Roaming Computing System (Windows Edition) 3.5
Workstation Installation Instructions (Full Install)
This document describes setting up a full installation, either a normal installation for an individual machine because there are no other identical machines, or a template machine that will be cloned to other identical machines.
Contents
- 1.0 Tools For The Job
- 2.0 BIOS
- 3.0 Windows
- 3.1 Windows Installation
- 3.2 Windows Updates
- 3.3 Configuration
- 4.0 Software Applications and Sundry
- 4.1 Installation
- 4.2 Configuration
- 4.3 Sundry
- 5.0 Windows (More)
- 6.0 RCS Updates
- 7.0 Checks
- 8.0 Cloning
- 9.0 Backup
1.0 Tools For The Job
TWEAK, specifically versions 0.9.2 or 0.9.3, from thegoldenear.org/tweak/. Save it to D:\ so you can run it from there now and for subsequent user account configuration.
CloneZilla (www.clonezilla.org) (optional). The most effective version of CloneZilla is named something like clonezilla-live-2010xxxx-karmic.iso from clonezilla.org/download/sourceforge/stable/iso-zip-files.php. If you're putting it on CD then write the disc as slowly as the media will allow otherwise it may not boot.
PageDefrag from technet.microsoft.com/en-us/sysinternals/bb897426.aspx once.
MyDefrag (was JkDefrag) from www.mydefrag.com.
2.0 BIOS
If worthwhile updates to the BIOS have been made available then update to the latest system BIOS.
BIOS settings to make:
- Set the first hard disk as the first boot device (e.g. System → Boot Sequences - Onboard SATA hard drive)
- Turn on Wake On LAN / WOL
- Enable Hyper-Threading
- Turn off the parallel port
- Turn off the serial port
- enable SMART
- Disable PXE booting (e.g. Onboard devices → Integrated NIC - 'on' not 'on w/PXE')
3.0 Windows
3.1 Windows Installation
Approximate time: 1 hour (apart from manual driver installation)
Boot the workstation with a Roaming Computing System Windows XP Installation CD respective to the workstation's type of Windows product key (volume, retail, or upgrade(?) licence) to install Windows, Service Pack 3 and updated device drivers.
Partition the disk in the following manner:
| Partition | Role | Type | Size for standard workstations | Size for graphics/layout workstations with Adobe CS |
|---|---|---|---|---|
| C: | Windows and programs | primary | 10GB (3GB for Windows XP; 1GB for Windows update backups & hibernation; 1.5GB for our software suite; 0.5GB for a future Windows XP Service Pack; 3GB spare for something like MS Office 2007) |
15GB (5GB for Adobe CS3 Premium) |
| D: | Temp | primary | 10GB (too difficult to anticipate roaming DVD writing temp space; 10GB allows for writing a dual layer DVD) |
15GB (Adobe CS wants 5GB) |
| E: | Local home | primary | 1GB (backup space to use in the event of server failure, set larger if stand-alone workstation) |
All remaining (Adobe say you shouldn't work on files over the network) |
Since Windows XP SP3 Windows can be used for 30 days without entering a Product key and without Activating. This allows us to setup one, create an image of it, and restore that image to another, entering a different Product Key on each cloned machine. Previously you had to enter the Product Key before you could use Windows, then Activate it before you could get Internet Explorer 8 and Windows Media player 11; the means of then cloning such a system and changing the Product Key were numerous and problematic. If you use the image after 30 days you have to enter the Product Key prior to logging in.
The Windows installation will prompt you to enter:
- Windows Product Key - if this workstation is to be cloned then don't enter it, just choose 'Next'. If this workstation is not going to be cloned then enter the Product key.
- A person's name
- Organisation name
- Computer name - if this workstation is to be cloned then use template (which won't confuse joining the domain later on). If this workstation is not going to be cloned then use <organisation name>-<number>; .
Login to Windows as administrator with our default password of 'administrator'. You will change this password shortly.
