Page 1 of 2
Posted: Wed Jul 11, 2007 5:40 pm
by TheCatt
What do you use for deploying software, pushing Windows updates, remotely connecting to desktops, etc?
Posted: Wed Jul 11, 2007 7:21 pm
by Leisher
If you're running a Windows network, then the following will be helpful.
To push down software - How big is your organization? If we're talking a few PCs, you might not want to screw around with anything and just do it manually. Doing so might take a touch of time, but it helps you become more familiar with the software. However, if you want to automate things, you can do it via scripts or push software down through group policy.
Pushing Windows Updates - WSUS (Windows Software Update Service). 3.0 just came out, but you can probably still find 2.0 if you're not running the requirements for 2.0. Essentially, this program allows you to download all updates to a server first and they you dictate when they get pushed down. This helps you avoid "broken" updates (one XP update recently caused CPUs on certain PCs to randomly jump and stay at 100%), updates you don't want (IE7), and lost data due to automatic updates (if you don't set it right it'll reboot your PC on you).
Remotely connecting to desktops - Remote Desktop Connection is the primary tool to connect to your servers if you're an admin. Under Properties for My Computer, in the Remote Access tab, you'll find a setting that will allow that PC to be accessed remotely...thus the name of the tab...but you have to set it for this to work. RDP was the primary feature that changed XP Home to XP Pro. AVOID the latest version though as it sucks donkey balls. Another option is VNC, which is a third party vendor option. A bit harder to setup, but works well. This is a good tool for remotely working on a person's PC while they watch.
Posted: Wed Jul 11, 2007 7:46 pm
by TheCatt
Main thing I dont like about Remote Desktop is you cant do a shared desktop (user on the screen while you interact with it).
The org is only 25 people to start (perhaps growing to 200 within the next few years), but we're trying to minimize IT staff/time spent, so software automation would be helpful.
WSUS sounds perfect for XP updates.
Posted: Wed Jul 11, 2007 8:00 pm
by Leisher
Main thing I dont like about Remote Desktop is you cant do a shared desktop (user on the screen while you interact with it).
Then use VNC, you'll like it. Of course, XP actually has a feature to allow someone to take control of your desktop. A lot of folks don't know that. It's located under Help and Support off the Start menu. Then under "Ask for Assistance."
The org is only 25 people to start (perhaps growing to 200 within the next few years), but we're trying to minimize IT staff/time spent, so software automation would be helpful.
You can either force your software down via scripts/group policy OR use group policy to put software into "Add/Remove Programs" for the user to decide what they want and install it.
WSUS sounds perfect for XP updates.
It is and once it's on your network, it disables Automatic Updates on your desktops. Pretty cool.
Posted: Wed Jul 11, 2007 8:12 pm
by TheCatt
So how do you add software via group policy? Does it have to be on a network install in order for the stuff to take?
Posted: Wed Jul 11, 2007 8:20 pm
by Leisher
Well, if you're building PCs from scratch, you'd just put the software in your image. Then copy the image to the new PC...voila, everything installed and configured. Cake knows how to do that better than I do...I think? I never much cared for Ghost or anything like that. I prefer to build all my PCs manually and I've been able to since I've never worked for an organization where I'd roll out hundreds of PCs at a time.
To add software via group policy, you have to be on a Windows network and have Active Directory installed (You probably will if you're running Windows Server 2003). You'd tell it to push it down to clients and would install when they booted up.
Cake, correct me if I'm wrong on this stuff.
I am 100% sure that you can find white papers on microsoft.com covering exactly how to do it. I've only ever done it in a classroom environment.
Posted: Wed Jul 11, 2007 8:48 pm
by Cakedaddy
Ever since Windows 95 was introduced, the difficulty in doing what you are asking skyrocketed. What I could easily do, part time, with Win3.11 became something I never fully learned to do with Win95 and up. Images are impossible if there is even one varrying part between machines. The wrong driver will be there and Windows will go into autodetect mode, etc.
We used Novell Zenworks and NDS 'at my last job'. But that was 3+ years ago for me. To keep the level of control you are looking for, you'll have to hire a full time Network manager/admin type person. It wouldn't be a part time job to manage all the profiles, images, etc. No matter what any sales person says, their product will not save money or time or make the task easy. 
Well, that's my opinion anyways. . . Users are bastards. They all want/need something different and they make your life hell. Honestly, for 25 people, I think the easiest thing to do would be to handle it all manually. You could actually get the number of a local 'PC tech guy' who you can call when someone needs something rather than have a permanent employee. When you hit the 200 range. . . have a few on call type people to handle it!
I've never seen software get pushed down on a mass scale and have it work correctly. If every single PC was an exact copy of all the others (hardware wise), then it would work. But that's not going to be the case. So, no two Windows installs will be the same. Oh hell, explaining the bullshit and woes of this shit even sucks!!
Things may be different now. But I did this shit for like 12 years. The first 3 were GREAT and it actually was easy. I had ONE image and it worked on every damn machine in the building. Until Win95. . . I tryed to make many, many different things work over the years. They never fully did. From drivers, to registry inconsistancies, to other things that were never figured out, it just didn't work.
Not only do you have to buy the stuff that SAYS it will do all this stuff for you, but you'll have to take classes (where the shit works easily and flawlessly). And that costs alot of money. Then you get to the office and try it out. You get it working on a couple test machines. Hey great! Then you start hitting random user machines and it doesn't work cause they are different from the test machines. So you troubleshoot and fine tune. Try again. Repeat. Three weeks later, you wish you had just hired a couple college kids to come in and install shit on all the PCs for you.
So, in summary. This shit's expensive. It doesn't work. And it makes you bitter.
But that was 3+ years ago. Maybe they've gotten better after the first 9 years.
I hate you for dredgeing up these old memories.
Posted: Thu Jul 12, 2007 3:50 pm
by Leisher
I agree with Cake on images. I've never liked them and always thought they were lazy. I get why you might need to use them in a large environment, but it's not often where you roll out hundreds of PCs at a time.
Plus, as he points out images get very difficult to work with unless you're getting the same PC every time. That's impossible these days as the manufacturers change drivers and builds almost daily.
On a side note, speaking of rollouts, check with the manufacturer you buy your PCs and servers from as you may be able to get money back if you replace your PCs in a certain amount of time. That policy might only apply to leasing though. However, it is a good policy to stay on the curve of technology progress. For example, I replace 25% of all my desktops, laptops, and servers every year.
As for rolling out software, stuff has gotten better since Cake's days, so don't let him talk you out of it. Obviously, you can't rollout really tricky software they relies heavily on critical configurations, but those types of programs usually reside in manufacturing areas or research areas and are only a few PCs if not just one, so why would you force it down instead of doing a manual install anyway? Forcing down software is for things like Word, Excel, Powerpoint, the whole office suite, Trend, Norton, Visio, etc.
As a matter of fact, I'm pretty sure that Microsoft has somehow labeled which of their products, and third party products, you can force down via group policy and which can be distributed via the Add/Remove feature (networked, of course). Yeah, I know, it's stunning that they do some things right, but I remember the details behind this being pretty impressive.
Posted: Thu Jul 12, 2007 4:00 pm
by Malcolm
You know, the more I read these threads, the less & less I want to stay in IT. Damn, I hate technology.
Edited By Malcolm on 1184270460
Posted: Thu Jul 12, 2007 4:32 pm
by Leisher
You and me both Malcolm.
I love the toys, but working with it is some mind numbing shit.
Posted: Thu Jul 12, 2007 5:08 pm
by TheCatt
I just want to retire.
Posted: Thu Jul 12, 2007 8:18 pm
by TheCatt
Can't you just slipstream alternate drivers on top of the base image?
Posted: Thu Jul 12, 2007 10:05 pm
by Leisher
To be honest, I haven't worked with images enough to make that call. I would assume that if all your hardware stays the same and you keep one machine "clean" and use it to make your images, then yes. However, hardware changes constantly, so how can you keep one machine as your image machine?
Like I said, images are best for huge rollouts.
What I do in my shops is build a workbench with a switch and a KVM so I can work on multiple PCs at once. Currently, I can build 8 or so PCs at a time.
