Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Similar documents
Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Installation Guide. . All right reserved. For more information about Specops Password Policy and other Specops products, visit

Installation Guide. . All right reserved. For more information about Specops Command and other Specops products, visit

Installation Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit

Copyright and Trademarks

Specops Password Policy

Troubleshooting Guide

Install and Manage Windows Nano Server 2016 Step by Step

Administration Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Deploying Windows 7 Using MDT UDI

Microsoft Deployment Toolkit

Windows Server 2008 Administration

Course No. MCSA Days Instructor-led, Hands-on

Administering Windows Server Contact Hours

Microsoft User Experience Virtualization Deployment Guide

MCSE- Windows Server 2012

Managing Group Policy application and infrastructure

MD-100: Modern Desktop Administrator Part 1

Hands-On Lab. Windows Azure Virtual Machine Roles. Lab version: Last updated: 12/14/2010. Page 1

Administering Windows Server 2012

COURSE OUTLINE MOC 20411: ADMINISTERING WINDOWS SERVER 2012 MODULE 1: CONFIGURING AND TROUBLESHOOTING DOMAIN NAME SYSTEM

Administering Windows Server 2012

Managing Group Policy application and infrastructure

Pearson System of Courses (PSC) Deploying PSC with System Center Configuration Manager (SCCM) for Windows

IBM Deployment Pack for Microsoft System Center Configuration Manager 2007 Installation and User s Guide

RAP as a Service Active Directory Security: Prerequisites

Administering Windows Server 2012

MCSA Windows Server 2012

App Orchestration 2.0

Windows Server : Administering Windows Server 2012 R2. Upcoming Dates. Course Description. Course Outline

Privileged Identity App Launcher and Session Recording

A guide to configure agents for log collection in Log360

Active Directory Auditing Guide

Evaluation Kit Manual

Docusnap X - Windows Firewall Exceptions. Configuring Windows Firewall Exceptions for Docusnap

User Manual. Active Directory Change Tracker

Password Reset Utility. Configuration

Administering Windows Server 2012

Vendor: Microsoft. Exam Code: Exam Name: Administering Windows Server Version: Demo

Guide to Deploy the AXIGEN Outlook Connector via Active Directory

Virtual Recovery Assistant user s guide

COPYRIGHTED MATERIAL. Contents. Assessment Test

70-411: Administrating Windows Server 2012

Deploying a System Center 2012 R2 Configuration Manager Hierarchy

Managing Windows Environments with Group Policy

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

Deploying Windows Server 2008 with System Center

Deploying Windows Devices and Enterprise Apps

VMware Mirage Web Manager Guide

ThinManager and FactoryTalk View SE Deployment Guide

NE Administering Windows Server 2012

Click Studios. Passwordstate. Password Discovery, Reset and Validation. Requirements

NetIQ Advanced Authentication Framework. Deployment Guide. Version 5.1.0

Dell EMC Server Deployment Pack Version 4.0 for Microsoft System Center Configuration Manager. User's Guide

NetIQ Advanced Authentication Framework. Deployment Guide. Version 5.1.0

Dell Server Deployment Pack Version 2.1 for Microsoft System Center Configuration Manager User's Guide

MCSA Guide to Administering Microsoft Windows Server 2012/R2, Exam Chapter 10 Managing Group Policies

Administering Windows Server 2012

COURSE 20698A: INSTALLING AND CONFIGURING WINDOWS 10

MOC 20411B: Administering Windows Server Course Overview

IBM Endpoint Manager. OS Deployment V3.5 User's Guide

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP

Managing Windows-based Dell Wyse Thin Clients using System Center Configuration Manager Administrator s Guide

Autodesk DirectConnect 2010

SEVENMENTOR TRAINING PVT.LTD

Microsoft Certified Solutions Expert (MCSE)

Practical 23 Manage Desktop Configuration using group policy and remote installation services.

Enabling Smart Card Logon for Linux Using Centrify Suite

ForeScout Extended Module for IBM BigFix

Deploying Windows Devices and Enterprise Apps

Installation on Windows Server 2008

20411D D Enayat Meer

RAP as a Service for Exchange Server: Prerequisites

SCCM 1802 Install Guide using Baseline Media

Workspace ONE UEM Certificate Authentication for EAS with ADCS. VMware Workspace ONE UEM 1902

Course Content of MCSA ( Microsoft Certified Solutions Associate )

Pearson System of Courses

Administering Windows Server 2012 (NI104)

Dell Lifecycle Controller Integration Version for Microsoft System Center 2012 Virtual Machine Manager Installation Guide

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP. For VMware AirWatch

VMware AirWatch Certificate Authentication for EAS with ADCS

Setting Up Resources in VMware Identity Manager

Vendor: Microsoft. Exam Code: Exam Name: Implementing Desktop Application Environments. Version: Demo

Deploying Windows 8.1 with ConfigMgr 2012 R2 and MDT 2013

Installing and Configuring Windows 10

Click Studios. Passwordstate. Password Discovery, Reset and Validation. Requirements

"Charting the Course... MOC B Implementing a Desktop Infrastructure. Course Summary

Install and upgrade Qlik Sense. Qlik Sense 3.0 Copyright QlikTech International AB. All rights reserved.

Deploying the Core Optimized Desktop Using the Microsoft Deployment Toolkit 2010

Installation of LAPS Password Management Demo Deployment

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

ForeScout Extended Module for Qualys VM

Implementing a Desktop Infrastructure

Dell Lifecycle Controller Integration Version 1.1 for Microsoft System Center 2012 Virtual Machine Manager Installation Guide

Xcalibur Global Version Rev. 2 Administrator s Guide Document Version 1.0

Sharpdesk V3.3. Push Installation Guide for system administrator Version

Exam Questions

Course : Installing and Configuring Windows 10

SolarWinds. Patch Manager. Evaluation Guide. Version 2.1.2

Transcription:

. All right reserved. For more information about Specops Deploy and other Specops products, visit www.specopssoft.com

Copyright and Trademarks Specops Deploy is a trademark owned by Specops Software. All other trademarks used in this document belong to their respective owners. 2

Contents Key components 5 Requirements 6 Installing Specops Deploy / OS 7 Installing the Image Server 8 Installing the Administration Tools 10 Installing the Specops Log Viewer 11 Post-installation configuration 12 Add new license key 13 Assign permissions 14 Create a Deployment Server 15 Add an operating system image 16 Deploy the Specops Deploy Client-Side Extension using Group Policy Software Installation 17 Complete the Default Policy 19 Create a Capture organizational unit and policy 21 Add operating system deployment settings to a Group Policy Object 23 Support 24 3

About Specops Deploy / OS Specops Deploy simplifies the installation of operating systems, software, and applications in your Microsoft Active Directory environment. Specops Deploy extends the functionality of Group Policy and can be used to target any number of user and computer objects within Active Directory. You can use Specops Deploy to save user state during installation, manage user local settings, capture operating system image, and remotely manage and monitor multisite deployments. Specops Deploy is a complete deployment management solution. Specops Deploy is a component of the Specops Desktop Management suite. You can learn more about Specops Deploy and other Specops products at www.specopssoft.com. 4

Key components Specops Deploy / OS consists of the following components and does not require any additional servers or resources in your environment. Image Server: Maintains operating system images and drivers used in each Deployment Group and replicates them to the associated Deployment Servers. The Microsoft Deployment Toolkit (MDT), and the Windows Assessment and Deployment Kit (ADK) will be installed on this server. This will be the Hub for Distributed File System Replication (DFS-R) to replicate the images. Administration Tools: Used to configure the central aspect of the solution and enable the creation of new Deployment Servers. Deployment Server(s): Replies to client requests for PXE booting and Client Side Extension. The Deployment Server(s) will be the DFS-R target for the Image Server. The Windows Deployment Services role will be installed onto this server. Specops Log Viewer: Provides searchable log files, in various formats, in real-time. Note: The Specops Log Viewer is an optional component. 5

Requirements Your organization s environment must meet the following system requirements: Item Requirement Image Server Windows Server 2008 or later Microsoft Deployment Toolkit (8443) Windows Assessment and Deployment Kit for Windows 10 Version 1709 PowerShell 3.0 or later Administration Tools Windows Server 2008 or later Client OS Windows 7 or later.net Framework 3.51 SP1 or later PowerShell 3.0 or later Active Directory and Users and Computers snap-in Group Policy Management Console (GPMC) Deployment Server(s) Windows Server 2008 or later.net Framework 3.51 SP1 or later installed on Windows Server 2008 OR.NET Framework 4.0 installed on Windows Server 2012 PowerShell 3.0 or later Configure IP helpers on your network to point to the WDS server. Specops Log Viewer.Net Framework 4.0 or later 6