Use Device Manager to look for any hardware requiring drivers. Use Microsoft Update to add any that weren't included on the CD or are now updated; if not available there, or the networking driver is required, then see the device manufacturer's web site (not any random driver web site).
If this workstation is to be cloned then don't run Windows Activation. If this workstation is not going to be cloned then run Windows Activation.
3.2 Windows Updates
Use Microsoft Update to install any Windows updates.
If this is a normal installation (and thus Windows is Activated) then Internet Explorer 8 and Windows Media Player 11 will be available as options to install (not having been included in Windows XP SP3). If this workstation is to be cloned (and thus Windows not Activated) then Internet Explorer 8 and Windows Media Player 11 will not be available to install.
Don't install Silverlight or .NET (only available after Validation) unless you specifically need them.
Windows Genuine Advantage is automatically installed. It's probably best to choose not to Validate Windows at this point but we're not sure.
If this workstation is to be cloned then do install Windows Genuine Advantage but do not Validate Windows. If this workstation is not going to be cloned then install Windows Genuine Advantage then Validate Windows.
After installing, check back again with Microsoft Update for updates-to-the-updates until no more updates are worth having.
3.3 Configuration
Change the administrator password to something strong.
If this machine is to be cloned, or you're not setting up this machine on the network it will be used, then don't join the domain now. Otherwise join the machine to the domain: Windows-key+Break → Computer Name → Change → Member of → enter domain name then use either the winadmin or root account. Restart the workstation.
Windows Configuration: TWEAK: A →
- A - System file clean-up
- B - Use D: for temp system files, prepare E: for data
- C - Configure Windows system behaviour and interface
- D - Tighten security
- E - Replace boot loader
- F - Manual settings
- 1. networking - disable file and print sharing for Microsoft networks (unless you happen to actually be using a workstation to share files or printer(s))
- 4. don't automatically restart on system failure
- O - Add branding
- P →
- O - Domain / Roaming Computing System (RCS) settings
- O2 - Domain / Roaming Computing System (RCS) settings
Windows Firewall configuration: TWEAK: K → A (Allow ICMP echo request (ping))
Driver Configuration: TWEAK: F → which ever is appropriate for this workstation.
Allow any authenticated users to change the time so that time can be set from the server when
Restricted Users logon:
Control Panel → Administrative Tools → Local Security Policy → Local Policies
→ User Rights Assignment → Change the system time (double-click) → Add User or Group... → in the 'Enter the object names to select' box type in Authenticated Users → OK → OK
4.0 Software Applications and Sundry
4.1 Installation
Software deployed automatically using WPKG
Restore Windows Scripting Host so WPKG can run, using TWEAK: A → P → B.
Install WPKG Client from \\server\windows-admin\wpkg\WPKG Client\.
In the WPKG configuration screen choose Import settings... → navigate to \\server\windows-admin\wpkg\WPKG Client\ → select previously saved settings wpkg-client-settings.xml → Save → Close.
You should already have set your organisation's domain name (in 'WPKG path user') and winuser password (in 'WPKG path password') in that file so you don't now need to change anything, but if you haven't then add them now using "%PROGRAMFILES%\wpkginst.exe"
Restart the workstation. WPKG will automatically install the software. Login when you're able to do so and wait for WPKG to finish installing software.
Security Updates
If you don't keep your Internet applications up-to-date through WPKG then you could update those that require manual updating (rather than auto-updating, such as the anti-virus) and that offer minor updates that only fix secrity issues and don't change functionality, thus won't affect the user profile.
Mozilla Firefox
Help → Check for Updates...
Mozilla Thunderbird
Help → Check for Updates...
Software Deployed Manually
Printer Drivers (if any)
To print to a Samba + CUPS print server on SERVER (which is setup for Point'n'Print), or to a printer shared from a Windows printer server setup for Point'n'Print, navigate to the printer, right-click on the printer icon, choose 'Connect'. This will install it just for the administrator and allow you to configure it for everyone later (on Windows print servers I think this only needs to be done once per printer not per machine, not sure on the Samba + CUPS print server).
