Академический Документы
Профессиональный Документы
Культура Документы
Information in this document is provided in connection with LANDesk products. No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted by this document. Except as provided in terms and conditions for such products, LANDesk Software, Ltd. and its affiliated companies (LANDesk) assumes no liability whatsoever, and LANDesk disclaims any express or implied warranty, relating to sale and/or use of LANDesk products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right. LANDesk products are not intended for use in medical, life saving, or life sustaining applications. The reader is advised that third parties can have intellectual property rights that can be relevant to this document and the technologies discussed herein, and is advised to seek the advice of competent legal counsel, without obligation of LANDesk. LANDesk retains the right to make changes to this document or related product specifications and descriptions, at any time, without notice. LANDesk makes no warranty for the use of this document and assumes no responsibility for any errors that can appear in the document nor does it make a commitment to update the information contained herein. Copyright 2007, LANDesk Software, Ltd. All rights reserved. LANDesk, Targeted Multicast, Peer Download, and Trusted Access are registered trademarks or trademarks of LANDesk Software, Ltd. or its affiliated companies in the United States and/or other countries. Avocent is a registered trademark of Avocent Corporation. *Other brands and names may be claimed as the property of others.
Table of Contents
Introduction............................................................................... 4 Assumptions............................................................................... 4 Windows PE overview ................................................................... 4 Architecture .............................................................................. 5 Files modified or added to the WinPE image ......................................5 LANDesk WinPE boot process ........................................................6 STARTNET.CMD Command Line definitions ........................................8 Customization ........................................................................... 11 Build customized Windows PE image ............................................. 11 Add / Specify drivers ................................................................ 13 Additional customization ........................................................... 14 Trim down the image ............................................................... 14 Conclusion ................................................................................ 15
Introduction
Since the release of LANDesk Management Suite 8.7, the Microsoft Windows Preinstallation Environment (Windows PE) Operating System (OS) is an additional Operating System the administrator can choose to boot from when deploying hard disk images. The Windows PE Operating System has advantages over the other two boot options offered (DOS and LINUX) that simplify the imaging chores facing the OSD administrator. This white paper will focus on describing the Windows PE architecture, the customizations that LANDesk has made to the OS, and how to accomplish the tasks associated with using this operating system to manage devices within the environment.
Assumptions
This paper assumes that the reader has a working knowledge of LANDesk Management Suite 8.7, its functionality, and deployment.
Windows PE overview
Windows PE is a mini-Windows system that provides limited services based on the Windows XP Professional and the Windows Server 2003 kernels. Windows PE is a hardware-independent Windows environment that contains a subset of the Microsoft Win32 application programming interfaces (APIs); a command interpreter capable of running batch files; and support for adding Windows Script Host (WSH), HTML Applications (HTA), and Microsoft ActiveX Data Objects (ADO) to create custom tools or scripts. Windows PE uses TCP/IP to provide network access and supports the same set of networking and massstorage device drivers that Windows XP supports. Some limitations worth noting is that connectivity is limited to outgoing connections only (resource sharing is disabled), and to prevent client-usage of the OS, a hard-coded reboot will occur after 24 hours of use.
Architecture
LANDesk has customized the Windows PE Operating System (8.7sp2 is version 5.2.3790) to only include necessary libraries, utilities, and drivers. Additionally, the LANDesk agent files have been copied to the image to facilitate LANDesk functionality. Also, the command file initially loaded by the PE Operating System has been modified to include the LANDesk staging commands. In Service Pack 2 for LANDesk 8.7, WMI support was added to the image. This section will provide a list of the files that have been either added or modified in the PE image, an overview of the boot process and an explanation of each line in the startup command file.
miniscan /nodeviceid /usemacasname Goto end :pxe if %err% lss 2 goto pxemenu :pxeboot miniscan /x /nodeviceid /usemacasname goto end :pxemenu miniscan /nodeviceid /usemacasname Replcore PxeMenuStart.cmd call PxeMenuStart.cmd goto end :fail @echo Failed to get localhost IP address or resolve core server name. Please check your network and try again. @pause :end
\ldclient\wait4ip /t 180 The wait4ip executable ensures we have an IP address before gathering inventory for this machine. The /t 180 defines a timeout limit of 3 minutes. A /s can be added to silence the output of this program. Additional information is available by executing with a /?. if %errorlevel% gtr 0 goto fail This line skips the rest of the commands in this file if an IP address cannot be obtained. CD \CBA8 This command changes the directory from X:\i386\system32 to X:\CBA8. residentagent.exe /register RESIDENTAGENT.EXE is the service that listens for and accepts connections for remote commands, and then starts the application needed to handle the request (which is how the LANDesk imaging operations are carried out). The /register switch will install and register the RESIDENTAGENT.EXE as a service. This is logged in the CBA8 directory in RESIDENTAGENT.LOG. residentagent.exe /start The /start switch will start the RESIDENTAGENT.EXE service, which proceeds to load necessary libraries. This too is logged in the RESIDENTAGENT.LOG. CD \LDClient This command changes the directory from X:\CBA8 to X:\LDClient. winpepds /install WINPEPDS is the module pinged by the Core Server to discover this machine, verifying this is the correct managed node. The /install switch will install the service. winpepds /start The /start switch starts the WINPEPDS service. if %err% gtr 0 goto pxe This line means that PXE booted machines will continue the script at the PXE section further below.
miniscan /nodeviceid /usemacasname This line is only executed by virtual booted machines, and is their last command. Miniscan is the utility used to grab minimal information about the system and store it in the LDMS Inventory database. Running miniscan without switches will include a devicename and id in its scan file, and thereby will show up in the console as minint-<random suffix>. However, using the /nodeviceid /usemacasname switches removes this information from the scan file and limits the data sent to 3 things: MAC Address, IP Address, and Processor Count. In the console, these devices show up named after their MAC address. if %err% lss 2 goto pxemenu This line tells those PXE booted machines that are supposed to get the menu to skip to the PXEmenu section. miniscan /x /nodeviceid /usemacasname This line is executed by those PXE booted machines that are a managed boot. If the /x is used when calling miniscan, an extra attribute is sent in the Network portion of the scan file, Pxeboot=Yes. miniscan /nodeviceid /usemacasname This line is only executed by PXE booted machines that are to display a menu. Miniscan is the utility used to grab minimal information about the system and store it in the LDMS Inventory database. Running miniscan without switches will include a devicename and id in its scan file, and thereby will show up in the console as minint-<random suffix>. However, using the /nodeviceid /usemacasname switches removes this information from the scan file and limits the data sent to 3 things: MAC Address, IP Address, and Processor Count. In the console, these devices show up named after their MAC address. replCore PxeMenuStart.cmd REPLCORE.EXE is used to replace the %CoreServer% variable in the file it is pointed to with the value found in the registry String Value HKLM\Software\Intel\LANDesk\LDWM\CoreServer (this was populated with the ALL.REG earlier in the process). In this case, the PxeMenuStart.cmd is about to be called and it uses sdclient to contact the Core Server and therefore must have the correct corename in its command line. call PxeMenuStart.cmd If the menu option is chosen by the PXE booted machine, then the PXEMENUSTART.CMD will be executed. Two of the significant lines are: sdclient /f /o /p=http://%CoreServer%/landesk/files/dosmenu.cfg RunBatch 500 X:\LDClient PxeMenu dosmenu.cfg First, sdclient is used to retrieve the DOSMENU.CFG from the Core Server. Then RunBatch (a simple utility that calls a process after a defined delay) is used to launch PXEMENU.EXE fed with the parameter of DOSMENU.CFG.
10
@echo "Failed to get localhost IP address or resolve core server name. Please check your network and try again." If an IP address could not be obtained, this error message appears, indicating that the NIC or NIC drivers should be investigated.
Customization
This section explains the steps necessary for the administrator to customize the Windows PE image included with LANDesk Management Suite OSD. To change anything in the Windows PE image, the administrator must first have an editor, such as WINIMAGE, and then the LDVPE1.IMG can be opened; this is located on the core under the LDMAIN\LANDesk\Vboot directory. Also, anytime the PE image on the core is customized, any PXE representatives that already exist in the environment should be redeployed in order to receive the updates.
11
Add files to the PE image Now that c:\winpe contains the raw Windows PE files, the next step is to add files from a shipping LDVPE1.IMG to the custom Windows PE. 1. Extract the LDClient and CBA8 files from ldvpe1.img and add them to the root of c:\winpe. 2. Extract the WINBOM.INI from the root of the ldvpe1.img and add it to the root of c:\winpe (delete the winbom.ini from the I386 directory). 3. Extract the TXTSETUP.SIF from the I386 directory in ldvpe1.img and add it to the c:\winpe\I386 directory. 4. Extract the following files from an existing ldvpe1.img and add them to c:\winpe\I386\SYSTEM32: MFC71.DLL MSVCR71.DLL MSVCP71.DLL WINPESHL.INI PESHELL.EXE ALL.REG STARTNET.CMD SETUPREG.HIV WINPE.BMP Build an IMG file to store the Windows PE files 1. Create one new partition on the hard disk; specify the size of the partition to be X MB, the file system to be FAT32, and bytes per cluster to be 1024. a. Whatever the size of the c:\winpe directory is + 1MB should be the size of this partition, usually 175 MB unless the image is trimmed down using instructions later in this document. b. The resulting LDVPE1.IMG will not be resizable through the LDMS console. This feature works on the shipping LDVPE1.IMG only. 2. Run WinImage.exe to read the new partition image and save it to a file named ldvpe1.img. a. Under the Disk menu, choose to Use disk <new partition> b. Under the Disk menu, choose to Read disk c. Under the File menu, choose to Save As
12
d. Save it as LDVPE1.IMA, and then afterwards rename it to LDVPE1.IMG 3. With WinImage, inject all the files (include subfolders) from c:\winpe to ldvpe1.img.
13
To speed up the boot process, the administrator may choose to specify the NIC drivers to load instead of allowing FACTORY.EXE to scan all of them. To do this, modify the WINBOM.INI file (at the root of the PE image) so it looks like this: [NetCards] NICPnPID=X:\i386\inf\<driver>.inf To define multiple NICs, add a line for each INF that should be included.
Additional customization
Depending on the environments needs, an administrator might want to make further customizations to the WinPE image. For example, to modify the background, switch out the WINPE.BMP in the system32 directory of the LDVPE1.IMG image file with one that reflects the corporate branding (starting in 87SP2 this can be done from the OSD toolbar). Also, the TXTSETUP.SIF in the I386 directory can be modified from Starting Windows PE by LANDesk(R) OSD... to whatever custom message is desired. To include extra utilities, usually administrators add them to the image and then call them in the STARTNET.CMD file. Starting with version 8.7SP2, the shipping LDVPE1.IMG can be resized up to 264 MB, and this is done by using the toolbar menu item in the OSD console.
14
6. Search for gdiplus.dll and winhttp.dll under c:\winpe\I386\WinSxS, and delete them. 7. Delete all C_XXX.nls (XXX is a number) except C_1252.nls and C_437.nls. 8. Delete the following files under c:\winpe\I386\SYSTEM32: eqndiag.exe eqnlogr.exe eqnloop.exe net.hlp peer.exe xlog.exe alrsvc.dll avmc20.dll avmcapi.dll avmenum.dll azroles.dll azroleui.dll browser.dll certcli.dll cnbjmon.dll console.dll cryptnet.dll ctmasetp.dll ctmrclas.dll dbgeng.dll dbghelp.dll ddraw.dll dgclass.dll dgnet.dll dgrpsetu.dll diapi2.dll diapi232.dll diapi2nt.dll disrvpp.dll disrvsu.dll dnsrslvr.dll duser.dll eqnclass.dll extmgr.dll fltlib.dll gptext.dll hccoin.dll icmp.dll imgutil.dll io8ports.dll kbdbe.dll kbdbr.dll kbdca.dll kbdda.dll kbddv.dll kbdes.dll kbdfc.dll kbdfi.dll kbdfr.dll kbdgae.dll kbdgr.dll kbdgr1.dll kbdic.dll kbdir.dll kbdit.dll kbdit142.dll kbdla.dll kbdmac.dll kbdne.dll kbdno.dll kbdpo.dll kbdsf.dll kbdsg.dll kbdsp.dll kbdsw.dll kbduk.dll kbdusl.dll kbdusr.dll kbdusx.dll linkinfo.dll localspl.dll lz32.dll Mobsync.dll mprui.dll msafd.dll mscat32.dll mscms.dll msgsvc.dll msimg32.dll msjet40.dll msls31.dll mssign32.dll mssip32.dll netevent.dll netui2.dll ntdsa.dll ntdsatq.dll ntdsetup.dll nwapi32.dll nwcfg.dll nwevent.dll nwprovau.dll rasdlg.dll nwwks.dll oakley.dll odbc16gt.dll odbc32.dll odbc32gt.dll odbcbcp.dll odbcconf.dll odbccr32.dll odbcint.dll odbcji32.dll odbcjt32.dll odbcp32r.dll odbctrac.dll perfctrs.dll perfnw.dll pstorec.dll query.dll rnr20.dll scecli.dll security.dll shdocvw.dll snmpapi.dll softpub.dll spdports.dll spxcoins.dll spxports.dll stlnprop.dll sxports.dll tsddd.dll ureg.dll xmlprov.dll xmlprovi.dll
dciman32.dll initpki.dll
odbccp32.cpl devmgr.dll
iologmsg.dll kbdnec.dll
odbccp32.dll spoolss.dll
mswstr10.dll odbccu32.dll
Loadperf.dll ntdskcc.dll
Conclusion
The Windows PE image utilized by LANDesk OSD can be customized to fit the needs of the environment by following the instructions in this document.
15