Page 1 of 3 123 LastLast
Results 1 to 15 of 36
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    College Station, TX USA
    Posts
    21
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Deploying image to 32 identical computers

    I am the sysadmin for a library system and we just received 32 identical computers with Windows 7 Pro on them. I am currently customizing one of them and want to create a disk image and restore it on the others. Since these are OEM machines, Win 7 was pre-installed and I thus do not have an install key for it. We also are not on a domain, so AD is not an issue. I will be using LGPO's though.

    The computers will be used exclusively in a public computer lab with auto-login to a very restricted user account. Also, either DeepFreeze or Drive Vaccine will be used to restore the hdd at every reboot or logoff. These are not machines used for business purposes.

    I know that the standard answer has always been to use sysprep, but I find it extremely hard to use and cumbersome for this task. I also know that the standard answer to why to use sysprep is that there is some potential security risk to having duplicate SID's on the network, but I have been reading some articles by some who say it isn't all that big a deal.

    I guess my question is, can I get away with not using sysprep? I will change the computer names as I deploy each one, so duplicate names will not be an issue. Since these are identical hardware wise, there should be no driver issues.

    Anyway, any advice you can give would be helpful!

    Thanks,
    Wendell

  2. #2
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,164
    Thanks
    47
    Thanked 976 Times in 906 Posts
    Duplicate SID never was a problem, contrary to popular belief. See the Sysinternals article.

    You can happily clone the machines if they never talk to the internet. Create the machine as you want it, then boot with WinPE and use IMAGEX to create an image. Now you can boot the additional machines with WinPE and IMAGEX them from the image, after creating the partition with DISKPART.
    Give it a whirl and let us know how you go.

    p.s. Deepfreeze is really good.

    cheers, Paul

  3. #3
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    Any 3rd party Imaging app should be able to clone one PC to another. Acronis TIH and Macrium Reflect have both been discussed in these forums as having this ability. If the PC's aren't identical you might have driver problems. I do not know what ramifications there might be with the MS EULA????
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  4. #4
    New Lounger
    Join Date
    Dec 2009
    Location
    College Station, TX USA
    Posts
    21
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Paul T View Post
    Duplicate SID never was a problem, contrary to popular belief. See the Sysinternals article.

    You can happily clone the machines if they never talk to the internet. Create the machine as you want it, then boot with WinPE and use IMAGEX to create an image. Now you can boot the additional machines with WinPE and IMAGEX them from the image, after creating the partition with DISKPART.
    Give it a whirl and let us know how you go.

    p.s. Deepfreeze is really good.

    cheers, Paul
    Thanks for the reply. Actually, they will be on the internet, but they will be behind a firewall (Cisco Pix box). I was planning to use Acronis True Image, as we actually have a license for it. I use Deepfreeze currently in my lab, but I've been having some problems with it. The granting agency put something called Drive Vaccine on them, which is similar. Right now, I am having discussions about whether or not I have to use it as they call many of the shots on these things. You know how it is when the government "gives" you something...

  5. #5
    New Lounger
    Join Date
    Dec 2009
    Location
    College Station, TX USA
    Posts
    21
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Ted Myers View Post
    Any 3rd party Imaging app should be able to clone one PC to another. Acronis TIH and Macrium Reflect have both been discussed in these forums as having this ability. If the PC's aren't identical you might have driver problems. I do not know what ramifications there might be with the MS EULA????
    Since these are all OEM machines already running Win 7, I doubt there should be much issue. They were ordered with a custom image by the granting authority and I am trying to modify it to meet our needs. I'm just trying to avoid having to manually create the GPO's on each machine and install the other software I need individually. I'm trying to keep from having to spend several hours per machine in deployment. Actually, I have already done this with our current lab running XP, but since Win 7 is a bit different, I didn't know if the strategy would still work. We use Acronis TI.

  6. #6
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,164
    Thanks
    47
    Thanked 976 Times in 906 Posts
    If the machine talks to the internet it may check it's license and complain. In this case you will need a license server to handle the problem (KMS).

    cheers, Paul

  7. #7
    New Lounger
    Join Date
    Dec 2009
    Location
    College Station, TX USA
    Posts
    21
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Paul T View Post
    If the machine talks to the internet it may check it's license and complain. In this case you will need a license server to handle the problem (KMS).

    cheers, Paul
    Paul,

    Thanks for the reply. I guess I am now confused as to which way to proceed. I understand that Sysprep wants a valid Windows Key, but since these were preinstalled by the vendor (OEM version), I don't have a key to use. Also, I have spent over 6 hours on the first computer getting it the way I want the computers to run. How do you suggest I proceed so I can duplicate this computer to the other 31 without running into license problems or having to manually install software and set up security (LGPO's) on each computer? I also need a way to restore the hard drive if there are problems.