To print to any other type of printer, setup and then install a printer driver for each printer. Use a PostScript driver for PostScript printers. Usually you will get a more up-to-date driver from the printer manufacturer than you'll get from Windows Update. Look out for universal drivers such as the HP Universal Printer Driver which includes drivers for all their printers in one bundle. Unpack the printer driver files and store somewhere accessible such as E:\drivers.
Add the printer using Start → Settings → Printers and Faxes → Add Printer → select 'Local printer attached to this computer' → deselect 'Automatically detect and install my Plug and Play printer' → Next → select 'Create a new port' → Standard TCP/IP Port → Next → Next → in 'Printer name or IP Address:' enter either the printer name or IP address (we prefer to use the printer name, with its IP address being dynamic) (a JetDirect print server type will be auto detected) → Next...
If you have the driver saved to disk then choose Have Disk... and browse to the driver files, otherwise use Windows Update.
Test that printing works.
Major Proprietary Applications (if any) and any other organisation-specific software
Major proprietary applications (if any) that are likely to only be required on particular workstations, and few at that, are best installed manually from CD/DVD. We have a separate guide to installation and configuration of various major proprietary applications. Leave their (All Users) shorcuts where they are, rather than managing them per-user.
Likewise install any other organisation-specific, non-RCS software. Hopefully there won't be any as such software is harder to maintain.
4.2 Configuration
Some software configuration will be automatically applied by WPKG.
Core RCS Software
Enigmail
TWEAK: B → T → E
F-Prot
Enter organisation-specific subscription key: Updates → Subscription → Status → Subscription information → New subscription key
FileZilla
TWEAK: B → FZ → A
Firefox
TWEAK: B → F →
- A2
- B
- F
Irfanview
TWEAK: B → I → A
Thunderbird
TWEAK: B → T →
- A
- B
UltraVNC
TWEAK: K → B (Allow VNC server (on TCP port 5900, from all sources))
Sun Java JRE
TWEAK: B → J → B?
File Type Associations
TWEAK: I →
- OOO - Office suite files Open in OpenOffice
- WEM - Web files Edit in KompoZer
- IEG - Image files Edit in The GIMP 2.6
- AEAU - Audio files Edit in Audacity
- PON - plain text files open in Notepad++
- PEN - plain text files to Edit in Notepad++ (those you wouldn't Open)
- AO7 - Archive files (i.e. .Zip) Open in 7-Zip and ISO Edit in 7-Zip
- IOIR - ISO disc images to open in InfraRecorder for writing to disc
Default Programs
TWEAK: G →
- A - Set Firefox as default web browser / web protocol handler for this machine
- B - Set Thunderbird as default mail client / mail handler for this machine
CCleaner
Start → All Programs → Accessories → CCleaner → Advanced → select Hotfix Uninstallers.
Major Proprietary Applications (if any)
For major proprietary applications (if any) that are likely to only be required on particular workstations, see our separate guide to installation and configuration of various major proprietary applications.
Printing
- For printing functionality, such as job accounting, for which you might need to open ports in the Windows Firewall, see section 9 of www.digitalissues.co.uk/html/software/drivers/firewall-ports.html
If you print to a Samba + CUPS print server on SERVER
See our list of recommended settings for the CUPS driver for Windows.
If you print to a Windows print server setup for Point'n'Print
The printer is configured just the once (from anywhere but logically from the print server machine itself) and all workstations see the same configuration.
If You Print Direct To The Printer, either straight to its network card or via a dedicated print server box
Configure printing defaults for everyone on this workstation, using Advanced → Printing Defaults, to print lower quality by default; black and white rather than colour; duplex (if printer supports it).
