ServerManagementSuite 7.5 UserGuide

Symantec ServerManagement Suite 7.5powered by Altiristechnology User Guide

Symantec Server Management Suite powered byAltiris technology User Guide

The software described in this book is furnished under a license agreement and may be usedonly in accordance with the terms of the agreement.

Legal NoticeCopyright 2013 Symantec Corporation. All rights reserved.

Symantec, the Symantec Logo, the Checkmark Logo and are trademarks or registeredtrademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Othernames may be trademarks of their respective owners.

This Symantec product may contain third party software for which Symantec is required toprovide attribution to the third party (Third Party Programs). Some of the Third Party Programsare available under open source or free software licenses. The License Agreementaccompanying the Software does not alter any rights or obligations you may have under thoseopen source or free software licenses. Please see the Third Party Legal Notice Appendix tothis Documentation or TPIP ReadMe File accompanying this Symantec product for moreinformation on the Third Party Programs.

The product described in this document is distributed under licenses restricting its use, copying,distribution, and decompilation/reverse engineering. No part of this document may bereproduced in any form by any means without prior written authorization of SymantecCorporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIEDCONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIEDWARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE ORNON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCHDISCLAIMERSAREHELD TOBE LEGALLY INVALID. SYMANTECCORPORATIONSHALLNOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTIONWITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THEINFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGEWITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer softwareas defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights inCommercial Computer Software or Commercial Computer Software Documentation", asapplicable, and any successor regulations. Any use, modification, reproduction release,performance, display or disclosure of the Licensed Software and Documentation by the U.S.Government shall be solely in accordance with the terms of this Agreement.

Symantec Corporation350 Ellis StreetMountain View, CA 94043

http://www.symantec.com

Technical SupportSymantec Technical Support maintains support centers globally. Technical Supportsprimary role is to respond to specific queries about product features and functionality.The Technical Support group also creates content for our online Knowledge Base.The Technical Support group works collaboratively with the other functional areaswithin Symantec to answer your questions in a timely fashion. For example, theTechnical Support group works with Product Engineering and Symantec SecurityResponse to provide alerting services and virus definition updates.

Symantecs support offerings include the following:

A range of support options that give you the flexibility to select the right amountof service for any size organization

Telephone and/or Web-based support that provides rapid response andup-to-the-minute information

Upgrade assurance that delivers software upgrades

Global support purchased on a regional business hours or 24 hours a day, 7days a week basis

Premium service offerings that include Account Management Services

For information about Symantecs support offerings, you can visit our website atthe following URL:

www.symantec.com/business/support/

All support services will be delivered in accordance with your support agreementand the then-current enterprise technical support policy.

Contacting Technical SupportCustomers with a current support agreement may access Technical Supportinformation at the following URL:


Before contacting Technical Support, make sure you have satisfied the systemrequirements that are listed in your product documentation. Also, you should be atthe computer on which the problem occurred, in case it is necessary to replicatethe problem.

When you contact Technical Support, please have the following informationavailable:

Product release level

Hardware information

Available memory, disk space, and NIC information

Operating system

Version and patch level

Network topology

Router, gateway, and IP address information

Problem description:

Error messages and log files

Troubleshooting that was performed before contacting Symantec

Recent software configuration changes and network changes

Licensing and registrationIf your Symantec product requires registration or a license key, access our technicalsupport Web page at the following URL:


Customer serviceCustomer service information is available at the following URL:


Customer Service is available to assist with non-technical questions, such as thefollowing types of issues:

Questions regarding product licensing or serialization

Product registration updates, such as address or name changes

General product information (features, language availability, local dealers)

Latest information about product updates and upgrades

Information about upgrade assurance and support contracts

Information about the Symantec Buying Programs

Advice about Symantec's technical support options

Nontechnical presales questions

Issues that are related to CD-ROMs, DVDs, or manuals

Support agreement resourcesIf you want to contact Symantec regarding an existing support agreement, pleasecontact the support agreement administration team for your region as follows:

[email protected] and Japan

[email protected], Middle-East, and Africa

[email protected] America and Latin America

Technical Support ............................................................................................... 4

Chapter 1 Introducing Server Management Suite ........................... 12About this Guide .......................................................................... 12About Server Management Suite ..................................................... 13Components of Server Management Suite 7.5 .................................... 14Where to get more information ........................................................ 19

Chapter 2 Setting up Windows computers ....................................... 21About deployment of Windows computers ......................................... 21About types of boot environments in Deployment Solution .................... 25Support matrix of Deployment Solution tasks for Windows .................... 27Creating and Deploying a Windows disk image ................................... 28

Preparing unknown computers to boot with WinPE image .............. 34Preparing predefined computers to boot with WinPE image ............ 42Booting managed Windows computer with WinPE image ................ 47Configuring the Sysprep imaging ............................................... 52Preparing to capture an image .................................................. 53Creating a Windows image ....................................................... 58Deploying a Windows image .................................................... 65Configuring the initial deployment settings ................................... 70

Installing Windows OS on client computers ........................................ 73Installing a Windows OS using Deployment Solution ..................... 81Adding or importing OS files ..................................................... 83Adding OS licenses ................................................................ 84Erasing a Disk ....................................................................... 85Creating disk partitions ............................................................ 87

Changing system configuration of computers in DeploymentSolution ................................................................................ 90

Chapter 3 Discovery and Inventory .................................................... 92Discovery methods for Windows computers ....................................... 92Discovering computers with domain resource discovery ....................... 93Importing resources using Microsoft Active Directory Import .................. 97

Contents

About Microsoft Active Directory Import ....................................... 98About importing resource associations ........................................ 99Creating and modifying resource import rules ............................. 100Scheduling resource import rules ............................................. 103Configuring the Directory Synchronization schedule ..................... 104Running resource import rules manually .................................... 105

About Symantec Inventory Solution 7.5 powered by Altiristechnology .......................................................................... 106

About Symantec Inventory Pack for Servers powered by Altiristechnology .......................................................................... 107

Gathering inventory on Windows servers ......................................... 108Preparing managed computers for inventory and metering ............ 109Installing the Inventory and Application Metering plug-ins .............. 111Gathering inventory with predefined inventory policies .................. 112Creating and configuring inventory policies and tasks ................... 114Scheduling custom inventory policies to run immediately once and

on a recurring schedule later ............................................. 116How to run inventory policies and tasks on Windows computers

using InvSoln.exe ......................................................... 117Gathering inventory using stand-alone packages .............................. 120

Creating, editing, or cloning stand-alone inventory packages ......... 121Stand-alone inventory package options ..................................... 122Running stand-alone inventory packages on target Windows

servers ......................................................................... 124About methods for making stand-alone inventory packages

available to target Windows servers .................................... 124Stand-alone inventory package command-line switches ............... 125Manually reporting standalone inventory data ............................. 126

Gathering software inventory ......................................................... 127About gathering software inventory on Windows servers ............... 128Methods for gathering software inventory on Windows

Servers ......................................................................... 129About targeted software inventory ............................................ 131Running a targeted software inventory on Windows servers .......... 132About using Inventory Solution with the Software Catalog Data

Provider ........................................................................ 133How Inventory Solution works with the Software Catalog Data

Provider ........................................................................ 134Gathering custom inventory .......................................................... 136

About custom inventory data classes ........................................ 137Creating and configuring a data class ....................................... 138Creating a custom inventory script task ..................................... 140Configuring the custom inventory sample script ........................... 142

8Contents

Gathering agentless inventory ....................................................... 144About gathering agentless inventory ......................................... 145Creating agentless inventory tasks using the wizard ..................... 146Manually creating, scheduling, modifying, and stopping agentless

inventory tasks ............................................................... 147Viewing agentless inventory results .......................................... 149