    If I have to use sysprep, I will, but I suppose I am entering uncharted territory for me and am somewhat lost.

    Thanks,
    Wendell

  8. #8
    Super Moderator bbearren's Avatar
    Join Date
    Dec 2009
    Location
    Polk County, Florida
    Posts
    3,760
    Thanks
    26
    Thanked 424 Times in 338 Posts
    Use the cloning technique and don't be concerned. The machines are more than likely all using the same license already, anyway, since they were all prepped to a standard configuration.
    Create a fresh drive image before making system changes, in case you need to start over!

    "The problem is not the problem. The problem is your attitude about the problem. Savvy?"—Captain Jack Sparrow "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware.
    Unleash Windows

  9. #9
    New Lounger
    Join Date
    Dec 2009
    Location
    College Station, TX USA
    Posts
    21
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I am very seriously thinking of doing that. The only thing is that I was reading in some of the Technet forums that it is a violation of the license terms. Apparently, MS says you can't just clone an OEM version, even if it is the same license among all the computers. At this point, I almost don't care as this is really an onerous requirement on MS part. I understand their desire to limit piracy, but I am not trying to pirate anything. I'm just trying to save myself over 250 man hours of work as well as have a recovery strategy that does not involve having separate recovery media for each machine.

    As long as the hardware is identical, a valid OEM license is on each machine (which is identical), I am not changing versions, etc., why can't I just customize one and clone it to the others? MS really needs to rethink their licensing policy.

  10. #10
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Milwaukee, WI
    Posts
    737
    Thanks
    23
    Thanked 64 Times in 52 Posts
    The short answer as you've already learned is that cloning OEM licenses is a violation of the EULA. Windows 7 checks the following items for valid activation:

    • Display Adapter
    • SCSI Adapter
    • IDE Adapter
    • Network Adapter (including the MAC Address)
    • RAM Amount Range (e.g. 0-512 MB)
    • Processor Type and Serial Number
    • Hard Drive Device and Volume Serial Number
    • Optical Drive (e.g. CD-ROM)

    Note the uniqure identifiers that it looks for on boot up. Given these requirements, cloning will cause a need to re-activate all 32 machines, even if they are not on the Internet, and that's going to be a major issue for you. We tried this with XP, and it was the same issue. Windows 7 is even smarter about re-activation. You might want to look into volume licensing. You don't qualify for Enterprise or Select, but I think you qualify for an Open Value Agreement. Talk to a company that does volume licensing, like Software One or CDW to at least get an understanding of what's required.

    If you go this route, keep in mind that it is not simply a matter of paying for the privilege of creating an image. The OEM image will not be able to be used. You'll have to build an image from scratch using a volume licensing disk along with a VL (volume license) key or a KMS (Key Management Server) server. As already stated, the SID issue is really non-existant. I know you said that you find SysPrep to cumbersome, but you might want to rethink that, knowing it can be a great resume booster. However, in my opinion, the work involved in setting all this up and maintaining it for 32 PCs may not be worth it. You'll have to weigh that out.

    I think the solution would be to build a VB Script to configure the PCs and install the software you need. Run the script and go have a cup of coffee until the script finishes. Its a bit of work to setup, but a lot less than manually configuring 32 PCs. It'll be well worth it in the long run. I couldn't survive at work without scripting. I'm assuming you have Windows servers your connecting to also. If so, are the servers and PCs in a domain? Look at Group Policy (similar, but not the same as the local policies) and use that to centrally manage the configuration of your PCs. Again, like scripting, its invaluable. A great book is Group Policy: Fundamentals, Security, and the Managed Desktop.

    Quote Originally Posted by Paul T View Post
    If the machine talks to the internet it may check it's license and complain. In this case you will need a license server to handle the problem (KMS).

    cheers, Paul
    KMS requires volume licensing to activate. It won't work with OEM licenses.
    Chuck

  11. #11
    New Lounger
    Join Date
    Dec 2009
    Location
    College Station, TX USA
    Posts
    21
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I wish I had the luxury of taking the time to learn VBScripting, but I am on a fairly short time frame to get these computers deployed. I've also hit a brick wall on the licensing issue as neither the granting agency, nor my management wants to pay for the VL. I can certainly understand their logic as they have already paid for Windows once through the OEM. Why should they have to pay for it again?

    I'm curious here (not being argumentative, but truly don't understand). How did PCMall, who the computers were purchased from, create a custom build using an OEM license and then clone it to the other machines? My understanding is that an OEM license is already activated and I do know that when I booted the first one up, I received no activation prompts or messages. It was as if it was already activated. The only thing that needed activation was MS Office and it did give me a message stating that the hardware had changed. I know I hadn't changed any hardware, but apparently it was different than the original install of Office on whatever machine they activated it on. I'm wondering if I am going to hit activation issues there no matter what method I use?