Installing Specops Deploy / OS During installation, Specops Deploy will launch the Setup Assistant. The Setup Assistant contains installation information for all products from the Specops Deploy suite including Specops Deploy / OS, Specops Deploy / App, and Specops Deploy / Endpoint Protection. You will only need to complete the installation steps for the product you plan on installing. The Setup Assistant will help you install the following components for Specops Deploy / OS: Image Server Administration Tools Specops Log Viewer Before you begin verify that the account being used to run the Setup Assistant has permissions to create Child Objects in Active Directory. 1. Download the Setup Assistant. 2. Save and Run the Setup Assistant locally to a machine where you administer Group Policy Note: By default the file is extracted to C:\temp\SpecopsDeploy_Setup_[VersionNumber] 3. Double click Specopssoft.SetupAssistant.exe to launch the Setup Assistant. 4. To begin, click Start Installation in the Specops Setup Assistant dialog box. 7

Installing the Image Server The Image Server maintains operating system images and drivers and ensures that the Deployment Servers are updated automatically when changes are made in the central repository. Install the Image Server 1. In the main menu, select Image Server Setup. 2. Verify that you have fulfilled the prerequisites. If you do not meet the pre-requisites you may need to do the following: a. Verify that you are running a valid operating system. b. Click Download to download the Microsoft Deployment Toolkit (MDT). c. Click Download to download Windows Assessment and Deployment Kit (ADK) for Windows 10. d. Verify that PowerShell is installed and enabled. 3. Click Select to identify the management level where the Active Directory permissions are created. This is also used to track license usage. 4. Click Select User. 5. Enter the Username and Password of the user account that will join your work stations to the domain, and click OK. If you are also installing Specops / Deploy App, we do not recommend using the same service account. Note: All operations performed by the Specops Image Server component will be performed in the context of the user that is running the OS administration tool. The account should be configured with the minimum permissions necessary to complete the required tasks. Permission Change Password Reset Password Allowed to authenticate Validated write to service principal name Validated write to DNS host name Read public information Read personal information Read account restrictions Write account restrictions Read DNS host name attributes Permission type Object Object Object Object Object Property Property Property Property Property 8

6. Click Select to select the disk drive where Specops Deploy / OS will store data. 7. Click Install. 9

Installing the Administration Tools Installing the Administration Tools will install the Specops Deploy / OS admin tool and the GPMC snap-in. You can use the Specops Deploy / OS admin tool to configure the solution and enable the creation of new Deployment Servers. You can use the GPMC snap-in to create operating system deployment settings in Group Policy Objects. The Administration Tools should be installed on the computer that you want to administer the product from. Install the Administration Tools 1. In the main menu, select Administration tools. 2. If you want Specops Deploy / OS to register the Specops Active Directory Users and Computers (ADUC) Menu Extension, click Add menu ext. Note: This will allow Specops to add the Specops Display Specifiers in the configuration partition of your Active Directory forest allowing you to administer the product directly from the right-click menu of Active Directory objects. In order to add the menu extension to Active Directory the user running of the Setup Assistant must be an Enterprise Administrator. 3. Click Install. 4. In the Installation succeeded dialog box, click OK. 10

Installing the Specops Log Viewer The Specops Log Viewer is a stand-alone text file reader. The Log Viewer should be installed on any machine where the Specops Deploy / OS admin tool is installed. Install the Specops Log Viewer 1. In the main menu, select Specops Log Viewer. 2. Click Install. 11

Post-installation configuration You will need to complete the following configuration settings once you have installed Specops Deploy / OS: 1. Add new license key 2. Assign permissions 3. Create a Deployment Server 4. Add an operating system image 5. Deploy the Specops Deploy Client-Side Extension using Group Policy Software Installation (GPSI) 6. Complete the Default Policy 7. Create a Capture organizational unit and policy 8. Add operating system deployment settings to a Group Policy Object 12

Add new license key Enter your new license key in the Specops Deploy / OS admin tool. a. Open the Specops Deploy / OS admin tool. b. In the Add License dialog box, click Import License c. Browse to the location of the TXT file and click Open. 13

Assign permissions Verify that your account is assigned the appropriate permissions. To obtain administrative permissions on the image server you will need to belong to one of the following local groups on the image server: Specops Deploy OS Admins Administrators 14

Create a Deployment Server You will need to create a Deployment Server which the clients will connect to during operating system installations. You can create a Deployment Server using the Specops Deploy / OS admin tool. 1. Open the Specops Deploy / OS admin tool. 2. In the navigation pane, expand Servers, and click Install new Deployment Servers. 3. Enter the name of the server you want to configure as a Deployment Server, or click the browse button to find the server in Active Directory, and click Next. Note: If the Image Server and Deployment Server are installed in the parent domain, and a GPO is configured in the sub domain, you will need to configure the deployment server explicitly in the GPO. 4. Click Next. The Specops Deploy / OS admin tool will verify that the target server meets requirements. 5. Click Finish when the installation is complete. 15

