Overview
Details
.. Client Install / RIS
.. Drivers in RIS
.. Auto Server Setup w2k
.. Auto Server Setup w2k3
.. Application Distribution
.. MSI Tricks
.. Backup / Restore
.. Magic Boot Scripts
.. Magic Login Scripts
.. ADSI with Perl
.. User and Host Management
.. User Profile Management
.. License Management
.. Set ACLs from VBS
Downloads
Failures
Resources
Mailinglist
Cast & Crew
Real Men don't click
The Details

In German we say "Der Teufel steckt im Detail" (The Devil is in the details). A beautiful example for this is Windows 2000 or XP. While the glossy whitepapers promise paradise on earth, reality is a bit less glossy. As if we hadn't expected it.

In this Section of the website we wrote down how we got things to work in several critical areas:

Client Installation with RIS

While RIS takes care of installing Windows on a client the whole process is still rather interactive after the installation is done. This article tells you how to realy make it a hands-off process.

Driver Integration in RIS

Maintaining a RIS Image includes the integration of new drivers to support new hardware. Especially new NIC drivers may be hard to integrate. This document describes how we handle the driver integration in our Windows environment.

Auto Server W2k Setup

Server installation can be automated to a high degree. Normally this is done through answer files, but it is even possible to trick RIS into doing it. This is especially helpful when you want to install Terminal Servers.

Auto Server W2k3 Setup

Server installation can be automated to a high degree. Normally this is done through answer files, but it is even possible to trick RIS into doing it. This is especially helpful when you want to install Terminal Servers.

Application Distribution

Active Directory with Group Policies allows to distribute application packages to clients. You can save yourselves a lot of work by organizing the Group Policy Objects sensibly.

MSI Packaging

In the ideal world all applications come as MSIs ready for distribution. Unfortunately this is not the case yet. Deploying Windows 2000 means you have to repackage many applications. We choose Wise for Windows Installer to help us with this task. Using the right tool helps but it is only part of the solution. This section tells you the rest.

Backup / Restore

We would love to only have to backup user data and have a script for setting up the whole server from scratch in case it crashes. Unfortunately we are not quite there, so we have to-do backups ...

Magic Boot Scripts

Some things you want todo to a client defy deployment through Group Policies. Notably service packs, Internet Explorer 5.5, basically everything which digs into the systems guts. To better this situation we have devised a program which looks at a central repository of boot scripts, and runs those which are relevant for the machine at this point in time.

Magic Login Scripts

For the same reason as Boot Scripts, we devised also a program that starts Login Scripts. These scripts are started as the first applications after the login process. A helpful thing to do task wich are relevant for the user. The usage of a central repository for all the Login Scripts goes without saying.

Managing Active Directory with ADSI and Perl

Clicking your way through the Active Directory Management Console is tedious, error prone and not reproducible. We have written a user and machine account management System in Perl using the ADSI api. Because there is not a lot of documentation on this we are listing some of the things we learned in this section.

User and Host Management

User and host management in Windows 2000 is normally done by clicking the MMC GUI. Since we prefer text based configuration files for host and user information (because of documentation and reproducibility), we developed two tools that do user and host administration using text files: usermgr and hostmgr.

User Profile Management

Roaming profiles slow down windows enormously ... true, but then again, they are fun. And if you configure things properly you will not fall asleep when loging in.

License Management

Most windows applications are non-free. Still we allow the users to freely install our pre-packaged pre-licensed products through the 'Add/Remove Programs' control-panel. Every night we then run a script on the server which analyses every users registry and creates a list of applications installed. With this information we can then purchase licenses as necessary.

Set ACLs from a Script

Windows 2000 comes with sensibly locked down file system and registry. Almost like Unix. But because this is all new terrain for the average windows application many can not deal with the new access rights and fails miserably. We have therefore written a VBScript which allows you to easily set DACLs on files, folders and Registry keys. We use it in our MSIs as well as in the Boot Script system.

Tobias Oetiker  //  2007-03-22  //  Copyright 2001, ETH Zurich