Gathering baseline inventory on Windows servers ............................. 150About baseline files ............................................................... 151Running file baseline or file compliance tasks ............................. 152Running registry baseline or registry compliance tasks ................. 154

Chapter 4 Patch Management ........................................................... 156Preparing your environment for Patch Management ........................... 156Installing the software update plug-in .............................................. 157Configuring software updates download location ............................... 158Running compliance and vulnerability reports ................................... 159Creating and assigning custom severity levels .................................. 160Configuring software updates installation settings .............................. 161Configuring the system assessment scan interval .............................. 161Downloading the Windows software updates catalog ......................... 162Staging software bulletins ............................................................. 163Downloading and distributing software updates ................................. 164Viewing software update delivery results ......................................... 166

Chapter 5 Software Management ..................................................... 167What you can do with Software Management Solution ........................ 168Implementing Software Management Framework .............................. 169Configuring the default settings for Managed Software Delivery ............ 171About advanced software deliveries ................................................ 173Performing an advanced software delivery ....................................... 174Performing a quick delivery of a single software resource .................... 175Delivering a package without defining a software resource .................. 177Delivering software packages with the same configurations as 6.x

Software Delivery tasks .......................................................... 178Introducing Windows Installer applications ....................................... 180Updating the source paths of Windows Installer applications ................ 181Configuring a Source Path Update policy ......................................... 183Repairing Windows Installer applications ......................................... 185Configuring a Windows Installer Repair policy ................................... 186About software virtualization ......................................................... 188Installing the Symantec Workspace Virtualization Agent ..................... 189Managing virtual applications ........................................................ 190

9Contents

Virtualizing software during installation ............................................ 191Methods for installing and managing virtual software .......................... 192Installing and managing a virtual software layer with a Software

Virtualization task ................................................................. 194Installing and managing a virtual software layer with a Quick Delivery

or Package Delivery task ........................................................ 195Installing and managing a virtual software layer with a Managed

Software Delivery policy ......................................................... 196

Chapter 6 Virtualization of machines .............................................. 198About Virtual Machine Management .............................................. 198About server virtualization ............................................................ 199Adding and managing vCenters or host servers ................................ 200

Discovering and adding a single vCenter or host ......................... 204Discovering and adding multiple vCenter or hosts ....................... 205About Virtual Machine Management Task Server Plug-in .............. 206Installing the Virtual Machine Management Task Server

Plug-in .......................................................................... 207Gathering inventory on the host ............................................... 208Creating a virtual machine on a host ......................................... 210Deleting a virtual machine from a host ....................................... 216Creating a virtual disk on a host ............................................... 216Deleting a virtual disk from a host ............................................. 217Creating a virtual network on a host .......................................... 218Deleting a virtual network from a host ....................................... 219Creating a snapshot ............................................................. 220Reverting a snapshot ............................................................ 222Deleting a snapshot .............................................................. 223Permissions that Virtual Machine Management requires ............... 224

Chapter 7 Server Health ...................................................................... 228About Monitor Solution ................................................................. 228About Monitor Pack for Servers ..................................................... 229About monitor server configuration ................................................. 230

Importing monitor packs ......................................................... 231Configuring data purging ........................................................ 232Configuring the monitor server heartbeat settings ........................ 233

Downloading custom Monitor packs from the Symantec ConnectCommunity .......................................................................... 234

About Monitor Packs, policies, rules, metrics, and tasks ...................... 235About agent-based versus agentless monitoring ............................... 236About agentless monitoring ........................................................... 237

10Contents

Preparing managed computers for agent-based monitoring ................. 238Installing Monitor Plug-in ........................................................ 239

Setting up a remote monitoring site server ....................................... 240Installing the Pluggable Protocols Architecture (PPA) client

computer component on a site server ................................. 242Removing monitor service from a site server .............................. 243Adding monitor service to a site server ...................................... 244Configuring remote monitoring server settings ............................ 245Viewing monitor site server reports ........................................... 246

Chapter 8 Event Console ..................................................................... 247About alerts ............................................................................... 247About alert management .............................................................. 247About Event Console alert filters .................................................... 248

Chapter 9 Historical and Real-Time Monitoring ............................ 251About viewing the monitor data ...................................................... 251Viewing historical performance data ............................................... 253Viewing real-time performance data ................................................ 254Viewing the Monitor Alerts dashboard ............................................. 255Generate a report on Monitor Solution metrics, trends, alerts, and

actions ............................................................................... 256Generating ad-hoc reports with the IT Analytics Monitor Metrics

cube .................................................................................. 258

Chapter 10 Using Portal page .............................................................. 260Viewing the Server Management Suite Portal page ............................ 260Viewing network topology ............................................................. 262Topology View Web part options .................................................... 263

Chapter 11 Using Server Resource Manager Home page .............. 265Accessing the Server Resource Manager Home page ........................ 265

11Contents

Introducing ServerManagement Suite

This chapter includes the following topics:

About this Guide

About Server Management Suite

Components of Server Management Suite 7.5

Where to get more information

About this GuideThe number one goal of server administrators is to ensure uptime of their serversand to avoid any business interruptions. This guide offers an overview of the toolsthat Altiris Server Management Suite from Symantec provides towards those goals,specifically in a Windows server environment.

Server Management Suite provides an integrated set of tools for managing servers,on a common platform. Each tool or "solution" extends the capabilities of the system.Here is a list of solutions and components that this guide covers, with emphasis ontheir out-of-box capabilities.

Altiris Deployment Solution from Symantec

Altiris Inventory Solution from Symantec

Altiris Inventory Pack for Servers from Symantec

Altiris Patch Management Solution for Linux from Symantec

Altiris Software Management Solution from Symantec

Symantec Virtual Machine Management

1Chapter

Altiris Monitor Solution for Servers from Symantec

Altiris Monitor Pack for Servers from Symantec

Symantec Workflow

Altiris IT Analytics Solution from Symantec

Each solution builds on another, without putting additional demands on thearchitecture. Each solution also leverages the information that is collected by theprevious solution. This capability is made possible through the use of the CMDB,a single repository of data, logic, and automated processes, including access rights.

This guide takes you through all aspects of managing Windows servers, from themoment the hardware is received, through configuration management, patching,software management, and server health monitoring, to process automation(workflow) and integration by centralized management.

About Server Management SuiteServer Management Suite combines the essential tools that help you effectivelymanage your physical servers and virtual servers, reduce service interruptions, andincrease uptime.

Server Management Suite incorporates a variety of wizards and other features thatlet you automate configuration, stage tasks, and create policies to manage yourservers. Various graphical reports let you quickly identify the health of yourenvironment, pinpoint problems, and analyze trends. Expanded support for virtualtechnologies simplifies the management of multiple operating system environments.

Server Management Suite is a collection of solutions that run on the SymantecManagement Platform. The platform and the solutions of the Server ManagementSuite provide the following key features:

Discovery and inventoryThe suite automatically identifies the devices that are found in your network,and aggregates inventory data across your environment. Multi-platform supportmakes it easy to consolidate the discovery data of all your Windows, UNIX, andLinux assets within an integrated console. You can easily assess securityvulnerabilities, prepare for software audits, and more accurately determinehardware availability and needs.

ProvisioningThe suite lets you improve the consistency and increase the quality of serverconfigurations. It delivers the comprehensive deployment capabilities that includeimage-based or scripted operating system installation and continuous

13Introducing Server Management SuiteAbout Server Management Suite

provisioning. The suite helps you implement the standardized configurations,and provides you the tools for migration.

