Month: January 2012

Virtual Box, the easy way with Casper

We’ve been deploying VirtualBox on a one-to-one basis for the past year.  Each time someone requested vBox we would get their machine and install it.  Casper came along, and after some politics, we decided to give it a shot at building a Virtual Box installer with Windows 7 built-in.  While the end result still requires some hands-on to modify some settings (such as computer naming & binding to the AD), it is by far faster and easier to get a Mac to run Windows 7 in Virtual Box now.

The following are some considerations when planning your vBox.

  1. Not all software is legally allowed to be distributed “on image”.  Sometimes you’ll have to create a post-install process to do this (such as a GPO or Kace, BigFix, etc).
  2. Binding requires unique name, so you’ll want to bind after it is deployed.
  3. Do not have multiple partitions on the windows drive, you won’t be able to use the dynamic disk size of Virtual Box if your second partition has space left on it.
  4. You’ll want to make sure you setup the storage area to be in a shared space, so it is accessible by more than just the user who created the package.

These are just some of the warnings, however the pay-off is worth it.  If you have a paid application for virtualization (Parraellels, VMWare) it is far easier than with vBox (in my opinion), but again you can’t beat the price of Virtual Box.  That advantage of Casper is that you can push the user preferences for VirtualBox out as a separate package, available For Exisiting Users, or For User Template.  We’re in the testing stages now, but if all goes as planned, we’ll have a simplified Virtual Box deployment in the near future.

I’ll post updates when complete (maybe even the file paths if I get the time).

Till next time.
Advertisements

Microsoft Deployment Toolkit, how Microsoft almost got it right.

Anyone who is deploying Windows 7 to the Enterprise should already be familiar with Microsoft’s Deployment Toolkit (MDT).  It is a great tool and so much easier than what used to be around.  There are other alternatives, however if you are already running a Microsoft Server this is a free option.

Coming from a Mac background there is still much to be desired, but Microsoft has done a good job in getting closer to what can work.  Here are a few things that Microsoft could/should change to make using MDT more useful (and things for you to watch out for when using MDT).

  1. Copying workflows, you can’t.
    • The workflows have unique ID’s.  If you copy one you are just making a reference to the original.  Modify one of them and the other gets modified as well.  Create a new workflow and copy the Task Sequence if you want a new workflow to follow the original.
  2. Active Directory binding to OU group naming
    • The AD binding feature of MDT is a great tool.  However, without hacking the MDT you are limited to seeing only the full path of the OU you are putting the computer into.  Make sure the last OU is named something that you can easily identify.
  3. You can’t move the order of your Applications.
    • There are tools to re-organize your application packages once you’ve uploaded them, but nothing native to MDT.  Things change, orders should be able to be changed as well.  This feature makes it seem like the developers never used it to modify complex workflows.
  4. The OS specific options can not be altered without a separate deployment.
    • There are some options that are set for the entire deployment, and some that are set on the individual task sequence.  It would be so useful to be able to alter some of the deployment options based on Task Sequence selected, not the deployment share it resides on.

While these are just some of the annoyances of MDT, it does the job well enough to consider it, especially for it’s price.  It’s driver injection & easily modified application installation scripts make it a useful tool to for your IT toolbox.

Till next time.

Did the smurfs have it right?

Recently I’ve been thinking about what would make a helpdesk the most efficient.  For a college campus the lab and classrooms generally have a different set of technicians than you do for the faculty/staff.  However I have started to feel that perhaps this is not quite scalable to all sizes.

This came to mind when I saw the smurfs recently.  Each smurf has a specific task to do or lead, and the other smurfs all help in with their specialties, following the guidance of Papa Smurf and whatever smurf was in charge.  What if an IT helpdesk followed the same philosophy, that the most talented people in a field deal with the issues with the help of the rest of the team for larger projects.

Most IT helpdesks are understaffed.  So splitting the responsibility up is hard to do, but that is why you have a helpdesk team, to work with each other and to cover each other so services are not interrupted.  The example below has six groups, with the main contact group (Tier II) having 4 members, and all specialized workgroups (Tier III) have two members each.  This could be expanded out based on the number of employees and the other needs of your organization.  Notice how even though some people are on the Tier II group, they are also Tier III techs.  Tech assignment isn’t specific, I just threw them in there to get a general sense of the diversity and redundancy that this allows for.

Sample Helpdesk Workgroup Membership

Example of six workgroups for an IT helpdesk.

This is still a work in progress, but I’m hoping can be expanded and modified to develop a workflow that allows issues to be addressed quickly by the most talented staff available.

Till next time.

How to Remove Symantec Endpoint Protection 11 (SEP11) with the Casper Suite

Symantec Endpoint Protection 11’s removal is never perfect, few software titles are when you remove or install at the Enterprise level, there’s always a need for further testing and refining.  At the current time I have come up with this method for removing Symantec Endpoint Protection and it seems to work fair enough.  There may be a better way, but this way works for my purpose.

First go to Symantec’s Mac Removal page and download the SymantecRemovalTool from the bottom of the page, not the one that comes up on the top of the page.  Create a folder in the Library/Application Support folder with your business’ name (I use this as a location for storing files and such that can be used in scripts).  Alternatively you could put it in the /tmp folder if you want it to be erased after the reboot.

Now copy the SymantecRemovalTool folder you downloaded (as a zip) into that folder.  Launch Composer and drag the /Library/Application Support/businessname/SymantecRemovalTool folder into Composer.  Let Composer do it’s thing and see the copied files.  Close up Composer and all your windows and move on to the script part.

Launch your favorite shell script editor (XCode, TextEdit, whatever) and put this in the file…

#!/bin/sh
/Library/Application\ Support/businessname/SymantecRemovalTool/SymantecRemovalTool.command / -q

… save the file as SymantecRemovalScript.sh.  Fire up the terminal and make that file executable (chmod +X SymantecRemovaScript.sh).  Launch Casper Administrator and add the script you just made and the package you made from the SymantecRemovalTool folder.

Create a Policy that installs the package, then runs the script after installation.  You can also add the Anti-Virus installer that you are using to replace Symantec with.  I gave a notice that their anti-virus had changed and requested them to reboot.  If nobody was logged in then I had the machine do an automatic restart.

You should be set for the action, but my inventory seemed to not update (though I checked update inventory).  I made three Smart Computer groups to watch this and run an update.  The first group is the Group of computers that still have Symantec Endpoint Protection on them.  The second group had the new Anti-Virus on them, and the third group had both installed.

On the first group you assign the removal/replacement policy.  On the third group (the both group) you assign an update inventory policy.  The second group (new AV) you do nothing as they should all be happy.

Alternate Option:  postinstall script

You should be able to use the postinstall script to launch the SymantecRemovalScript.sh from the installer or even run the script from the postinstall, I tried both and neither worked.  The packages say it installed, but the postinstall script didn’t run.  It should have.  Your mileage may vary.  I found a work around and used that.  Let me know if it works for you as it would remove the need for the script to be uploaded separately.

Till next time.

Deploying InDesign CS 5.5 with JAMF Casper Suite without Extension errors

Save the intro for later.  Down to business.

Adobe has come a long way in the Mac installers for their products, the Adobe Application Manager Enterprise Edition (AAMEE).  However deploying it is still a process that requires some finessing.  JAMF’s Casper does a great job, but if you are not running Casper on a Mac server you are most likely going to run into issues getting it deployed without issue.  Specifically if you have your repository served out via HTTP or SMB.

The issue is a known issue, and knowing Adobe they are not going to fix it.  What I have done doesn’t fix it either, but it does get rid of the extensions so InDesign only loads 223 extensions and not 233.  The ten I took out are all related to InCopy, so if you don’t know what InCopy is or you know what it is and you don’t use it, feel free to use this code to get your InDesign CS 5.5 deployed without users calling back asking why there are errors.

The first part is to use AAMEE to create the installer.  This is documented well on JAMF’s site and Adobe’s.  Just make sure you disable AIR and continue on errors.

The second part is simple, make a script that will run after the installation and just ‘rm’ those pesky extensions away.  When InDesign launches it will register the remaining extensions and launch without issue.  I’ve opted to nuke the whole lot InCopy extensions, but you could get selective if you like.

#!/bin/sh
rm -fdr /Applications/Adobe\ InDesign\ CS5.5/Plug-Ins/InCopyWorkflow

Of course, I highly suggest you just type it out, but if you want to copy it, feel free.

Till next time.