If you're starting with 25 PCs, I wouldn't even bother with images.
Posted: Thu Jul 12, 2007 10:52 pm
by TheCatt
So for user rights... do you make people power users, or admins on their machines?
Posted: Thu Jul 12, 2007 11:04 pm
by Cakedaddy
TheCatt wrote:Can't you just slipstream alternate drivers on top of the base image?
Sure. Just spend many hours researching and many more testing and figuring out how to do it.
Welcome to the nightmare. . .
And you have to keep in mind, it's not just video, sound drivers and other obvious stuff. It's the PCI-Express Root Port driver. The CPU Bridge driver. The Parallel ATA Controler driver. Etc, etc, etc. Change one chip on a motherboard, and you need a different driver for it. Etc. Granted, Windows will auto detect that stuff for you after booting the PC from your image. Maybe. But do you want all your PC's (after the first few), to be based on a bastardization of your perfect image? So after you get the new machine up and running on generic Windows drivers (after it stops using the original drivers that were part of the image), you have to install the actual/correct drivers for all the pieces/parts. Etc, etc, etc.
Over all, when you first get into this stuff, it's kind of fun. It's new, it's a challenge and a puzzle and you try to work it out. Eventually, you get sick of it and wish you were getting real work done. And by eventually, I mean very quickly. This crap is why Helpdesk departments are always really bloated, or really behind.
No idea what you guys are going to be doing or what you are using them for, but if overall management is important, you might consider Windows terminal devices. Very light weight, very standardized (within a vendor) and very easily managed.
Posted: Thu Jul 12, 2007 11:05 pm
by TPRJones
Damn, I wish my place of employment did. We're all just regular users. I had to hack the sysadmin account and make a fake administrative user on my machine so I can do stuff without having to get permission.
Posted: Fri Jul 13, 2007 12:47 am
by Leisher
Eventually, you get sick of it and wish you were getting real work done.
True fucking story.
One thing you can do to reduce the bullshit involved in a networking position is to hire a IT person right out of college. You'll pay them a very small salary and give them the stuff that will bog you down and keep you from getting real work done:
-building PCs
-installing software
-dealing with Dell/HP/etc. when desktops/laptops break
-document procedures (important for easily replacing them)
-filing of software, manuals, licenses, documents, etc.
-changing out backup tapes
-acting as the first line of troubleshooting (Help Desk)
-sifting through the spam filter for legit emails
-etc.
Basically, let them deal with all the grunt stuff so that you can focus on the IT decision making, planning, implementation of major projects, working on servers, dealing with vendors, etc.
Even then you'll be busy. I've learned a lot over the years I've been doing this stuff. I've watched people who were there before me and listened to what they'd change if they had their way (props to Cake here) and I got into a dream situation kind of like where you are where I was building an IT department from the ground up. I'm very proud to say I've gotten things to a level that vendors who come in actually comment to my boss about it. Despite that I'm still usually too busy to get the projects I really want to get done or they move at a snail's pace for whatever reason. Every time you think you've got a handle on things, new things will come up. That's why it's best to get the grunt to take some of the load off of you or the job will overwhelm you.
Posted: Tue Jul 24, 2007 8:14 am
by TheCatt
Time to build a single laptop image with all patches/software/etc: 1.5 days
Time to build ghost image of said laptop: 30 minutes
Time to deploy ghost image to machine #2: 10 minutes
I haven't booted it yet, but so far I'm a fan.
Posted: Tue Jul 24, 2007 8:28 am
by TheCatt
So apparently the graphics cards were different in the two laptops (ATI 7500 versus ATI 9600). The second laptop was the 9600. It booted, found the driver itself, and I rebooted it. The end.
Hot.
Posted: Tue Jul 24, 2007 8:40 am
by Leisher
Time to build a single laptop image with all patches/software/etc: 1.5 days
1.5 days? You must've gone on vacation after you started building it.
Glad you're liking ghost, I still have no idea why you'd use it for only 25 machines, but hey if it's working for you. Let us know if you start experiencing issues with those builds down the road.