Software distribution and patch managementThe suite lets you control server configurations through its software managementcapabilities. The automated policies for software and patch management helpyou keep the servers standardized and secure. You can modify similarconfigurations onmultiple servers simultaneously. You can distribute applications,and security updates to target systems.

Proactive monitoring and alertingThe suite helps you proactively monitor the critical components of your network.You can increase the network uptime with the self-healing remediation tasksthat are configured before the critical events occur. You can organize yourservers into vital groups and quickly ascertain the current health of the wholenetwork. The monitoring capabilities provide you also a summarized view ofeach single server performance over time.

See Components of Server Management Suite 7.5 on page 14.

See Where to get more information on page 19.

Components of Server Management Suite 7.5Server Management Suite is a collection of solutions that run on the SymantecManagement Platform. These solutions let you discover, inventory, monitor, andprovision servers from a central console - the Symantec Management Console.

See About Server Management Suite on page 13.

For the Server Management Suite release notes, see the link at the following URL:

http://www.symantec.com/docs/DOC5711

14Introducing Server Management SuiteComponents of Server Management Suite 7.5

Table 1-1 Components of Server Management Suite

Link to User GuideDescriptionComponent

DOC5330Symantec Management Platform provides a set of services thatIT-related solutions can leverage. By leveraging these services,the solutions that are built on the platform can focus on their uniquetasks. They also can take advantage of the more general servicesthat the platform provides. The platform services also provide ahigh degree of consistency between the solutions, so that usersdo not need to learn multiple product interfaces.

Symantec Management Platform provides the following services:

Role-based security

Client communications and management

Execution of scheduled or event-triggered tasks and policies

Package deployment and installation

Reporting

Centralized management through a single, common interface

Symantec Management Platform includes the followingcomponents:

Configuration Management Database (CMDB)

Notification Server

Symantec Management Console

Symantec Management Agent for Windows

Symantec Management Agent for UNIX, Linux, and Mac

Network Discovery

Software Management Framework

SymantecManagementPlatform

DOC5803Deployment Solution helps to reduce the cost of deploying andmanaging servers, desktops, and notebooks from a centralizedlocation in your environment. It offers operating systemdeployment, configuration, personality migration of computers,and software deployment across different hardware platforms andoperating systems.

Deployment Solution 7.5 provides integrated, disk imaging, andpersonality migration from the Symantec Management Console.Using Symantec Ghost, you can perform initial computerdeployment using standard images and migrate user data andapplication settings to new computers.

For the Deployment Solution release notes, see the link at thefollowing URL:


DeploymentSolution 7.5


Table 1-1 Components of Server Management Suite (continued)


DOC5330The enhanced Symantec Management Console views replace thedefault console views for computers and software that existed inSymantec Management Platform version 7.0. For tasks andpolicies, the enhanced views add drag-and-drop functionality. Inaddition, you can now search the tree rather than drilling down tofind specific tasks or policies.

The enhanced views are incorporated into the existing console.They let you manage computers, software, jobs and tasks, andpolicies more efficiently with fewer clicks. For example, you cannow drag policies onto computers to apply the policies to thosecomputers. This action eliminates multiple steps that the previousconsole required to accomplish the same thing.

For more information, see the Symantec IT Management Suite7.5 powered by Altiris technology Administration Guide at thefollowing URL:


Enhanced consoleviews

DOC5719Inventory Solution lets you gather inventory data about thecomputers, users, operating systems, and installed softwareapplications in your environment. You can collect inventory datafrom the computers that run Windows, UNIX, Linux, and Mac.

After you gather inventory data, you can analyze it using predefinedor custom reports.

Inventory Solution

N/AInventory Pack for Servers gathers server-based inventory datafrom servers. It runs on top of Inventory Solution and uses thesame Inventory plug-ins, tasks, and wizards.

Inventory Pack forServers

DOC5717Inventory for Network Devices gathers inventory data from thedevices that are not managed through the Symantec ManagementAgent.

You can gather inventory on the devices that are alreadydiscovered and exist as resources in the CMDB.

Inventory forNetwork Devices

DOC5767Monitor Solution for Servers lets you monitor various aspects ofcomputer operating systems, applications, and devices. Theseaspects can include events, processes, and performance. Thisability helps you ensure that your servers and your devices workand reduces the costs of server and network monitoring.

Monitor Solutionfor Servers




DOC5767Monitor Pack for Servers works with the Monitor Solution corecomponents of the Symantec Management Platform. It lets youmonitor operating system performance, services, and events ofyour Windows, UNIX, and Linux server environment.

Monitor Pack forServers

Patch ManagementSolution for Linux:DOC5772

Patch ManagementSolution for Mac:DOC5776

Patch ManagementSolution for Windows:DOC5768

Patch Management Solution for Linux lets you scan Red Hat andNovell Linux computers for security vulnerabilities. The solutionthen reports on the findings and lets you automate the downloadand distribution of needed errata, or software updates. The solutiondownloads the required patches and provides wizards to help youdeploy them.

Patch Management Solution for Mac lets you scanMac computersfor the updates that they require. The solution then reports on thefindings and lets you automate the downloading and distributionof needed updates. You can distribute all or some of the updates.

Patch Management Solution for Windows lets you scan Windowscomputers for the updates that they require, and view the resultsof the scan. The system lets you automate the download anddistribution of software updates. You can create filters of thecomputers and apply the patch to the computers that need it.

PatchManagementSolution

DOC5709Real-Time System Manager provides you detailed real-timeinformation about a managed computer, and lets you remotelyperform different administrative tasks in real time.

Real-Time System Manager also lets you run some of themanagement tasks on a collection of computers. You can run thetasks immediately, or on a schedule.

Real-Time SystemManager

DOC5446Software Management Solution provides intelligent andbandwidth-sensitive distribution andmanagement of software froma central web console. It leverages the Software Catalog andSoftware Library to ensure that the required software gets installed,remains installed, and runs without interference from othersoftware.

Software Management Solution supports software virtualizationtechnology, which lets you install software into a virtual layer onthe client computer.

Software Management Solution also lets users directly downloadand install approved software or request other software.

SoftwareManagementSolution




DOC5671The Symantec Endpoint Protection Integration Componentcombines Symantec Endpoint Protection with your other SymantecManagement Platform solutions. You can inventory computers,update patches, deliver software, and deploy new computers. Youcan also back up and restore your systems and data, andmanageDLP agents and Symantec Endpoint Protection clients. You cando this work from a single, web-based Symantec ManagementConsole.

SymantecEndpointProtectionIntegrationComponent

DOC5667Virtual Machine Management helps you to view virtual resourceinformation in your network and perform management tasks onthose virtual resources. You can create virtual environments ofservers, storage devices, and network resources on a singlephysical server. Each virtual environment is isolated and functionsindependently from the physical server and from the other virtualenvironments.

Virtualization enhances the efficiency and productivity of thehardware resources and helps to reduce administrative costs.

Virtual MachineManagement

DOC5941SymantecWorkflow is a security process development frameworkthat you can use to create both automated business processesand security processes. These processes provide for increasedrepeatability, control, and accountability while reducing overallworkload.

The SymantecWorkflow framework also lets you createWorkflowprocesses that integrate Symantec tools into your organization'sunique business processes. Once deployed, Symantec Workflowprocesses can respond automatically to environmental variables.SymantecWorkflow processes can also allow for human interfacepoints when a process calls for someone to make a decision withaccountability.

For the Symantec Workflow Solution release notes, see the linkat the following URL:


SymantecWorkflow Solution

N/ATopology viewer is aWeb Part on the Server Management Portalpage that provides a network topology diagram of theSNMP-enabled devices that are found in your network.

Topology viewer

N/AThe Server Resource Manager Home page consolidates themost relevant inventory and monitoring data of a server resourceinto a single view.

Server ResourceManager Homepage


Where to get more informationUse the following documentation resources to learn about and use this product.

Table 1-2 Documentation resources

LocationDescriptionDocument

The Supported Products A-Z page, which is available at the followingURL:

http://www.symantec.com/business/support/index?page=products

Open your product's support page, and then under Common Topics,click Release Notes.

Information about newfeatures and importantissues.

Release Notes

The Documentation Library, which is available in the SymantecManagement Console on the Help menu.

The Supported Products A-Z page, which is available at thefollowing URL:http://www.symantec.com/business/support/index?page=productsOpen your product's support page, and then underCommon Topics,click Documentation.

Information about how touse this product,including detailedtechnical information andinstructions forperforming commontasks.

User Guide

The Documentation Library, which is available in the SymantecManagement Console on the Help menu.

Context-sensitive help is available for most screens in the SymantecManagement Console.

You can open context-sensitive help in the following ways:

Click the page and then press the F1 key.

Use the Context command, which is available in the SymantecManagement Console on the Help menu.

Information about how touse this product,including detailedtechnical information andinstructions forperforming commontasks.

Help is available at thesolution level and at thesuite level.

This information isavailable in HTML helpformat.

Help

In addition to the product documentation, you can use the following resources tolearn about Symantec products.

19Introducing Server Management SuiteWhere to get more information

Table 1-3 Symantec product information resources

LocationDescriptionResource

http://www.symantec.com/business/theme.jsp?themeid=support-knowledgebaseArticles, incidents, andissues about Symantecproducts.

SymWISESupportKnowledgebase

http://www.symantec.com/connect/endpoint-management/forums/endpoint-management-documentation

Here is the list of links to various groups on Connect:

Deployment and Imaginghttp://www.symantec.com/connect/groups/deployment-and-imaging

Discovery and Inventoryhttp://www.symantec.com/connect/groups/discovery-and-inventory

ITMS Administratorhttp://www.symantec.com/connect/groups/itms-administrator

Mac Managementhttp://www.symantec.com/connect/groups/mac-management

Monitor Solution and Server Healthhttp://www.symantec.com/connect/groups/monitor-solution-and-server-health

Patch Managementhttp://www.symantec.com/connect/groups/patch-management

Reportinghttp://www.symantec.com/connect/groups/reporting

ServiceDesk and Workflowhttp://www.symantec.com/connect/workflow-servicedesk

Software Managementhttp://www.symantec.com/connect/groups/software-management

Server Managementhttp://www.symantec.com/connect/groups/server-management

Workspace Virtualization and Streaminghttp://www.symantec.com/connect/groups/workspace-virtualization-and-streaming

An online resource thatcontains forums, articles,blogs, downloads,events, videos, groups,and ideas for users ofSymantec products.

SymantecConnect

20Introducing Server Management SuiteWhere to get more information

Setting up Windowscomputers

This chapter includes the following topics:

About deployment of Windows computers

About types of boot environments in Deployment Solution

Support matrix of Deployment Solution tasks for Windows

Creating and Deploying a Windows disk image

Installing Windows OS on client computers

Changing system configuration of computers in Deployment Solution

About deployment of Windows computersDeployment Solution lets you integrate standard deployment features with SymantecManagement Platform. The solution helps reduce the cost of deploying andmanaging servers, desktops, and notebooks from a centralized location in yourenvironment. The solution offers OS deployment, configuration, PC personalitymigration, and software deployment across hardware platforms and OS types.

The following table lists the key features of Deployment Solution, and the tasks thatyou can perform by using the features:

2Chapter

Table 2-1 Key features of Deployment Solution

DescriptionFeature

Supports industry-standardhardware-management capabilities such asIntel vPro, Pre-boot eXecution Environment(PXE), and Wake on LAN technologies. Youadd drivers to the DeployAnywhere driverdatabase to render the tasks of imaging andWindows OS installation hardwareindependent. Hence, deploying of image toclient computers and performing an OSinstallation do not fail due to hardwaredependencies.

Hardware-independent imaging

Lets you remotely install a Windows OS onany desktop, laptop, or on a server that isindependent of the computer's hardwareconfiguration.

Scripted OS installation

Lets you provision the computers even beforeadding the computers to a network.Deployment Solution identifies suchcomputers as predefined computers.

Provisioning

Lets you add drivers to the DeployAnywheredriver database so that you can deployWindows operating system image todissimilar hardware. DeployAnywhere alsolets you perform a Windows-scriptedinstallation on bare metal computer.

Driver Management

Supports deployment in Windows prebootenvironment, so that Deployment Solutioncan execute other deployment andmaintenance tasks on the computer.

Deployment in PXE environment

Lets youmass-deploy hardware-independentimages to new systems and existing systemsusing Symantec Ghost and RapiDeployimaging tools.

Multicasting

Lets you migrate to the latest Windowsversion; migrates user data, personalitysettings, and OS and application settings tothe new operating system.

Personality capture and distribution

22Setting up Windows computersAbout deployment of Windows computers

Table 2-1 Key features of Deployment Solution (continued)

DescriptionFeature

Lets you copy files and folders from local andUNC locations to one or morecomputers.when the computers are inautomation or production environments.

Copying files and folders

Lets you change the system and the networksettings.

Changing system configuration

Lets you easily create the jobs and tasks thatautomate deployment andmigration functionssuch as imaging, scripted OS installations,configurations, and software deployments.

Configuring tasks for initial deployment

Sets up an automation environment by usingan automation folder, which boots thecomputers to preboot or pre-OS environment.

Setting up automation environment

This guide addresses few key features of Deployment Solution. For detailedinformation on rest of the features, see the Altiris Deployment Solution 7.5 fromSymantec User Guide.

Deployment Solution lets you identify, set-up, and manage different types of clientcomputers. The type of client computer is categorized based on whether thecomputer is a bare metal computer, a provisioned computer, or a managedcomputer.

Deployment Solution identifies the computer type, and then boots the client computerto the preboot or pre-OS environment to perform other deployment andmaintenancetasks.

The types of client computers that Deployment Solution can set up and manageare as follows:


Table 2-2 Types of client computers in Deployment Solution

DescriptionType of client computer

An unknown computer is a bare metalcomputer that does not have an operatingsystem to boot. The unknown computer whenplugged into a network is identified by theSymantec Management Platform (SMP) asan unmanaged computer because it does nothave the Symantec Management Agent(SMA) installed on it

After an unknown computer is added to thenetwork, you can boot it to the prebootenvironment. You can then install anoperating system to perform other deploymentand maintenance tasks.

Unknown computer

A predefined computer is a computer that isprovisioned even before adding the computerto a network.

To create a predefined computer, you caneither add the computer details or import thecomputer details. If you add a predefinedcomputer, then ensure that you specify thecomputer name, which is mandatory, throughthe console. Besides the computer name, youcan also provide the computer details and thehardware identifiers of the computer that youwant to resolve as a predefined computer

You can also import predefined computerdetails from a CSV file, into DeploymentSolution. After a predefined computer isadded to a network, Deployment Solutionboots the computer to the prebootenvironment. After the computer boots to thepreboot environment, you can perform tasksof imaging and system configuration.

Predefined computer

A computer on which the SMA is installed isknown as the managed computer.

If you want to execute deployment tasks ona managed computer, such as create anddeploy disk images, perform remote operatingsystem installation, then you must install theDeployment plug-in on the computer.

Managed computer


See About types of boot environments in Deployment Solution on page 25.

About types of boot environments in DeploymentSolution

In Deployment Solution, the environment in which the client computer can boot intois known as the boot environment. Deployment Solution lets you boot the computersin the pre-OS installation stage or in the post-OS installation stage. The pre-OSinstallation stage of a client computer is the Preboot environment and the post-OSinstallation stage is the Production environment.

The different types of boot environments that the client computers boot into are asfollows:

Preboot environmentDeployment Solution lets you boot client computers in the preboot environmentusing a preboot configuration. The preboot configuration consists of the prebootoperating system, Deployment Plug-in, and the agent that is specific for theoperating system.

PECTAgentWindows

ULM agentLinux

ULM agentMac

You can boot the client computers in the preboot environment in one of thefollowing ways:

PXEA PXE configuration is distributed to the client computer over the network.

Automation folderAn automation folder configuration is installed on the client computers.

Production environmentThe production environment is the environment into which a client computerboots after an operating system is installed on the computer.

25Setting up Windows computersAbout types of boot environments in Deployment Solution

Table 2-3 Types of boot environments in Deployment Solution

DescriptionEnvironment

Deployment Solution lets you boot clientcomputers in preboot environment using aPXE configuration. The PXE configuration isdistributed to the client computer over thenetwork using the Network Boot Service(NBS).

In Deployment Solution, the PXE service,SymantecNetworkBootServicePxeand

BSDP, is a part of the NBS.

Following are the OS-specific PXEconfigurations:

WinPE for Windows

LinuxPE for Linux

NetBoot and NetInstall for Mac

Preboot environment using the PXEconfiguration

Deployment Solution facilitates you to createa preboot environment that is installed locallyon the client computer. The automation folderconfiguration that you create is stored on theNotification Server computer and is installedon the client computer when the Deploymentautomation folder - install policy of the specificOS is enabled.

The client computers having a static IPaddress can boot to the preboot state byusing the automation folder only, and notthrough the PXE environment.

Preboot environment using the automationfolder

The production environment is theenvironment into which a client computerboots after an operating system is installedon the computer. To resume live operationsafter completing the deployment tasks ormaintenance tasks, you must boot the clientcomputers into the production environment.

Production

See About deployment of Windows computers on page 21.

26Setting up Windows computersAbout types of boot environments in Deployment Solution

Support matrix of Deployment Solution tasks forWindows

Deployment Solution manages computers using tasks and jobs. Tasks are individualprocesses, such as creating a computer's disk image or capturing a computerspersonality. Each task can be scheduled and run. For Windows, both x86 and x64architectures are supported.

Following table elaborates the tasks that are supported by Windows architecture:

Table 2-4 Support matrix for Deployment Solution tasks for Windows

PXE x64PXE x86WinPEx64WinPEx86

ProductionOSx64

ProductionOS x86

Task

NoNoNoNoYesYesApplySystemConfiguration

YesYesYesYesYesYesBoot To

YesYesYesYesYesYesCopy File

NoNoNoNoYes - NotSupportedon ServerClass OS

Yes - NotSupportedon ServerClass OS

CapturePersonality

YesYesYesYesNoNoCreateImage

YesYesYesYesNoNoDeployImage

NoNoNoNoYes - NotSupportedon ServerClass OS


DistributePersonality

YesYesYesYesYes - OnlyonSecondaryDisk


Erase Disk

YesYesYesYesNoNoInstallWindowsOS

27Setting up Windows computersSupport matrix of Deployment Solution tasks for Windows

Table 2-4 Support matrix for Deployment Solution tasks for Windows(continued)

PXE x64PXE x86WinPEx64WinPEx86

ProductionOSx64

ProductionOS x86

Task

YesYesYesYesYes - OnlyonSecondaryDisk


PartitionDisk

NoNoNoNoYesYesPrepare forImageCapture

YesYesYesYesNoNoRestoreBackupImage

Creating and Deploying a Windows disk imageComputer disk images contain the entire content of a computers hard drive. Diskimages include the operating system (OS), applications, and user data. DeploymentSolution lets you create Windows disk images using either the Ghost imaging toolor the RapiDeploy imaging tool. The disk image can be deployed on multiplecomputers on which you want to create the same setup as that of the imaged clientcomputer. During deployment of the image, all the OS settings from the capturedimage are replicated on the client computers.

When you perform the Create Image task with Disk Image as the option, aSymantec Management Platform package is created for the captured disk image.The Disk image is stored on the Deployment share of the site server on which thePackage Service runs. Each image is stored in a separate folder and has a GUID.Information about the image is also stored in the CMDB as an image resource. Youcan use this package to distribute the image to other Package Servers

To view the disk image packages navigate to Settings > All Settings > Deploymentand Migration > Disk Images menu.

Symantec recommends that you run the Prepare for Image capture task beforeyou create the disk images. For Windows disk images, use the Sysprep utility thatprepares the computer for creating the disk image that can be deployed on multiplecomputers. You can create a Windows disk image and deploy a Windows diskimage only when the computer is in the PXE environment or the automationenvironment

28Setting up Windows computersCreating and Deploying a Windows disk image

The following tables list the process of creating a Windows image of a clientcomputer and deploying a Windows image on a client computer:

Creating a Windows image of a client computerSee Table 2-5 on page 29.

Deploying a Windows image on a client computerSee Table 2-6 on page 32.

Following are the steps that you must follow to create an image of a Windows clientcomputer:

Table 2-5 Process for creating an image of a Windows client computer

DescriptionActionStep

Launch the SymantecManagement Console.

You can launch the consoleeither from the Start menu ofthe Notification Servercomputer or from anycomputer of the network. Toaccess the console from adifferent computer, you musttype the following:

http:///altiris/console

Launch the ConsoleStep 1

Prepare the referencecomputer that contains thecore software and settingsthat you want to be replicatedon other computers.

For Windows XP andWindows 2003, install theSysprep files on the referencecomputer. Copy thesupport\tools\deploy.cab

file from your Windows XPinstallation disk or servicepack to theC:\sysprep\deploy.cab

file on the source computer.

See Configuring the Sysprepimaging on page 52.

Prepare a reference computerfor imaging.

Step 2


Table 2-5 Process for creating an image of a Windows client computer(continued)


To create a client job,right-click on theDeployment and Migrationfolder and select New >Client Jobmenu. By default,a job of the name New ClientJob is created that you canrename appropriately.

Navigate to the Manage >Jobs and Tasksmenu of theconsole and create a clientjob for the Deployment andMigration folder.


Create a client job for thedeployment tasks in theconsole

Step 3




Run the Prepare for Imagecapture task if you want toperform Sysprep imaging anduse the IncludeDeployAnywhere forhardware independentimaging option for theDeploy Image task. ThePrepare for Image capturetask ensures that thecaptured image does notcontain anyhardware-dependent data.You can then deploy ahardware independent imageon other computers.

Note: If you deploy a diskimage using the IncludeDeployAnywhere forhardware independentimaging option and you havenot performed the Preparefor Image capture task, theclient computer image getscorrupted.

See Configuring the Sysprepimaging on page 52.

See Preparing to capture animage on page 53.

Execute the Prepare forImage capture task

Step 4




Run the Create Image taskto create the disk image of thereference computer.

You can either run the taskimmediately by using theQuick Run option of the taskthat you have saved or youcan schedule the task to runlater on the referencecomputer.

See Creating a Windowsimage on page 58.

Create an image of the clientcomputer

Step 5

Following are the steps that you must follow to deploy a Windows image on a clientcomputer:

Table 2-6 Process for deploying an image of a Windows client computer





Launch the ConsoleStep 1

Boot the client computer toAutomation environmentusing the Boot To task.

Boot the client computer toAutomation environment

Step 2


Table 2-6 Process for deploying an image of a Windows client computer(continued)



Navigate to the Manage >Jobs and Tasksmenu of theconsole and create a clientjob for the Deployment andMigration folder.