    I'm also seeing reports from people on Technet and others who have tried the direct cloning method and have had no problems with OEM licenses needing to be reactivated. So I get those who say it will work and those who say it probably won't. Those who say it violates the EULA and those who say don't worry about it.

    I really, really wish that MS had a solution that did not involve paying for Windows twice. That is like the death tax. Pay your taxes when you are alive and your heirs have to pay it again after you are dead.

    Please excuse the rant. I do appreciate your reply. I am just caught between a rock and a hard place here and not sure of a good way to extricate myself in the time frame I have. Being a one man shop is not all that easy!

    Wendell

  12. #12
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Milwaukee, WI
    Posts
    737
    Thanks
    23
    Thanked 64 Times in 52 Posts
    Quote Originally Posted by wgragg View Post
    I can certainly understand their logic as they have already paid for Windows once through the OEM. Why should they have to pay for it again?
    Exactly the same issue I had when challenged with getting my company legal in terms of licensing.

    Quote Originally Posted by wgragg View Post
    I'm curious here (not being argumentative, but truly don't understand). How did PCMall, who the computers were purchased from, create a custom build using an OEM license and then clone it to the other machines? My understanding is that an OEM license is already activated and I do know that when I booted the first one up, I received no activation prompts or messages.
    OEMs have to pay for that privilege as well. The custom image that has the the builder's splash screen, etc, is built with a System Builders license and SysPrep.

    Quote Originally Posted by wgragg View Post
    I'm wondering if I am going to hit activation issues there no matter what method I use?
    Theoretically, yes. MS has made activation a pain the rear for any company just trying to do the right thing.

    Quote Originally Posted by wgragg View Post
    I'm also seeing reports from people on Technet and others who have tried the direct cloning method and have had no problems with OEM licenses needing to be reactivated. So I get those who say it will work and those who say it probably won't. Those who say it violates the EULA and those who say don't worry about it.
    I can't tell you what to do. Do what you think you need to. Keep in mind that no matter what happens, you're the tech working on the PCs, so you're responsible for license compliance as much as management is. I just hate to see you go down the path of imaging only to run into activation issues.

    Quote Originally Posted by wgragg View Post
    I really, really wish that MS had a solution that did not involve paying for Windows twice. That is like the death tax. Pay your taxes when you are alive and your heirs have to pay it again after you are dead.

    Please excuse the rant. I do appreciate your reply. I am just caught between a rock and a hard place here and not sure of a good way to extricate myself in the time frame I have. Being a one man shop is not all that easy!

    Wendell
    MS does have a solution, its the one that puts the most money in their pockets! I'm with you though, it sucks to have to pay twice for the OS. How we got this approved here was the fact that we really had no choice, legally. I work for a bank, so we have to be compliant. Don't worry about the rant. Its a frustrating situation all the way around.

    BTW, Welcome!
    Last edited by Doc Brown; 2011-07-05 at 12:12.
    Chuck

  13. #13
    New Lounger
    Join Date
    Dec 2009
    Location
    College Station, TX USA
    Posts
    21
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I'm going to try to lay this on the granting agency as they are the ones who decided to go this way. Probably won't work, but worth a try. We are probably the largest shop that they are doing this for as most of the libraries are very small and can work with the software configuration provided by the agency. They may tell us we need to do the same, but I'm going to fight that. They seem to want to depend on only a single layer of security (drive rollback software) to keep the hard drives pure, but I learned the hard way not to do that. I prefer to not let the patrons even see things they can change and use the roll back software as a last resort.

    If all else fails, we may have one option through Techsoup. Being a library, we qualify for MS donations through them and can get licenses very cheap. What I don't know is if it is Win7 Enterprise or not. Will have to check that.

    If I can't get Enterprise, can I still accomplish the same thing?

  14. #14
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Milwaukee, WI
    Posts
    737
    Thanks
    23
    Thanked 64 Times in 52 Posts
    Quote Originally Posted by wgragg View Post

    If I can't get Enterprise, can I still accomplish the same thing?
    If its at least Professional, yes. I never thought about the fact that you are a library, if the tech soup thing doesn't work out, call a VL reseller. You probably qualify for educational discounts. Doesn't hurt to ask.
    Chuck

  15. #15
    Super Moderator bbearren's Avatar
    Join Date
    Dec 2009
    Location
    Polk County, Florida
    Posts
    3,760
    Thanks
    26
    Thanked 424 Times in 338 Posts
    It is not a violation of the EULA to backup Windows, or to restore a backup. If the backup method is drive imaging, it makes no difference. It is also not a violation of the EULA to test your backup image to insure that it is viable and servicable.

    Just a thought.
    Create a fresh drive image before making system changes, in case you need to start over!

    "The problem is not the problem. The problem is your attitude about the problem. Savvy?"—Captain Jack Sparrow "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware.
    Unleash Windows

Page 1 of 3 123 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •