Roaming Computing System (Windows Edition) 3.3
Workstation Installation Instructions (Full Install)

This document describes setting up a full installation, either a normal installation for an individual machine because there are no other identical machines, or a template machine that will be cloned to other identical machines.

Contents

• 1.0 Tools For The Job
• 2.0 Windows
• 2.1 Windows Installation
• 2.2 Windows Updates
• 2.3 Configuration
• 3.0 Software Applications and Sundry
• 3.1 Installation
• 3.2 Configuration
• 3.3 Sundry
• 4.0 Windows (More)
• 5.0 Cloning
• 6.0 Backup

1.0 Tools For The Job

TWEAK, specifically versions 0.9.2 or 0.9.3, from thegoldenear.org/tweak/. Save it to D:\ so you can run it from there now and for subsequent user account configuration.

CloneZilla from www.clonezilla.org (optional).

2.0 Windows

2.1 Windows Installation

Approximate time: 1 hour (apart from manual driver installation)

Boot the workstation with a Roaming Computing System Windows XP Installation CD respective to the workstation's type of Windows product key (volume, retail, or upgrade(?) licence) to install Windows, Service Pack 3 and updated device drivers.

Partition the disk in the following manner:

Since Windows XP SP3 Windows can be used for 30 days without entering a Product key and without Activating. This allows us to setup one, create an image of it, and restore that image to another, entering a different Product Key on each cloned machine. Previously you had to enter the Product Key before you could use Windows, then Activate it before you could get Internet Explorer 7 and Windows Media player 11; the means of then cloning such a system and changing the Product Key were numerous and problematic. If you use the image after 30 days you have to enter the Product Key prior to logging in.

The Windows installation will prompt you to enter:

• Windows Product Key - if this workstation is to be cloned then don't enter it, just choose 'Next'. If this workstation is not going to be cloned then enter the Product key.
• A person's name
• Organisation name
• Computer name - if this workstation is to be cloned then use template (which won't confuse joining the domain later on). If this workstation is not going to be cloned then use <organisation name>-<number>; .

Login to Windows as administrator with our default password of 'administrator'. You will change this password shortly.

Use Device Manager to look for any hardware requiring drivers. Use Microsoft Update to add any that weren't included on the CD or are now updated; if not available there, or the networking driver is required, then see the device manufacturer's web site (not any random driver web site).

If this workstation is to be cloned then don't run Windows Activation. If this workstation is not going to be cloned then run Windows Activation.

2.2 Windows Updates

Use Microsoft Update to install any Windows updates.

If this is a normal installation (and thus Windows is Activated) then Internet Explorer 7 and Windows Media Player 11 will be available as options to install (not having been included in Windows XP SP3). If this workstation is to be cloned (and thus Windows not Activated) then Internet Explorer 7 and Windows Media Player 11 will not be available to install.

Don't install Silverlight or .NET (only available after Validation) unless you specifically need them.

Windows Genuine Advantage is automatically installed. It's probably best to choose not to Validate Windows at this point but we're not sure.

If this workstation is to be cloned then do install Windows Genuine Advantage but do not Validate Windows. If this workstation is not going to be cloned then install Windows Genuine Advantage then Validate Windows.

After installing, check back again with Microsoft Update for updates-to-the-updates until no more updates are worth having.

2.3 Configuration

Change the administrator password to something strong.

If this machine is to be cloned, or you're not setting up this machine on the network it will be used, then don't join the domain now. Otherwise join the machine to the domain: Windows-key+Break → Computer Name → Change → Member of → enter domain name then use either the winadmin or root account. Restart the workstation.

Windows Configuration: TWEAK: A →

• A - System file clean-up
• B - Use D: for temp system files, prepare E: for data
• Restart the workstation
• C - Configure Windows system behaviour and interface
• D - Tighten security
• E - Replace boot loader
• F - Manual settings
  • 1. networking - disable file and print sharing for Microsoft networks
  • 4. don't automatically restart on system failure
• O - Add branding
• P →
  • O - Domain / Roaming Computing System (RCS) settings
  • O2 - Domain / Roaming Computing System (RCS) settings

Windows Firewall configuration: TWEAK: K → A (Allow ICMP echo request (ping))

Driver Configuration: TWEAK: F → which ever is appropriate for this workstation.

Allow any authenticated users to change the time so that time can be set from the server when Restricted Users logon:
Control Panel → Administrative Tools → Local Security Policy → Local Policies → User Rights Assignment → Change the system time (double-click) → Add User or Group... → in the 'Enter the object names to select' box type in Authenticated Users → OK → OK

3.0 Software Applications and Sundry

3.1 Installation

Software deployed automatically using WPKG

Restore Windows Scripting Host so WPKG can run, using TWEAK: A → P → B.

Install WPKG Client from \\server\windows-admin\wpkg\WPKG Client\.

Restore previously saved settings from \\server\windows-admin\wpkg\WPKG Client\wpkg-client-settings.xml.

You should already have set your organisation's domain name (in 'WPKG path user') and winuser password (in 'WPKG path password') in that file so you don't now need to change anything, but if you haven't then add them now using "%PROGRAMFILES%\wpkginst.exe"

Restart the workstation. WPKG will automatically install the software. Login when you're able to do so and wait for WPKG to finish installing software.

Security Updates

Update Internet applications that require manual updating and that offer minor updates that only fix secrity issues and don't change functionality, thus won't affect the user profile.

Mozilla Firefox

Help → Check for Updates...

Mozilla Thunderbird

Help → Check for Updates...

Software Deployed Manually

Printer Drivers (if any)

To print to a Samba + CUPS print server on SERVER (which is setup for Point'n'Print), or to a printer shared from a Windows printer server setup for Point'n'Print, navigate to the printer, right-click on the printer icon, choose 'Connect'. This will install it just for the administrator and allow you to configure it for everyone later (on Windows print servers I think this only needs to be done once per printer not per machine, not sure on the Samba + CUPS print server).

To print to any other type of printer setup then install a printer driver for each printer. Use a PostScript driver for PostScript printers. Look out for universal drivers such as the HP Universal Printer Driver which includes drivers for all their printers in one bundle.
Add the printer by choosing 'local printer' (don't auto detect) → create a new port → Standard TCP/IP Port → Printer name or IP Address: enter either (the JetDirect print server type will be auto detected) - give it a name and label the printer with it.

Major Proprietary Applications (if any)

Major proprietary applications (if any) that are likely to only be required on particular workstations, and few at that, are best installed manually from CD/DVD. We have a separate guide to installation and configuration of various major proprietary applications. Leave their (All Users) shorcuts where they are, rather than managing them per-user.

3.2 Configuration

Core RCS Software

7-Zip

TWEAK: I → A → AO7 - file type associations - Archive files (i.e. .Zip) Open in 7-Zip and ISO Edit in 7-Zip

Adobe Reader

TWEAK: B → A →

• L
• M

Enigmail

TWEAK: B → T → E

F-Prot

Enter organisation-specific subscription key: Updates → Subscription → Status → Subscription information → New subscription key

FileZilla

TWEAK: B → FZ → A

Firefox

TWEAK: B → F →

• A2
• B
• F

Flash Player

TWEAK: B → FP → A

Irfanview

TWEAK: B → I → A

Notepad++

(TODO: file type associations)

Thunderbird

TWEAK: B → T →

• A
• B

UltraVNC

TWEAK: K → B (Allow VNC server (on TCP port 5900, from all sources))

Sun Java JRE

TWEAK: B → J → B

MyODBC connector

?

Major Proprietary Applications (if any)

For major proprietary applications (if any) that are likely to only be required on particular workstations, see our separate guide to installation and configuration of various major proprietary applications.

Printing

• For printing functionality, such as job accounting, for which you might need to open ports in the Windows Firewall, see section 9 of www.digitalissues.co.uk/html/software/drivers/firewall-ports.html

If you print to a Samba + CUPS print server on SERVER

See our list of recommended settings for the CUPS driver for Windows.

If you print to a Windows print server setup for Point'n'Print

I think it only needs to be configured once per printer, not per machine, so you can configure it from here or on the print server itself.

If You Print Direct To The Printer, either straight to its network card or via a dedicated print server box

Configure printing defaults for everyone on this workstation, using Advanced → Printing Defaults, to print lower quality by default; black and white rather than colour; duplex (if printer supports it).

Until I write a new printer setup document you might find information on setting up the printer itself and further configuration described in the old document at http://thegoldenear.org/toolbox/windows/docs/printer-config.html of use.

Fonts

You may have fonts particular to the organisation to install.

4.0 Windows (More)

Configuration

Remove shortcuts: TWEAK: D → A.

Backup and Recovery: TWEAK: E → C (it'll download a newer version from microsoft.com; you need to insert media specific to the version of Windows, i.e. XP SP3).

Create a shortcut suite for the administrator you're logged in as: TWEAK: D → E.

Clean up the system: Start → Programs → Accessories → CCleaner. Choose to add 'Advanced(?)'.

Defragment C:: Start → Programs → Accessories → System Tools → Disk Defragmenter.

5.0 Cloning

Cloning involves making an image of the workstation, saving it somewhere, then restoring that image to a number of other workstations with identical hardware. Follow these instructions if this workstation is to be cloned, using CloneZilla.

Leave the domain.

Use CloneZilla to save an image on the server or on removable media:

• Choose device-image disk/partition to/from image
• Choose where / how you'll save it
• If you want to connect using SSH (prefered):
• Directory(?): /usr/windows-admin/images
• If you want to connect using Samba:
• IP address: 10.0.0.10
• Domain: ...
• Share: /windows-admin/images/
• If you're saving it to removable media, attache the media
• savedisk
• -q Priority: ntfsclone -> partimage > dd
• Accept default of just * -c
• Choose default of -z1 use gzip...
• Name: <organisation>-<computer make>-<computer model>-<image revision>-img
• Choose source disk: i.e. sda or hda. Note that the hard disk you restore to must have the same device name otherwise CloneZilla won't restore to it.

6.0 Backup

If this workstation has unique hardware it's worth making an image of it for backup purposes, so it can be restored in case of failure. This is different to cloning, where you make a template workstation that is restored to a number of others; this backup will only be of and for this particular workstation. Using CloneZilla, you can backup to the server, USB-attached hard disk, flash media or DVD.

Document ¤ Version: 2.7.2 | Licence: GNU General Public License | Copyright: © 2006-2008 Pete Boyd
Site ¤ - URL: http://thegoldenear.org/ | Email: inkwire at thegoldenear dot org
Built using HTML 4.01 Strict and CSS. For best results, use a browser that supports open Standards.