Until I write a new printer setup document you might find information on setting up the printer itself and further configuration described in the old document at http://thegoldenear.org/toolbox/windows/docs/printer-config.html of use.
Fonts
You may have fonts particular to the organisation to install.
5.0 Windows (More)
Configuration
Remove shortcuts: TWEAK: D → A.
Backup and Recovery: TWEAK: E → C (it'll download a newer version from microsoft.com; you need to insert media specific to the version of Windows, i.e. XP SP3).
Create a new administrative user account.
Login as the new administrative user and disable the Administrator account (using Control Panel → Administrative Tools → Computer Management → Local Users and Groups...).
Create a shortcut suite for the new administrator you're logged in as: TWEAK: D → E.
Set the new administrator's desktop background to rouge (a reminder that you're logged in as administrator): TWEAK: A → P → T.
You'll tend to use the winadmin account for administration, so it's not strictly worth configuring the local administrator account, but if this workstation setup is to be imaged across a number of others then it may be worth configuring that account to some extent using TWEAK.
If this specific workstation requires a local Power User account creating for one of the domain accounts, in order to use some software that requires that privilige then create that (note this can only be added if the workstation is a member of the domain)
Clean up the system: Start → All Programs → Accessories → CCleaner.
Defragment C:: Start → All Programs → Accessories → System Tools → Disk Defragmenter (or just run dfrg.msc).
Run PageDefrag once.
Run MyDefrag.
6.0 RCS Updates
Apply any updates that have been announced since the last RCS release - see the Updates section of the Release Notes.
7.0 Checks
Check the following
- That you can connect using VNC
- That the WPKG service is running, with the correct credentials
8.0 Cloning
Cloning involves making an image of the workstation, saving it somewhere, then restoring that image to a number of other workstations with identical hardware. Follow these instructions if this workstation is to be cloned, using CloneZilla. The most effective version of CloneZilla is named something like clonezilla-live-2010xxxx-karmic.iso from clonezilla.org/download/sourceforge/stable/iso-zip-files.php.
Leave the domain (Windows-key+Break → Computer Name → Change → Member of → Workgroup). You may be asked to enter credentials to leave the domain, in which case use either the winadmin or root account. Shut down the workstation.
Boot from the CloneZilla boot disk. To do this you may need to press a key when the computer starts up, such as F9, for a boot menu, or if that's not available then change boot settings in the BIOS settings.
Use CloneZilla to save an image on the server or on removable media:
- Choose CloneZilla live → Choose language - Which language do you prefer: en_US.UTF-8 English → Configuring console-data - Policy for handling keymaps: Don't touch keymap → Start CloneZilla - Choose the mode: Start CloneZilla → ConeZilla - Choose the mode: device-image - disk/partition to/from image
- Choose where / how you'll save it - Mount CloneZilla image directory
- If you want to connect using SSH (prefered), choose ssh_server - Mount SSH server:
- Directory(?): /usr/windows-admin/images
- When prompted, enter the root username and password
- If you want to connect using Samba, choose samba_server - Mount SAMBA server:
- IP address: 10.0.0.10
- Domain: <your domain name>
- Share: /windows-admin/images/
- When prompted, enter the winadmin or root username and password
- If you're saving it to removable media (i.e. a USB-attached disk), choose local_dev - Mount local device - attach the media and carefully confirm which of the disks it displays is the disk you want to save to.
- Choose savedisk - Save_client_entire_disk
- Carefully choose the source disk: i.e. sda or hda
- Choose a name for the image: <organisation>-<computer make>-<computer model>-<image revision><date>-img
- Choose the defaults for everything else
9.0 Backup
If this workstation has unique hardware it's worth making an image of it for backup purposes, so it can be restored in case of failure. This is different to cloning, where you make a template workstation that is restored to a number of others; this backup will only be of and for this particular workstation. Using CloneZilla, you can backup to the server, USB-attached hard disk, flash media or DVD.