Advanced PC Config Topics
NOTE: This page contains information that is only useful to Helpdesk / LIS faculty and staff. Therefore I'm considering moving this information to our Internal wiki. If you feel that this information is important to the general public and/or do NOT think that this move is appropriate, please comment on the discussion page.
--Hunt, Christopher 14:59, 17 November 2009 (UTC)
Test if a machine is frozen (with Deep Freeze)
DFC.exe get /ISFROZEN | find "THAWED"
This will set %errorlevel% to 1 if it's frozen.
Adding a new lab in labstats
Just follow the links in the admin interface. Don't forget to:
- Set the permissions (Administrators => Edit group permissions) to allow public users to view the lab (if that is desired).
- Add a lab map (if that is desired)
Adding a new lab map in labstats
- Login to the admin interface
- Labstats uses "lab" configurations as the basic building block. To create a lab map, you first need to have a lab configuration for the particular computer lab. If there is no configuration for the particular computer lab, go into "Labs", add the new Lab. If the computers for this lab are already deployed with the lab stats client, they will appear in the Labs menu under "Unassigned" computers. Reassign them to the new Lab.
- Go into the LabMaps section. Add a new map, choose the lab configuration. Drag the computers to arrange them. There are also some custom icons for doors, printers, scanners - use those if you'd like.
- Finally, remember to assign permissions to the user called "Public User". Click on "Administrators", click on "Edit Group Permissions", click on "Public User", near the bottom of the page find the new lab, select it and place checkmarks next to "View Lab Map" and anything else you want the public to see.
Symantec Ghost Topics
Install a printer globally using Symantec Ghost Console (execute command)
New task => Execute command
Arguments: /c RUNDLL32 PRINTUI.DLL,PrintUIEntry /ga /n\\papercut\LIB105 & net stop "Print Spooler" & net start "Print Spooler"
Using the Ghost Boot Wizard to create a bootable USB flash disk
A bootable USB flash disk with Ghost can be used to:
- deploy the ghost console
- deploy a ghost image from the network to a local disk
- deploy a ghost image from one local disk to another
- Insert the USB flash disk (BACKUP ALL DATA FROM IT AS IT WILL BE ERASED!)
- Start the Ghost boot wizard from the Ghost console (or from c:\Program Files\Symantec\Ghost\Ghost Boot Wizard.exe)
- Select "Standard Ghost Boot Package" if you don't need network access.
- If the drive you will be imaging TO is a USB drive, pick the USB option. Same with the SCSI
- Click next until you get to the "Destination Drive" section.
- Select "Network Boot Package" if you DO need network access.
- Pick "Multicard Template"
- Select ALL the cards (see the section below on adding a new card).
- Click next until you get to the "Destination Drive" section.
- Select "Format Disk" and click Next. When it finishes, click "Finish".
Using the Ghost Boot Wizard to create an image of the ghost console partition
The ghost console partition is used to image a machine over the network. Any computer booted from the ghost console partition can be controlled by the Ghost server and an image can be pushed onto it. This is how we image labs.
To create a ghost image of the ghost console partition:
- Start the Ghost boot wizard from the Ghost server console (or from c:\Program Files\Symantec\Ghost\Ghost Boot Wizard.exe)
- Select "Ghost Console Partition"
- Pick "Multicard Template" and select ALL the cards. If your network card is not in the Multicard template, you will need add it manually. See the section below on adding a driver for a new card. Once you add the driver for a new card manually, you cannot include it in the Multicard Template. You will need to create a separate ghost console image, just for computers with that new network card. When you add the driver for the new card, the driver will appear on the main screen of the ghost boot wizard. The procedure for creating a console image with the new driver is the same, instead of selecting the Multicard template, select the new driver.
- Click next until you get to the "Ghost Image Details" section. Here, click browse and choose where the ghost image should be saved. You can also enter a description for the ghost image.
- Click Next and then click "Finish" when finished.
This way, the Ghost Boot Wizard creates an uncompressed Ghost console image. This works fine, except it's a little slow when deploying the image. To speed it up, deploy the image to a computer or a flash drive, don't reboot. Then use Ghost again to create an image from the computer or the flash drive that you just ghosted. Choose to compress the new image. You can replace your previous console image with the new, compressed one, as it will be faster to deploy.
What to do if my network card is NOT in the multicard template
You will need a separate ghost console image for this situation.
- Follow the procedure outlined here: Adding_More_Network_Card_Drivers - this will allow you to add drivers for your network card.
- Then follow Using_the_Ghost_Boot_Wizard_to_create_an_image_of_the_ghost_console_partition, insted of choosing "Multicard Template", choose the network card driver you added in step 1.
Combining a bootable USB flash disk with the ghost console image
Using the procedures above you create two things:
- A bootable USB stick with ghost on it
- A ghost image to be deployed
You can actually copy the ghost console image to the USB flash disk. You can put it anywhere, but for this example it should be in the folder called "ghost" on the USB flash disk:
Contents of USB Flash Disk: IBMBIO.COM IBMDOS.COM AUTOEXEC.BAT COMMAND.COM CONFIG.SYS GHOST <-- Ghost console partition image goes here MOUSE.COM NET MOUSE.INI
Now you can boot from the USB flash disk, and when ghost loads you can go: Local => Disk => From Image and then select your ghost console partition image.
Adding More Network Card Drivers
- Note: If you're having trouble finding the right Intel driver, read this: http://www.symantec.com/connect/forums/virtual-partition-failed-reboot-client-recovery-partition-gss-20 -- alternatively, visit http://support.dell.com and obtain the driver from there - Dell's drivers include dos drivers and are easy to extract. They not necessarily up to date, though.
- Note 2: If you're having trouble extracting a driver obtain from intel.com, read this: http://service1.symantec.com/SUPPORT/on-technology.nsf/docid/2008081107094760
Modifying the Multicard Template
Note that this does not work in the latest version of Symantec Ghost (the one we have). Workaround: create a ghost console image for each computer that's absent from the multicard template. Put each ghost console image on a bootable USB flash drive, as outlined in: Combining_a_bootable_USB_flash_disk_with_the_ghost_console_image.
Advanced Image Creation with Symantec Ghost
Skipping Certain Files
You can create a "skipfile" to "skip" (or exclude) certain files while creating the image. This is useful for decreasing the size of the image and making it more portable. For example it can be used to exclude the hibernation file or the page file. E.g.
skipfile should contain the following text:
[ghost exclusion list] *\pagefile.sys *\hiberfile.sys [end of list]
Then run ghost.exe with the flag -skip=@skipfile. *
This can also be used to allow KeyAccess (the KeyServer client) to be installed on the image. For details, see www.sassafras.com/hrl/6.1/clone.html
Symantec Ghost Console cannot generate enough unique names
On the ghost server, sometimes, the Symantec Ghost Server Console may refuse to execute a task with the error message:
The computer name in template configuration can not be used to generate enough unique values.
The solution seems to be to edit the task, and in the configuration tab, browse, then right-click and edit the configuration template. In the configuration template screen, under the computer name section, make sure there are at least 4 asterisks (*) after the name (e.g BIH512-****).
Large Scale Software Deployment, Account and Settings Management
Change the security or file system permissions on a file or a folder using a script
%windir%\system32\cacls.exe "C:\Program Files\MINITAB 14 Student" /T /E /C /G Everyone:R %windir%\system32\cacls.exe "C:\Program Files\MINITAB 14 Student" /T /E /C /G Everyone:W %windir%\system32\cacls.exe "C:\Program Files\MINITAB 14 Student" /T /E /C /G Everyone:C
- Notes: run cacls /? to get information on the syntax.
Associate an extension or file type with a program using a script
assoc .dg5=deltagraph ftype deltagraph="C:\Program Files\DeltaGraph 5\dg5.exe" "%1"
- Notes: Commands need to be run as an admin. Changes are immediate. This doesn't give a fancy icon to the file type.
Copy Office 2007 Quick Access Toolbar Settings to Default User
Office 2007 (e.g. Word 2007) stores the quick access toolbar settings in "C:\Documents and Settings\%username%\Local Settings\Application Data\Microsoft\Office" in files that end with ".qat". If you use the "copy to default user" technique, anything under "Local Settings" does NOT get copied over. If you really want to control the quick access toolbar settings you will have to create this folder: "C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Office" folder and manually copy over any "qat" files from your template user account.
Install and Config Lab Software
Change the desktop wallpaper with a script
REG ADD "HKCU\Control Panel\Desktop" /V Wallpaper /T REG_SZ /F /D "%SystemRoot%\energybliss.bmp"
%SystemRoot%\System32\RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters
Get a list of globally installed printers
rundll32 PRINTUI.DLL,PrintUIEntry /ge
Delete a globally installed printer
RUNDLL32 PRINTUI.DLL,PrintUIEntry /gd /n\\papercut\BIH117
Install a printer globally with a script
RUNDLL32 PRINTUI.DLL,PrintUIEntry /ga /n\\papercut\BIH117 net stop "Print Spooler" net start "Print Spooler"
Set a printer as default with a script
RUNDLL32 PRINTUI.DLL,PrintUIEntry /y /n "\\papercut\BIH117"
To set the printer as default globally (for all users) you will need to put this in a bat file and place that bat file in Docs&Settings\All Users\Start Menu\Programs\Startup
Two Installed Versions of PowerPoint, Word or Excel, set one as default
Click on Start => Run => Enter
"C:\Program Files\Microsoft Office\OfficeXX\ZZZ.EXE" /regserver
Where XX is a number (11 for Office 2003, 12 for Office 2007) and ZZZ.EXE is the name of the executable for word, excel or ppt (WINWORD.EXE or EXCEL.EXE or POWERPNT.EXE). E.g. set PowerPoint 2003 as the default powerpoint:
"c:\program files\Microsoft Office\OFFICE11\POWERPNT.EXE" /regserver
Performing Silent Software Installations
These are referred to as silent, unattended or network installation / deployment.
- Any application installer in MSI format can be installed silently, provided that the manufacturer didn't make the installer extremely complex (e.g. LabVIEW) :
MSIEXEC.EXE /I "path and filename of MSI" /QB- /LWAMOE c:\temp\install.log ALLUSERS=1
More detail here: http://www.appdeploy.com/articles/commandline.asp
- InstallShield installers can be run with the argument "/r" or "-r" which records all the actions that you take when you install the software and records them in an "answer" file in C:\Windows. If the answer file is placed in the same dir as the installer, the installer can be run with the command-line parameter "-s" to silently install the software. If there are problems with this process, review the log file generated inside the folder that contains the install program. The log file contains errors and return codes, the meaning of which can be obtained from here: http://www.appdeploy.com/tips/detail.asp?id=20.
- You can try using this custom Google search form to get silent installation information for a specific software package: http://www.google.com/cse/home?cx=011871845998486790762:essphkqldl4
- Other extremely invaluable sources for information on silent installations:
- The manufacturer's support site.
- http://unattended.sourceforge.net/installers.php as well as http://unattended.svn.sourceforge.net/viewvc/unattended/trunk/install/scripts/ and http://sourceforge.net/apps/trac/unattended/wiki/Scripts
- The manufacturer's support site.
Add domain users or groups to the local Administrator group
net localgroup Administrators "MIDD\GROUPNAME" /add
Add or change a system variable permanently
For XP and earlier you need the XP SP2 Support Tools from microsoft. http://www.microsoft.com/downloads/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en - part of these tools is the command line utility setx
setx path "%PATH%;c:\blast-install\bin" setx DATA "c:\blast-install\data" setx BLASTDB "c:\blast-install\db"
Computer is slow right after login
Start => Run => cmd
Paste: start /wait Rundll32.exe advapi32.dll,ProcessIdleTasks
Add a Windows Firewall exception with a script
netsh firewall set allowedprogram "C:\Program Files\RealVNC\VNC4\winvnc4.exe" "VNC-LabManager" enable
Update and sync date and time using a script
REM Update time w32tm /config /manualpeerlist:time.middlebury.edu w32tm /config /update net stop w32time net start w32time w32tm /resync
Active Directory Domain and Group Policy Notes
- User|machine policies stored in regedit: HKCU|HKLM\Software\Policies -- the history of applied per-user group policies is in HKCU|HKLM\Software\Microsoft\Windows\CurrentVersion\GroupPolicy\History
- Per-user policies supposedly applied upon login and every 90mins. Per-machine policies on bootup.
- I had one instance where two different GPOs were modifying the same setting. Judging by the inheritance tab, one of them should've trumped the other, but neither was getting applied.
- Per-machine settings trump per-user settings (per-user settings may not get applied).
- To immediately apply group policies (or refresh group policies) on the client (first two for Windows 2000, maybe XP+?, last one works with XP+, maybe 2k?):
SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE
SECEDIT /REFRESHPOLICY USER_POLICY /ENFORCE
- You can use gpresult to see what policices were applied. gpedit /z gives very verbose info.
- Replication between the domain controllers occurs every 15-30 minutes, so keep that in mind when testing new settings (after updating a GPO it may take a bit for the machines checking for updates to get the updated GPO).
Creating a local user on a Windows computer that's joined to a domain
Sysprep Log Files
Sysprep logs Windows setup actions in different directories, depending on the configuration pass. Because the generalize pass deletes certain Windows Setup log files, Sysprep logs generalize actions outside the standard Windows Setup log files. The following table shows the different log file locations that are used by Sysprep.
Item Log Path
Unattended Windows setup actions
Netdom.exe creates a log file at %windir%\Debug\netsetup.log
- Computer should not be already bound to domain
- Time must be accurate
Script to change (or reset) the machine account password (for a client machine bound to AD)
(requires nltest from the Windows XP resource kit)
Distributing Specific Applications on a Large Scale
- QuickTime is an msi, so pushing it or packaging it is OK.
- Occasionaly the MIME settings break (broken quicktime icon with a question mark in Firefox or Internet Explorer; empty file types and MIME types in QuickTime Control Panel). The only solution I've found is to uninstall QuickTime, then reinstall it. If user accounts created from default user exibit this behaviour, you will need to create an admin account (e.g. "testadmin"), login to it, uninstall/reinstall quicktime, log out, log into another admin account, copy the fixed account (e.g. "testadmin") to default profile.
Get a list of installed applications using a script
wmic /output:c:\AppList.htm product get name,version
Deleting an OEM Partition using diskpart
An OEM partition (such as a recovery partition, or a diagnostic partition) cannot be deleted from Control Panel => Adminstrative Tools => Computer Management => Disk Management. You can, however, delete such a partition using the command line "diskpart". Procedure:
Start => Run => cmd => OK Type the commands below. Replace # with the number of the disk or partition that you find using the "list" command.
diskpart list select disk # list select partition # delete partition override exit