Create a client job for thedeployment tasks in theconsole

Step 3

Create a Deploy Image taskfor the target clientcomputers.

You can specify theSysprep-enabled image thatyou captured to be deployedon the target clientcomputers.

You can either execute thetask immediately by using theQuick Run option of the taskthat you have saved or youcan schedule the task to beexecuted later on thereference computer.

See Deploying a Windowsimage on page 65.

Deploy the image on theclient computer

Step 4


Table 2-6 Process for deploying an image of a Windows client computer(continued)


Boot the client computer toproduction environment usingthe Boot To task.

Boot the client computer toProduction environment

Step 5

See Configuring the Sysprep imaging on page 52.

Preparing unknown computers to boot with WinPE imageAfter an unknown computer is added to a network, Deployment Solution boots thecomputer in the preboot environment using a PXE image. You can configure theunknown computer to boot in the preboot environment before you install theWindowsoperating system (OS) on the computer. The computer boots in the prebootenvironment with a PXE image.

For Windows, a PXE image is created using the preboot configuration files, WinPEthat Deployment Solution supports,the PECTAgent, and the Deployment plug-infor Windows. The Deployment Plug-in is required for the execution of deploymenttasks on the client computer.

The following process addresses how you must configure the settings to boot anunknown computer in the WinPE environment. After the computer boots in thepreboot environment, the communication with Notification Server is establishedand the computer is registered as a managed computer.

You must perform the following steps to boot an unknown computer with theWinPEimage:

Table 2-7 Booting an unknown computer with WinPE image


Launch the Symantec Management Console.

You can launch the console either from the Startmenu of the Notification Server computer or fromany computer of the network. To access theconsole from a different computer, you must typethe following:


Launch the consoleStep 1


Table 2-7 Booting an unknown computer with WinPE image (continued)


Youmust install theNetwork Boot Service (NBS)on a site server and also enable the policy beforeyou configure the unknown client computer to bootin the preboot environment.

See Installing Network Boot Service on siteserver on page 36.

Install Network BootService on a siteserver

Step 2

You must create a WinPE image through theCreate Preboot Configurations dialog box of theconsole.

See Creating preboot configuration for Windowson page 37.

Create aWinPE imageStep 3

You must configure the NBS settings for theunknown client computer from the console.

See Configuring Network Boot Service forunknown computers on page 39.

For the unknown computer, you configure theNBSGeneral Settings that lets you select the imageto boot the client computer with and also configurethe boot menu. Besides, you can also configurethe NBS Global Setting that lets you filtercomputers based on MAC address to which theNBS site server must or must not respond.

Configure NBSsettings for unknowncomputers

Step 4

You can set up an Initial Deployment job for theWindows unknown client computer to execute thedeployment tasks that you create.

You can perform this step after you create thedeployment tasks for the unknown client computer.

The Initial Deployment job menu is displayed onthe client computer after the computer boots tothe preboot environment. You can select all orspecific tasks from the menu and execute themon the client computer.

See Configuring the initial deployment settingson page 70.

(optional) Set up InitialDeployment job toexecute tasks on theclient computers

Step 5


Table 2-7 Booting an unknown computer with WinPE image (continued)


If you have added predefined computer entriesthrough the console with no hardware identifiervalues, then the Windows unknown clientcomputers boot in the preboot environment usingthe PXE image that was configured for predefinedcomputers. You configure the PXE image for apredefined computer through the NBS GeneralSettings dialog box.

After the computer boots to the prebootenvironment, Deployment Solution provides anoption to boot the unknown computer as apredefined computer.

Add the unknowncomputer to thenetwork and wait forthe client computer toboot to prebootenvironment

Step 6

See About deployment of Windows computers on page 21.

See Booting managed Windows computer with WinPE image on page 47.

See Preparing predefined computers to boot with WinPE image on page 42.

Installing Network Boot Service on site serverNetwork Boot Service (NBS) is a component of Deployment Solution that you installand run as a service on a site server. This service is independent of the presenceof Task service or Package service on a site server and handles all communicationwith the Symantec Management Platform (SMP) for Deployment Solution. Youmust install the Microsoft XML Core Services 6.0 on the site server on which youinstall the NBS component. The NBS comprises of the PXE and BSDP service andthe TFTP service that are installed on the site server after you roll out the NBSservice through the SMP console.

After the NBS is installed, the status of the service is displayed as green and theservice status is displayed as Started.

You must install and enable the Network Boot Service (NBS) service on the siteserver before you create preboot configuration and start configuration of NBSsettings.

Note: If you want to install the Deployment Package server component and theNBS on the same site server, then you must install the Deployment Package Servercomponent before installing the NBS on the site server.


To install NBS service on site server

1 In the Symantec Management Console, navigate to Settings > NotificationServer > Site Server settings menu.

2 In the Site Management window, expand Site Server node in the tree.

3 On the Site Servers page, click New under the Detailed Information pane.

4 In the Select Computers dialog box, select the Windows computers that youwant to configure as site server and click OK.

5 In the Add/Remove services dialog box, check the Network Boot Serviceoption for the site servers that you select.

Creating preboot configuration for WindowsDeployment Solution lets you create Windows preboot environments. The prebootconfiguration is required to boot client computers in the preboot environment or thepre-OS state. Deployment Solution lets you create two types of preboot environmentsfor Windows operating system such as PXE and automation.

The PXE environment lets you boot a client computer in the preboot environmentusing a PXE image over a network. A PXE image is saved on the site server onwhich the Network Boot Service (NBS) is installed. Deployment Solution lets youconfigure the WinPE image using the Create Preboot Configurations option ofthe console. Ensure that the NBS policy is enabled on the site server before youconfigure the WinPE image. If you configure a WinPE image before installing theNBS on a site server, then you have to recreate the environment. Every time aWinPE image is configured and saved, Notification Server (NS) distributes theimage to all the NBS site servers of a network.

An automation environment is created when you install an Automation Foldercontaining theWinPE package on a client computer. To install an Automation Folder,you must enable the Deployment Automation folder for Windows (x64) -Installor the Deployment Automation folder for Windows (x86) -Install policy throughthe console. By default, Deployment Solution creates a PEInstall folder for Windowscomputers. For Windows, you can create automation folders of either or both x86and x64 architectures. These automation folders are created on the NotificationServer computer and are installed on the client computers after you enable thepredefined deployment AutomationFolderPlug-in policy through the SymantecManagement Console. Deployment Solution lets you create and use Windowsx64-bit PXE image to boot UEFI computers in preboot environment.

You can add a new driver to an existing preboot configuration. After you add thedriver, you must recreate that preboot configuration using the Recreate PrebootEnvironment option in the Preboot Configuration dialog page.


To use the preboot configuration, you must have the administrative rights and theUser Account Control (UAC) settings disabled.

You can access either of the following menus to create and configure a prebootenvironment:

Settings > Deployment > Create Preboot Configuration

Settings > All Settings > Deployment & Migration > Create PrebootConfiguration

To create a preboot configuration

1 In the Symantec Management Console, on the Settings menu, clickDeployment > Create Preboot Configurations.

2 On the Create Preboot Configurations page, click Add.

3 On the Add Preboot Configurations page, enter the name and descriptionof the preboot configuration.

Select Windows operating system.Operating System

Select the x86 or x64 for Windows.Architecture

Select DS Agent as the OEM agent .OEMextention

For Windows, you can select this option tolock the keyboard and mouse while thecomputer is booted to the prebootenvironment.

Lock the keyboard and mouse

Select this option to inject the imaging toolsuch as Ghost or RapiDeploy to thepreboot environment.

Inject imaging tools


Select the type of preboot environment youwant to configure.

You can select from the following:

PXEThis preboot configuration can beaccessed only from the Network BootService (NBS) server. Only the clientcomputers that are configured to bootto and from their network card canaccess the configuration.

Automation FolderThis preboot configuration can beinstalled on the client computers byusing policies. You can access thesepolicies from Settings > Agent/Plug-ins> Deployment and Migration

Both PXE and Automation FolderThis option creates both types ofconfiguration.

Select which preboot environments tobuild

4 On the Add Preboot Configurations page, click OK.

5 On the Preboot Configurations page, click Save changes.

See About types of boot environments in Deployment Solution on page 25.

Configuring Network Boot Service for unknown computersAfter an unknown computer is added to a network, you must boot the computer inthe preboot environment. To boot computers in the preboot environment, you mustinstall the Network Boot Service (NBS) on a site server and configure the site serverwith the NBS settings for unknown computers.


To configure site server with NBS settings for unknown computers

1 In the Symantec Management Console, click Settings >Deployment > NBSGeneral Settings.

2 In the NBS General Settings dialog box, for the Network Boot ServiceConfiguration, configure the settings for the unknown client computers.

Lets you configure the Network Boot Service (NBS)for a site server.

To enable or disable the policy, you must select theTurn On or Turn Off icons on the right side of thedialog box or page.

Network Boot ServiceConfiguration

Check the option if you want to apply the NBS policyimmediately on the site servers.

If the option remains unchecked then the NBSconfigurations changes are applied as per theschedule set in the Symantec Management Agent(SMA) for rolling out policies.

Apply NBS settingsimmediately

Check the NBS service to enable the service on thesite server.

By default, this option is checked.

Enable the NBS service

Lets you restore the previous configuration that youperformed for the NBS site server.

Reset button

3 In theNBSGeneral Settings dialog box, for the PXEmenu (Windows/Linux)tab of the Initial Deployment (Unknown Computer) Menu, specify thefollowing:

Lets you select the PXE image to deploy on aWindows or Linux client computer.

The fields for the tab are as follows:

Respond to unknown computersCheck this option if you want to respond to the unknown computers toconfigure them to boot in the preboot environment using a PXE image.

PXE boot imageSelect the PXE image that you want to use to boot the unknown clientcomputers in the preboot or automation environment.If you do not want toboot using a PXE image, you can select, Next Device (BIOS/EFI) modeof booting option for the client computer. Based on whether the default bootoption of the client computer is set to BIOS or EFI, the computer boots tothe preboot environment. The potential boot devices of BIOS are CD, disk,


and so on. Computers of UEFI architecture can boot in the prebootenvironment using the x64-bit PXE image of Windows.For the PXE image, select any of the following architectures from thedrop-down list:

AutoSelect this option if you want to boot the client computer based on thecomputer's processor architecture. For example, if you have a clientcomputer whose processor type is x64 but the installed operating systemis x86 of Windows 7, then the Auto option boots the computer in x64architecture mode and not in x86 mode.The Auto option can be useful if you have created a common PXEimage for both x86 and x64 architectures or want to boot a computeras per the processor architecture irrespective of the OS architecture.You create PXE images through the Create Preboot Configurationdialog box of the console.

x86Select this option if the PXE image that you have created is for the x86architecture of the operating system.


Configure the schedule of the network boot menu through the following:

Run default boot option immediatelySelect this option if you want to deploy the PXE boot image immediatelyafter you select the image in the drop-down list.

Wait indefinitely for user selectionSelect this option if you want to manually select and deploy the PXE bootimage from the network boot menu. The network boot menu appears onthe unknown computer.

Run default boot option afterSelect this option if you want to deploy the PXE boot image after the timeperiod that you specify in the text box. After the time out, the client computerboots to the PXE image that you have selected. Press F8 to invoke thenetwork boot menu to deploy the PXE boot image on the client computer.

4 Click Save changes.

5 Again, in the console, click the Settings >Deployment > NBSGlobal Settingsmenu.

This is an optional step.


6 In the NBS Global Settings dialog box or pane, click Save Changes.

See Preparing unknown computers to boot with WinPE image on page 34.


Preparing predefined computers to boot with WinPE imageIf you have provisioned computers before they are added to a network, thenDeployment Solution identifies such computers as predefined computers. You canconfigure the predefined computers to boot in the preboot environment before youinstall the Windows operating system (OS). The computers boot in the prebootenvironment with a PXE image.

The PXE image for Windows OS is known as WinPE image. For Windows, a PXEimage is created using the preboot configuration files, WinPE that DeploymentSolution supports, the PECTAgent, and the Deployment plug-in for Windows. TheDeployment Plug-in is required for the execution of deployment tasks on the clientcomputer.

Note: If you add a predefined computer through the Settings > Deployment >Predefined Computer dialog box of the console, then Deployment Solution bootsall unknown computers as potential predefined computer based on a criteria. Thecriteria is that you have not specified any value for the hardware identifier fieldssuch as MAC address, Serial Number, and UUID, in the dialog box.

The following process lists how you must configure the settings to boot a predefinedWindows computer in the preboot environment. After the computer boots in thepreboot environment, the communication with the Notification Server is establishedand the computer is registered as a managed computer.

You must perform the following steps to boot a predefined computer with theWinPEimage:


Table 2-8 Booting a predefined computer with WinPE image






You must install the NetworkBoot Service (NBS) on a siteserver and also enable thepolicy before you configurethe client computer to boot inthe preboot environment.

See Installing Network BootService on site serveron page 36.

Install the Network BootService on a site server

Step 2

You must add or import oneor more predefinedcomputers through thePredefined Computersdialog box of the console.

Add or import predefinedcomputers

Step3

Create a WinPE imagethrough the Create PrebootConfigurations dialog box ofthe console.

See Creating prebootconfiguration for Windowson page 37.

Create a WinPE imageStep 4


Table 2-8 Booting a predefined computer with WinPE image (continued)


Configure the NBS settingsfor the predefined clientcomputer from the console.

See Configuring NetworkBoot Service for predefinedcomputers on page 45.

For the predefined computer,you configure the NBSGeneral Settings that letsyou select the WinPE imageto boot the client computerwith and also configure theboot menu. Besides, you canalso configure the NBSGlobal Setting that lets youfilter computers based onMAC address to which theNBS site server must or mustnot respond.

Configure NBS settings forpredefined computer

Step 5

In the Initial DeploymentSettings dialog box, you canconfigure theRe-Deployment(Managed Computer) menuto execute jobs or tasks onthe predefined computer afterthe computer boot in thepreboot environment.

See Configuring the initialdeployment settingson page 70.

(optional) Set up theRe-Deployment (ManagedComputer) menu in theInitial Deployment Settingsdialog box

Step 6


Table 2-8 Booting a predefined computer with WinPE image (continued)


After a predefined computeris added to the network, thecomputer boots with theWinPE image that youconfigured.

If you have not specified anyvalues for the hardwareidentifier fields, then, after thecomputer boots to the prebootenvironment, you have canexecute the Initial deploymenttasks that you configured forthe unknown computer. Thehardware identifier fields are,MAC address, Serial number,and UUID that you specify inthe Add PredefinedComputer dialog box.

Add a predefined computerto the network and wait forthe computer to boot in thepreboot environment

Step7



Configuring Network Boot Service for predefined computersPredefined computers of Deployment Solution are those computers whose detailsare added to the Notification Server even before the computers are added to thenetwork. The specific computer details that qualify a client computer as predefinedcomputer are, computer name, MAC address, Serial number, UUID and so on.Deployment Solution's filter criteria resolves an unknown computer as a predefinedcomputer based on these computer details that are are added to the NotificationServer. You can add the computer details through the Settings > Deployment >Predefined Computers menu of the console.

To boot a predefined computer in the preboot environment, you must do thefollowing:

Create and configure a preboot environment through theSettings > Deployment> Create Preboot Configurations menu.

Configure a site server with the Network Boot Service (NBS) settings ofpredefined computers


For Windows, after the client computers boot to the preboot environment, you canconfigure the initial deployment job that executes on the computers. The initialdeployment job menu contains the tasks that you configure through the Settings> Deployment > Initial Deployment Settings > Redeployment (ManagedComputer) Menu menu to execute on the client computers.

To configure NBS settings for predefined computers


2 In the NBS General Settings dialog box, for the Network Boot ServiceConfiguration, configure the settings for the predefined client computers.

Lets you configure the Network Boot Service (NBS)for a site server.

To enable or disable the policy, you must select theTurn On or Turn Off icons on the right side of thedialog box or page.


Check the option if you want to apply the NBS settingsimmediately on the site servers.

If the option remains unchecked then the NBSconfigurations changes are applied as per theschedule set in the Symantec Management Agent(SMA) for rolling out policies.


Lets you start or stop the PXE service on the NBS siteservers.


For the Mac computers, you can enable or disable theMac Netboot BSDP service on the NBS site serversthroughEnableMacNetboot (BSDP) support option.


Lets you restore the previous NBS settings that youconfigured in the dialog box.

Reset button

3 In the NBS General Settings dialog box, for the Redeployment (PredefinedComputer) Menu, select PXE menu (Windows/ Linux) tab.

Configure the following settings:

Respond to Predefined computersCheck this option if you want to respond to the predefined client computers.

PXE boot image


Select the PXE or preboot image that you have configured to boot thepredefined computers in the preboot environment. If you do not want toboot using a PXE image, you can select, Next Device (BIOS/EFI) . Thepotential booting devices of BIOS are CD, hard disk, and so on. Based onwhether the default boot option of the client computer is set to BIOS or EFI,the computer boots to the preboot environment. Computers of UEFIarchitecture can boot in the preboot environment using the x64-bit prebootor PXE image of Windows.For the PXE image, select any of the following architectures from thedrop-down list:

AutoThis option is displayed if a preboot configuration is created for bothx86 and x64 architectures and selects the appropriate configuration asper the architecture of the client computer. For example, if you have aclient computer whose processor type is x64 but the installed operatingsystem is Windows 7 x86, then the Auto option boots the computer inx64 architecture.



PromptConfigure this option to change the default prompt for F8 when booting thecomputer in the preboot environment. You can enter a message in thetextbox that you want to display on the client computer. After the messageappears in the client computer, you can press F8 to invoke the networkboot menu. Select the option, Continue immediately if you want to deploythe PXE boot image immediately after you select the boot image or select,Continue after to invoke the boot menu after the time period that youspecify.

4 Click Save changes.

Booting managed Windows computer with WinPE imageDeployment Solution lets you redeploy a managed computer that is installed withthe Windows operating system (OS) to a preboot environment. The managedcomputer redeploys to the preboot environment using the WinPE image thatDeployment Solution supports, after you execute the Boot To deployment task.


The follwoing process lets you reboot aWindowsmanaged computer to the prebootenvironment using a configured WinPE image. After the computer reboots to thepreboot environment, you can execute any deployent tasks on the computer.

You must perform the following steps to reboot a managed computer with a WinPEimage:

Table 2-9 Booting a managed computer with WinPE image


Launch the Symantec Management Console.

You can launch the console either from the Startmenu of the Notification Server computer or fromany computer of the network. To access theconsole from a different computer, you must typethe following:



Youmust install theNetwork Boot Service (NBS)on a site server and also enable the policy beforeyou configure the client computer to boot in thepreboot environment.

See Installing Network Boot Service on siteserver on page 36.

Install the NetworkBoot Service on a siteserver

Step 2

Create a WinPE image through the CreatePreboot Configurations dialog box of theconsole.

Create aWinPE imageStep 3

Configure the NBS settings for the managed clientcomputer from the console.

See Configuring Network Boot Service formanaged computers on page 49.

For the managed computer, you configure theNBS General Settings that lets you select theWinPE image to boot the client computer with andalso configure the boot menu. Besides, you canalso configure the NBS Global Setting that letsyou filter computers based on MAC address towhich the NBS site server must or must notrespond.

Configure NBSsettings for managedcomputer

Step 4


Table 2-9 Booting a managed computer with WinPE image (continued)


In the Initial Deployment Settings dialog box,you can configure theRe-Deployment (ManagedComputer) menu to execute jobs or tasks on themanaged computer after the computer boots inthe preboot environment.

See Configuring the initial deployment settingson page 70.

(optional) Set up theRe-Deployment(Managed Computer)menu in the InitialDeployment Settingsdialog box

Step 5

Execute the Boot To task and select thePXE/NetBoot image option in the Create NewTask dialog box.

Execute Boot To PXEtask

Step 6

After the Windows client computer boots topreboot environment, the Re-Deployment menufor managed computers is displayed. You canselect all or specific tasks or jobs that you want toexecute.

Execute tasks or jobsafter the clientcomputer boots topreboot environment

Step 7


See Preparing predefined computers to boot with WinPE image on page 42.

Configuring Network Boot Service for managed computersDeployment Solution has provision to redeploy aWindows, Linux, or Macmanagedcomputer to a preboot environment. Redeployment of a managed computerfacilitates you to install a new operating system or a driver on the computer. Beforeyou redeploy the managed computer, you must configure the site server on whichthe Network Boot Service (NBS) is installed.

See Installing Network Boot Service on site server on page 36.

After the Windows client computers boot to the preboot environment, you canconfigure the initial deployment job to execute on the computers. The initialdeployment job menu contains the tasks that you configure through the Settings> Deployment > Initial Deployment Settings menu to execute on the clientcomputers.


To configure site server with NBS settings for managed computers


2 In the NBS General Settings dialog box, for the Network Boot ServiceConfiguration, configure the settings for the managed client computers.

Lets you configure the Network Boot Service (NBS) for asite server.

To enable or disable the policy, you must select the TurnOn or Turn Off icons on the right side of the dialog boxor page.


Check the option if you want to apply the NBS policyimmediately on the site servers.

If the option remains unchecked then the NBSconfigurations changes are applied as per the scheduleset in the Symantec Management Agent (SMA) for rollingout policies.


Check the NBS service to enable the service on the siteserver.



Lets you restore the previous configuration that youperformed for the NBS site server.

Reset button

3 In the NBS General Settings dialog box, for the Redeployment (ManagedComputer) Menu configure the following settings:

This option lets you select the PXE image to deploy on a Windows or Linuxmanaged client computer.

The various options to configure are as follows:

Respond to Managed computersCheck this option if you want to respond to the managed client computersto configure them to boot in the preboot environment using a PXE image.

PXE imageSelect the PXE image that you want to use to boot the predefined clientcomputers in the preboot environment. If you do not want to boot using aPXE image, you can select, Next Device (BIOS/EFI) mode of bootingoption for the client computer. Based on whether the default boot option ofthe client computer is set to BIOS or EFI, the computer boots to the prebootenvironment. The potential boot devices of BIOS are CD, disk, and so on.


Computers of UEFI architecture can boot in the preboot environment usingthe x64-bit PXE image of Windows.For the PXE image, select any of the following architectures from thedrop-down list:

AutoSelect this option if you want to boot the client computer based on thecomputer's processor architecture. For example, if you have a clientcomputer whose processor type is x64 but the installed operating systemis x86 of

Documents

ServerManagementSuite 7.5 UserGuide