agent settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Server connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Startup and shutdown. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Deployment Agent for Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Deployment Agent settings for DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Drive mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Managing client connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Computer properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Network configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Altiris Deployment Solution™ from Symantec User’s Guide 5
Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Bay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Server deployment rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Lights-Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Remote operations using Deployment Solution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Restoring a computer from its deployment history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Configuring computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Quick disk image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Power control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Remote control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
DS remote control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Remote desktop connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Additional remote control programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Execute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
User account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Chat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Prompt user for properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Install automation partition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Change agent settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Deploying and managing servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Server management features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Server deployment options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Managing server blades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Managing new server blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Virtual bays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Hewlett-Packard server blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Dell server blades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Fujitsu-Siemens server blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
IBM server blades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Finding a computer in the database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Using lab builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Building and scheduling jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Viewing job details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
New job wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Migrating computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Selecting computers in the new job wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Applying computers to a job . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Associating destination computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Setting up conditions in the new job wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Installing software packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Option summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Building new jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Job scheduling wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Select a job . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Select a computer or computer groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Setting conditions for task sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Order condition sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Scheduling jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Deployment tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Task names in a mixed-language environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Altiris Deployment Solution™ from Symantec User’s Guide 6
Common Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Supported Live Task Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Creating a disk image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Creating a Mac image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Creating a Ghost image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Advanced Sysprep settings for creating a disk image . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Advanced Sysprep settings for creating a disk image in Windows Vista . . . . . . . . . . . . . . 146
Create disk image advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Distributing a disk image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Distributing a Mac image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Distributing a Ghost image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Advanced Sysprep settings for distributing a disk image . . . . . . . . . . . . . . . . . . . . . . . . 150
Advanced Sysprep settings for distributing a disk image in Windows Vista. . . . . . . . . . . . 150
Distribute disk image-resizing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Distribute disk image-additional options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Imaging computers from USB disk on key (DOK) devices (JumpDrives) . . . . . . . . . . . . . 151
Scripted OS install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Scripted install for Windows. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Select OS version and language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Installation source files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Operating system-source files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Partition and format disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Import an answer file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Answer file setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Add a new section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Delete a section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Add a new variable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Command-line switches for scripted install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Deployment agent settings for scripted install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Scripted install summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Scripted install for Windows Vista and 2008 server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Scripted install for Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Scripted install summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Distributing software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Distribute software advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Managing the SVS layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Importing package advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Capturing personality settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Capture personality advanced options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Distributing personality settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Distribute personality advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Modifying configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Backing up and restoring registry files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Getting inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Running a script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Script information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Using LogEvent and WLogEvent in scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Copying a file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Copy file to advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Power control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Waiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Modifying tasks in a deployment job . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Modifying multiple modify configuration tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Creating new script files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Altiris Deployment Solution™ from Symantec User’s Guide 7
Copy and paste jobs and job folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Importing and exporting jobs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Setting up return codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Sample jobs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
DAgent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Uninstalling DAgent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Upgrading AClient to DAgent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Symantec Backup Exec System Recovery (BESR) sample jobs . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Initial deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Advanced Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Altiris Deployment Solution™ from Symantec User’s Guide 8
Introduction to Altiris Deployment Solution™
from Symantec
Take control of all your computer resources across your organization using Altiris
Deployment Solution™ from Symantec deployment and management tools. Take a seat
at any Deployment Console to remotely manage all types of devices—notebooks,
desktops, switches, and servers—through all phases of computer deployment and
lifecycle management. Schedule remote system upgrades, distribute patches and
drivers, re-image computer hard drives, or migrate large groups of users to new
computers without missing a single custom setting or installed program. Use
Deployment Solution to handle daily tasks and depend on it for occasional big jobs, such
as disaster recovery or large-scale software updates. And do it all remotely from any
Deployment Console on any device with a connection to your WAN or LAN.
That is the attitude behind Deployment Solution: increase access and productivity while
decreasing costs and IT response time. You will appreciate the simple, easy-to-use
graphical consoles to organize computer groups, schedule deployment jobs, and
distribute disk image and update packages. It’s easy. It’s powerful. It conforms and
scales to your infrastructure. Go ahead—take some time and learn to take control.
What can I do with Deployment Solution?
Deploy. Manage. Migrate. Regardless of your organization’s size or special IT
requirements, Deployment Solution provides a complete system to cut costs and
improve response times for both big and small jobs.
Manage from a remote console. Deploy, control, and manage all types of computers
across your organization from a remote Deployment Console. Use the feature-rich
Deployment Server Console for real-time management of computers.
See on page 69.
Migrate data, applications, and personal settings. Through easy-to-use wizards,
migrate data and settings from a retiring computer to a new computer by capturing
desktop, network, and application settings. Redeploy these personal settings remotely
from a Deployment Console.
See New job wizard on page 146.
Upgrade and install software. Manage system software on a day-to-day basis for
desktops, servers, and notebooks to upgrade applications, install service packs, set up
printer drivers, and modify systems as needed. Deployment Solution provides upgrade
capabilities for all mobile computers by deploying to remote sites as needed by traveling
personnel.
See Distributing software on page 175.
Deploy computers in large groups. Easily deploy and configure large numbers of
computers across an organization. Install hard disk images to groups of new or existing
computer types using multicasting features. Install software and personality settings
with common applications, data and drivers. Run post-configuration jobs or automated
scripts to assign unique security IDs, configure user names, and set IP addresses using
deployment jobs.
See on page 95.
Altiris Deployment Solution™ from Symantec User’s Guide 9
Deploy and manage servers. Manage all types of Web and network servers, including
ultra high-density server board inserts. Automatically redeploy servers based on
deployment history and saved server images, or use automated scripted installs with
easy-to-create answer files. Operating systems can be installed as image files or run as
scripted installs—or as a combination strategy (especially nice for managing ultra-dense
server farms). See the Altiris Deployment Solution Reference Guide.
Respond to common help desk requests. Remotely browse, diagnose, and repair
problems on systems without ever leaving a Deployment Console. Detailed hardware
and software inventories, along with remote control and chat features simplify remote
diagnosis of common problems.
See Remote operations using Deployment Solution on page 122.
Recover from disaster. Ease the pain of accidents by automatically backing up and
restoring configurations, personalities, registries, partitions, and drives remotely from a
Deployment Console. Saving the history of all deployment jobs assigned to a computer
makes it easy to restore a system to a previous working state.
See Restoring a computer from its deployment history on page 124.
Features of Deployment Solution
Deployment Solution can be installed and implemented locally as an independent
Deployment Server system on a single LAN segment or site, or scaled across the
enterprise using Deployment from the Symantec Management Console to consolidate all
deployment and IT management efforts.
Each Deployment Server system includes services, applications, and utilities for highbandwidth, real-time deployment, and includes a Web console to perform IT duties from
a Web browser. Deployment from the Symantec Management Console integrates
multiple Deployment Server systems for generating deployment reports across the
enterprise and adds other Web IT solutions, such as Inventory, Application Metering,
Carbon Copy, and other solutions of the Client Management Suite.
Deployment server system
The Deployment Console is a Windows user interface that provides full features to
deploy computers, image hard disks, migrate user settings and programs, run scripted
installs, remotely control computers, and perform other deployment tasks for all your
computer resources. Daily IT requests and jobs formerly completed by visiting each
desktop, server or portable computer in the organization can now be completed from
your Deployment Server Console.
Components of the Deployment Server system can be installed on a single computer (a
Simple install) or distributed across several local computers (a Custom install). A
Custom installation lets you install Microsoft SQL Server and access the Deployment
Database from a separate computer. The Deployment Share, Deployment Server, PXE
Server, and Deployment Consoles can also be distributed to separate computers. The
Deployment Server Console displays data directly from the Deployment database.
Managing from the deployment console
The Deployment Server Console (a Windows console) is included with the
Deployment Server system and provides complete deployment and management
features. It is divided into several operational panes:
Altiris Deployment Solution™ from Symantec User’s Guide 10
z The Computers pane displays all computer resources managed by a Deployment
Server system. It includes features to right-click and remotely execute operations
on managed computers. From this pane, you can drag the computer icons to job
icons to schedule deployment and management tasks.
z The Jobs pane executes and schedules deployment tasks for selected computers.
Using one or more sequenced jobs, you can image, configure computer settings,
distribute packages, and run scripts by dragging Job icons to individual computers
or computer groups and scheduling a convenient time to execute. It lets you
schedule deployment jobs by dragging computer icons to job icons, or vice versa.
z The Details pane provides information and features to filter computers by type and
build deployment tasks. It extends the user interface features when working in the
Computers and Jobs panes.
z From the Deployment Server Console (the Windows console), a Shortcut and
Resources pane organizes and provides easy access to .MSI files, .RIPs, image files
(.img), Personality Packages (.exe), and other file types. It functions as a library for
packages used when building jobs in the console.
In addition, the Deployment Server Console provides easy-to-use wizards to simplify
and expedite common deployment tasks.
See on page 69.
Managing computers
From the Deployment Console, you can manage all types of computers to perform
immediate deployment and management operations. From the Computers pane of the
console, computer resources can be grouped by location, department, or type
(portables, desktops or servers) and organized to reflect your environment. You can run
operations, schedule deployment jobs, access computers or computer groups to change
the network settings, run disk image, other deployment jobs.
The console identifies computers and computer groups with a unique icon. To access a
computer, click the computer icon to view the configuration settings or run specific
deployment and management operations. Computer icons can be dragged to job icons
to schedule and run pre-configured deployment tasks from the Windows console. In the
Deployment Web console, you can manage computers using drop-down lists, secondary
dialog boxes, and other familiar Web features.
See on page 95.
Managing with computer icons
Icons displayed in the Computers pane of the console help in identifying the computer
types and deployment status. Group icons can be expanded to view the member
computers, and computer types can be identified by specific icons: desktops and
notebooks, servers, computer groups, and Linux computers. Computer icons can also
identify the state of the managed computer—a logged-on user, a computer waiting for
further instructions, a user not logged on and other states of deployment—when
performing operations or executing deployment tasks on a selected computer.
See Viewing computer details on page 96.
Altiris Deployment Solution™ from Symantec User’s Guide 11
This icon identifies a managed desktop or notebook computer that is
active and has a user logged on.
This icon identifies a managed Windows network or Web server that is
active and has a user logged on.
This icon identifies a Linux computer.
This icon identifies a pre-configured computer account with user
account settings that are not associated with a new computer.
Additional icons represent deployment status, inactive computers, computers running a
deployment job, and new computers.
See Viewing computer details on page 96.
Immediate management access from the console
From a Deployment Console, you can select a computer and start various computer
configuration and management operations for a specific computer in your system. You
can create new deployment tasks, restart, restore the hard drive, view deployment
history, and perform other advanced tasks using the commands on this menu. Some
operations—such as changing configuration settings, copying files, and creating quick
disk images—create job files automatically.
See Remote operations using Deployment Solution on page 122. For complete
information about Deployment Consoles, see Managing from the deployment console on
page 10.
Building and scheduling deployment jobs
Jobs are designed as objects with defined deployment tasks. Jobs can be built,
organized, and scheduled to run on selected computers or computer groups from a
Deployment Console. Jobs automate both simple and complex IT administrative duties
— from complete deployment and migration tasks to simple DOS commands and
modification of configuration settings. You can build and schedule jobs from any of the
Deployment Consoles.
Deployment jobs give you the ability to organize, store, and assign administration tasks
for each computer or computer group. You can create and deploy images, back up
registry files, run scripted installs, or make post-imaging changes such as adding
printers and applications. You can deploy and run packages—RIPs, images, personality
packages, MIS programs, and others—to migrate applications, configure computer
settings, deploy complete hard disk images, and much more. You can also assign jobs
with conditions to run only on defined computer types.
See on page 145.
Jobs are built in the Deployment Server Console by creating a job name (identified by a
job icon in the console) and adding predefined deployment tasks. Tasks such as
Distribute Software, Run Script, or Create Disk Image are added and executed
sequentially when scheduled to run on computers or computer groups. And even within
computer groups, different jobs can be assigned to different computer types based on
the operating system, hardware, or other specified conditions.
See Deployment tasks on page 155.
Altiris Deployment Solution™ from Symantec User’s Guide 12
When a job is built, it can be scheduled to run immediately, at desired intervals, or at
any other convenient time when the bandwidth is low. In addition, you can use
bandwidth throttling features to schedule and run deployment tasks to large groups
without affecting network traffic.
See Scheduling jobs on page 153.
From the Deployment Server Console, you have several options to create deployment
jobs:
z Create common deployment tasks quickly and easily using the New Event Wizard.
z Import jobs from other Deployment Solution systems.
z Manually create deployment tasks from the console.
z Copy and paste deployment tasks from within the console.
See Building new jobs on page 150.
In the Jobs pane, you can create and organize deployment jobs. You can then assign
jobs by dragging icons to the desired computer or computer group.
Building jobs
Building jobs includes creating a new job and then adding tasks to the job to run in
sequence when scheduled on selected computers. You can build jobs by adding tasks
manually or you can step through the New Job Wizard to create common jobs and
schedule them. Sample tasks are also included with Deployment Solution to use as
installed or to easily customize and run.
See New job wizard on page 146.
After creating and building a job, you can then assign it to a computer and schedule it to
run at any time—immediately, after a specified time, or on a daily, weekly, or monthly
schedule. The deployment status of each job is reflected in the console.
Assigning deployment jobs with icons
Computer icons are used to identify the types of computers in a console. Similarly, job
icons identify the status and success of a scheduled deployment job. After scheduling
jobs, you can monitor the progress as the job icons are updated at each step of
execution.
This job is assigned to a computer, but is not scheduled to run. Until
scheduled, this job icon remains unchanged.
This job is assigned to the computer and is scheduled to run either
immediately or in the future.
This job is currently in process.
This job has completed successfully.
Altiris Deployment Solution™ from Symantec User’s Guide 13
Imaging
See Viewing job details on page 145.
Scheduling jobs
From the Schedule Job dialog, you can run jobs immediately or schedule the job to run
in batches at defined intervals. You can also assign the job to repeat every hour, day, or
week. Scheduling jobs can be as simple as clicking OK to run immediately or as
sophisticated as required to meet your deployment needs.
For complete information about building and scheduling deployment jobs, see on
page 145.
A primary task of Deployment Solution is to capture an image (a clone of the hard drive)
from a reference computer and distribute the image to set up new computers or reinstall
computers to their basic configuration. You can create a library of image files on the
Deployment Share (file server storage) and schedule image jobs to different computer
types as required.
Deployment Server lets you push down a boot image remotely and execute the image
using PXE Server, eliminating the need to physically attend and boot each managed
computer.
See Creating a disk image on page 157, Distributing a disk image on page 162, and New
job wizard on page 146
Imaging from deployment server
Deployment Server includes multiple features to capture an image and lay it down to a
new or existing computer. You can use the Deployment Server Console to create and
distribute disk images using deployment tasks, such as the Quick Disk Image wizard
shown below:
Pre-boot environments let you boot to automation to create and deploy images, back up
and restore a computer’s registry file, or run other automation tasks. You can also boot
to a Network Server and run imaging files and other commands.
See Boot Disk Creator Help and PXE Configuration Utility Help.
Migrating computers
Deployment Solution provides various options to migrate operating systems, computer
personalities, software, or entire hard disk images. You can accomplish migration tasks
individually or as a single job.
The New Job Wizard steps you through each migration option, letting you capture a
complete hard disk image (to upgrade to a new computer), migrate a user to another
operating system with the same personality settings and applications, or to simply move
personality settings from one computer to the another. Using the New Job Wizard is one
of the easiest ways to build deployment tasks to migrate user data and settings.
Deployment Solution lets you build sophisticated deployment jobs that automatically
migrate personalities, including deployment tasks to capture the user’s personality,
migrate the operating system and software, and reconfigure the computer with the
user’s original personality settings. You can also edit Personality Packages or Rapid
Altiris Deployment Solution™ from Symantec User’s Guide 14
Install Packages (.RIPs) using the PC Transplant Editor and the Wise MSI Editor tools
from the Deployment Server Console.
Deploying and managing servers
Deployment Solution includes features designed specifically for deploying and managing
network or Web servers. Server-specific features include scripted installs for initial
installation, and support for remote management cards, multiple network adapters,
history transfers to support rip and replace redeployment, and additional functionality
required for automating server management.
Deployment Solution also integrates with other hardware vendors to provide systems
and tools to manage large server installations and support automatic deployment
strategies. These unified systems simplify and automate server configurations and
large-scale migrations, and support emerging hardware for ultra high-density server
systems.
From a Deployment Console you can build deployment jobs to run scripted installs for
Windows and Linux servers. You can run these unattended installs directly over the
network for individual Web or network servers. You can create answer files for each
scripted install from a Deployment Console.
You can also run server-specific scripts and redeployment tasks. Enhanced task logging
and history tracking features let you recall deployment actions to quickly redeploy
mission-critical servers.
Get started
Deployment Solution is a full-featured remote deployment system designed to manage
computer devices across all types and sizes of small to medium organizations and large
enterprises. It includes Windows and Web components to design and scale a system for
your specific IT needs and challenges. Deployment Solution provides a wide array of
tools, utilities, and applications to design a system for your specific needs. Deployment
Solution is easy-to-use and adaptable to your environment.
You can design and install a Deployment Server system specific to your hardware,
organizational structure, network architecture, and other environmental variables. The
installation and configuration process lets you install Deployment system components
(database, services, network share, user interface console) to a single computer or
distribute components to separate role servers.
Altiris Deployment Solution™ from Symantec User’s Guide 15
Chapter 34
Installing Deployment Server
Deployment Server is a flexible, scalable computer deployment and management
system that can be installed and configured on a single computer, or installed across
several computers to distribute processing for large enterprise environments. You can
run a Simple install to position all Deployment Server Componen ts on a s in gl e c om puter
(most frequently used), or plan and perform a Custom install to distribute installation of
components across separate computers in the site. The Deployment Web Console can be
installed as part of the Deployment Server installation on any computer running
Microsoft IIS.
See Deployment Server components on page 335.
After installing Deployment Server components, you can remotely install Deployment
Agents on all types of computer resources across your organization: laptops, LAN and
Web servers, network switches, and so on. Windows computers and Linux computers
can be managed as a unified environment, with each client communicating through its
own Deployment agent to update inventory data and react to Deployment Server
commands and deployment tasks.
Select one of the following methods for installing a Deployment Server system:
z Simple install for Deployment Server
z Custom install for Deployment Server
z Thin client install
z Component install
To install Deployment Agents on the client computer, see Installing Deployment Solution
agents on page 351.
Note
You can also install the Deployment Server components remotely from the Symantec
Management Console.
Enabling SQL Server 2008
SQL Server 2008 turns off the network TCP and pipe protocols. Before you install
Deployment Server, you need to enable the network TCP protocol.
To enable SQL Server 2008
1. In the SQL Server Configuration Manager, expand SQL Server Network
Configuration.
2. Click Protocols for MSSQLSERVER.
3. In the right pane, double-click TCP/IP.
4. Change the Enabled field to Yes.
5. Click OK.
Altiris Deployment Solution™ from Symantec User’s Guide 334
6. Restart SQL Server.
You can now install Deployment Server.
Deployment Server components
The Deployment Server system includes the following components:
z Deployment Console
z Deployment Server
z Deployment database
z Deployment share
z PXE server
z DHCP Server (not an Altiris product)
z Deployment Web console
z Installing Deployment Solution agents
z Sysprep
You can install all these components on the same computer or distribute them across
multiple computers, depending on the environment.
Deployment Console
The Deployment Console is the Win32 user interface for Deployment Solution. You can
install this Windows console on computers across the network to view and manage
resources from different locations. In addition, from this console, you can access the
Deployment Database on other Deployment Server systems to manage sites across the
enterprise.
See Deployment database on page 337 and Connecting to another Deployment Server
on page 93.
The Deployment Console communicates with the Deployment database and Deployment
Server services. In a Simple Install for Deployment Server, the Deployment Console is
installed on the same computer similar to all other components. In a Custom Install for
Deployment Server, you must ensure that a connection is available to these computers
and security rights are set. You must have administrative rights on any computer
running the Deployment Console.
See Simple install for Deployment Server on page 341 and Custom install for
Deployment Server on page 344.
See also: Deployment Web console on page 339, on page 69, and Deployment Server
components on page 335.
Deployment Server
Deployment Server controls the flow of the work and information between the managed
computers and the other Deployment Server components (Deployment Console,
Deployment Database, and the Deployment Share). Managed computers connect and
communicate with the Deployment Server to register inventory and configuration
Altiris Deployment Solution™ from Symantec User’s Guide 335
information and to run deployment and management tasks. The computer and
deployment data for each managed computer is stored in the Deployment Database.
Note
To view, start, or stop Deployment Server, go to the Altiris Server services in your
Windows Manager.
Managed computers require access to the Deployment Server at all times, requiring that
you have administrative rights on the computer running the Deployment Server.
Create a user account to run the Deployment Server. The service runs as
a logged-on user, not as a system account. You must create this account
on all Deployment Server computers. The account must have full rights
to the Deployment Share. The account must have a non-expiring
password.
See Deployment share on page 338.
Assign a static IP address to the Deployment Server computer. Other
components cannot connect to the Deployment Server if you use DHCP
and dynamically change the IP address.
To install the Deployment Server on a remote computer, the default
administration shares must be present. Restore any shares that have
been removed before you install the Deployment Server.
Note
It is easier to create an administrative account using the same name and password on
all computers than to use the existing name and password of each account.
Most packages (.RIP, Personality Packages, and .MSI files) pass through the Deployment
Server. Therefore, if you store these files on the Deployment Server, the deployment of
these packages is faster. Image files, however, are sent directly from the Deployment
Share to the client computer when you run an imaging task.
See Deployment Server components on page 335.
Deployment database
Note
In Deployment Solution 6.0 and later, if you have already set up multiple instances of
the Microsoft SQL Server, you can identify a specific instance using this format:
<database instance>\express. Example: If you have a clustered Microsoft SQL Server
named SQLClusterSvr to manage multiple Deployment Solution systems on different
network segments, you can enter the name SQLClusterSvr\salesSegment or
SQLClusterSvr\marketingSegment during the Deployment Server setup, depending on
the previously established database instance. This feature is supported in the silent
install .INI file and the GUI install executable.
The database maintains the following information about the managed computers:
Hardware. RAM, asset tag, and serial numbers
General Information. Computer name and MAC address
Altiris Deployment Solution™ from Symantec User’s Guide 336
Configuration. TCP/IP, Microsoft networking, and user information
Applications. The installed applications and information about these applications, such
as the name of the application, publisher, and product ID
Services. Installed Windows services
Devices. Installed Windows devices, such as network adapter, keyboard, and monitors
Location information. Contact name, phone, e-mail, department, mail stop, and site
The Deployment Server Database also contains jobs and other data used to manage
your computers.
Note
You can install a single Deployment Database in each Deployment Server system—you
cannot have two databases storing data for a single computer. If the computer you are
installing the database on has an existing Microsoft SQL Server™, the Deployment
Database is added to that instance of the database engine.
Support for multiple database instances
In Deployment Solution 6.0 and later, you can identify a named instance of the Microsoft
SQL Server when installing Deployment Solution. You can now identify other named
instances of Microsoft SQL Servers instead of accessing only the default instance. This
feature lets you identify and run multiple databases from one clustered Microsoft SQL
Server to manage multiple sites or network segments. This feature is supported in the
silent install .INI file and the GUI install executable. Deployment Solution also supports
a different name for the Deployment Database instead of the default name, eXpress.
See Custom install for Deployment Server on page 344 and Deployment Server
components on page 335.
Deployment share
The Deployment Share is a file server or shared directory where Altiris program files and
packages are stored. The Deployment Share can be a shared directory (default Simple
install in Program Files\ Altiris\eXpress\Deployment Server) or another file server (in the
Custom install, you can assign a Microsoft Windows or Novell NetWare file server).
Deployment Share is where you store image files, registry files, .MSI packages,
Personality Packages, script files, and more. When you are deploying or managing a
computer, the Deployment Server stores and retrieves these packages from the
Deployment Share as needed.
If you want to install Deployment Solution on a remote file server (not
the computer where you are running the install program), create a
share (or give Read/Write rights for NetWare) on the file server where
you want to install the Deployment Server. This share must allow access
to all other components, including managed computers and the user
account that runs the Deployment Server.
You must create this share before you begin installing. If you are
not installing on a remote computer, you can select the option to create
the share during the installation.
Altiris Deployment Solution™ from Symantec User’s Guide 337
PXE server
Note
You can install only one Deployment Share for each Deployment Server system.
However, if the Deployment Share's hard drive gets full, other computers can be used as
additional backup storage points. In some cases, other systems emulating a Microsoft or
NetWare environment can be used as the Deployment Share.
Note for NetWare users: If you have a problem using the Novell NetWare server as a
Deployment Share, install the Novell Client instead of the Microsoft NetWare Client.
See Deployment Server components on page 335.
The PXE Server provides service to client computers on a subnet. When the Deployment
Server sends a deployment job, the client computer receives a request to boot to
automation and the PXE-enabled computers connect to the first PXE Server that they
discover, which communicates with the Deployment Server and the client computers.
The PXE Server also functions on the same protocols as a standard DHCP Server, so you
can place the PXE Server wherever you would place a DHCP server. You can also install
as many PXE Servers as required in your system, but you must also install a DHCP
Server.
The PXE Server sends a boot menu option list to the client when the computer performs
a PXE boot. The deployment job, which contains at least one automation task, uses the
default automation environment or the environment specified by a user who has the
permission to create a deployment job. Use the boot menu option to request the PXE
Server for the boot menu files and download the boot menu files from the PXE Server to
the client computer’s RAM storage. The client computer always boots according to the
request and reply communications taking place between the Deployment and PXE
Servers.
Altiris supports DOS, Linux, and Windows PreInstallation Environment (WinPE) as preboot environments. These options let you create a single job, but may contain multiple
automation tasks. The default automation environment (the first pre-boot operating
system files installed during the Deployment Solution installation) is used for Initial
Deployment, unless you specify otherwise.
Using a PXE Server to boot client computers to automation saves you from having to
install an automation partition on each client computer’s hard disk, or from manually
starting computers using Altiris-supported bootable media.See Boot Disk Creator Help.
See Pre-boot operating system (simple) on page 367, Install automation partition on
page 133, and PXE Configuration Utility Help.
DHCP Server
The DHCP (Dynamic Host Configuration Protocol) server is a server set up to assign TCP/
IP addresses to the client computers. This server is not an Altiris product, but is required
if you want to use the PXE Server.
We recommend that you use DHCP to manage the TCP/IP address in your network,
whether you use PXE or not. This greatly reduces the amount of time required to set up
and manage your computers.
See Deployment Server components on page 335.
Altiris Deployment Solution™ from Symantec User’s Guide 338
Deployment Web console
The Deployment Web console remotely manages a Deployment Server installation from
a Web browser. It deploys and manages Windows and Linux computers (both client and
server editions) in real time with many of the features that are present in the
Deployment Console.
See Deployment Console on page 335.
You can install the Deployment Web console on any computer running the Microsoft IIS
Server, such as a computer running Deployment Server, Notification Server, or a remote
computer running only Microsoft IIS.
Note
If Microsoft IIS is running, the Deployment Web console is installed automatically during
the Windows installation.
Note
The DS Installer does not detect the version of MDAC that is installed. The Deployment
Web console requires MDAC version 2.71 or later to install. If the version of MDAC is
earlier than 2.71, the Web console displays a Target of Invocation error.
See Deployment Console on page 335 and Deployment Server components on
page 335.
Deployment Server system requirements
The following are the system requirements for Deployment Server components and the
network environment.
Network
z TCP/IP is used for communication between all Deployment Server components. If
you have a NetWare file server for your Deployment Share, IPX can also be used to
communicate with this component.
Deployment Server
z RAM: 256 MB
z Disk Space: 200 MB
Component Hardware Software
All components require Pentium III processors
Deployment
Server
Deployment
Console
RAM: 256 MB
Disk Space: 200 MB
RAM: 128 MB
Disk Space: 3.5 MB
Windows Server
Windows XP Professional
Windows Server
Altiris Deployment Solution™ from Symantec User’s Guide 339
Component Hardware Software
PXE server Memory: 128 MB
Disk Space: 25 MB (for
boot files)
Deployment
database
Deployment
share
(File server for
storage)
Deployment
Web console
Memory: 128 MB
Disk Space: 55 MB (for
program files), plus space
for data.
Memory
Disk Space: 100 MB for
Deployment Server program
files plus
files (image, boot, .RIP, and
so on)
Memory
: 128 MB
space for storing
: 128 MB
DHCP server (must be on the
network, but does not have to be
on the same computer as a PXE
Server)
Windows Server or Advanced
Server
(Microsoft SQL Server
Windows Server
NetWare (File server only. Cannot
be used for any other
components).
Windows XP Professional
Windows Server
MS IIS
MDAC
TM
or MSDE
Deployment agents
The Deployment agent requirements are similar to the target operating system. The
Deployment agent requires around 5 MB disk space.
See the following sections for additional information:
z Installing the Deployment Agent on page 353
z Installing Deployment Agent on Linux on page 357
z Installing the automation agent on page 358
z Managing licenses on page 358
Simple install for Deployment Server
The Simple Install option places all the Deployment Server Components — Deployment
Server, Deployment Console, Deployment Share, and Deployment Database — on the
same computer.
See Deployment Server components on page 335.
You can install the Deployment Server with a Microsoft Desktop Engine (MSDE) by using
the Simple Install. You can install the Deployment Web Console during a Simple Install
Altiris Deployment Solution™ from Symantec User’s Guide 340
(and during a silent install) if the Microsoft IIS services and .NET frameworks are
running on the selected computer.
AltirisDeploymentSolutionWin_(version) installs all Windows
Note
Simple installation works only with a default Microsoft SQL or MSDE install.
components of Deployment Solution. Using the Simple Install
option, you can install MSDE on a local computer if a database is
not already installed.
To run a simple install
1. Start the server and log on using the administrator account you created for the
Deployment Server. See Deployment Server system requirements on page 340.
2. Launch the appropriate Altiris Deployment Server installation file and follow the
setup steps.
The Altiris Packager Self-Extracting Executable Options dialog appears.
3. Select the Use current temp folder option to use the current temporary folder to
download installation files or the Extract to a specific folder option to set a path
to an existing folder to download the installation files.
4. Click Extract and Execute App to extract and execute the application immediately.
The default installation directory is C:\DSSetup. If the file C:\DSSetup\AppLic.dll
already exists, a prompt appears, asking whether you want to overwrite this file.
Click Yes to All. You may have to wait for some time while Altiris Packager extracts
files from this archive.
Note
Click Extract Only to only extract the application and execute the application later.
You must run the axInstall.exe file to start the installation.
5. Select the Simple Install option from the installation types listed in the
Deployment Server Install Configuration dialog.
6. (Optional) Select the Include PXE Server option to install the PXE Server. (See
PXE server on page 338.) Click Install.
7. Click Yes on the Software License Agreement page.
8. Enter the following information on the Deployment Share Information page:
a. In the File Server path field, enter or browse to the path to install the
Deployment Server program files. The default path is C:\Program
Files\Altiris\eXpress\Deployment Server.)
b. Select the Create Deployment Share option to create a Deployment Share on
the computer. The Deployment Share lets you store files on the computer and
run Deployment Server system applications. See Deployment share on
page 338.
c. Select one of the following options to configure the licensing information:
Altiris Deployment Solution™ from Symantec User’s Guide 341
If you do not have a license file, select the Free 7 day license option. The
installation continues and lets you use a free evaluation license file.
Select the Upgrade using existing license option to upgrade the
installation using an existing license.
Select the License File option and browse to locate a license file (.LIC file).
This is the activation key you receive when you register your Altiris software.
See the Altiris Getting Started Guide for further licensing information.
Note
You do not need to apply a license key to activate thin clients from HP or Dell.
This managed client computer automatically receives a non-expiring license
when connected to the console.
d. You must enter an administrator user name and password for the Deployment
Server. This account must already exist on the Deployment Share and the
Deployment Server. By default, the name you are currently logged on as
appears. If you use a domain account, enter the domain and the user name
(Example: Domain1\administrator). See Deployment Server on page 336.
Note:
If a previous installation of the Deployment Database is detected, an axinstall
prompt appears, asking whether you want to preserve or overwrite the existing
database. Click Yes to preserve the data in your Deployment Database.
Click Next. The Pre-boot Operating System page appears.
9. Select a default pre-boot operating system from any one of the options, such as
FreeDos, MS-DOS, Linux, WinPE, or None. Browse to locate the FIRM file (for
FreeDos and Linux operating systems) or the operating system files (for MS-DOS
and WinPE). Click Next. The Installation Information page appears, displaying
the components that you selected to install.
10. Click Install to install the listed components, or click Back to modify the settings
before starting the installation. The installation process begins and can take several
minutes. The Installation Information Summary page appears after the
installation completes.
Note
If you are upgrading your installation, the message Do you want to replace the
share? appears. Click Yes and continue. If you click No, a message appears,
stating that the share is already in use and you need to manually set the share to
point to the correct directory. Click OK.
11. (Optional) You can select one of the following options to install agents.
Enable Microsoft Sysprep Support. Select this option to enable Microsoft
Sysprep support and click Next. You must specify the location of the Microsoft
Sysprep files.
Remotely install Deployment Agent. Select this option if you want to push
the Deployment Agent to computers running Windows operating systems.
Install add-ons to provision server hardware. Select this option to install
the add-ons for Dell computers.
Altiris Deployment Solution™ from Symantec User’s Guide 342
Note
This option is enabled on Dell computers only when add-ons are present in the
oeminstall-addons section of the oeminstall.ini file, which is located in the
eXpress directory.
12. Click Finish.
You have successfully completed a Simple Install for a Deployment Server system. Click
the Deployment Console icon on your desktop to view all the computer resources
running Deployment Agents configured for your Deployment Server.
Note
Antivirus applications can delete service .EXE files or can disable services.
Example: When you run the Deployment Server Win32 Console, the “Unable to connect
to the Altiris Deployment Server DS Management Server. Please ensure this service is
started and running currently.” error appears. This occurs because the service files are
deleted by the antivirus application during scanning. To resolve this issue, disable the
antivirus software and reinstall the Deployment Server.
See Custom install for Deployment Server on page 344.
Custom install for Deployment Server
The Custom Install option lets you distribute all the Deployment Server Components —
Deployment Server, Deployment Console, Deployment Share, and Deployment Database
— on different computers. You can install Deployment Server with a Microsoft Data
Engine (MSDE) or install it on an existing SQL Server.
See Deployment Server components on page 335.
AltirisDeploymentSolutionWin_(version) installs all Windows
components of Deployment Solution. Select the Custom install
option to add new components or to install Deployment Solution
on an existing database.
To run a custom install
1. Start the server and log on as the administrator account you created for the
Deployment Server. See Deployment Server system requirements on page 340.
2. Launch the appropriate Altiris Deployment Server installation file and follow the
setup steps.
The Altiris Packager Self-Extracting Executable Options dialog appears.
3. Click the Use current temp folder option to use the current temporary folder to
download installation files or the Extract to a specific folder option to set a path
to an existing folder to download the installation files.
4. Click Extract and Execute App to extract and execute the application immediately.
The default installation directory is C:\DSSetup. If the file C:\DSSetup\AppLic.dll
already exists, a prompt appears, asking whether you want to overwrite this file.
Altiris Deployment Solution™ from Symantec User’s Guide 343
Click Yes to All. You may have to wait for some time while Altiris Packager extracts
files from this archive.
Note
(Optional) Click Extract Only to only extract the application and execute the
application later. You must run the axInstall.exe file to start the installation.
5. Select the Custom Install option from the installation types listed in the
Deployment Server Install Configuration dialog if any of the following
conditions exist:
You are using the NetWare file server as a Deployment Share.
You are managing many computers and require a distributed architecture to
meet bandwidth restrictions and other design requirements.
6. Click Install. Click Yes on the Software License Agreement page.
7. Enter the following information on the Deployment Share Information page:
a. In the File Server path field, enter or browse to the path to install the
Deployment Server program files. The default path is C:\Program
Files\Altiris\eXpress\Deployment Server.)
b. Select the Create Deployment Share option to create a Deployment Share on
the computer. The Deployment Share lets you store files on the computer and
run Deployment Server system applications. The Deployment Share can exist
on a Microsoft Windows server or Novell NetWare server.
Note
You can only create the share if it is on a Microsoft Windows Server; the Novell
share should already be set up. See Deployment share on page 338.
c. Select one of the following options to configure the licensing information:
If you do not have a license file, select the Free 7 day license option. The
installation continues and lets you use a free evaluation license file.
Select the Upgrade using existing license option to upgrade the
installation using an existing license.
Select the License File option and browse to locate a license file (.LIC file).
This is the activation key you receive when you register your Altiris software.
See the Altiris Getting Started Guide for further licensing information. Click
Next.
Note
You do not need to apply a license key to activate thin clients from HP or Dell.
This managed client computer automatically receives a non-expiring license
when connected to the console.
8. Enter the following information on the Deployment Server Information page:
a. Select the computer where you want to install the Deployment Server. You can
install the Deployment Server on the local computer or on a remote computer.
The IP address and the port information for the selected computer are displayed
by default.
b. Enter the path where you want to install the Deployment Server.
Altiris Deployment Solution™ from Symantec User’s Guide 344
c. You must enter an administrator user name and password for the Deployment
Server. This account must already exist on the Deployment Share and the
Deployment Server. By default, the name you are currently logged on as
appears. If you use a domain account, enter the domain and the user name
(Example: Domain1\administrator). (See Deployment Server on page 336.)
Click Next.
9. Enter the Deployment Database information and click Next.
Specify the Microsoft SQL Server Instance where you want to install the
database. See Deployment database on page 337.
Note
If you have already set up multiple instances of the Microsoft SQL Server, you
can identify a specific database instance in this field using the format: <SQL
Server Name>\<database instance>.
Depending upon the selection of the SQL Server instance, the default port at
which the selected instance is listening appears in the SQL Port Number field.
You can edit the port number if you have manually entered the SQL Server
name or if the port number does not appear automatically due to some firewall
restriction.
You can enter a name other than eXpress in the Database Name field.
10. Select the type of Deployment Database authentication to be used. You must enter
the user name and password if you want to use SQL Server authentication.
Note
You cannot use the remote SQL database with NT authentication on a remote
computer if you do not have administrative rights on the computer.
Click Next. The Pre-boot Operating Systems page appears.
Note:
If a previous installation of the Deployment Database is detected, an axinstall
prompt appears, asking whether you want to preserve or overwrite the existing
database. Click Yes to preserve the data in your Deployment Database.
11. Select a default pre-boot operating system from any one of the options, such as
FreeDos, MS-DOS, Linux, or WinPE. Browse to locate the FIRM file (for FreeDos and
Linux operating systems) or enter the path for the operating system files (for MSDOS and WinPE). Click Next.
Note
If you are using a free evaluation license, you cannot use the WinPE Add-On
Packages.
12. Enter the PXE Server information. (See PXE server on page 338.) Select the preboot operating system to use as the default PXE boot menu item. You can select
DOS, Linux, or WinPE. If you want to use the previously installed pre-boot operating
system, select the Keep current default option. Click Next.
13. Specify how you want to connect your managed computer to the Deployment Server
by selecting one of the following options.
Select the Connect directly to Deployment Server option and enter the
Altiris Deployment Solution™ from Symantec User’s Guide 345
Deployment Server IP address and port.
Select the Discover Deployment Server using TCP/IP multicast option and
provide the Server name.
Note
If you leave the Server name field blank, the Deployment Agent connects to
the first Deployment Server that responds. Click Next.
14. Enter the Deployment Console information. You can install the Deployment Console
on the local computer or on a remote computer. Click Next.
15. Enter the Deployment Web Console information. You can install the Deployment
Web Console on the local computer or on a remote computer. This computer must
be running Microsoft IIS .NET framework. Specify the path where you want to install
the Deployment Web Console and also valid user credentials. Click Next. See
Deployment web console information on page 369.
Note
This option is disabled if Microsoft IIS is not detected.
The Installation Information page appears, displaying the components that you
selected to install.
16. Click Install to install the listed components or click Back to modify the settings
before starting the installation. The installation process begins and can take several
minutes. The Installation Information Summary page appears after the
installation completes.
Note
If you are upgrading your installation, the message Do you want to replace the
share? appears. Click Yes and continue. If you click No, a message appears stating
that the share is already in use and you must manually set the share to point to the
correct directory. Click OK.
17. (Optional) You can select one of the following options to install agents on the
managed computers.
Enable Microsoft Sysprep Support. Select this option to enable Microsoft
Sysprep support and click Next. You must specify the location of the Microsoft
Sysprep files.
Remotely Install Deployment Agent. Select this option if you want to push
the Deployment Agent to Windows computers directly after the installation. This
can be done any time by selecting Tools > Remote Agent Installer.
Install add-ons to provision server hardware. Select this option to install
OEM add-ons for servers.
Note
This option is enabled only when add-ons are present in the oeminstall-addons
section of the oeminstall.ini file, which is located in the eXpress directory.
18. Click Finish.
You have successfully completed a Custom Install for a Deployment Server system. Click
the Deployment Console icon on your desktop to view all the computer resources
running Deployment Agents configured for your Deployment Server.
See Simple install for Deployment Server on page 341.
Altiris Deployment Solution™ from Symantec User’s Guide 346
Thin client install
The thin client install option lets you install the Thin Client view of the Deployment
Console on your computer. You can install Deployment Server with a Microsoft Data
Engine (MSDE) or install it on an existing SQL Server. You need not provide a license file
for the Thin Client installation.
To run a thin client install
1. Start the server and log on using the administrator account you created for the
Deployment Server. See Deployment Server system requirements on page 340.
2. Launch the appropriate Altiris Deployment Server installation file and follow the
setup steps.
The Altiris Packager Self-Extracting Executable Options dialog appears.
3. Select the Use current temp folder option to use the current temporary folder to
download installation files or the Extract to a specific folder option to set a path
to an existing folder to download the installation files.
4. Click Extract and Execute App to extract and execute the application immediately.
The default installation directory is C:\DSSetup. If the file C:\DSSetup\AppLic.dll
already exists, a prompt appears, asking whether you want to overwrite this file.
Click Yes to All. You may have to wait for some time while Altiris Packager extracts
files from this archive.
Note
Click Extract Only to only extract the application and execute the application later.
You must run the axInstall.exe file to start the installation.
5. Select the Thin Client Install option from the installation types listed in the
Deployment Server Install Configuration dialog.
6. (Optional) Select the Include PXE Server option to install the PXE Server. (See
PXE server on page 338.) Click Install.
7. Click Yes on the Software License Agreement page.
8. Enter the following information on the Deployment Share Information page:
a. In the File Server path field, enter or browse to the path to install the
Deployment Server program files. The default path is C:\Program
Files\Altiris\eXpress\Deployment Server.
b. Select the Create Deployment Share option to create a Deployment Share on
the computer. The Deployment Share lets you store files on the computer and
run Deployment Server system applications. See Deployment share on
page 338.
c. You must enter an administrator user name and password for the Deployment
Server system. This account must already exist on the Deployment Share and
the Deployment Server. By default, the name you are currently logged on as
appears. If you use a domain account, enter the domain and the user name
(Example: Domain1\administrator). See Deployment Server on page 336.
If a previous installation of the Deployment Database is detected, an axinstall
prompt appears, asking whether you want to preserve or overwrite the existing
database. Click Yes to preserve the data in your Deployment Database.
Altiris Deployment Solution™ from Symantec User’s Guide 347
Click Next. The Pre-boot Operating System page appears.
9. Select a default pre-boot operating system from any one of the options, such as
FreeDos, MS-DOS, Linux, WinPE, or None. Browse to locate the FIRM file (for
FreeDos and Linux operating systems) or enter the path for the operating system
files (for MS-DOS and WinPE). Click Next. The Installation Information page
appears, displaying the components that you selected to install.
10. Click Install to install the listed components, or click Back to modify the settings
before starting the installation. The installation process begins and can take several
minutes. The Installation Information Summary page appears after the
installation completes.
Note
If you are upgrading your installation, the message Do you want to replace the
share? appears. Click Yes and continue. If you click No, a message appears,
stating that the share is already in use and you must manually set the share to point
to the correct directory. Click OK.
11. (Optional) You can select one of the following options to install agents.
Enable Microsoft Sysprep Support. Select this option to enable Microsoft
Sysprep support and click Next. You must specify the location of the Microsoft
Sysprep files.
Remotely install Deployment Agent. Select this option if you want to push
the Deployment Agent to computers running Windows operating systems.
Install add-ons to provision server hardware. Select this option to install
OEM add-ons for servers.
Note
This option is enabled only when add-ons are present in the oeminstall-addons
section of the oeminstall.ini file, which is located in the eXpress directory.
12. Click Finish.
You have successfully completed a Thin Client install for a Deployment Server system.
Click the Deployment Console icon on your desktop to view all the computer resources
running Deployment Agents configured for your Deployment Server.
Note
Antivirus applications can delete service .EXE files or can disable services.
Example: When you run the Deployment Server Win32 Console, the “Unable to connect
to the Altiris Deployment Server DS Management Server. Please ensure this service is
started and running currently.” error appears. This occurs because the service files are
deleted by the antivirus application during scanning. To resolve this issue, disable the
antivirus software and reinstall the Deployment Server.
Component install
The component install option lets you add selected Deployment Server Components —
Deployment Console, Deployment Web Console, PXE Server, and Deployment Agents to
the existing Deployment Share. You can also add Microsoft Sysprep files.
See Deployment Server components on page 335.
Altiris Deployment Solution™ from Symantec User’s Guide 348
To run a component install
1. Start the server and log on using the administrator account you created for the
Deployment Server. See Deployment Server system requirements on page 340.
2. Launch the appropriate Altiris Deployment Server installation file and follow the
setup steps.
The Altiris Packager Self-Extracting Executable Options dialog appears.
3. Select the Use current temp folder option to use the current temporary folder to
download installation files or the Extract to a specific folder option to set a path
to an existing folder to download the installation files.
4. Click Extract and Execute App to extract and execute the application immediately.
The default installation directory is C:\DSSetup. If the file C:\DSSetup\AppLic.dll
already exists, a prompt appears, asking whether you want to overwrite this file.
Click Yes to All. You may have to wait for some time while Altiris Packager extracts
files from this archive.
Note
(Optional) Click Extract Only to only extract the application and execute the
application later. You must run the axInstall.exe file to start the installation.
5. Select the Component Install option from the installation types listed in the
Deployment Server Install Configuration dialog and click Install.
6. Click Yes on the Software License Agreement page.
7. Enter a path for the Deployment Share and click Next.
8. Select the components you want to install and click Next.
Install an additional Deployment Console. Select this option to install
another Deployment Console (a Windows executable) on another computer. You
can add as many Deployment Consoles as required to manage from multiple
consoles across your system, but you can install only one at a time. The
Deployment Console Information dialog appears.
Install an additional Deployment Web Console. Select this option to install
an additional Deployment Web Console on the local computer. You can install
the Web console only on computers running Windows and Microsoft IIS.
Deployment web console information on page 369. The Deployment Web
Console Information dialog appears.
Install an additional Altiris PXE Server. Select this option to add additional
PXE Servers across a network segment to handle boot requests for large
environments. The PXE Server Information dialog appears.
Master PXE Server. When you add another PXE Server, the PXE Server that
you initially installed is designated as the Master PXE Server. The Master PXE
Server works concurrently with any additional PXE Server to handle boot
requests across the network segment, but it also allocates additional blocks of
IP addresses to other PXE Servers in the system.
For all the available options for installing PXE Server, see PXE server install on
page 368.
See
Install additional Deployment Agents. Select this option to install additional
Altiris Deployment Solution™ from Symantec User’s Guide 349
Deployment Agents on client computers, setting up managed computers in the
Deployment Server system. The Remote Agent Install dialog appears. Enter
common administrator credentials for all client computers. See Enter
administrator account information on page 353.
Add Microsoft Sysprep files. Select this option to install the Microsoft
Sysprep files, if you did not install them earlier. The Sysprep dialog appears.
See Sysprep on page 370.
9. Select the computer where you want to install the selected components and click
Next. The Installation Information page appears.
Note
If you select the On a remote computer option, you must browse and select the
remote computer.
10. Click Install to install the listed components or click Back to modify settings before
starting the installation. The installation process begins and can take several
minutes. The Installation Information Summary page appears, specifying that
the installation was successful.
11. Select the Install add-ons to provision server hardware option to install the
add-ons for Dell computers. Click Finish.
Note
This option is enabled on Dell computers only when add-ons are present in the
oeminstall-addons section of the oeminstall.ini file, which is located in the eXpress
directory. This is the only option available on the Installation Information
Summary page when you select Component Install.
You have successfully completed a Component Install for a Deployment Server
system. Click the Deployment Console icon on your desktop to view all the
computer resources running Deployment Agents configured for your Deployment
Server.
Installing Deployment Solution agents
Each client computer requires the Deployment Agent to run as the Production Agent on
a local hard disk, which communicates with the Deployment Server and registers in the
Deployment Database. For Windows and Linux client computers, Deployment Solution
lets you push agent software to a client computer from a Deployment Console, or you
can pull the Deployment agent to the client computer from the Deployment Web Console
(or pull it from the Deployment Share).
You can install an embedded (recommended) or hidden automation partition, which
contains an Automation Agent that establishes communications with the Deployment
Server to run the deployment jobs that are assigned to the client computer.
See Install automation partition on page 133.
z Deployment Agent. Install a Production Agent to a Windows desktop, notebook, or
server computer. You can also install this agent on any supported Linux workstation
or server. See Installing the Deployment Agent on page 353.
z Deployment Agent on Linux. Install on any supported Linux workstation or
server. See Installing Deployment Agent on Linux on page 357.
Altiris Deployment Solution™ from Symantec User’s Guide 350
z Automation Agent. Install on any Windows desktop, notebook, or server
computer. See Installing the automation agent on page 358.
z Deployment Agent on XP, 2003, Vista (Business) and 2008 Server. Install
the Deployment Agent on the selected Windows computers.
Client connectivity and network adapters
Altiris supports all standard network adapter cards and includes many drivers with the
installation of Deployment Solution. However, sometimes outdated drivers (including
default drivers that come with the hardware) cause problems when clients are in
automation mode. To avoid these problems, you should check the manufacturer’s Web
site for your network adapter to ensure you use their latest driver in your pre-boot
operating system configuration file.
Some common client problems that can be solved by updating drivers are:
z Locking when loading drivers or failing to connect to the server
z Locking when imaging (downloading, uploading, or multicasting)
Microsoft client drivers
The Boot Disk Creator is set up to work with drivers that follow a certain standard.
Because not all NIC drivers follow that standard, you may have to move the files to a
different location. Ensure that the following files are in the same directory:
The DOS driver for your card (drivername.dos)
The sample protocol.ini that comes with your driver (protocol.ini)
The OEM setup file that specifies the DOS driver (oemsetup.inf)
Example: The OEM setup file may contain lines similar to the following:
[netcard]
NGRPCI=”NETGEAR FA310TX Fast Ethernet PCI
Adapter”,0,ndis,ethernet,real,NGRPCI,NGRPCI_NIF
[NGRPCI] (This header must be the sixth item listed in the line
above)
Device=NGRPCI.DOS (If this line is missing, add it. The syntax is
device=drivername.)
If there is no protocol.ini file, create a text file that contains the following command:
DriverName=drivername
Novell client drivers
The Boot Disk Creator performs the following functions:
z Searches all subdirectories for a directory that contains *.ins, *.com, and net.cfg
files. (These files must be in the same directory.) The .INS file is opened to get
information about the network card.
z Searches the file for a line starting with a carat (^). This line must have at least two
values listed, separated by a comma. The two values needed are the description of
the card (value1) and the .com driver file name (value2).
Altiris Deployment Solution™ from Symantec User’s Guide 351
Installing the Deployment Agent
For client computers running a Windows operating system, Deployment Solution lets you
install agent software using the Remote Agent Installer to “push” the agent to a client
computer from a Deployment Console. (See Remote agent installer on page 353.) You
can also pull the Deployment agent to the client computer by accessing the Windows
share or downloading the install package from the Deployment Web Console. You must
have administrative rights to the client computers and File and Print Sharing must be
enabled to install the agent software.
Click Remote Agent Installer on the Deployment Console toolbar, or
click Tool > Remote Agent Installer to open the utility program. You
can also download aclient.exe from the network share or Deployment
Web Console to install a Deployment agent.
Remote agent installer
DAgent replaced AClient as the default agent for the Windows operating systems.
Windows XP
To install, each XP computer must have the following items:
z An Administrator account with a password. This account must be able to browse
\\hostname\admin$ on the selected computer.
z Disabled simple file sharing. This option can be disabled in Windows Explorer by
selecting Tools > Folder Options > View tab and clearing the Use simple file
sharing check box in the Advanced settings section.
z Enabled File and printer sharing in the Windows Firewall.
Windows 2003, Vista, 2008 servers, and Windows 7
You must enable file and print sharing in the Windows Firewall.
Enter administrator account information
Enter common administrator credentials for all client computers, or keep the default
credentials to be prompted for each client computer.
Let me specify a username and password for each machine as it’s installed.
Prompts for an administrative user name password for each computer in the remote
install list. This is the default option.
Use this username and password for all clients. Enter credentials for an
administrator account that has rights to all the client computers that you add to the
remote install list.
Specify install directory
Enter a location to install the Deployment Agent.
Install directory. Enter the path to install the Deployment Agent on the client
computer.
Altiris Deployment Solution™ from Symantec User’s Guide 352
Enable this agent to use SIDgen and/or Microsoft Sysprep. If you plan to use
SIDgen or Sysprep to configure this computer the required files can be copied when the
agent is installed.
Click Change Settings to set the Deployment Agent settings.
See Deployment agent settings on page 110.
Automatically add to a group
You can select one of the following options to automatically add new computers to the
group that you specify.
Add client(s) to default group. Adds new computers to the All Computers group.
Add client(s) to a specific group. Adds new computers to another group. Use back
slashes to separate subgroups.
Select computers on the network
Identify client computers on the network and add them to a list of computers to
remotely install the Deployment Agent.
Add. Select the computers by the name in the list, or enter a computer name or IP
address.
Computer Name. Enter the name of a computer on the network or its IP address.
Properties. Select a computer and view the agent install settings. You can also change
SID and Agent settings from the Agent Properties dialog.
Import. Import new computers from a file.
This file has the following parameters:
p:[password] –i:[input file]
The password parameter is not required if the administrator account does not have one
assigned. If you are using the default settings, you do not need to specify an input
filename. Each computer entry must be on a separate line.
Export. You can export the listed computers into an export file to use later. The default
extension is *.RCI. Remote Agent Installer first looks for an RCI file extension, but any
DOS text file can be used.
When the computers appear in the installer list and the properties are set, click Finish.
The status of the agent install appears.
After the Deployment Agent is installed, it automatically connects to the Deployment
Server and appears in the Computers pane of the Deployment Console.
-c:[computer] –u:[username] –
. The parameters must be entered in this order.
Download Microsoft sysprep
If you select Enable this agent to use SIDgen and/or Microsoft Sysprep on the
previous dialog, the Remote Agent Installer dialog locates the required installation
files for the specific versions of Sysprep.
Update file system permissions when changing SIDs. Select this option to
automatically update file system permissions to maintain the individual file permissions
that you may have set. This also includes the individual network shares that may exist
on this client. On selecting this option, SID conversion takes a long time.
Altiris Deployment Solution™ from Symantec User’s Guide 353
Note
SIDgen is no longer supported and should not be used. Altiris recommends using
Microsoft Sysprep in situations where SID replacement is required.
To install Microsoft Sysprep, you must download the installation files
required for the Windows operating systems running on the client
computer.
Windows XP/2003 (deploy.cab)
We recommend installing these files from a Windows 2003 server CD.
Windows Vista and 2008 Server include sysprep files by default.
Change settings
Click Change Settings to modify access, security and other settings on the Deployment
Agent to be installed.
See Deployment agent settings on page 110.
Get server security key
This page appears only if you select the Enable key-based authentication to
Deployment Server option in the Default Agent Settings dialog.
Enter the security key file path for the Deployment Server or browse and select a file
containing the security key file path.
Installing Deployment Agent for Windows
Run AClient.exe from the Deployment Share (shared folder) or download the installation
file from the Deployment Web Console.
1. On the Altiris Client Service dialog, enter a location to install the Deployment
agent. Select one of these options, if required, and click Next:
Secure modification of server properties. Select to prohibit users from
changing any agent settings.
Enable changing of Security ID. Select to manage the security IDs to run a
SID utility as part of an imaging job.
Advanced. Click to open the Computer Configuration Properties dialog and
enter the settings for the Deployment agent you are installing. See Computer
configuration properties on page 101.
2. If you have enabled the security IDs, a page listing the options for managing the
SIDs appears. Select the utilities you want to use and enter the path where the
utilities are stored. Click Next to install the Deployment Agent.
3. (Optional) Select a group in the Deployment Console to add the client to. You can
also leave it at the default group.
After the Deployment Agent is installed, it connects to the Deployment Server and
appears in the Computers pane of the Deployment Console.
See Installing Deployment Solution agents on page 351.
Altiris Deployment Solution™ from Symantec User’s Guide 354
Automating the installation of Deployment Agent
If you do not select Remote Agent Installer to install the Deployment Agent, install the
Deployment Agent using log-on scripts or batch flies. However, this requires that you
manually complete the installation at each client computer. Instead, you can use a
template file to set applicable options and properties.
The template file is a text file that can be used to automate configuration of the
properties when installing the Deployment Agent from a batch file, login script, or
manually from a client computer.
The template file can be created using two methods: editing the sample.inp file or using
Remote Agent Installer.
Editing the sample.inp file
Deployment Solution ships with a sample template file named sample.inp, which
contains the commands to configure installation options and properties. This file is
located in Program Files\Altiris\eXpress\Deployment Server.
Most of the parameters are disabled in this file. To enable an option, remove the
semicolon. Example: To specify an IP address and port number for the client to locate
the Deployment Server, remove the semicolon from the TcpAddr and TcpPort lines and
change the address and port number to the correct values.
Using remote agent installer
You can create a template file when running Remote Agent Installer. After modifying
agent properties and adding computers to the Selecting Clients window, click Export
to create a template file to import computers (*.rci) as well as the template file (*.inp).
Example: If you have computers named PC-1 and PC-2 listed in the Selecting Clients
window and you export these computers using the file name Export.rci, the following
two template files are created:
Export_PC-1.inp
Export_PC-2.inp
Using the template file
To use the template file you create, run the AClient.exe installation program specifying
the template file and using the -install switch. Example:
\\FX1\eXpress\AClient.exe aclient.inp -install
The following command-line options are available:
Option Definition
-install AClient.exe runs and installs the Deployment Agent on the
computer instead of just running it in memory.
-remove Permanently removes the Deployment Agent from the computer
where it is installed.
-silent Lets you use the options without being prompted for further
input.
Altiris Deployment Solution™ from Symantec User’s Guide 355
Option Definition
-stop Stops the Deployment Agent from running, but does not remove
it. The next time the computer is booted, the Deployment Agent
runs in production mode.
-start Starts the Deployment Agent. This option works only when
Deployment Agent is installed on the computer.
Installing Deployment Agent on Linux
You can install the Deployment Agent on any supported Linux workstation or server by
downloading and running the Deployment Agent for Linux installation file (a .BIN file) on
the client computer. The Deployment Agent is updated automatically on Linux computers
when you upgrade to a new version of Deployment Solution. The creation date of the
Deployment Agent is checked and updated when a new agent is available.
Installing the Deployment Agent for Linux
1. After downloading the .BIN file to a local directory, you can install from the
command line.
Browse to the directory where you saved the .BIN file, switch to the root user
(su) and change the directory to the location of the .BIN file by entering
(cd < directory>)
After changing the directory, you must have the permission to execute the .BIN
file; to obtain the permission, enter
chmod 544 <filename>
Enter: ./<file name>
The Deployment Agent for Linux is installed in the
deployment/adlagent
2. To change the adlagent
This file is located in the
You can also change the adlagent configuration file settings by executing the
configure
directory.
To edit the configure file directly, open the adlagent.conf file located in the
script from the /opt/altiris/deployment/adlagent/bin
configuration file settings, update the adlagent.conf file.
directory.
/opt/altiris/deployment/adlagent/conf directory.
/opt/altiris/
/opt/altiris/deployment/adlagent/conf directory and make the
required changes.
You can also edit the configuration file to change the functionality or properties.
Example: You can open the adlagent.conf
[Transport] section and the UseMcast line. Change UseMcast=true to
file in an editor and scroll to the
UseMcast=false. In the TCPAddr=<IP address> line, enter the IP address
of the specific Deployment Server you want to manage the client computer. You
can also identify and edit additional configuration settings in the configuration
file.
To run the script to change the settings for the adlagent configuration file,
browse to the
the shell and enter
/opt/altiris/deployment/adlagent/bin directory from
./configure
Altiris Deployment Solution™ from Symantec User’s Guide 356
You are prompted to select Multicast options to identify a Deployment Server to
manage the current client computer, or you can select a specific Deployment
Server by setting the Multicast option to false and adding the IP address of the
required Deployment Server.
3. After editing the configuration file, restart the Deployment Agent for Linux.
To start and stop the Deployment Agent for Linux, enter the full path or browse to
/etc/rc.d/init.d directory (with administrator/root rights). You can use
the
either the
adlagent restart command. You can also use the Package Manager installed
with Linux to restart the Deployment Agent for Linux.
By stopping and starting the Deployment Agent for Linux, the service updates the
changes made in the
You can now view the Linux managed computer from a Deployment Console.
See Installing Deployment Solution agents on page 351.
adlagent stop and adlagent start commands, or only the
adlagent configuration file.
Installing the automation agent
After Deployment Server has detected a managed computer through the Deployment
Agent in a production environment, you can install an Automation Partition from the
Computers pane.
Here are some other ways to create and install an Automation Agent, which is saved in
an embedded (recommended) or hidden partition on the client computer’s hard disk.
z For Deployment Solution systems running the PXE Server, create boot menu options
from the PXE Configuration Utility, using one of the following methods: Boot Disk
Creator, Direct from floppy, or User Specified. See PXE Configuration Utility
Help.
z To install an Automation Partition you can create a Microsoft Install Package (MSI)
and deploy it using a job from the console. You can also create floppy disks,
bootable CDs with an ISO image, or bootable USB devices. See Boot Disk Creator
Help. See Distributing software on page 175.
To install an automation partition
See Install automation partition on page 133.
Managing licenses
From the Deployment Console, you can find the number of licenses used, detect an
expired license, or apply a license to a client computer. Although you can install multiple
Deployment Servers, licensing is based on the number of managed client computers.
The Deployment Server system also provides the license utility to install or update
regular licenses, or to add licenses to computers installed with Deployment Solution.
This utility shows the license status, installs a new license, and adds additional licenses.
Altiris Deployment Solution™ from Symantec User’s Guide 357
Licensing Terms
Term Description
AUP - Annual Upgrade
Protection
Licensed Nodes The total number of client and server computers that a
DS and PCT These are common abbreviations for Deployment
Expired License All regular licenses (that are purchased) never expire.
Altiris Annual Upgrade Protection or AUP lets registered
Altiris software users upgrade to any version of the
registered product that is released during the coverage
period without paying an upgrade charge. Regular
production licenses never have a license expiration
date, but always have an AUP date. As long as this date
does not expire, you can use the license to register any
version of Deployment Server.
Deployment Server is licensed for. Each client computer
that has an agent, and that communicates actively with
the Deployment Server, uses a single license node.
You can view this information on the About
Deployment Console box. This information appears in
the License Details section when you apply a license
using the Product Licensing Utility.
Server and PC Transplant. Both these products are
licensed with the same licensing model, and often a
single license applies to both products at once, although
some licenses apply only to PC Transplant.
However, evaluation licenses do have an expiration
date. After the expiry date, the trial or evaluation
licenses do not function, and need to be replaced with a
regular license.
See Using the license utility on page 359, Adding a license from the Deployment Console
on page 361, Rapid Deployment Pack licensing on page 362, Finding the number of used
licenses on page 362, Computers not using a regular license on page 362, Detecting an
expired license on page 362, and Expired licenses on page 363.
Using the license utility
The Deployment Server system provides a license utility to update or add licenses to
installed sites, which lets you apply the license activation key file (.lic file) after Altiris
products are installed. This utility is installed on the Deployment Share during the
Deployment Server installation.
When you open the License Utility, the Altiris Activation Key Wizard appears. On the
Select Altiris Program Files to Activate page, you can select the Replace all
existing license Activation Keys with this new Activation Key check box, which
overwrites the current Activation Key with the one you are installing.
Altiris Deployment Solution™ from Symantec User’s Guide 358
You can use the License Utility to view the license status, install a specific product, install
new or updated licenses for installed software, and additional licenses for installed
software.
To open the License Utility
Option 1:
z Click Start > Programs > Altiris > Deployment Solution
> Product Licensing Utility.
Option 2:
1. Browse to the location where you installed the Deployment
Share.
2. Run license.exe.
To view license status
1. Open the License Utility.
2. Enter the directory path to the new .LIC file.
3. Click Next.
A summary page displays the activation key information.
4. Click Cancel.
Install a regular license for products
When a product is installed from the Altiris CD or the Altiris Web site, a 7-day trial
license is automatically applied. However, you can apply a 30-day evaluation license or a
purchased regular license to installed products that use a license activation key file
(.LIC).
Note
Save the license activation key file, because you will need it when future product
updates are released. After you receive the key, store it in a safe place (such as a floppy
disk) for future reference. You can store multiple license activation key files in individual
folders on a single disk. You can also store multiple license activation key files in the
same folder, but the file names must be different.
To apply a regular license file
1. Open the License Utility.
2. Enter the directory path to the new .LIC file and click Next.
The Altiris Activation Key Wizard displays the activation key information.
3. Click Next.
A list displays the Altiris products that are installed on the Deployment Server. Each
program file uses license activation key files.
4. Select the products that you want to license.
Use the Shift key to select multiple products.
Altiris Deployment Solution™ from Symantec User’s Guide 359
Click Add and browse to add another Altiris product. Select the program
filename and click Open.
Select the products that you do not want to apply a license to and click
Remove.
5. Click Finish to apply the license to the selected products.
See Installing Deployment Solution agents on page 351.
Install multiple licenses
Some Altiris utilities can combine multiple licenses together for the total number of
nodes. Example: Two 50-node licenses can be combined to a single 100-node license.
This option lets you apply an “add-on” license to the Altiris products that you have
installed on the Deployment Server.
1. Open the License Utility.
2. Enter the directory path to the new .LIC file and click Next.
The Altiris Activation Key Wizard displays the activation key information.
3. Click Next.
A list displays the Altiris products you have licensed.
4. Click Finish.
See Managing licenses on page 358, Adding a license from the Deployment Console on
page 361, Rapid Deployment Pack licensing on page 362, Finding the number of used
licenses on page 362, Computers not using a regular license on page 362, Detecting an
expired license on page 362, and Expired licenses on page 363.
Adding a license from the Deployment Console
Use this option to install a license to a computer from the Deployment Console after the
free trial has expired. You must apply a regular (permanent) license to continue
managing client computers. You cannot install a license directly on a client computer.
However, you must install a regular license on the Deployment Server before you can
install and manage licenses for client computers from the Deployment Console.
To install a regular license on a single computer
1. From the Deployment Console, right-click the computer to which you want to apply
the license.
2. Select Properties.
3. Select Apply regular license.
4. Click OK.
To install a regular license on multiple computers
1. From the Deployment Console, right-click the computer group to which you want to
apply the license.
2. Select Advanced.
3. Select Apply Regular License.
Altiris Deployment Solution™ from Symantec User’s Guide 360
See Managing licenses on page 358, Using the license utility on page 359, Rapid
Deployment Pack licensing on page 362, Finding the number of used licenses on
page 362, Computers not using a regular license on page 362, Detecting an expired
license on page 362, and Expired licenses on page 363.
Rapid Deployment Pack licensing
Rapid Deployment Pack (RDP) is the version of Deployment Server that is released to HP
customers. The RDP licensing functionality is similar to the Deployment Server licensing.
If you have RDP licenses with AUP longer than 3 years the Deployment Solution license
utility might not work. To use these licenses, download the installation files from the HP
Web site. These installation files use a slightly different version of the Product Licensing
Utility, and they allow licenses with long AUP dates.
See Managing licenses on page 358, Using the license utility on page 359, Adding a
license from the Deployment Console on page 361, Finding the number of used licenses
on page 362, Computers not using a regular license on page 362, Detecting an expired
license on page 362, and Expired licenses on page 363.
Finding the number of used licenses
Open the Deployment Console and select Help > About from the main menu bar. You
can see the total number of licenses you have purchased, the total licenses you have
used, and the total licenses available.
You can view the information in the Computers pane to understand for which
computers regular licenses have been applied. In the Computers pane, a clock icon in
the lower left corner implies that the computer still has a free license.
See Managing licenses on page 358, Using the license utility on page 359, Adding a
license from the Deployment Console on page 361, Rapid Deployment Pack licensing on
page 362, Computers not using a regular license on page 362, Detecting an expired
license on page 362, and Expired licenses on page 363.
Computers not using a regular license
From the Deployment Console, you can understand which computers do not have a
regular license. If the icon has a clock in the lower left corner of the Computers pane, it
is an HP computer that still has the free 30-day license.
See Managing licenses on page 358, Using the license utility on page 359, Adding a
license from the Deployment Console on page 361, Rapid Deployment Pack licensing on
page 362, Finding the number of used licenses on page 362, Detecting an expired
license on page 362, and Expired licenses on page 363.
Detecting an expired license
A computer listed in the Computers pane of the Deployment Console will be gray
instead of blue if the license has expired. However, this may not always mean that the
license has expired. To verify that the license has expired, use the following options:
z When you select a computer with an expired license, the following message
appears:
Client license expired - see computer properties.
Altiris Deployment Solution™ from Symantec User’s Guide 361
z If you try to view the properties of a computer with an expired license, the following
error message appears:
Error: You have chosen a computer that has expired. Clients that are expired
cannot be managed until a license is purchased for them and they have been
flagged in the Computer Properties dialog to accept a regular license.
Note
If you place a job on a computer with an expired license, the same error message
appears.
Directing client computers to the correct Deployment Server
If you review the client computer list from the Deployment Console and notice that some
computers are not available when you select them, it is possible that the computer was
moved from one Deployment Server to the other, and the former server had an expired
licence. To verify that a client computer is associated with the Deployment Server you
want, do the following:
1. Click the Deployment Agent icon on the client computer.
2. Select Properties.
3. Enter the IP address of the correct Deployment Server in the Address/Hostname
field.
4. Click OK.
See Managing licenses on page 358, Using the license utility on page 359, Adding a
license from the Deployment Console on page 361, Rapid Deployment Pack licensing on
page 362, Finding the number of used licenses on page 362, Computers not using a
regular license on page 362, and Expired licenses on page 363.
Expired licenses
Regular Deployment Server licenses do not expire, however the 7-day trial license and
the 30-day evaluation licenses do expire, and can cause some problems if not replaced
properly after adding regular licenses. Computers with expired licenses become dead
nodes and can no longer be managed by the Deployment Console.
When a license is first installed on the Deployment Server, each computer in the
database takes a license node. If this node is a temporary license, that computer has a
tag in the database that says it is a trial node. If that license is not replaced before the
time limit, the computer stops accepting jobs or any type of remote management.
When the Deployment Server receives new regular licenses, it does not by default
release the trial license nodes that it was using before. This can cause problems if the
trial licenses are still being used and they expire even after you apply a regular license.
You can use one of the following methods to deal with this lingering expired license
issue:
z You can set up a global option that automatically replaces any trial license with a
regular license as soon as they become available. This is a long term and
preventative solution to expired license issues.
1. In the Deployment Console, go to Tools > Options.
2. Click the Global tab.
Altiris Deployment Solution™ from Symantec User’s Guide 362
3. Select the Automatically replace expired trial licenses with available
z You can reapply all regular licenses to the computer nodes. This is helpful if you
want to see an immediate resolution to a license issue.
1. In the Deployment Console, right-click the All Computers computer group (or
2. Select Advanced > Apply Regular License. This makes all computer nodes in
See Managing licenses on page 358, Using the license utility on page 359, Adding a
license from the Deployment Console on page 361, Rapid Deployment Pack licensing on
page 362, Finding the number of used licenses on page 362, Computers not using a
regular license on page 362, and Detecting an expired license on page 362.
Installation help
The following are the help file topics for the Deployment Server installation program that
you can access by clicking Help or pressing the F1 key. These topics identify and explain
the elements on the dialogs used in the installation process.
Configuration
regular licenses check box. This resolves the computer node licenses expiry
issue.
any other computer group you need to do this to).
that group release the license node they were using and take a regular license
node.
The Deployment Server system supports a Simple Install as well as a Custom Install
option. A Simple installation lets you install all components on a single computer. The
Custom installation lets you distribute individual components of a Deployment Server
system on multiple computers. The Thin Client Install lets you install the Thin Client
view of the Deployment Console on your computer. The Component Install option lets
you install additional components on your system.
Pre-installation
Simple install helper. Select this option to check for an installation of Microsoft SQL
Server for a Simple Install. If Microsoft SQL Server or MSDE is located, the installation
program continues. Otherwise, the installation program prompts you to download and
install MSDE from the Altiris Solutions Center.
Installation type
Simple install. Select this option to install all Deployment Server components on a
single computer. This configuration is recommended for managing computers on a single
LAN or across a site with few subnets.
See Simple install for Deployment Server on page 341.
Include PXE server. Select this option to install the PXE Server when running the
Simple install option. The PXE Server requires a DHCP server also installed on your
network.
See PXE server on page 338.
Custom install. Select this option to install Deployment Server components on multiple
computers across your system. A Custom Install lets you balance network activity for
large enterprises with multiple subnets. Example: Use this option to distribute the
Altiris Deployment Solution™ from Symantec User’s Guide 363
Deployment Database on another computer or assign another file server as the
Deployment Share to store image and package files.
See Custom install for Deployment Server on page 344.
Thin client install. Select this option to install the Thin Client view of the Deployment
Console on your computer. You do not require a license file to install this view.
See Thin client install on page 347.
Component install. Select this option to install additional Deployment Server
components on your system. Example: Use this option if you want to add a PXE Server
to your Simple or Custom installation, or if you need multiple Deployment Consoles.
See Component install on page 349.
If you have multiple network adapter cards, a secondary dialog appears asking you to
select the IP address for the Deployment Server interface.
See also Deployment Server system requirements on page 340.
Note
If you run the Deployment Server on a MS Windows Server 2003 Domain Controller with
SMB Signing enabled, you cannot execute any imaging and DOS jobs. When running
jobs on MS Windows Server 2003, you must change the SMB Signing Registry Key to
execute DOS-based deployment jobs.
To disable SMB signing on the Windows 2003 server
1. Click Start > Control Panel > Administrative Tools > Local Security Policy >
Local Policies >Security Options.
2. Locate the Microsoft network server: Digitally sign communications
(always) policy setting, right-click it, and select Properties > Disabled.
3. Disable the Microsoft network server: Digitally sign communications (if
client agrees) policy setting as well. This is enabled by default.
Installing Deployment Server
Specify the Deployment share (shared directory) where you want to store the image
files, .RIPs, and other package files. Before installing the Deployment Server, ensure
that you have a shared Windows or NetWare directory with free disk space and
appropriate security rights.
File server path. Select the drive letter and directory path where you want to install
the Deployment Server. The default path is the Program Files directory on the local
computer.
Create Deployment Share. If you are installing the Deployment Server on a local
Windows computer, select this option to create a shared directory as your Deployment
Share. If you are installing on a remote file server or if you select an invalid path, this
option is unavailable.
Note
If you are installing the Deployment Server on a remote file server, create a share or
grant access rights to the Deployment Server directory on the file server before you
start the installation. For Windows XP, you must run the Network Setup Wizard accessed
from My Network Places to enable sharing.
Altiris Deployment Solution™ from Symantec User’s Guide 364
Select one of the following options to configure the licensing information:
If you do not have a license file, select the Free 7 day license option to use an
evaluation license for a new Deployment Server installation.
Select the Upgrade using existing license option to upgrade the installation
using an existing license.
Select the License File option and browse to locate the license file (.LIC file)
that you received when you registered on the Altiris Web site. See the Altiris
Getting Started Guide for further licensing information.
Service username and Service password. If running a Simple Install, you must enter
an administrator user name and password for the Deployment Server and the
Deployment Share. This account must already exist on the Deployment Server and the
Deployment Share. If you use a domain account, enter the domain name (Example:
orgDomain\admin.
See Deployment Server components on page 335, Installing Deployment Server, and
Managing licenses on page 358.
Installing Deployment Server using component install
Specify the Deployment Share (shared directory) where the image files, RIPs, and other
package files are stored. Ensure that you have a shared Windows or NetWare directory
with available disk space and security rights before installing.
See Deployment share on page 338.
Deployment Server install
Install the Deployment Server on a computer. The service is identified in the Services
section of the Windows Computer Management as Altiris eXpress Server.
See Deployment Server on page 336.
To install service on a local computer
1. Select the On this computer option.
2. Enter the Deployment Server IP address and port information.
3. Enter the path to install the Deployment Server.
4. Enter the user name and password of the Deployment Server. For a domain account,
enter the domain and user name. Create this account before starting the
installation.
To install service on a remote computer
1. Select the On a remote computer option.
2. Enter the name of the computer or browse to where you want to install. By default,
the destination path and IP address of the computer appear.
3. Enter the user name and password of an administrator account for the Deployment
Server computer. For domain accounts, include the domain name (Example:
orgDomain\admin). The user account must have rights to the Deployment Share.
Create the administrator domain account before starting the installation. See
Deployment share on page 338.
Altiris Deployment Solution™ from Symantec User’s Guide 365
See Deployment Server components on page 335 and Installing Deployment Server on
page 334.
Pre-boot operating system (simple)
Select a pre-boot operating system, which the Deployment Server can use as the
default, when creating a deployment job with an automation task. You can also install
additional pre-boot operating system files later by using Boot Disk Creator.
If you are running a PXE Server in your system environment, the first pre-boot
operating system that you install becomes the default boot menu option for Initial
Deployment. The menu options display DOS Managed, Linux Managed, or Windows
Managed.
You can assign an automation pre-boot operating system to an automation task when it
is added to a deployment job. This flexibility lets you run several automation tasks
within a single job, and each task can boot to the automation environment you want.
z None. Select this option if you do not want to provide a default automation
operating system. You can also select this later through the Boot Disk Creator utility.
z FreeDOS. Browse to the BDCgpl.frm file. This is available on the Deployment
Solution download site.
z MS-DOS. DOS requires an original Microsoft Windows installation disk, or browse to
the system formatted files.
z Linux. Browse to the BDCgpl.frm file. This is available on the Deployment Solution
download site.
z WinPE. Browse to the WinPE files.
z See Boot Disk Creator Help and PXE Configuration Help.
Pre-boot operating system (custom)
Select a pre-boot operating system that the Deployment Server can use as the default
when creating a deployment job with an automation task. You can also install additional
pre-boot operating system files later by using Boot Disk Creator.
If you are running a PXE Server in your system environment, the first pre-boot
operating system that you install becomes the default boot menu option for Initial
Deployment.
You can assign an automation pre-boot operating system to an automation task when it
is added to a deployment job. This flexibility lets you run several automation tasks
within a single job, and each task can boot to the automation environment you want.
z FreeDOS. Browse to the BDCgpl.frm file. This is available on the Deployment
Solution download site.
z MS-DOS. DOS requires an original Microsoft Windows installation disk, or browse to
the system formatted files.
z Linux. Browse to the BDCgpl.frm file. This is available on the Deployment Solution
download site.
z WinPE. Browse to the WinPE files.
See Boot Disk Creator Help and PXE Configuration Help.
Altiris Deployment Solution™ from Symantec User’s Guide 366
Deployment database install
Install the Deployment Database on a local or remote server with or without an existing
Microsoft Data Engine (MSDE) or Microsoft SQL Server. To install the database, you must
have administration rights to the selected server.
See Deployment database on page 337.
Note
If you have multiple instances of the Microsoft SQL Server already set up, you can
identify a specific instance using this format:
instance>
Microsoft SQL Server to manage multiple Deployment Solution systems on different
network segments, you can enter the name
marketingSegment\express depending on the previously established database
instance.
Install the Deployment Database using these options:
z Select the Microsoft SQL Server instance where you want to install your Deployment
database.
z You can also change the default SQL Port number.
z You can rename the Deployment Database default name, eXpress, by entering a
different name in the Database Name field. However, this does not alter the
Deployment Share name.
. The instance of the database can vary. Example: If you have a clustered
<SQL Server Name>\<database
salesSegment\express or
See Deployment Server components on page 335.
PXE server install
Select the options to boot locally using the Altiris Automation Partition. For PXEcompliant computers, you can boot across the network using the Intel Pre-boot
eXecution Environment option in the PXE Server.
See PXE server on page 338.
Note
If you have a Novell NetWare file server, you must set up the PXE Server after installing
the Deployment Server. The Universal Network Device Interface (UNDI) default driver is
not supported by Novell NetWare.
z Select the No I will be using an Altiris automation partition on each client
z Select the Yes, I want to install PXE Server on this computer option to install
computer option, if you do not want to use PXE and prefer to use embedded
(preferred) or hidden partitions, or bootable media to run tasks.
Note
This option is unavailable for installing the PXE Servers using the Component Install
option.
the PXE Server on the local computer.
Note
This option is selected by default for the Component Install.
Altiris Deployment Solution™ from Symantec User’s Guide 367
z Select Yes, I want to install PXE Server on a remote computer to install the
PXE Server on a remote computer. Enter the name of the computer and the path.
z Enter the IP address for the PXE Server and the Deployment Server.
z Enter the path where you want to install the PXE Server.
z Select the pre-boot operating system that can be used as the default PXE boot
menu item. The pre-boot operating system options that are enabled depend on the
options you selected for the pre-boot operating systems in the Pre-boot Operating
Systems page. Example: If you select Linux in the Pre-boot Operating Systems
page, the Linux option is enabled as the default PXE boot menu item.
See Installing the automation agent on page 358, Pre-boot operating system (simple)
on page 367, and PXE Configuration Utility Help.
Client connection to server
Select the protocol your managed computers can use to connect to the Deployment
Server.
Connect directly to Deployment Server. Installs the PXE Server using the Intel Preboot eXecution Environment (for PXE-compliant computers only). You can use this
without PXE for faster access, as it goes directly to the IP address without searching.
If managed computers are on a different segment or if you are using the PXE Server
with an UNDI driver, click Connect directly to Deployment Server and enter the IP
address of the Deployment Server that the managed computers can connect to. Do not
change the port number unless the default is already being used.
Note
If you change the port number, you must change the client configurations.
Discover Deployment Server using TCP/IP multicast. Lets the managed
computers connect to any Deployment Server. To use multicasting and connect to a
specific Deployment Server, enter the name of the Deployment Server computer.
Multicasting cannot be used with the UNDI driver. If you want to use different drivers on
the PXE Server, you can create multiple PXE boot files after installing.
See Deployment agents on page 109.
Deployment web console information
This feature lets you remotely manage Deployment installations, deploy and manage
Windows and Linux computers (both client and server editions) in real-time, and benefit
from many of the features available in the Deployment Console.
To install deployment web console
1. By default, the Deployment Web Console installs on the computer that is running
the installer. Select the On a remote computer option and browse to a computer
where you want to install. If you do not want to install the Deployment Web
Console, select the Do not install option.
2. If you want to change the default values, enter the Console port and Deployment
Web Console path for the installation.
Altiris Deployment Solution™ from Symantec User’s Guide 368
3. You must enter the Service username and Service password that already exist
on the Deployment Share and the destination computer where you install the Web
Console.
Note
If you are installing an additional Deployment Web Console using the Component Install
option, the Do not Install option is disabled.
See Deployment Console on page 335 and Deployment Server components on
page 335.
Sysprep
Enter the location of the Microsoft Sysprep files according to the operating system.
Specify the location or browse and select the required files.
Installing components
Click Install, or click Back to change the settings.
See Deployment Server components on page 335.
Installation information summary
The components are installed.
You can remotely install Deployment Agents, enable Sysprep support, and download
Adobe Acrobat for documentation.
Enable Microsoft Sysprep support. Select this option to enable Sysprep support.
Provide the location of the Microsoft Sysprep files.
Remotely install Deployment Agent. Select this option to push the Deployment
Agent.
Install add-ons to provision server hardware. Select this option to install the addons for Dell computers.
Note
This option is enabled on Dell computers only when add-ons are present in the
oeminstall-addons section of the oeminstall.ini file, which is located in the eXpress
directory. This is the only option available on the Installation Information Summary
page when you select Component Install.
Click Finish.
See Deployment Server components on page 335.
Add components summary
The components in the list are installed.
Download Adobe Acrobat. Select this option to download the Adobe Acrobat Reader
to read the documentation in the .PDF format.
Click Finish.
See Deployment Server components on page 335.
Altiris Deployment Solution™ from Symantec User’s Guide 369
Deployment database authentication
Specify the type of authentication the Deployment Database will use. You can select
Windows authentication or SQL Server authentication. If you select SQL authentication,
enter the user credentials with administrative rights for the SQL database.
Use Windows NT authentication. Select this option to use the Windows network or
Active Directory authentication.
Use SQL Server authentication. Enter the user name and password set for the
Microsoft SQL Server. If using MSDE, the default “sa” user name is used and no
password is required.
See Deployment Server components on page 335 and Installing Deployment Server on
page 334.
Add components
If you have already installed Deployment Server, you can add components to the
existing system. Select the type of component you want to add.
See Deployment Server components on page 335.
Console install
You can install the Deployment Console either on the local computer or on multiple
remote computers. Installing the Deployment Console on remote computers lets you
manage computers from multiple Deployment Consoles across the Deployment Server
installation.
See Deployment Console on page 335.
z Select the On this computer option to install the Deployment Console on the local
computer.
z Select the On a remote computer option to install the Deployment Console on a
remote computer. Enter the computer name or browse and select a computer.
See Deployment Server components on page 335 and Installing Deployment Server on
page 334.
Installer return codes
For a list of return codes for the installation program, see the Error Messages in
Deployment Solution chapter in the Reference Guide.
Altiris Deployment Solution™ from Symantec User’s Guide 370
Altiris Deployment Solution™ from Symantec User’s Guide 371
Chapter 12
Managing from the Deployment Console
Deployment Solution provides both Windows and Web user interface consoles to deploy
and manage computer devices across local or wide area networks. It also provides a
Thin Client view of the Deployment Console. As an IT administrator, you can manage all
computer devices from one of these Deployment Consoles:
The Deployment Console is a Windows-based console with complete deployment and
management features, including remote control, security, PXE Server configuration,
image editing, and other deployment utilities and features. See Deployment Console
basics on page 70.
The Deployment Web Console provides basic deployment and management
functionality from a Web browser, including the ability to remotely access and manage
computer devices, build and schedule jobs, and view multiple Deployment connections.
The Thin Client View of the Deployment Console provides a simplified experience when
dealing exclusively with Thin Clients. The functionality of the Thin Client Console is
identical to that of the current Deployment Console. However, you can toggle from Full
View to Thin Client View.
Deployment from the Symantec Management Console combines management and
reporting features across multiple Deployment Server systems and lets you integrate
additional Web applications in the client and server management suites, including
Inventory, Software Delivery, Recovery, HelpDesk, Patch Management, and Application
Metering solutions.
To launch the Deployment Console, click the icon on the desktop, or click
Start > Programs > Altiris > Deployment Solution > Console.
Features of the Deployment Console. The Windows console for Deployment Solution
provides standard Computers, Jobs, and Details panes to drag and drop icons, view
properties, and identify the state and status of Deployment objects. In addition, the
Deployment Console also includes a Shortcuts and Resources view and provides the
tools, utilities, and features required for complete computer resource management. See
Deployment Console basics on page 70.
Set program options. From the Tools > Options dialog, you can set preferences for
each Deployment Server system. See General options on page 82.
Set security. From the Tools > Security dialog, you can set security rights and
permissions for all Deployment Consoles. See Security in Deployment Solution on
page 87.
Connecting to other Deployment Server systems. Connect to other Deployment
Server connections from your current Deployment Console and manage computers
outside of your current network segment or site. See Connecting to another Deployment
Server on page 93.
Altiris Deployment Solution™ from Symantec User’s Guide 69
Customize the Tools menu. You can add commands to the Tools menu to open
commonly-used deployment programs and utilities. See Extending the tools menu on
page 79.
Deployment Console basics
The Deployment Console is your main portal to Deployment Solution. It is a feature-rich
Win 32 program with real-time access to computer resources, deployment jobs, and
package files, each represented by distinct icons to identify the status and settings.
From the Deployment Console, you can build simple or complex deployment jobs, assign
them to a computer group, and verify deployment execution.
Because the Deployment Console can reside on its own computer, you can have multiple
consoles running from different locations. The Deployment Console needs to be running
only while creating assignments or viewing information about the managed computers.
You can turn on the console, run management tasks, and turn off the console.
Scheduling information is saved in the Deployment Database and tasks are executed at
their scheduled time. If an assignment to a managed computer is made from two
different consoles at approximately the same time, the computer is assigned those tasks
in the order they are received. See Console options on page 82 to set refresh intervals
for the Deployment Console.
Features of the Deployment Console
The Deployment Console is divided into several panes to organize computers,
deployment jobs, and software packages and scripts. It gives you a graphical view of
your network and provides features to build jobs, drag and drop icons to schedule
operations, store and access jobs and packages, and report the status and state of your
computer resources. The Deployment Server includes three main panes, toolbars,
wizards, shortcuts, and utility programs.
Computers pane
Use this area to view and select managed computers for the Deployment Server system.
You can select and right-click a computer in the Computers pane to run remote
operations using Deployment Solution or to view the computer properties. You can also
create computer groups to organize collections of similar computers. See Remote
operations using Deployment Solution on page 122 and Computer properties on
page 119.
Create computer groups by clicking Computer Groups on the toolbar, or
right-clicking in the Computers pane and selecting Groups. Click View >
Show Computers to display only computer group icons and not individual
computers.
When you select a computer or group, a list of the computers in the group appears in
the Details pane and provides the basic information about each computer. The Filter
detail bar appears in the Details pane that helps to view computers according to set
criteria. When a computer is selected, you can view the computer status in the Details
pane, including a list of jobs that are running or are scheduled to run on the computer
and the status of each job.
Altiris Deployment Solution™ from Symantec User’s Guide 70
Jobs pane
To get more details about all tasks that are run on computers, click Status Detail.
Status Detail displays a more detailed breakdown of the tasks that the job has executed
and a status message indicating the status of the tasks.
You can also import new computers from a text file or add security rights and privileges
for a specified computer or group of computers. See on page 95 for complete
information about setting up, importing, and managing computers from the Computers
pane.
Use this area to create and build jobs using specific deployment tasks. You can select
and right-click a job in the Jobs pane when building new jobs or running the New Job
Wizard. You can also import new jobs from a text file or add security rights and
privileges for a specified job or collection of jobs. See Building new jobs on page 150
and New job wizard on page 146.
Set up folders to organize and access jobs according to your specifications. To create a
new folder, right-click in the Jobs section and select the New Folder option. You can
also create folders by selecting File > New > Folder.
Click View > Jobs View to show or hide the Jobs pane.
When you select a job, the Details pane displays a list of computers in the folder and
gives a basic information about each job, such as its state and status. It also shows the
computers or computer groups to which the job is assigned.
z The Conditions detail bar also appears, letting you assign jobs to computers. See
Setting conditions for task sets on page 151.
z In System Jobs, folders are created to store jobs that are created when running
operations from the console.
Drag-n-Drop Jobs. Jobs are created and automatically placed in this folder when
you drag an .MSI, .RIP, or other package files from the Resources vi ew to a specific
computer or group. See Shortcuts and resources view on page 72.
Image Jobs. Jobs are placed in this folder when you create a Quick Disk Image.
See Quick disk image on page 125.
Restoration Jobs. Jobs are placed in this folder when you restore a computer from
its Deployment history. See Restoring a computer from its deployment history on
page 124.
From the Jobs pane, you can drag job icons to computer icons to run jobs, such as
creating images, deploying computers, changing configurations, or installing software.
After you create a job, you can change it by adding, modifying, or deleting tasks. You
can run jobs immediately, schedule them to run at a particular time, or save them for a
later time. See on page 145 for complete information about setting up, importing, and
managing computers from the Jobs pane.
Altiris Deployment Solution™ from Symantec User’s Guide 71
Details pane
The Details pane extends the user interface features when working in the Computers,
Jobs, or Shortcuts panes.
z When you select a computer in the Computers pane, the Details pane changes to
a Filters section (if you click a group icon) and displays the status of all jobs
assigned to the selected computer.
z When you select a job icon in the Jobs pane, the Details pane displays the
information about the job to set up conditions, order tasks, and to add, modify, or
remove tasks.
z When you select a computer or computer group in the Computers pane, the
Details pane displays the information about a computer, such as its IP address,
MAC address, and status.
z When you select a batch file, you can click Modify to update the file.
z When you select a hard disk image file (.IMG), the Details pane displays a
description of the image file and information about the included partitions.
z When you click on the package files, the Details pane displays the title, description,
version, creation date, and platform of an .RIP file or Personality Package.
Shortcuts and resources view
The Shortcut and Resources pane provides easy access to the computers and job
objects identified in the console and the software packages stored in the Deployment
Share. In the Shortcuts view, you can drag computers, computer groups, jobs, and job
folders to organize and access commonly-used console objects. In the Resources view,
you can identify and assign package files.
Click View > Shortcuts View to open the Shortcuts and Resources
pane. You can drag the jobs and computer icons to this pane. Click
Resources in the Shortcuts and Resources view, or click View >
Resources or CTRL+R to open a filtered list of packages on the
Deployment Share.
The Shortcuts view provides quick links to view and access computers, jobs and
packages. It can act as a palette of Deployment Solution icons that you can drag to
other working panes in the console, or as a storage to save commonly-used jobs and
computer icons.
The Resources view lets you see a filtered view of the package files — .MSI files, .RIPs,
image files, Personality Packages, and other resource packages — stored in folders in
the Deployment Share. From the Resources view, you can drag packages directly to
the computers in the Computers pane to deliver the software. This automatically
creates jobs in the System Jobs > Drag-n-Drop Jobs folder in the Jobs pane. The
Resources view lets you identify packages assigned to each job and assign those
packages to create new jobs.
Altiris Deployment Solution™ from Symantec User’s Guide 72
Using resources directly
If you do not want to create a shortcut to a resource, but still want to use a resource to
assign a job to a computer, you can move the resource to a designated computer. To do
so:
1. Enable the Shortcuts view.
2. Click Resources at the bottom of the Shortcuts window.
3. Browse to the selected resource and drag it to the appropriate computer.
You can create a new script file from the Resources view and use it directly to schedule
it on a computer. See Creating new script files on page 192.
See Console options on page 82 for options to set refresh intervals for the Resources
view.
Thin client view of the Deployment Console
The Thin Client view of the Deployment Console provides a simplified experience when
dealing exclusively with Thin Clients. The functionality of the Thin Client view is identical
to that of the current Deployment Console. However, you can switch from Full view to
Thin Client view.
The Thin Client Console has the following panes:
z Computers
z Resources
z Software Packages
z Inventory
The Computers, Resources, and Software Packages panes are on the left side of the
Thin Client view, while the Inventory pane is on the right side of the Thin Client view.
Installing the thin client view
During installation, you can install the Deployment Solution Thin Client view. By default,
the traditional Deployment Console is installed.
If you select Thin Client view, a Thin Client Jobs system folder is created. All the jobs
created from the Deployment Solution Thin Client view are stored in this folder. During
the installation process, the following folders are created in this hierarchy for the Thin
Client resources:
z Configuration Packages
z Images
z Software Packages
Deployment Solution for Thin Clients uses the same installation program as Deployment
Solution. No licensing is required even if you select Thin Client Install.
To install thin client
To install Thin Client, choose one of the following options:
z On the Deployment Server Install Configuration dialog, select the Thin Client
Install option. The Deployment Console Thin Client View appears.
Altiris Deployment Solution™ from Symantec User’s Guide 73
z On the Deployment Server Installation dialog, select the Simple Install option.
The Deployment Console appears. Click View > Show Thin Client View. The
Deployment Console Thin Client View appears.
Switching between two views
When you switch between the traditional view and the Thin Client view, you can
maintain the last state in which you viewed the console. This ensures that you open the
console in the same view that you last closed it in.
To switch between the traditional and the thin client view
1. Click View.
2. Select Show Thin Client View.
Note
By default, the Thin Client view is visible if you select Thin Client Install.
When you switch to the Thin Client view, all the menus and items that are not necessary
for the Thin Client view are unavailable. These are visible when you switch to the
traditional view.
Computers pane
This pane is the same as that in the traditional view. However, only thin clients are
displayed. You can right-click this pane to view a new menu. When you right-click a thin
client, you can view the following options:
z Capture Configuration
z Capture Images
z Deploy Configuration
z Deploy Image
z Install Automation Partition
z Get Inventory
z Power Control
z Properties
z Remote Control
z Delete
z Manage Inventory View
If you select a Capture option, a text field appears, prompting you for the name of the
captured resource. By default, the name is the same as the serial number on the Thin
Client, which you can change.
If you select a deploy option, a list of the available resources appears for the selected
type, such as Configurations, Images, or Software Packages. You can select a resource
from this list.
To create a job
You can create a job in one of the following ways:
Altiris Deployment Solution™ from Symantec User’s Guide 74
Resources pane
z Select any of the first six options from the Computers pane. All these jobs are
scheduled at the current time.
Note
The Schedule Computers for Job dialog does not have the Job Schedule tab.
Also, all the automation jobs have the default option selected for boot image.
z Drag resources to the Computers pane or computers to the Resources pane to
schedule jobs at the current time.
Note
Ensure that you have the required permissions to drag and drop resources.
All thin client job details are saved in the Thin Client Jobs system folder. You cannot
delete or rename this new system folder from the console.
All the above options, except Properties, are disabled when the client is not active.
Note
All the jobs on the thin clients are automatically created and scheduled by the console,
and this happens only when the clients are active. When creating the jobs, the console
refers to the operating system type (platform) of the client.
This pane is a treeview listing all the resources that you can drag and drop to the thin
clients and vice versa. The following types of resources appear in this pane:
z Configuration Packages. Example: Captured Registry Settings.
z Images
z Software Packages. Example: HP Tools.
Note
All these resources reside in the eXpress share in the ThinClient directory.
When you click any of the submenus corresponding to the subdirectories within the
ThinClient directory, the tree expands and displays all the resources included in the
directory. If the folder is empty, an appropriate message appears. You can rename or
delete the resources.
Software packages
The Software Packages pane displays the software packages that can be created for
the available computers. You can drag and drop this resource to the thin clients and vice
versa.
When you right-click the Software Packages pane, you can view the following options:
z New folder. Select this option to create a new folder.
z Import. Select this option to import a job. See To import a job on page 76.
z Rename. Select this option to rename a folder.
Note
You cannot rename the Software Packages pane. You can only rename a folder.
Altiris Deployment Solution™ from Symantec User’s Guide 75
z Delete. Select this option to delete folders.
z Find Software Packages. Select this option to find software packages.
To import a job
1. Open the Thin Client view.
2. Right-click the Software Packages pane and select Import.
The Import Job dialog appears.
3. In the Job file to import field, browse and specify the file that you want to import.
Note
By default, the Import to Job Folder, Overwrite existing Jobs and Folders
with the same names, and Delete existing Jobs in folder options are disabled.
To preserve the source operating system file paths of Scripted Install, select the
Preserve Scripted Install OS source paths option.
Click OK.
To delete the Software Packages option from the Deployment Console
1. Open the Deployment Console.
2. In the Jobs pane, select System Jobs > Thin Client Jobs > Software Packages.
3. Right-click Software Packages and select Delete.
Inventory pane
A confirmation dialog opens.
4. Click Yes to confirm the deletion.
The Software Packages option is deleted from the Deployment Console view.
Note
The Software Packages option is automatically added in the Jobs pane in System
Jobs > Thin Client Jobs when you switch from the Deployment Console view to
the Thin Client view.
This pane displays a table that lists all the thin clients identified by the console. The
following columns appear in the Inventory pane:
z Name
z Computer Status
z Action Status
z Product Name
z Operating System
z Image Version
z Flash Size
z Memory Size
z BIOS version
Altiris Deployment Solution™ from Symantec User’s Guide 76
You can select which columns to view. The following columns are available, but do not
appear:
z Automation Partition
z CPU
z Domain name
z IP address
z MAC address
To view Inventory columns
1. Right-click the Inventory pane. The Manage Inventory Columns dialog appears.
2. You can add columns to either the Selected columns list or the Available columns
list by clicking the required arrows.
3. Click OK.
Toolbars and utilities
The toolbars and menus on the Deployment Console provide major features and utility
tools to deploy and manage computers from the console. From the Main toolbar, you
can create new jobs and computer accounts and run basic deployment tasks. On the
Tools toolbar, you can launch Deployment Solution administration tools and package
editing tools. It also includes icons to quickly run commonly used remote operations.
See Remote operations using Deployment Solution on page 122.
Deployment Solution utility tools
The Deployment Console lets you open utility programs from the Tools menu or from
the Tools toolbar. You can launch Deployment Solution administration tools (Boot Disk
Creator, PXE Configuration, Wise SetupCapture and Remote Agent Installer) and
package editing tools (Wise MSI Editor, PC Transplant Editor, and Image Explorer) from
the toolbar.
Administration tools
Boot Disk Creator. Use this tool to create boot disk configurations, and
automation and network boot media to image client computers. The Boot Disk Creator
can maintain several different boot disk configurations for different types of network
adapter cards. See Altiris Boot Disk Creator help.
PXE Configuration. After installing the PXE Server, you can create and modify
configurations, which make up the boot menu options that appear on client computers.
This is another another option to boot computers to automation. See the Altiris PXE
Configuration help.
Altiris Deployment Solution™ from Symantec User’s Guide 77
Remote Agent Installer. Remotely install the Deployment Agent on client
computers from the console. This utility lets you push the agent installation to client
computers from the Deployment Console. DAgent is the default agent for all Windows
platforms.
PC Transplant Editor. Use this tool to edit a Personality Package to add or
remove data. See the Altiris PC Transplant Help located in the Deployment Share.
Image Explorer. After a disk image is saved to the Deployment Share, this tool
lets you view and manage data in the image file. You can edit and split an image, create
an index, and more. See the Altiris Image Explorer help file located in the Deployment
Share.
Wise MSI Editor. Edit .MSI packages generated from the Wise Setup Capture
tool or other .MSI files used to distribute software and other files.
SVS Admin Utility. Create, import, and manage virtual software layers. See
Software Virtualization Solution on page 78.
DeployAnywhere Driver Database Management. Lets you run DeployAnywhere to
create hardware independent images. This functionality is provided by Symantec Ghost
Imaging Foundation (GIF). To add and manage drivers, on the Tools menu, click the
new DeployAnywhere option. To enable this functionality, select the DeployAnywhere
option from the deploy image task. For more information about DeployAnywhere or
Ghost, see the Symantec Ghost Imaging Foundation documentation.
Software Virtualization Solution
Altiris® Software Virtualization™ Solution (SVS™) is a revolutionary approach to
software management. SVS places applications and data into managed units called
virtual software packages. You can use SVS to activate, deactivate, or reset applications
to avoid conflicts between applications without altering the base Windows installation.
The SVS Admin Utility is a part of SVS. It creates, imports, and manages virtual
software layers, which are part of the packages. For information on installing and using
the SVS Admin Utility, see the Software Virtualization Solution Reference Guide.
For information on the integration of the SVS Admin Utility with Deployment Solution,
see Using SVS admin utility with Deployment Solution on page 79.
Altiris Deployment Solution™ from Symantec User’s Guide 78
Using SVS admin utility with Deployment Solution
On a Deployment Solution computer, you can capture application and data files. The
installed application, data files, and settings are captured into the virtual software
layers.
The Deployment Solution computer should have a clean installation of the Windows
operating system. The computer should not have any background processes or
programs running that can be captured into the layers. Your base computer should not
be running an antivirus program or any other computer management program. If
possible, the computer should not have an active Internet connection.
You can create layers on a virtual computer. (See Managing the SVS layer on page 177.)
This lets you disconnect a computer from the network and reset the computer after each
capture. This ensures that you have a clean operating system.
You can also distribute .RIPs, .MSI files, scripts, personality settings, and other package
files to computers or groups. See Distributing software on page 175.
Extending the tools menu
You can add commands to the Tools menu on the Deployment Console to quickly access
additional management applications. This lets you easily access applications commonly
used with Deployment Solution.
Commands are added by modifying or adding new .INI files. You can insert commands
to the root ATools.ini file for the main menu or add new .INI files to create submenus.
Place both types of .INI files in the directory where the Deployment Console executable
(eXpress.exe) is located. The default location is Program Files\Altiris\
eXpress\Deployment Server.
You can add up to eight menu items to the main menu, and eight menu items for each
submenu.
These .INI fields are included for each application added to the “Tools > Altiris Tools”
menu:
[Application name or submenu declaration]
MenuText=<the application name displayed in the menu>
Description=<the name displayed when you mouse over the menu item>
WorkDir=<directory set as default when executable is run>
Executable=<path to the executable files>
The ATools.ini file extends the main Tools menu on the console. This sample file
contains one submenu, Web Tools, and two additional menu items, Notepad and
Netmeeting. The .INI files are located in the Deployment Share.
[Submenus]
Web Tools=wtools.ini
[Notepad]
MenuText=Notepad Editor
Description=Simple Editor
Altiris Deployment Solution™ from Symantec User’s Guide 79
WorkDir=.
Executable=C:\WINNT\notepad.exe
[NetMeeting]
MenuText=NetMeeting
Description=NetMeeting
WorkDir=.
Executable=C:\Program Files\NetMeeting\conf.exe
Another Tools .INI file is wtools.ini. It is a submenu file referenced by the main
ATools.ini file. On the main menu, this is titled “Web Tools” (see Tools.ini) and contains
two applications, Internet Explorer and Adobe Acrobat.
[Explorer]
MenuText=Explorer
Description=Windows Explorer
WorkDir=.
Executable=C:\Program Files\Internet Explorer\explorer.exe
[Acrobat]
MenuText=Acrobat Reader
Description=Acrobat Reader
WorkDir=.
Executable=C:\Program Files\Adobe\Acrobat\acrobat.exe
Computer filters and job conditions
Use this dialog while creating a computer group filter to filter only the specified
computers in a computer group, or while setting conditions for task sets when running a
job only on the specified computers in a group. See Creating a computer group filter on
page 81 and Setting conditions for task sets on page 151.
Creating conditions to assign jobs
You can set conditions on a scheduled job to run only on the computer devices that
match a defined criteria. As a result, you can create a single job with tasks defined for
computers with varying properties, including the type of the operating system, network
adapters, processors, free disk space, and other computer properties. For each job, you
can now create task sets that are applicable only to the computers matching those
conditions.
Altiris Deployment Solution™ from Symantec User’s Guide 80
Click a job in the Jobs pane. The Condition feature appears in the Details
pane. Click Setup to add new conditions or edit existing conditions. When
you are setting conditions to schedule a job, select from a list of predefined
database fields or create custom tokens that key on other fields in the
database.
Creating custom tokens
You can create custom tokens to set conditions based on the database fields that are not
provided in the available preset conditions in the Conditions dialog. Example: Select
User Defined Token from the drop-down list in the Fields box. Select contains in the
Operation field, and enter Milo in the Value field. In the Token field, enter the
following custom token:
with the registered license user named Milo. The job runs only on the computers that
meet the specified criteria.
Filter Name Description
Active
Computers
Inactive
Computers
Computers With
Failed Jobs
Windows 2003
or 2008
Windows XP/
Vista
Windows CE
(PDAs)
Linux Displays only the computers with Linux operating systems.
Windows XP
Embedded
Windows CE
.NET
Pocket PC
(PDAs)
%#!computer@lic_os_user%. This filters out only the jobs
Displays all the active computers.
Displays all the inactive computers.
Displays all the computers where jobs have failed to execute.
Displays only the computers with Windows 2003 or 2008
operating systems.
Displays only the computers with Windows XP or Vista operating
systems.
Displays only the computers with Windows CE operating systems.
Displays only the computers with Windows XP Embedded
operating systems.
Displays only the computers with Windows CE .NET operating
systems.
Displays only the Pocket PC computers.
Creating a computer group filter
The Computer Filters dialog displays a list of all computers in a group according to the
specified criteria. Example: You can create a filter to view all the computers in a
particular group that have Windows 2008, 256 MB of RAM, and 20 GB hard disks only.
By applying the filter, you can view all the computers that meet the specified criteria in
the Details pane of the Deployment Console.
Altiris Deployment Solution™ from Symantec User’s Guide 81
To create or modify a computer filter
1. Click the All Computers group or any other computer group.
2. On the Filter bar in the Details pane, click Setup > New to create a new filter.
Or
Click Setup > Modify.
3. Type a name for the filter and click Add. The Filter Definition page appears.
4. Define the conditions you want to filter.
Click the Field box to see a list of computer values stored in the Deployment
Database. Select a computer value and set the appropriate operation from the
Operations list. In the Value box, enter an appropriate value for the selected
database field. Example: You can choose Computer Name as the Field, Contains
as the Operation, and Sales as the Value.
5. Repeat to include other conditions. Click OK.
General options
Use the Program Options feature to set the general options for Deployment Solution.
Click Tools > Options to view the Program Options dialog.
Click a computer group in the Computers pane. The Filter feature appears
in the Details pane for the selected computer group. Click Setup to add
new filters, or to modify and delete existing computer filters.
z Console options
z Global options
z Task password options
z Domain accounts options
z RapiDeploy options
z Agent settings options
z Custom data sources options
Console options
Set basic console features for miscellaneous refresh actions and warning messages.
Scan resource files for changes every ____ seconds. Specify how frequently (in
seconds) the Deployment Console updates its view of package files in the Resources
view. See Shortcuts and resources view on page 72.
Warn user when no tasks are assigned to the 'default' condition. When a job is
assigned to computers and the default condition has no tasks assigned, a message
appears. The job has no secondary default tasks assigned if a computer in the group
does not meet the primary conditions. See Setting conditions for task sets on page 151.
Refresh displayed data every ____ seconds. Refresh the display of data accessed
from the Deployment Database. This lets you refresh console data at defined intervals
Altiris Deployment Solution™ from Symantec User’s Guide 82
Global options
instead of updating every time the Deployment Console receives a command from the
server, which can be excessive traffic in large enterprises.
Set global options for the Deployment Server system.
Delete history entries older than _____ days. Specify the number of days entries
are kept in the history before they are deleted. Enter any number between 1 and
10,000. If you don’t select this option, log entries remain in the history.
Remove inactive computers after ____ days. Specify the number of days you want
to keep inactive computers in the Deployment Database before they are deleted. The
default value is 30 days, but any number between 1 and 10,000 is valid.
Synchronize display names with computer names. Automatically update the
displayed name of the managed computer names in the console when the client
computer name changes. If this option is not selected, changes to the computer names
are not reflected in the console. Synchronization is off by default. The names do not
have to be synchronized for the Deployment Server to manage the computer.
Reschedule failed image deployment jobs to immediately retry. Immediately
retry a failed image deployment job. The program continues to retry until the job
succeeds or until the job is cancelled.
Client/server file transfer port: _____. Specifies a static TCP port for file transfers
to the clients. The default value is 0 and causes the server to use a dynamic port. This
setting is useful if you have a firewall and need to use a specific port rather than a
dynamically assigned port.
Automatically replace expired trial licenses with available regular licenses. Lets
Deployment Solution automatically assign a permanent license to the computer after the
trial license expires.
Note
Be careful when using this option. Ensure that you do not give a permanent license to
computers you do not want to manage after their trial license expires.
Display Imaging status on console. Displays the status of the imaging job on the
Deployment Console.
Remote control ports. Specifies ports for using the Remote Control feature. You have
the option to enter a primary port address and a secondary port address (Optional).
Remove task passwords when exporting or copying jobs. Specifies that you must
remove the task password when exporting or copying jobs.
Display only computers and jobs the user has rights to manage. Displays only the
computers and jobs that the user has rights to manage. If this option is not selected, all
of the computers and jobs are displayed. If this option is selected when security is
enabled and the logged-on user has administrator rights, all computers and jobs are
displayed. However, if this option is selected when security is enabled and the logged-on
user does not have administrator rights, that user’s view is restricted to see the jobs and
computers that the user only has rights to. A computer is displayed if the logged-on user
has any permission on the computer’s group or if the computer’s group inherits any
permissions from a parent folder.
Altiris Deployment Solution™ from Symantec User’s Guide 83
Do not update configuration data on a failed configuration task. If checked, does
not overwrite the data in the Deployment Solution database if a configuration task fails.
The database is not updated until a successful configuration task finishes running.
Primary lookup key(s). Specifies the lookup key type(s) used to associate a new
computer with a managed computer. The options are Serial Number, Asset Tag,
UUID, or MAC Address.
Sysprep Settings. This lets you enter global values for Sysprep. See Sysprep settings
on page 84.
Sysprep settings
View and configure the Sysprep settings for the Deployment Server.
OS product key dialog
In the OS Product Key dialog, select the suitable operating system from the
Operating System drop-down list. After you select the operating system, a list of all
product keys for the selected operating system appears. Select an operating system
from the Operating System drop-down list, and click Add to type the Product Key. You
can type up to 29 characters for the Product Key. The new product key is added to the
list of available keys of the selected operating system.
To modify a product key, select the product key to be modified, and click Edit. To
remove a product key, select the product key to be deleted, and click Remove.
Note
If the product key is being used by another task, you cannot delete the product key. You
are prompted with a message stating that the product key is being used by another
task.
Task password options
According to the network and security properties, the passwords for administrators and
users change after a certain number of days. In such a scenario, the password becomes
invalid and all jobs and tasks using the user name whose password changes must be
modified to use the new password. The Task Password option provides administrators
with a simple option to manage all password changes from a centralized location.
This feature lets you set or change user passwords from a central location, so you can
modify the password for the Copy File to, Distribute Software, Run Script,
Distribute Personality, and Capture Personality tasks when creating or modifying
jobs. However, this tab is enabled only to administrators and select users who have been
granted the appropriate privileges.
The Status field displays the results of password updates. Example: User A’s user name
and password is used in ten tasks. If you want to update the password for these ten
tasks, you can do so through the Task Password option. After the password is
updated, the Status field displays the message: Password for 10 tasks updated.
Domain accounts options
This sign-on feature retrieves the name of the administrator (or the user with
administration rights) and the password for each domain. This feature lets you avoid
Altiris Deployment Solution™ from Symantec User’s Guide 84
needing to log on for each managed computer when you run imaging and configuration
jobs.
You can provide the user credentials for the parent domain or a trusted domain in this
window. Deployment Solution supports the UPN and SAM formats, and it accepts either
the parent domain user’s credentials or the domain user’s credentials for any
configuration jobs.
Click Add to enter the Domain name. The Add Domain Account page appears. Enter
the name of the selected domain and provide the administrator credentials. Click OK.
The administrator name and domain are listed in the Domain Accounts list box.
Note
To enter the administrator user name for a Windows XP domain, you must add both the
domain name and the user name. Example: Instead of entering only the user name
jdoe, you must enter domainName\jdoe.
RapiDeploy options
This feature optimizes the multicasting ability of the RapiDeploy application in the
Deployment Server, letting you deploy images to a group of computers simultaneously,
download an image from a file server, or access a local hard drive, and manage the
imaging of several client computers concurrently.
Because RapiDeploy is more efficient when writing directly to the IP address of the
network adapter driver, you can enter a range of IP addresses when using the
multicasting feature for faster computer deployment and management. The Deployment
Server accesses the range of computers using the defined IP pairs and avoids retrieving
the computers through the port and operating system layers.
However, because some network adapter cards do not handle multiple multicast
addresses, you can also identify a range of ports to identify these computers. On the
first pass, the Deployment Server accesses the selected computers using the list of IP
numbers. On the second pass, the Deployment Server accesses the selected computers
using the port numbers or higher level operating system IDs.
Note
Multicasting images are not supported when using the UNDI driver on PXE, and are
disabled on the client.
Click Reset to set the default values.
Agent settings options
These are the default agent settings for new computers. Click Change Default
Settings to change Windows Agents Settings for Windows and DOS. The Change
Default Settings option is enabled only if you select the Force new agents to take
these default settings or the Force new Automation agents to take these
default settings option. Set Deployment Agent settings for new computer accounts or
set Deployment Agent settings for DOS for new computers. See Deployment agent
settings on page 110 and Deployment Agent settings for DOS on page 116.
These default settings are applied only for new client computers that have never
connected to the Deployment Server, and have no information stored in the Deployment
Database. These settings are not for the existing managed computers, nor are these
settings applied when setting properties using the Remote Agent Installer.
Altiris Deployment Solution™ from Symantec User’s Guide 85
When the Deployment Agent connects, the Deployment Server verifies if the computer
is a new or an existing computer. If the client computer is new and if the Force new
agents to take these default settings option is selected, the Deployment Agent on
the client computer receives the default settings established in the Options > Agent
Settings dialog. If the computer is recognized as an existing managed computer, it uses
the existing agent settings. The same process occurs for automation agents if the Force
new Automation agents to take these default settings option is selected.
Force new agents to take these default settings. Select this option to force the
default settings when adding a new computer.
Force new Automation agents to take these default settings. Select this option to
force the default settings when adding a new automation agent connects.
Custom data sources options
This option lets you set up credentials to authenticate to external Deployment
Databases and other Microsoft SQL Server databases to extract data using custom
tokens. Click Add to enter an administrator alias and other login information for the
Microsoft SQL Server (or MSDE) hosting the desired Deployment Database.
The information required to create a custom data source entry is listed below:
Alias. The alias name you want to use when referencing the external SQL database.
Server. The name of the external SQL database server or IP address.
Database. The name of the external database from which you want to extract data.
Use Integrated Authentication. This option authenticates to the external
database using the domain account you are currently logged on as.
User name and Password. When the integrated authentication is not being used,
you must provide a user name and password to authenticate to the external
database.
Allowed Stored Procedures. Click this tab to modify the existing list. See Allowed
stored procedure list on page 86.
Allowed stored procedure list
Click Allowed Stored Procedures to identify the stored procedures from the selected
custom data source. You can now select from the list of available stored procedures in
the data source. This lets you call stored procedures outside of the Deployment
Database (eXpress database) using custom tokens within scripts or answer files.
Virtual centers options
You can keep a list of all VMware Virtual Center Web services. The hosts and virtual
computers from each Virtual Center that have corresponding computers in the
Deployment Database appear in the computer tree. These virtual computers appear
under the Virtual computers node in the Computers pane.
Click Add. On the Virtual Center page, enter the Display name, Server hostname,
and Username. By default, the port number is displayed. You can also set up a
password for the selected user.
Altiris Deployment Solution™ from Symantec User’s Guide 86
Security in Deployment Solution
Deployment Solution provides a security system based on associating job and computer
objects with user and group permissions, letting IT personnel be assigned to different
security groups to manage operations on specific computer groups or job folders. Each
security group can perform only a defined scope of deployment operations on each
computer group or job folder. Additionally, each user can be assigned rights to access
general console features. You can also choose whether to specify that scripts on run only
on the Deployment Server.
Note
Security rights and permissions set in one console are enforced in all Deployment
Consoles.
To set general security rights, click Tools > Security and add a user name
and password. You can create users and groups and set scope-based rights.
See Best practices for Deployment Solution security on page 87, Enabling security on
page 88, Setting permissions on page 92, Groups on page 89, and Rights on page 90.
To set feature-based permissions for specific computers or jobs, select the
object in the console, right-click and select Permissions.
Best practices for Deployment Solution security
Deployment Solution is based on defining groups of users and groups of computers and
jobs, and associating one with another. We recommend that you first create user groups
based on administration duties or access to levels of deployment operations. For
example, You probably set up a group with full Administrator rights. This group has
access to run all operations on all computers using all types of jobs. No permissions
need to be set on each computer group or job folders for the Administrator group
because this has full rights to all features and resources.
However, you can also set up a Technician group that has only basic access and
permissions limiting deployment operations. This prohibits members of the group from
re-imaging the Server computer group or scheduling Distribute Disk Image jobs. You
can explicitly Allow or Deny the group from running these operations for each
computer group in the Computers pane or each job folder in the Jobs pane.
After creating the Technician group, you can limit their rights to set General Options and
set permissions on each computer groups and job folder for the group. See General
options on page 82. You can select the computer group, right-click it and select
Permissions. Select the group name in the left pane, and click Allow or Deny for a list
of deployment operations. Example: You can select the Deny check boxes for Restore,
Schedule Create Disk Image, and Schedule Distribute Disk Image.
Additional groups can be created with different rights and permissions depending on the
needs and responsibilities in the IT team. If users are assigned to multiple groups, the
Evaluate Permissions and Evaluate Rights features are sorted and display effective
permissions and rights.
Altiris Deployment Solution™ from Symantec User’s Guide 87
Enabling security
You can enable security by first creating a group with Administrator rights, adding a user
to the Administrator group, and selecting Enable Security.
Note
When the Administrator Right is selected, you do not need to select any other rights
because the Administrator Right implies that all other rights are selected.
1. Click Tools > Security.
2. Click the Manage User Groups tab and click Add. The Add User Group dialog
3. Select the authentication type. You can add a DS group or a group from the Active
4. Click DS Group.
5. Type a name and description in the Add User Group dialog. Click OK.
The Security dialog appears.
appears.
Directory. To add groups from Active Directory, see Adding groups from the Active
Directory on page 90.
Note
The Browse option is disabled for Local Group.
The group name appears in the window.
6. Select the new group name and click Rights.
7. Select Administrator in the Rights dialog. This assigns complete rights and
permissions to the group. Click OK, and click Close.
8. On the main Security dialog, click the Manage Users tab, and click Add.
The Add User Account dialog appears.
9. Select the authentication type. You can add a DS user or a user from the Active
Directory. To add users from the Active Directory, see Adding users from the Active
Directory on page 89.
10. Select the DS User option in the Add User Account dialog.
Note
The Browse option is disabled for DS User.
11. Type the user name, full name, and password. Retype the password, and enter a
description for the user. Click OK.
12. Select the user name in the main Security dialog. Click Rights.
13. Click the name of the new Administrator group in the Groups window. This assigns
the new user to the new group with Administrator rights. Click OK.
Note
You can assign the user Administrator rights directly, but we recommend you to
assign users to groups. See Best practices for Deployment Solution security on
page 87.
Altiris Deployment Solution™ from Symantec User’s Guide 88
14. Now that you have a user with administrator rights, select the Enable Security
box.
Security is now enabled. You can now create users and groups and assign permissions to
computer groups and job folders.
Adding users from the Active Directory
You can add users from the Active Directory.
1. In the main Security dialog, click the Manage Users tab, and click Add.
2. Select the AD User option in the Add User Account dialog.
3. If you know the user name, type it in the User name field, or click Browse to
select the user from the Active Directory.
The password field is deactivated because the user is being added from the Active
Directory.
Note
You can add only one user at a time. To import users, see Importing users from the
Active Directory on page 89.
4. Enter a description for the user in the Description box.
5. Click OK.
Importing users from the Active Directory
You can also import users from the Active Directory. To open a standard Windows Active
Directory dialog, from the main Security dialog, click the Manage Users tab, and click
AD Import. Add users from Active Directory, not groups. The users are added to the
Deployment Database. However, you still need to assign the users to security groups
with appropriate rights and permissions.
Groups
Note
When logging on with the imported AD account, Deployment Solution accessed the
Windows Active Directory server to validate the user password.
Evaluate rights
Click Evaluate Rights to identify the combined rights of the selected user and its user
group(s). This feature identifies effective rights for each user by resolving any possible
conflicts between multiple group settings.
Assign the user to previously created groups. If you are enabling security, you can
assign the user to a group with Administration rights.
To add groups, from the Security dialog, click the Manage User Groups tab, and click
Add. Select the authentication type, and type the required details. You can view the
members of any group by clicking the group in the Manage User Groups dialog and
clicking View Members.
See also Best practices for Deployment Solution security on page 87 and Enabling
security on page 88.
Altiris Deployment Solution™ from Symantec User’s Guide 89
Adding groups from the Active Directory
You can add users from the Active Directory.
1. In the main Security dialog, click Manage User Groups tab, and click Add.
2. Select AD Group in the Add User Group dialog.
3. If you know the group name, enter it in the Name field, or click Browse to select
the group from the Active Directory. A list of groups, along with their descriptions,
appears in a new dialog. Select a group from the list and click OK.
4. The Name, Domain, and Description are displayed. However, you can modify the
description. Click OK.
The newly added group appears in the main Security dialog.
Importing groups from the Active Directory
You can also import users from the Active Directory. In the main Security dialog, click
the Manage User Groups tab, and click AD Import to open a standard Windows
Active Directory dialog. Add groups from Active Directory. You can choose a domain
from the Domain List, and select a group from the displayed list. The group is added to
the Deployment Database. However, you still need to assign the users to security groups
with appropriate rights and permissions.
DS authentication
Rights
If the user is already in the Deployment Database and tries to access the Deployment
Console, the Deployment Server checks the authentication with the logged on user, and
upon matching does not prompt for user credentials. Similarly, if a group is already
added in the Deployment Database and if a logged-on user, who is a part of the AD
group, tries to access the Deployment Console, the Deployment Server does not prompt
for credentials.
This dialog lets you set general rights for a user or group. To verify, add, or change the
rights assigned to each console user, use the following steps:
1. On the Security page, select a user and click Rights.
2. Click the Rights tab.
3. Select the check box for each right you want to grant.
4. After selecting all applicable rights, click OK to save your changes.
A brief explanation of each Deployment Server right that can be assigned is given
below:
Administrator. Lets the user access all features available on the Deployment
Console. You must have Administrator rights to enable security. See Enabling
security on page 88.
Options Console. Lets you set the view and the Console options. See Console
options on page 82.
Options Global. Lets you set the view and the Global options. See Global options
on page 83.
Altiris Deployment Solution™ from Symantec User’s Guide 90
Options Domain Accounts. Lets you set the view and the Domains Accounts
options. See Domain accounts options on page 84.
Options RapiDeploy. Lets you set the view and the RapiDeploy options. See
RapiDeploy options on page 85.
Options Agent Settings. Lets you set the view and the Agent Settings options.
See Agent settings options on page 85.
Options Custom Data Sources. Lets you create Custom Data Sources options.
See Custom data sources options on page 86. You can view, create, and set
database aliases.
Manage Rejected Computers. Lets you view rejected computers in Deployment
Solution and change their status. See Rejected computers in Deployment Solution
on page 94.
Refresh Clients. Lets you refresh Deployment Solution clients. See Refresh
Deployment Solution on page 94. You can use the View > Refresh clients <CTRL
+F5> feature to disconnect and reconnect client computers.
Allow Scheduling on All Computers Group. Lets you schedule jobs on All
Computers. If you have administrator rights, by default, you have the rights to
schedule job on all computers, irrespective of the check box state. You can grant
this right to a specific user or a group.
Import/Export. Lets you import and export jobs and import computers as well.
See Importing and exporting jobs on page 193 and Importing new computers from
a text file on page 100.
Options Task Password. Lets you centrally update passwords for users and
groups so they can access the Copy File to, Distribute Software, Run Script,
Distribute Personality, and Capture Personality tasks. You must have administrative
rights to access this option. See Task password options on page 84.
Use PXE Configuration Utility. Lets you use the PXE Configuration Utility.
Options Virtual Centers. Lets you view and add options for Virtual Centers. See
Virtual centers options on page 86.
Run Script on DS. Lets you choose to run scripts either on the server or on the
client.
Access to Master Return Code. If unchecked, restricts access to the master
return code list. If checked, lets you modify the master return code list.
Allow DeployAnywhere. Lets you run DeployAnywhere to create hardware
independent images. This functionality is provided by Symantec Ghost Imaging
Foundation (GIF). To add and manage drivers, on the Tools menu, click the new
DeployAnywhere option. To enable this functionality, select the DeployAnywhere
option from the deploy image task. For more information about DeployAnywhere or
Ghost, see the Symantec Ghost Imaging Foundation documentation.
Restricting the number of computers
This dialog lets you restrict the maximum number of computers that can be selected.
Restricing the number of computers
1. On the Security page, select a user and click Rights.
2. Click the Restrictions tab.
Altiris Deployment Solution™ from Symantec User’s Guide 91
3. Type the maximum number of computers that each job can be scheduled on.
4. Check the box if you want this user to be able to schedule jobs to run immediately.
5. Click OK to save your changes.
Setting permissions
Set permissions for jobs, job folders, computers, and computer groups. See Best
practices for Deployment Solution security on page 87 for additional design tips.
Setting permissions
1. Right-click on a computer group or job folder (or individual computers and jobs) and
select Permissions. The Object Security dialog appears.
2. Click the Groups tab and select a group name. Or click the User tab and select a
user name.
3. From the list in the right pane, select if you want to Accept or Deny permission to
run the operations on the selected computer or job objects. These permissions
include access to remote operations using Deployment Solution and features for
scheduling Deployment tasks. See Remote operations using Deployment Solution on
page 122 and Deployment tasks on page 155.
4. Select the Allow or Deny check box to explicitly set security permissions for these
Deployment Solution features for the selected objects.
Note
Administrators have access to all objects with unrestricted rights and permissions.
You cannot explicitly deny permissions to computer or job objects for users with
administrator rights.
5. To assign permissions to multiple groups, click Set permissions on all child
objects to assign the values without closing the dialog.
Note
You can set permissions for all jobs and computers by clicking in the Jobs pane or
Computers pane without selecting a job or computer object.
Permission rules
Permissions received through different sources may conflict with each other. The
following permission rules determine which permissions are enforced:
Permissions cannot be used to deny the user with Administrator console rights
access to use any console objects or features.
User permissions take precedence over Group permissions.
Deny overrides Allow. When a user is associated with multiple groups, one
group could be allowed a permission at a particular level while the other group
is denied the same permission. In this scenario, the permission to deny the
privilege is enforced.
Permissions do not flow down an object tree. Instead, the object in question
looks in the current location and up the tree, and uses the first permission it
finds.
Altiris Deployment Solution™ from Symantec User’s Guide 92
If a console user does not have permissions to run all tasks the job contains,
the user cannot run the job.
Evaluate permissions
Click Evaluate Permissions to identify the combined permissions of groups and
containers with conflicting permissions. This feature identifies effective permissions for
each object by resolving any possible conflicts.
If a job includes multiple tasks and one of the tasks does not have sufficiently assigned
permissions, the whole job fails due to lack of access permissions.
Note
Permissions to schedule jobs also lets a user delete jobs in the Details pane after a job
runs. Example: If a job contains errors and does not run, no other jobs can be
scheduled. The user must delete the job before scheduling a new job.
Connecting to another Deployment Server
From the Deployment Console, you can connect to other Deployment Servers on your
LAN and manage computers outside of the network segment you are currently logged on
to. To open a connection, you must connect to the Deployment Database of the
preferred Deployment Server connection using the ODBC Data Source Administrator.
Click File > Connect to or press CTRL+O to open the Connect to
Deployment Server dialog. Enter the required information to connect to the
external Deployment Server connections using an ODBC driver.
Note
Although you are accessing another connection (another Deployment Database),
Windows remembers the last place you browsed to, which would be the Deployment
Share of the previous Deployment Server connection. You need to browse to the new
connection’s Deployment Share to access its shared folder that contains its RIPs,
images, executables, and other resources.
Connecting to a new deployment database
1. Click New. The Define Connection Information dialog appears.
2. Enter a name for the connection to be opened.
3. Establish an ODBC data source.
a. Click ODBC Administrator.
b. Click the System DSN tab, and click Add.
c. Select the SQL Server driver source and click Finish.
d. In the Create a New Data Source to SQL Server dialog, enter a name and
description for the data source.
e. If an entry for your server already exists, select it from the menu. Otherwise,
Altiris Deployment Solution™ from Symantec User’s Guide 93
enter the name of the server hosting your remote SQL server in this field. Click
Next.
f. Click Next in the Create a New Data Source to SQL Server dialog to accept
the default settings for authentication.
g. Select the Change the default database to option and select eXpress from
the drop-down list. Click Next.
h. Click Finish. The specifications for the new ODBC data source appear.
i. Click Test Data Source to verify that the source is reachable.
j. Click OK. You return to the main ODBC Data Source Administrator dialog
with your new data source listed in the System DSN tab. Click OK.
4. From the ODBC Data source name drop-down list in the Define Connection
Information dialog, select the new Data Source name you just created.
5. In the Installation Directory path field, enter or browse the full UNC path (or
path using any locally mapped drive) to the directory of the required Deployment
Server, such as:
\\server\express or H:
6. Click OK.
Rejected computers in Deployment Solution
When an unwanted managed client computers attaches to your Deployment Solution
system, you can right-click the computer in the Computers pane and select Advanced
> Reject Connection. You can view these rejected computers by clicking View >
Rejected Computers.
The rejected computers are prohibited from being active in the Deployment Database.
They are identified and rejected by their MAC address.
You can remove computers from the Rejected Computers list by selecting it and clicking
Accept Computer(s). This lets the computer to attach again and be managed by the
Deployment Solution system.
Refresh Deployment Solution
You can refresh the Deployment Console by clicking View > Refresh Console (or
pressing <F5>) to update data from the Deployment Database. You can also click View
> Reset Client Connections (or press Ctrl+<F5>) to disconnect and reconnect all
managed computers in a Deployment Server system.
When you refresh the managed client computers, you are asked if you want to
disconnect all computers. Click Yes. This tells the Deployment Agent to shut down and
restart. It also creates additional network traffic when all computers connect and
disconnect. By refreshing the managed client computers, you ensure that you are
viewing the current status and state of all computers resources in your system.
Altiris Deployment Solution™ from Symantec User’s Guide 94
Chapter 13
Managing computers
From the Computers pane of a Deployment Solution console, you can identify, deploy,
and manage all computer resources across your organization, including desktop
computers, notebook computers, network and Web servers, and network switches. You
can quickly modify any computer’s configuration settings or view its complete
management history. Or you can take on big projects, such as completely re-image the
hard drive, restore software, and migrate personality settings for a whole department.
You now have management of all your computer resources available from a Windows or
Web console from any location.
All computer resources can be accessed and managed as single computers or organized
into computer groups with similar hardware configurations or deployment requirements,
letting you run deployment jobs or execute operations on multiple computers
simultaneously. You can use search features to locate a specific computer in the
Deployment Database, or set filters to sort computers by type, configuration, operating
system, or other criteria.
Manage with computer icons. Major computer types are identified by a computer icon
in the console, with a list of scheduled jobs and operations associated with each
computer. In the Deployment Console, you can assign and schedule deployment jobs to
computers or groups by dragging the computer icon to a job in the Jobs pane, or vice
versa.
See Viewing computer details on page 96.
Computer icons appear in the Computers pane of the Deployment
Console, where they can be organized into groups. To assign and schedule
a job on a computer in the Deployment Server Console, drag a computer
Add new computers. Deployment Solution lets you add new computer accounts and
set configuration properties for new computers before they are recognized by the
Deployment Server system. Preset computer accounts automatically associate with new
computers when they start up, or can be associated with pre-configured computers.
See Adding new computers on page 98.
icon or group icon to a job icon.
Click New Computer on the console to create a new computer account.
You can also click File > New > Computer or right-click in the
Computers pane and select New Computer.
When the new computer starts up, you can assign it a preset account.
Click New Group on the console to add a new group in the Computers
pane of the Deployment Console. You can also click File > New >
Computer Group or right-click in the Computers pane and select New
Group.
Altiris Deployment Solution™ from Symantec User’s Guide 95
Deploy to groups of computers. Organize computers by department, network
container, hardware configuration, software requirements, or any other structure to
meet your needs. You can deploy and provision computers on a mass scale.
To filter computers in a computer group to schedule jobs only to the appropriate
computer types, see Computer filters and job conditions on page 80.
Configure Computer Agents. See the property pages for modifying Deployment Agent
settings.
See Deployment agents on page 109.
View and configure computer properties. You can modify computer settings for
each computer from the console. Or you can view the Computer Properties page for
detailed access to a computer’s hardware, software, and network property settings.
See Computer configuration properties on page 101 and Computer properties on
page 119.
Run remote operations from the console. Perform operations quickly in real time
from a Deployment Console. Restore a computer to a previous state, configure property
settings, send a file, remote control, chat, set security, run deployment jobs, or select
from additional management commands.
See Remote operations using Deployment Solution on page 122.
Build and schedule jobs. Build deployment jobs with one or more management tasks
to run on selected computers. Create jobs, add tasks, and assign the job to computer
groups. Jobs can be organized and assigned for daily tasks or to handle major IT
upgrades.
See on page 145.
Manage Servers. Deployment Solution also manages network or Web servers to
administrate high-density server farms or server network resources across your
organization.
See the Deployment Solution Reference Guide.
Viewing computer details
In Deployment Solution, a computer resource is identified in the console with a
distinctive icon to display the computer type — Windows desktop or notebook, server, or
Linux operating system — and its current status. These computer icons change to
convey the state of the computer, such as the log on status, server waiting status, or
user with a timed license status. You can also view the status of the jobs assigned to the
selected computer in the Details pane of a Deployment Console.
See Viewing job details on page 145.
The following is a sample list of computer icons displayed in each Deployment Console,
identifying the computer type and state.
A computer connected to the Deployment Server with a user logged on.
Altiris Deployment Solution™ from Symantec User’s Guide 96
A computer connected to the Deployment Server, but the user is not logged
on.
A computer with a time-limited user license and a user logged on.
A computer not currently connected to the Deployment Server, but known to
the Deployment Database.
A pre-configured computer with values defined in advance using the New
Computer feature. As soon as the computer connects, the Deployment
Server recognizes the new computer and this icon appears. See Adding new
computers on page 98.
A managed computer waiting for user interaction before running deployment
tasks. This icon appears if the Workstations check box is selected in Initial
Deployment. See Sample jobs on page 196.
A computer identified as a master computer used to broadcast images to
other client computers.
A managed server connected to the Deployment Server with a user logged
on. Additional icons identify different states of server deployment.
A managed Linux computer connected to the Deployment Server with a user
logged on. Additional icons identify different states of Linux computer
deployment.
Physical view of Rack/Enclosure/Bay components for high-density
server systems. These icons appear as physical representations to
allow management of different levels of the server structure. In
addition, server icons identify logical server partitions. See Bay on
Select the New Computers or All Computers group to run jobs or
operations for these default groups identified by an icon in the Computers
pane.
page 121 for properties and rules to deploy Rack/Enclosure/Bay
servers.
Additional computer groups can be added to the Computers pane to
organize similar computer types or to list computers of similar departments
or locations. Click the New Group icon on the toolbar or select File > New >
Altiris Deployment Solution™ from Symantec User’s Guide 97
Computer Group to create a new group.
See also Deployment agents on page 109.
Adding new computers
Computers can be added to the Deployment Database using the following methods:
z Install the Deployment Agent. If you install the Deployment Agent to a computer
with the operating system already installed, the computer is added automatically to
the Deployment Database at startup. New computers with the Deployment Agent
installed are added to the All Computers groups (unless otherwise specified in the
Deployment Agent configuration). You can move the computer to another group if
required.
z Use Initial Deployment to configure and deploy new computers booting to
automation. Starting up a new computer with the Automation Agent lets you
image the hard drive, assign IP and network settings, distribute personal settings
and software, and install the Deployment Agent for new computers. Using Initial
Deployment, you can associate new computers with pre-configured computer
accounts. These newly configured computers appear in the New Computers group.
See Sample jobs on page 196.
z Create or import computer accounts from the Deployment Console. You can
add new computers using the New Computer feature or import computers using a
delimited text file. You can pre-configure computer accounts by adding names and
network settings from the console. See Creating a new computer account on
page 99.
About new computers
When a new computer starts up, if Deployment Server recognizes the MAC address
provided in a New Computer account or import file, it automatically associates the user
account at startup with the New Computer icon. If this value is not provided, the
computer appears as a pre-configured computer account, letting you associate it with a
new computer.
The New Computer icon appears for a new computer if the MAC Address is
provided when creating a new computer account using any import or new
computer account feature.
A pre-configured computer account icon appears if specific hardware data
(MAC Address) is not known. As soon as the computer starts up and is
associated with a pre-configured computer account, Deployment Server
recognizes the new computer and this icon appears.
Pre-configured computer account
A pre-configured computer account can be associated with a new computer using the
Initial Deployment feature. You can create multiple pre-configured computer accounts
and associate the account with a new computer when it boots to automation. At startup,
the configuration settings and jobs assigned to the pre-configured computer account can
be associated with the new computer.
Deployment Solution provides features to create a pre-configured computer account to
pre-define a computer’s configuration settings and assign customized jobs to that
Altiris Deployment Solution™ from Symantec User’s Guide 98
computer even if you do not know that computer's MAC address. This type of computer
is known as a pre-configured computer account.
Pre-configured computer accounts offer a lot of power and flexibility, especially when
you need to deploy several computers to individual users with specific needs. Preconfiguring a computer account saves your time because you can configure the
computer before it arrives on site. You can set up as much configuration information
(such as computer name, workgroup name, and IP address) as you have about the
computer and apply it to the new computer when it comes online. You can also prepare
jobs prior to the arrival of the new computer to deploy the computer using customized
images, .MSIs, and .RIPs, based on a user's specific needs.
Example: A user might request Windows 2003 with Office and virus scanning software
installed on the new computer. The user also might request that the computer
personality (customized user settings, address books, bookmarks, familiar desktop
settings) be migrated from the old system. You can build any job, including any of the
available tasks, and assign it to a pre-configured computer account.
When the new computer finally arrives, you are ready to deploy it because you have
done all the work in advance. Boot the client computer to automation, and the new
computer can connect to the server and become a managed computer. Now you can
perform an Initial Deployment or run a deployment imaging job on the new computer.
Creating a new computer account
You can create computer accounts for individual computers or for computer groups.
When creating new accounts for computer groups, you can automatically assign new
names and associate them with existing computer groups or the New Computer group.
Click the New Computer icon on the console to create a new computer
account. You can also click File > New > Computer or right-click in the
Computers pane and select New Computer.
To create a new computer account
1. In the New Computers dialog, click Add. The New Computer Properties page
appears.
2. Enter names and configuration settings for each new computer account using the
Computer Configuration screens. See Computer configuration properties on
page 101 for a description of the configuration settings.
Note
If you do not enter a MAC address, the computer you create or import becomes a
virtual computer.
3. (Optional) Click Import to add new computers from a delimited text file. See
Importing new computers from a text file on page 100.
4. Click OK.
A pre-configured computer account icon appears in the Computers pane.
When a new computer starts up, you can assign it to this preset account.
Altiris Deployment Solution™ from Symantec User’s Guide 99
To create and associate multiple computer accounts
You can create computer accounts and automatically assign predefined names. These
computer accounts can be associated with computers in a selected computer group.
1. Select a computer group, including the New Computers group (empty groups
cannot access features). Right-click and select the Configure command. The
Computer Configuration Properties dialog appears.
2. Enter names and configuration settings for each new computer account using the
Computer Configuration screens. See Computer configuration properties on
page 101.
3. (Optional) Click the Microsoft Networking category and click Define Range.
a. In the Fixed text field, enter a base computer name. Example: Sales.
b. In the Range start field, enter a numeral or letter to add to the Fixed Text
name. This creates a unique name for a group of computers starting with the
specified character. The range of numerals and letters is assigned to the
computer name. Example: Enter 3.
c. Select Append to add the range of numerals after the computer name. Clear
the check box to add names before the computer name.
In the above example, the Result field displays computer names beginning
with Sales3 and ending with Sales12.
4. Click Associate. You can now associate computers in a group (including the New
Computers group) with the multiple computer accounts.
5. Click OK.
Importing new computers from a text file
You can import computer configuration data using delimited text files (.TXT, .CSV, or
.IMP files) to establish multiple computer accounts in the Deployment Server database.
This file contains all configuration data for a new computer, including all settings in the
Computer Properties of a selected computer. See Computer properties on page 119.
1. Click File > Import/Export > Import Computers.
A dialog appears, letting you select import files. These files can have .XML, .TXT,
.CSV, or .IMP extensions.
2. Select the import file. Click Open.
If a correctly formatted computer import file is selected, a message appears,
informing you that the computer import is complete and identifying the number of
computers added. Click OK.
New computers appear as pre-configured computer accounts in the Computers
pane of the console (as single computers or in groups), and any jobs imported from
the import file are listed in the Jobs pane.
Note
Jobs can be added to the import file. They can be created and associated with the
new computers.
If the computer import file is incorrectly formatted, a warning appears, stating that
the computer import file is incorrect.
Altiris Deployment Solution™ from Symantec User’s Guide 100
3. Edit computer settings by selecting a computer from the list and clicking
Properties.
4. The Computer Properties page opens. You can edit or add values not set in the
import file, such as computer name, TCP/ IP settings, user name, and other
configuration settings.
5. Click OK.
The imported computers appear in the Computers pane of the Deployment
Console.
You can also import a computer to be placed in a sub-folder in the Computers pane and
create a job to be associated with the imported computer. See the sample import file for
additional information.
Referencing the sample import file
When creating an import file, use either the ImportComputers55.txt file or the
ImportComputers55.xls file in the Samples folder of the Deployment Share. The
ImportComputers55.txt file provides a sample import template you can access to test
the Import feature. The ImportComputers55.xls file is a Microsoft Excel spreadsheet
that lets you add values to each identified column and save the file as a delimited TXT
file to import to the Deployment Database. The sample import file places a computer
(DB Computer 1) in a computer group (Test Group) and adds a job (Test Job) associated
with the imported computer.
Deploying new computers on a mass scale
If you need to deploy large numbers of computers (100 to 5,000), consider using a
barcode scanning system to collect user information (names, operating system, and
application needs) and computer information (MAC address, serial numbers, asset tags).
You can save this information to a file, which can be imported into the New Computers
List View. Depending on the number of incoming computers, the amount of information
you have about those computers, and the needs of individual users, you can use either
the pre-configured computer account method (best for smaller numbers of new
computers) or the Initial Deployment job (best when deploying generic setups by
departments or groups).
If you are using an import file, ensure you know the primary lookup key. This
information is required by Deployment Server to set up a unique computer. The primary
lookup key can be the Serial Number, Asset Tag, UUID, or MAC address.
Computer configuration properties
These computer property settings can be viewed, set, and modified when performing
the following computer management operations:
z Adding new computers on page 98.
z Modifying configuration on page 182. Create or edit property settings in a
deployment job.
z Sample jobs on page 196.
Click the configuration group icons to set additional computer property values. After you
edit these computer property settings, the computer restarts so that the changes can
take effect.
Altiris Deployment Solution™ from Symantec User’s Guide 101
General configuration settings Set the most important value from this property
Microsoft networking
configuration settings
TCP/IP configuration settings Set the TCP/IP addresses for one or more
NetWare client configuration
settings
Operating system licensing
configuration settings
User account configuration
settings
General configuration settings
The General category provides access to important property settings that
are also listed in other configuration categories. Click other category icons
to view and set additional configuration properties.
sheet. It includes the name of the computer in
Deployment Solution, the NetBIOS name of the
computer, the MAC address and other settings.
Set the Windows name of the computer and the
Workgroup or Domain settings.
network adapters.
Set Novell Directory Services client logon
options.
Set the registered user name and view the
hashed installation license key for the installed
operating system.
Set the local Windows user account values.
Field Description
Name Provides a name that appears in the Deployment Console (not the
BIOS name of the computer).
Note
The Name field is disabled for multiple computer configuration.
MAC address The unique identification address of the network adapter.
Serial Number The serial number of the computer’s motherboard.
Asset Tag The asset tag of the computer, if available.
Computer
Name
IP Address Current IP address of the computer. Multiple IP addresses are
Registered
User
License key The hash value rendered from the OEM key or 25-digit license key
User name The user name for the local Windows user account.
Full name The full name for the local Windows user account.
The Windows name of the computer.
listed in this box.
The name of the user who registered the operating system
software.
required when installing the operating system.
Altiris Deployment Solution™ from Symantec User’s Guide 102
Field Description
Password The password for the local Windows user account.
See also Computer configuration properties on page 101.
Microsoft networking configuration settings
Enter the computer name and workgroup or domain property settings for
the managed computer. If you are using Active Directory, you can add
computers to a domain and a specified organizational unit (OU).
Use Sysprep to generate unique SIDs. This can be done by manually running the utility
or selecting this feature while installing the Deployment Agent.
Field Description
Computer
name
Use Token for
computer
name
This is the NetBIOS name for the computer. The name must be
unique in the network and limited to 15 characters.
Note
This field is disabled for multiple computer configuration.
Select this check box to specify the computer name using tokens.
