Entries in Batch Files (1)

Sunday
Jun062010

Automated New PC Deployment

One of the first elective classes I took at community college was an odd class that combined A+ type hardware teaching, using the Windows command line tools, and peer to peer networking. The p2p networking stuff was interesting, but tedious enough that I haven't bothered to set it up at home.  The A+ stuff I already kknew for the most part, but the command line stuff, specifically batch files, really opened my eyes. Between the command line and the registry, you can do almost anything from a text interface.

  The idea to start using batch files to automate some of the new PC deployment tasks came to me after banging my head against imaging and deploying PCs across different hardware. See, the thing is, we're not big enough at work to have our own PC model that we order.  We tend to buy a few as we need them, then a few more. The result is we end up having many different hardware profiles. Loading a new PC from scratch is a tedious, boring process. Between applying all the updates, making all the security and configuration changes, cleaning up and defragging, it could easily take two days to get one up and running (less than 1 if it's my top priority).

  In an effort to make things more streamlined, we would get each PC to a basic starting point where everything was just the way we liked it, then we would make a duplicate image so we could just load that on new computers, thus saving many hours of tedious setup. Here's where the fun starts: Deploying an image on different hardware than the PC the image was made on was a total crapshoot. Sometimes it worked fine, sometimes it wouldn't even boot.

  Now, I thought that Microsoft's Sysprep tool was the solution to this. The idea is you get the PC set up just the way you like it, then run Sysprep, which will "reseal" the device. This regenerates the SIDs (I believe that stands for Security Identifiers, which all have to be unique on PCs in a domain), and makes you go through the set up process. You could even make an answer file to make the re-setup quick and painless. What's that you say? That sounds perfect? I thought so too! The problem is either user error or a flaw in Sysprep. I'm inclined to think it's a little bit of both.

  The problems I ran into Sysprep were twofold. One, it was still a crapshoot on whether the image would work on a PC with different hardware than the original. This one might be user error. There might be a way or place to specify that the image will be used on different hardware. I believe there is a place to add drivers, but I couldn't really figure out which drivers to add. The second problem is that Sysprep seems to have a weird anti-piracy feature built in, where it won't reset the grace period for activating Windows if you run sysprep several times on the image. The trouble I was running into was making last minute tweaks, then reimaging and re-sysprepping. After a few changes, I started getting a message saying that Sysprep wouldn't reset the grace period for activating windows. At the time, I didn't really understand what that meant and went on with my business. I found out a month later when I was trying to deploy the image to a machine and I couldn't log into Windows because it wasn't activated, and I couldn't activate it because I couldn't log in and load the network driver.

  To me, this is a flaw wit Sysprep. If anyone wanted to update their image more than five times, then Sysprep would stop reseting the grace period, meaning it'll turn PCs into brick in a month if you try to use it. I think this is partly error on my part for not being able to figure out the drivers, and a goof on Microsoft's part for making the tool counter-intuitive to use. The work around for the issue I described is basically to take an image, save it, then only run Sysprep on it when I'm about to deploy the PC. This works, and it's what I'm doing, but it feels like there should be a better tool for this type of thing.

  So that leads me back to why do I need a way to automate the setup of new PCs? I've decided that I have the best chance of successfully restoring an image to a new PC if I remove the hardware differences. So that means I need one image for each model of PC we get. If I had to set up each one of these by hand each time, it wouldn't take long for me to start looking around the office to see what I could slice my wrists with, or to try to figure out if a USB cord noose would support my weight.

  This is starting to look a little long. I think I'll end this now and save the actual trials and tribulations of my automation attempts for the next post.