Windows imaging for computer lab settings




This manual is intended for

Setting up Windows

First step is to set up a "gold" machine with all the software that needs to be installed on all machines including OS updates, security updates etc.

Computer lab specific set up

If you need to manage a Computer Lab you most likely don't want users to be able to change it ie. install software on the machine or change any system files.

Permissions

1. Add a lab user e.g. Student with blank password and give it limited privileges ie. Guest User
2. Log in as the Student user once so that Profile can be set up.  Set the look and feel that you want.
3. Use NTFS permissions to restrict access to the lab user. Give it minimum privileges.
4. Create a directory e.g. c:\winnt\labsetup and put all the scripts or files necessary for set up in there. Couple tools I use
c:\winnt\labsetup\tools\sdelete -p 7 -s -q "c:\documents and settings\student\*"
rmdir /s /q "c:\documents and settings\student"
mkdir "c:\documents and settings\student"
c:\winnt\labsetup\xcacls "c:\documents and settings\student" /G Administrator:F /T /E /Y
c:\winnt\labsetup\xcacls "c:\documents and settings\student" /G SYSTEM:F /T /E /Y
c:\winnt\labsetup\xcacls "c:\documents and settings\student" /G Student:F /T /E /Y

xcopy c:\winnt\labsetup\student\*.* "c:\documents and settings\student" /e /s /c /y /h /q /r

4. Copy profile C:\documents and settings\student to C:\winnt\labsetup
5. Now create a Local Computer Policy. This is an excerpt from
http://www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/AdminTips/Miscellaneous/LockdownbygroupusingLocalComputerPolicywithoutActiveDirectory.html
6. Set studentreset.cmd to be executed any time machine is shutdown or booted. To do so
  1. Open up the Local Policy you just created
  2. Drill down the Console Root -> Local Computer Policy -> Computer Configuration -> Windows Settings -> Scripts (Startup/Shutdown)
  3. In the right pane double click on Startup then click Add
  4. Do same for Shutdown
  5. Close the Local Policy

Sysprep setup

If you just put in an image on all the machine you have in the lab they will have everything identical including SIDs, machine names etc. Therefore you have to use Sysprep or a similar utility to change it. Sysprep also allows you to extend partitions, join machines to a domain etc. You can do this all by hand if you'd like but using a file below you will have to do minimum amount of interaction with a system.

1. You will need to download Sysprep utilities from Microsoft. URL is

http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=0c4bfb06-2824-4d2b-abc1-0e2223133afb

2. Download the archive and have it unzip the files your system drive in Sysprep directory ie. C:\Sysprep

3. Create a sysprep.inf text document in C:\sysprep. Items in red are the ones that may need change
[Unattended]

ExtendOemPartition=1
OemSkipEula = Yes


;InstallFilesPath = "c:\sysprep\i386"

[GuiUnattended]
AdminPassword = Put in admin password
OemSkipWelcome = 1
TimeZone = 010
OEMSkipRegional=1
AutoLogonAccountCreation = "Yes"


[UserData]
FullName = "Student"
OrgName = "LAB"
ComputerName=*
;ProductKey= "QJDPG-MWFFK-HF6M2-M8CWR-2KXQQ"

[Identification]
;DomainAdmin = "CORPDOM\AcctAddID"
;DomainAdminPassword = Domain password
JoinWorkGroup = "LAB"

[Sysprep]
BuildMassStorageSection = Yes

[SysprepMassStorage]

[Networking]
When you are done invoke Sysprep with following arguments

c:\sysprep\tools\sysprep -quiet -mini -reboot

Now you can use imaging software to make a master image and deploy it to other machines.

Computer Imaging

I have been using G4U from http://www.feyrer.de/g4u/#reqs to image machines. Burn the ISO image to a CD. Set up an FTP server somewhere and create an FTP user with a password. I will call it installuser.

Uploading an image

  1. Boot off of a G4U CD
  2. When the prompt shows up type
    1. GZIP=3 uploaddisk installuser@ftpserver.IP.address image-deploy.gz
    2. You will be prompted for a password. Enter installuser's password you set
    3. You should now get a blank screen showing upload progress
    4. This will take about 30-40 minutes
    5. When done please take G4U download CD and reboot the machine by typing reboot
  3. You are done with creating a master image

Deploying an image

  1. Boot off of a G4U CD
  2. slurpdisk installuser@ftpserver.IP.address image-deploy.gz
  3. You will be prompted for a password. Enter anything
  4. You should now get a blank screen showing download progress
  5. This will take about 30-40 minutes
  6. When done please take G4U download CD and reboot the machine by typing reboot

Author: Vladimir Vuksan.
Date Modified: $Date: 2005-09-07 15:44:26 -0400 (Wed, 07 Sep 2005) $
Credit should go to Alex Seazzu for pointing out ways of protecting the machine using NTFS permissions