Selecting this option enables the Select Token option and
disables the Define Range option.
Note
This option is applicable for multiple computers and not for single
computers.
Select Token: You can select one of the following tokens from the
drop-down list.
z %NAME%- Complete computer name.
z %NICyMACADDR%- MAC address of the computer with NIC
specific number. Selecting this option enables the NIC Number
option. You need to specify the NIC number, which ranges
from 1-8.
z %SERIALNUM%- Serial number from SMBIOS.
z %NODENAME%- First 8 characters of actual computer name.
The NIC Number textbox is visible for NIC number input; the
default value is 1.
Altiris Deployment Solution™ from Symantec User’s Guide 103
Field Description
Define Range Click to create a sequential range of computer names. The
Computer Name Range dialog appears. For new computers, set
a range of names for multiple new computers.
z Fixed text. Enter the text portion of the name that you want
to associate with each computer. Example: MARKETING.
z Range start. Enter a whole number to add to the fixed text.
Example: 1.
z Append. Select this check box to add the range after the
fixed text in the computer name. If you clear this box, the
number is added as a prefix to the fixed text.
z Result. View an example of the selected names that is
assigned to each computer. Example:
MARKETING1...MARKETING6.
Note
When setting name ranges, do not set names using multiple
Modify Configuration tasks and assigning the names by setting
conditions for task sets. If you set up two separate name ranges
to be assigned by separate conditions, the computer names
increment irrespective to the base name. See Modifying
configuration on page 182, Setting conditions for task sets on
page 151, and Computer configuration properties on page 101.
Workgroup Select this option and enter the name of the workgroup to place
the managed computer.
Note
You can select either the Workgroup or the Domain option.
Domain Enter either the fully qualified domain name, the DNS domain
name, or the WINS domain name. You can enter the fully qualified
domain name (Example: mjones.yourcompany.com), and specify
the organizational unit (OU) using this format: OU/newOU/users.
The complete entry to place the computer in the users OU is the
following:
TCP/IP configuration settings
Altiris Deployment Solution™ from Symantec User’s Guide 104
mjones.yourcompany.com/OU/newOU/users
internal.myServer.org/New Corporate Computer OU/
Mail Room/Express Mail Servers
Enter TCP/IP settings for one or more network adapters. Click Advanced
to setup IP Interfaces, Gateways, DNS, WINS, and Static Routes. For
computer groups, click Associate to assign a range of pre-defined IP
addresses.
Field Description
Host name The DNS name of a device on a network. The name is used to
locate a computer on the network.
Network
adapter
A list of all network adapters installed in the selected computer.
The network adapter with the lowest bus, device, and function
number is the first listed (NIC0 - zero based). If the bus, device,
and function information cannot be determined for a network
adapter, it is enumerated in the order it is detected.
When configuring multiple network adapters, ensure that one
network adapter is not using an Intel Universal NIC driver
(commonly called UNDI driver) to connect to Deployment Server.
If one network adapter uses the native driver and one uses an
UNDI driver, your computer appears twice in the console.
z Add. Enter new settings for additional network adapters
installed on the client computer.
You can add “virtual” network adapter settings to send a job
to a computer group containing computers with varying
numbers of network adapters. If a computer in the group has
only one network adapter, it is configured only with the IP
settings listed first. If IP settings are provided for additional
network adapters not present in the computer, they are
disregarded.
If you add a new network adapter, the Remove button
appears. You can remove the new network adapter by clicking
Remove.
See also Computer configuration properties on page 101.
Description
Adapter state The state of the Network Interface Card (NIC). AClient and
z MAC Address. The MAC address is a unique number assigned
to the network adapter by the manufacturer. You cannot
change this number. The MAC address appears in this box
when you view computer configuration settings. This box is
disabled when creating a Modify Configuration task.
z DNS connection suffix. Enter this to add domain suffixes to
the root address.
z Obtain an IP Address automatically.
z Use the following IP address.
z Obtain DNS server address automatically.
z Obtain the following DNS server addresses.
z Reboot After Configuration. Restarts the computer after
configuration.
DAgent do not report limited information for disabled NICs.
Deployment Solution tracks any disabled NICs when it rebuilds or
reconfigures a computer. Users have the option of enabling,
disabling, or keeping the card in its current state.
Altiris Deployment Solution™ from Symantec User’s Guide 105
TCP/IP advanced options - IP interfaces
IP Interfaces (Linux and Windows type only). Click Add to set named interfaces for this
network adapter. You can add TCP/IP addresses to an existing network adapter card on
Linux or Windows operating systems.
Field Description
IP Address Add or modify an IP address common to all interfaces.
Subnet mask Enter the appropriate subnet mask.
Field Description
Interface
Name
Broadcast
Address
Interface
State
Establish Linux-specific IP interface settings. Ensure you use the
“eth” syntax when naming new interfaces. Example: eth0:1 or
eth0:new interface.
Enter the Broadcast address for the specified IP interface.
The default value of the interface state is Up, which denotes that
the named interface is operating. You can shut down the named
interface by selecting Down.
See also Computer configuration properties on page 101.
TCP/IP advanced options - gateway
View Gateway addresses. Click Modify to edit an existing IP address. Use the up and
down arrows to move an address to the top of the list, which acts as the primary
address. Review all selection by clicking the TCP/IP option on the Configuration page.
Field Description
Gateway Add additional gateways for this network adapter.
TCP/IP advanced options - DNS
Click Add to set a new DNS address.
DNS server addresses, in order of use: Add additional Domain Naming Servers
(DNS) for this network adapter.
Append these DNS Suffixes (in order): Add the name of the Domain Suffix and use
the up and down arrows to set the DNS suffix search order.
TCP/IP advanced options - WINS
Click Add to set a new WINS address.
Add additional WINS settings for this network adapter. Select one of the Enable
NetBIOS over TCP/IP, Disable NetBIOS over TCP/IP, or Use NetBIOS settings
from DHCP server options for this network adapter. See also Computer configuration
properties on page 101.
Altiris Deployment Solution™ from Symantec User’s Guide 106
TCP/IP advanced options - static routes
Field Description
Destination IP address of the destination Deployment Server.
Netmask Subnet mask.
Gateway Additional gateways required to reach the destination server.
Interface IP address for the interface over which the destination can be
reached.
Metric Cost associated with the route
Flags (Linux) Enter the flag associated with a Linux-specific operating system.
Possible flags include:
U (route is up)
H (target is a host)
G (use gateway)
R (reinstate route for dynamic routing)
D (dynamically installed by daemon or redirect)
M (modified from routing daemon or redirect)
A (installed by addrconf)
C (cache entry)
! (reject route)
NetWare client configuration settings
Set Novell NetWare client values for a new or existing computer. Select
whether you want to log in directly to a NetWare server or to a NetWare
tree in the Novell Directory Service (NDS). You can specify the preferred
tree, server name, and NDS context.
Field Description
Ignore
NetWare
settings
Preferred
server
Preferred tree Select this option and enter the name of the NDS tree.
NDS User
name
NDS Context Enter the organizational unit context for the user.
Select to disregard all Novell NetWare client settings for this
computer. Clear to specify the required information.
Select this option and enter the name of the NetWare server.
Example: \\OneServer. This is the primary login server for the
NetWare client.
Enter the name of the user object for the NetWare client.
Altiris Deployment Solution™ from Symantec User’s Guide 107
Field Description
Run login
scripts
Select this option to run the NetWare client login scripts.
See also Computer configuration properties on page 101.
Operating system licensing configuration settings
Enter or view the license information for your Windows operating system
software.
Field Description
Registered
user
Organization Enter the name of the organization.
License key Enter the alpha-numeric license key. This is the hash value
Enter the name of the registered user.
rendered from the OEM key or 25-digit license key required when
installing the operating system.
See also Computer configuration properties on page 101.
User account configuration settings
Set up local user accounts for the newly imaged computer or when running
a configuration task. Enter a user name, full name, and password; and set
standard Windows login options.
Field Description
User name The user name for this local Windows user account.
Full name The full name for this local Windows user account.
Password The password for this local Windows user account.
Confirm
password
Groups Specify the Windows groups that this user belongs to as a
Confirm the password for the local Windows user account.
comma-delimited list. Example: Administrators, Marketing,
Management.
Altiris Deployment Solution™ from Symantec User’s Guide 108
Field Description
User must
change
password at
next logon
User cannot
change
password
Password
never expires
Deployment agents
To remotely manage computers from a Deployment Console, a Deployment Agent is
installed on each computer in the Deployment Server system. Deployment Agents are
provided for various computer types, including Windows, Linux, and DOS computers.
To set or modify Deployment Agent settings from the Deployment Server
Console, right-click a computer or group, select Change Agent Settings
and click Production or Automation.
To set or modify agent settings for new computers, click Tools > Options,
click Agent Settings.
Select to force the user to change the password after setting the
configuration properties.
Prohibit the user from changing the password at any time.
Select to maintain the user password.
See also Computer configuration properties on page 101.
The following Deployment Agents reside on the client computer and communicate with
the Deployment Server.
Deployment Agent on
Windows
Deployment Agent on Linux This Deployment Agent runs on Linux workstations
Automation Agent The Automation Agent is used when you create
Deployment Agent on
ThinClient CE 6.0
Deployment Agent on CE
.NET
The Deployment Agent runs on Windows computers,
including desktops, notebooks, and servers.
See Deployment agent settings on page 110.
and servers.
See Deployment agent settings on page 110.
configurations to boot client computer to automation.
This is done through Boot Disk Creator.
See Boot Disk Creator Help and Install automation
partition on page 133.
This agent runs on ThinClient Windows CE 6.0
operating systems and lets the Deployment Console
manage WinCE 6.0 based Thin Clients.
This agent runs on the CE .NET 4.2 operating
system.
Altiris Deployment Solution™ from Symantec User’s Guide 109
Notification Server Client The NS client is an Altiris agent that runs on
computers supported by the Notification Server. This
agent runs on the Deployment Server computer
when running Deployment Solution on the
Notification Server.
Deployment Server Agent This agent runs on the Deployment Server computer
when running Deployment Solution on the
Notification Server.
Install Deployment Agent to add a managed computer
When a Deployment Agent is installed on a computer, it searches the network for a
Deployment Server to attach to. When the Deployment Agent locates a Deployment
Server, the client computer is added as a record to the Deployment Database.
When the Deployment Agent for Windows is running on a computer, the user
sees a small icon in the system tray. When the icon is blue, the client
computer running the Deployment Agent is connected to the Deployment
Solution system.
When the Deployment Agent for Windows icon is clear, it shows that the client
computer is not connected to the Deployment Solution system. The agent
may be configured incorrectly, the Deployment Server is down, or other
network problems exist.
Automatically update to newer version of Deployment Agent
At times, Altiris may update versions of the Deployment Agent to enhance features. For
best performance, we recommend that all managed computers run the latest version of
the Deployment Agent. When a new version of the Deployment Agent is saved to the
Deployment Share file server, the managed computers automatically update the
Deployment Agent.
1. From the computer where Deployment Server is installed, click Start > All
Programs > Altiris > Deployment Solution > Configuration. The Altiris
Deployment Server Configuration Utility page appears.
2. Click Options.
3. Click Transport.
4. Select the Automatically update clients option and click OK.
Deployment agent settings
You can set the default agent settings when new client computers are added to the
system that the Deployment Server manages.
Altiris Deployment Solution™ from Symantec User’s Guide 110
You can also modify the properties settings for the Production or Automation Agent
through the Automation Agent.
To set or modify agent settings in the Deployment Server Console for
Windows or Linux clients, right-click the computer and select Change
Agent Settings > Production Agent Settings.
z To set or modify agent settings for the Deployment Agent, click Tools
> Options.
z Click the Agent Settings tab.
z Select the Force new agents to take these default settings check
box to set the Deployment Agent settings for all new computers.
z Click the Change Default Settings tab. Click each agent setting tab
to set the properties. See Server connection on page 112, Access on
page 113, Security on page 114, Log file on page 114, Proxy on
page 115, and Startup and shutdown on page 115.
z Click OK.
To view or modify settings from the Windows client, right-click the
Deployment Agent icon in the system tray (or double-click the client icon in
the system tray and click Properties).
When the client agent is first started, the agent establishes a connection to the
Deployment Server using the following general steps:
1. The agent service is started and initialized.
2. A TCP socket is created.
3. A connection is made to the Deployment Server.
4. The agent is updated, if required.
5. A basic inventory of the client is sent to the Deployment Server.
After the initial connection process is complete, no additional data needs to be sent to or
from the Deployment Server for the client agent to remain connected.
Note
If no Deployment Solution traffic is sent to the Deployment System agent, the TCP/IP
protocols send an occasional watchdog packet (approximately every 24 hours) to ensure
that the connection is still valid.
Deployment agent properties
Right-clicking the Deployment Agent icon gives you access to the following options:
View status. Brings up the Altiris Client Service box to observe the current status
of the Deployment Agent. You can also see the computer name, deployment server
connected to, IP address, multicast address, and MAC address. You can also watch
Deployment Agent communicate with the Deployment Server. Clicking Properties
lets you edit the Deployment Agent properties. Passwords protect this option.
About. Displays the version and licensing statement for the Deployment Agent.
Passwords do not affect this option.
Altiris Deployment Solution™ from Symantec User’s Guide 111
View log file. View the Deployment Agent log file, if you have chosen the option to
create a log file. Passwords have no effect on this option.
Clear log file. Clear the log file that has been created.
Shutdown for imaging. Make an image of a computer without using a job. This
makes the required preparatory changes to the computer before an image is made.
Failure to do this breaks the reconfiguration phase when deploying the image using
a job. Passwords protect this option.
Change Name in Console. Change how this computer is listed in the deployment
server console. This option does not change the NetBios name of the computer or
the name of the computer in the database, but only changes the name of the
computer displayed in the Computers window. Passwords protect this option.
Remove. Uninstall Deployment Agent from the computer. Passwords protect this
option.
Exit. Stops all Deployment Agent services from running but does not uninstall
Deployment Agent. Deployment Agent loads normally the next time you boot the
computer. Passwords protect this option.
User Properties. Quickly go to the User Properties page to view or make changes.
Passwords protect this option.
Admin Properties. Quickly go to the Admin Properties page to view or make
changes. Passwords protect this option.
Show Network Interfaces. View what network cards are in your computer.
Passwords protect this option.
The following configuration properties (organized using tabs in the dialog) are included
in the Production Agent Settings dialog.
Server connection Log file
Access Proxy
Security Startup and shutdown
Server connection
Connect directly to this Deployment Sever. Select this option so that the client
receiving the Deployment Agent connects to the Deployment Server you selected to
configure.
Address/Hostname. Enter the IP address or NetBIOS name of the Deployment Server
computer.
Port. Enter the port number communicating with the Deployment Server.
Enable key-based authentication to Deployment Server. Select this option to
specify mandatory authentication for client computers to connect to the Deployment
Server. This helps keep rogue computers from connecting to unauthorized Deployment
Servers.
Discover Deployment Server using TCP/IP multicast. Managed computers can use
the multicast address if they are on the same segment as the Deployment Server or if
multicast is enabled on the network routers. Ensure that the multicast address and port
match those set up on the Deployment Server. Try using defaults on both the client and
Deployment Server if you have problems while connecting.
Altiris Deployment Solution™ from Symantec User’s Guide 112
Managed computers should use the Deployment Server IP address if multicasting is
disabled on the network routers or if they are not on the same network segment as the
Deployment Server. The port number must match the number set on the Deployment
Server. Otherwise, the client computers cannot connect.
Server Name. Enter the NetBIOS name of the computer running the Deployment
Server.
Port. Enter the port number distributing the multicast address.
Multicast Address. Enter the group multicast address.
TTL. Specifies the number of routers the multicast request can pass through. Change
this setting if you want to locate a Deployment Serve r that is more than 32 routers away
(default setting) or to restrict the search to a smaller number of routers, making it
easier to find the closest Deployment Server.
Refresh connection after idle. Select the Refresh Connection after idle check box
and set the refresh time in hours or days. The Deployment Server closes the connection
after the specified time and immediately tries to re-open the connection. This sends a
message to client computers that the network is down.
The default checking is of 28800 seconds or 8 hours. We recommend keeping this
setting above 28800. Do not set this option too low—reconnecting to the Deployment
Server increases bandwidth when connecting. If this option is set too low, your client
computers will take longer to connect than to refresh their connections.
Abort files transfers if rate is slower than. Select this option to preserve bandwidth
when running deployment tasks on slower connections.
Access
Set these commands to control the way the client handles requests from the server.
Allow this computer to be remote controlled. Select to let the administrator
remotely control the selected computer. The default setting is to NOT let the computer
be remotely controlled.
Prompt the user before performing actions. You can select the following options to
prompt the user before the corresponding action is performed:
z Shut down and Restart. Prompts the user before shutting down and restarting the
computer. This feature overrides the Power Control option from the Deployment
Server to force applications to shut down without a message.
z Copy file and Run command. Prompts the user before running a program or
executing file copy commands.
z Remote Control. Prompts the user before running the Remote Control commands.
Time to wait for user response. If one of the Prompt the user before perform
actions is selected and the user is not at the computer to respond, you need to decide
whether to continue or abort the operation. Specify the time to wait for the user’s
response, and select one of the following:
Continue the operation. Select to continue if there is no response from the
user.
Abort the operation. Click to not continue if there is no response from the
user.
Altiris Deployment Solution™ from Symantec User’s Guide 113
Select when the Deployment Server is denied access to the Deployment Agent.
Select the days and set the start and end times when access to the Deployment Agent is
denied.
Security
This page lets you secure data between the Deployment Server and the Deployment
Agent, or to set a password so that the user on the client computer can only view and
modify the User Properties of the Altiris Client Settings on the managed computer.
Encrypt session communication with Deployment Server. Select to allow
encryption from this managed client computer to the Deployment Server. This lets
encrypted data transmissions between the Deployment Server and the Deployment
Agent on the client computer. If selected, the client computer can connect (but is not
required to connect) using encryption.
To enable encryption protocols, you must open the Altiris Deployment Server
Configuration Utility, click Options and select the Transport tab. Select the Allow
encrypted sessions check box to let Deployment Server transmit using encryption
protocols.
Require encrypted session with any server. Select to require encryption between
the managed client computer and the Deployment Server. If this option is selected and
the option to allow encryption in the Deployment Configuration tool is not selected, the
Deployment Server does not communicate with the Altiris Client on the managed client
computer.
Note
Selecting encryption options slows down the communication path between the agent
and the Deployment Server.
Password protect Admin properties from user. Select to let users on the managed
computer access the Admin properties only if they enter the set password. If the check
box is selected and the user does not know the password, they will have rights only to
view the User Properties, which includes only the User Prompts and Remote Control
tabs on the Altiris Client Settings dialog.
z Enter the password in the Password field and re-enter the password for
confirmation in the Confirm password field.
Hide client tray icon. Select to hide the Altiris Client icon in the system tray of the
managed computer. If you hide the icon, you must run AClient.exe with the -admin
switch to view and modify the complete administrative properties from the managed
client computer.
Log file
The Log File page controls how data is logged and saved in a Deployment Server
system, letting you save different types and levels of information to the log files. You
can save a text file with log errors, informational errors, and debug data using this
dialog.
If the log exceeds the specified size, the older data is dropped from the files. You can
maximize the size of the log file to save all selected data.
Save log information to a text file. Select this option to save information to a log file.
By default, this option is cleared. Selecting this option enables the File name and
Maximum size fields.
Altiris Deployment Solution™ from Symantec User’s Guide 114
File name. Enter the name and path of the log file. The default path is \Program
Files\Altiris\AClient\AClient.log file.
Maximum size. Enter the maximum number of bytes for each log file.
Log errors. Select this option to save only the errors returned when running a job or
operation between the Deployment Server and the Deployment Agent.
Log informational messages. Select this option to save a list of procedural steps run
on the client computer.
Log debugging information. Select this option to list comprehensive debugging
information in the text file.
Note
If the log exceeds the specified size, the older data is dropped from the files, so it is
recommended to provide maximum file size.
Proxy
Typically, remote networks on the other side of a router or switch cannot receive
multicast or Wake-On-LAN packets from the Deployment Server. Setting the managed
computer as a proxy client computer forwards or re-creates the multicast packets. A
managed client computer setup as a multicast proxy simply acts as a Deployment
Server and advertises the server’s name and IP address through multicasting. You can
also set the managed computer as a proxy to send Wake-On-LAN packets.
Set these options to control how the managed computer acts as a proxy agent,
identifying the type of traffic this managed computer forwards from the server.
Forward Wake-On-LAN packets. Select if you want the managed computer to
forward Wake-on-LAN packets.
Forward Deployment Server discovery multicast packets. Select if you want to
advertise the Deployment Server to client computers on another LAN segment or if the
client computer is on the other side of the router.
Send multicast advertisement every. Set the time in seconds, minutes, or hours for
managed computers to send a multicast advertisement.
Startup and shutdown
Delay starting jobs after system startup. Set the time in seconds, minutes, or hours
for managed computers to delay jobs until after system startup.
Specify the Windows boot drive. Specify the drive that the client computer boots
from. The default is the C drive.
Force all programs to close when shutting down. Select this option to shut down
applications when using Power Control features. The user is still prompted to Abort or
Continue the shutdown.
Synchronize date/time with Deployment Server. Select this option to synchronize
the system clock of managed computers with the time of the Deployment Server.
Prompt for a boot disk when performing automation jobs. Select this option to
prompt for a boot disk while running any automation jobs.
Advanced
Altiris Deployment Solution™ from Symantec User’s Guide 115
Loading...