Add an operating system image You will need at least one operating system image to use during client installations. You will need to add your first operating system image from an original source. This should be the original Microsoft Volume License DVD. Note: It is important to load the DVD / ISO that has been most recently added to the Microsoft download site. If you are importing an image from an ISO, you will need to mount the ISO and browse to the drive it is mounted to. 1. Open the Specops Deploy / OS admin tool. 2. In the navigation pane, expand Images and Packages, and click Import Operating System from Original Source. 3. Enter or browse to the location of the device or the folder containing the operating system, and click Next. 4. Select the operating system you want to import, and click Next. 5. Enter an image name and description. Note: If you are using MAK-licensing you should also add the license key to the image data. 6. Click Next to import the selected image to the Specops Deploy / OS deployment repository. Note: To make the operating system image available on the Deployment Servers, you will need to publish the deployment repository. 16

Deploy the Specops Deploy Client-Side Extension using Group Policy Software Installation You can automatically configure an existing Group Policy Object with Software Installation settings to deploy the Client in your domain. The Client Side Extension is a required component for all Deploy Products. You can deploy the Client-Side Extension from the Setup Assistant in the Specops Deploy / App menu. 1. Launch the Setup Assistant and click Start Installation from the Specops Deploy / App menu. 2. Click Deploy Specops Deploy Client Side Extension. 3. To select the Group Policy Object that will be used to deploy the client, click Select GPO. You will be given the following options: Option Create New GPO Select an existing GPO Step 1. Click Create New GPO. 2. Enter a new Group Policy Object name. 3. Select the location you want to link the Group Policy object to. 4. Click OK. 1. Select an existing GPO from the list. 2. Select a link for the chosen GPO, and click OK. 4. To install the Client on all computers in your organization you can: Option Create a network share on the local computer and copy the Client-side extension package to the new network share Select an existing network share and manually copy the msi-package to the existing network share Step 1. Click Create Share. 2. Select a local path to create the share for, and click OK. 3. Click Select share. 4. Verify that the network path to the network share you created is correct, and click OK. 1. Click Select Share 2. Browse to the location of the msi-package, and click OK. Note: It is recommended that you use a Distributed File Share (DFS). If DFS is used with load balancing verify that the setup files are copied to all servers before proceeding. 17

5. To create the packages for x86 and x64 deployments in the selected GPO, click Add Settings. Note: For future deployment, it is best practice to include the Deploy Client in your captured image. This will allow Application Deployment to proceed during the build process as opposed to a subsequent reboot that will allow the client to install via Group Policy Software Installation. 18

Complete the Default Policy The Default Deployment Policy applies to computers that are not affected by any Group Policy Object with Specops Deploy / OS settings. A computer with a default policy can be deployed to any organizational unit in the Scope of Management without Group Policy deployment settings. 1. Open the Specops Deploy / OS admin tool. 2. In the navigation pane, expand Policies. 3. Click Edit Policy. 4. Configure the following settings: Installation settings Setting name Allow user to initiate reinstall (F12) Save local user data on user initiated reinstall Enable real time logging Generate Strong Random Password Local Admin Password Repeat Password Encrypt Password Lock screen during installation Description Allows end users to initiate an operating system reinstall by pressing F12 at system startup. Saves local user data when a user initiates a reinstall of a computer. Enables real time logging to produce a detailed log from the computer being reinstalled. The log can be accessed by rightclicking a computer in the Deployment navigation pane. Generates a strong random password each time a computer is reinstalled. The computer will have to be administrated through Domain Admin accounts. Enter the local administration password that will be configured for all computer that are installed through this policy. Re-type the Local Admin Password. Encrypts the Local Admin Password. The Password will be stored in a configuration file on all deployment servers. Locks the Windows desktop during the final stages of the installation when the computer is logged on as a local administrator. Operating System Settings Setting name Force x86 image on all systems Image for x86 systems Description Forces the installation of the 32-bit OS image on all computers. The operating system image to be used on systems which are 32-bit capable, or all systems if the Force x86 image on all systems setting is used. 19

Image for x64 systems Organization name Usage of WSUS WSUS Server URL Language Packs The operating system image to be used on systems which are 64-bit capable. Enter the organization name that should be configured for computers installed with this policy. Specify if Windows Update Services should be used, either from Microsoft or a Windows Server Update Server services infrastructure within an enterprise. The UR; to the internal WSUS server. Note: This setting is only available if the Internal WSUS Server type has been enabled. Specifies the language packages that should be included in the installation. Environment Settings Setting name Windows UI Language Regional Settings Language Time Zone Keyboard Languages Description Specifies which UI language Windows should use. Specifies which language code to use for regional formatting settings. Specifies the time zone the computer should be configured to use. Specifies the keyboard languages that should be installed and the order of preference between keyboard languages. Custom MDT Properties Specify or customize properties used by the MDT during installation. 5. Click OK. 20

Create a Capture organizational unit and policy To complete a successful capture, it is recommended that a Capture organizational unit be created. This organizational unit should block other Group Policy Objects in the domain so that they cannot interfere with the capture process. You should also create a Group Policy Object within the Capture organizational unit that enables the following connections through the Windows Firewall. Remote Registry service Remote Procedure Call (RPC) Windows Management Instrumentation (WMI) Internet Control Message Protocol (ICMP), also known as Ping Client computers should be added to the organizational unit to ensure a clean image after capture. It is important to use a virtual machine, as opposed to a physical machine, when completing the below steps. 1. In the GPMC, right-click your domain node, and click New Organizational Unit. 2. In the text field, enter a name for the organizational unit (eg. Specops_Deploy_Capture_Settings ). 3. Click OK. 4. Right-click on the organizational unit, and click Block Inheritance. 5. Right-click on the organizational unit, and click Create a GPO in this domain and Link it here. 6. In the text field, enter a name for the GPO, and click OK. 7. Right-click on the newly created GPO, and click Edit. 8. You will need to edit the GPO with the following settings: Setting Enable Remote Registry Enable RPC Step 1. In the Group Policy Management Editor expand Computer Configuration, Policies, Windows Settings, Security Settings, and click System Services. 2. In the Service Name tab, right-click Remote Registry and select Properties. 3. Enable Define this policy setting. 4. Enable Automatic. 5. Click OK. 1. In the Group Policy Management Editor expand Computer Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with Advanced Security. 21

Enable WMI Allow ICMP (Ping) exceptions 2. Right click Inbound Rules and select New Rule 3. Enable Predefined. 4. From the drop-down menu, select Remote Service Management, and click Next. 5. Verify that all the rules are enabled, and click Next. 6. Verify that Allow the Connection is enabled and click Finish. 1. In the Group Policy Management Editor expand Computer Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with Advanced Security. 2. Right click on Inbound Rules and select New Rule 3. Enable Predefined. 4. From the drop-down menu, select Windows Management Instrumentation, and click Next. 5. Verify that all the rules are enabled, and click Next. 6. Verify that Allow the Connection is enabled and click Finish. 1. In the Group Policy Management Editor expand Computer Configuration, Policies, Administrative Templates, Control Panel, Network, Network Connections, Windows Firewall, and click Domain Profile. 2. In the Settings tab, right-click Windows Firewall: Allow ICMP exception and select Edit. 3. Select the Enabled checkbox, and click OK. 22

Add operating system deployment settings to a Group Policy Object The operating system image and settings that apply to a computer during installation are determine by the Group Policy Object in Active Directory. You will need to create a Group Policy Object with Specops Deploy / OS settings. The GPMC snap-in, installed with the Administration Tools, allows you to create and manage Specops Password Policy settings from the Group Policy Management Console. The settings are stored as a part of the Group Policy Object allowing you to control how and where the policy applies. 1. In the GPMC, expand your domain node, and locate the GPO node. 2. Right-click on the GPO node, and select New. 3. Enter a name for the Group Policy Object, and click OK. 4. Right click on the new GPO node, and select Edit. 5. In the Group Policy Management Editor expand Computer Configuration, Policies, Software Settings, and click Specops Deploy / OS. 6. Click Edit Policy. 7. Select the Operating System tab. 8. Find your OS image from the appropriate drop-down box, and click Save. 9. Link the GPO to the appropriate OU. 23

Support Congratulations! You have successfully installed and configured Specops Deploy / OS. If you are unable to resolve a product related issue, contact Specops Support for assistance. Online We recommend submitting your case directly on our website at: http://www.specopssoft.com/support-contact/ Telephone International +46 8 465 012 50 Monday - Friday: 09:00-17:00 CET North America +1-877-SPECOPS (773-2677) Monday - Friday: 09:00-17:00 EST 24

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback