HP Slate 500 for the Enterprise

This week we’ve had a HP Slate 500 to try out and see how we like it for Staff and Students. Since the release of the iPad we’ve been under pressure from all and sundry to purchase some and put them around the school, especially in the junior years. The iPad’s consumer focus makes it a nightmare on the network, and the concessions that a systems administrator has to make between device permissions, network authentication, wireless security makes them a high maintenance device. We’ve been looking forward to the Slate 500 for some time, knowing that Windows 7 Pro will work perfectly on the network, and hoping that it will be an equivalent device to the iPad, and what it may lack in style, is certainly made up for in substance.

While I’ve been happy with the Slate 500 there have been a few disappointments. Only having one USB port on the device is limiting. There’s been a few time already where I’ve wanted to attach combinations of an external keyboard, mouse, memory stick and ipod, and have had to find the dock which has another two USB ports. Adding one more USB port to the device would make a huge difference.

The onscreen keyboard in Windows 7 could be better too. Having an option to remove the row of numbers and punctuation keys to make it similar to the iOS keyboard would allow for the keys to be larger and the keyboard to occupy less real estate on the screen. The onscreen keyboard can be resized but when reduced to a reasonable size the keys are unfit for the ham fisted.

It’s also disappointing that software on Windows 7 isn’t touch friendly. If I had a Slate 500 I’d hit IE9 and a PDF reader fairly hard and so far, it’s been a mediocre experience. The advantage that iOS apps relying on touch makes them typically touch friendly. The only exception being a horse racing app that I had for about 5 minutes that looked like it was made for Windows 3.1, which was fairly amazing. It’s probably safe to assume that as more Windows based tablets appear the OS and software will gradually catch up and become touch and gesture friendly….

Anticipating a purchase of Slate 500 devices, we would want to image and control the devices through Altiris. Neither the device nor dock are equipped with an ethernet port, however, the HP USB Ethernet Adapter may PXE boot for Altiris according to Rick on the tabletpcreview.com forums.

The Slate 500 is essentially the same performance wise as the 5101/5103 netbooks that we’ve been using for the students, with a slight smaller LCD and screen resolution. The battery life supposedly is up to 5hrs, but I haven’t had the chance to confirm.

It seems that we’ll certainly get a handful and put them in the hands of teachers, students and executive staff to see how they compare to our fleet of netbooks and tablets, and whether they are a worthy replacement, or an additional tool.

I’d like to see an app for Windows Slate machines where the slate can act as a second screen for a PC/notebook. Then when I’m working on my tablet, I can find the information on the web that I need, flick that browser window to the slate. Then I can read instructions and work on my tablet without having to Alt-tab. That would be superb.

MSM765 SNTP Time Sync


This week we’ve been reconfiguring our MSM765 wireless controller and adding some new features for Students and guests to the School. With our old ZL WESM we were able to have a VLAN on the wireless network with an HTML based login, which allowed the students to use their own machines on the wireless network with their AD credentials. We wanted to replicate this setup on the MSM by using HTML-based user logins and still use their AD logins. We hit a problem when we tried to configure the Active Directory Authentication on the controller because the time on the controller wasn’t in sync with the 5400 chassis or the domain!

When we check Controller –> Management –> System Time, we could see the the time was incorrect, but there was no option to change it or specify an NTP server. The command ling reference for the controller (MSM7xx-CLI-RG-May09-5992-5933.pdf) gave a few clues on how to set the SNTP server and get the controller connected to our Windows time server

Connecting the terminal to the 5400 with the controller (MSM is in Bay I)

BGSCore(config)# services  I 2
BGSCore(msm765-application-I)> enable
BGSCore(msm765-application-I)# conf
BGSCore(msm765-application-I)(config)# ntp protocol sntp
BGSCore(msm765-application-I)(config)# ntp server 1
BGSCore(msm765-application-I)(config)# ntp server

The time sync’d straight away and made the connection to AD without a hitch


Netbooks: Setting Student as Admin’s during deployment

3761637114_47d8ac8cf0 As part of our config for the Student Netbook SOE, we’re going to make each Student an Administrator on their netbook. We don’t want to make every student an administrator on the machines, because of the security/privacy issues that may arise. If every Student is an administrator then it’s possible for them to log onto another Students machine and look/edit/delete/copy their files.

When we unboxed the netbooks we attached our Asset tags (BGSID) and used the barcode scanner to grab the BGSID and Serial for each netbook and put them into Excel. We thought we could use this data and run a post imaging script from Altiris to set the student admin on each machine after they’re sysprep’d and before they’re given out to Students.

We created a SQL database with one table, see below. The image shows our test data, but we’re able to copy the BGSID’s and Serials from the spreadsheet to the database and assign a username for each netbook. The database also has a field for MachineName, which is blank initially and is populated when the script is run. Altiris automatically names the machines, according to the template we’ve specified, but we thought it would be handy to grab the machine name and store it next to the Serial as the machines are assigned to Students.
We can also be sneaky, and use the StudentUserName field to query AD and grab the Student’s firstname and surname to make sticky labels for their machine and maybe their bags too… will see


‘______________________ Start SetStudentAdmin.vbs __________________________
‘Option Explicit

dim adoConn, adoRS, adoStrm
Set adoConn = CreateObject(“ADODB.Connection”)
Set adoRS = CreateObject(“ADODB.Recordset”)


Sub GetBGSID()

Dim NetBookSerial

winmgmt1 = “winmgmts:{impersonationLevel=impersonate}!//.”
Set SNSet = GetObject( winmgmt1 ).InstancesOf (“Win32_BIOS”)

for each SN in SNSet
NetBookSerial = SN.SerialNumber

adoConn.Open “Provider=SQLOLEDB;Data Source=lumberjack;User ID=sa;Password=12345;Initial Catalog=Netbooks;”
adoRS.Open “select * from netbooks where (Serial = ‘” & NetBookSerial & “‘)”, adoConn, 1, 3

Set objWshNet = CreateObject(“WScript.Network”)
strDomain = objWshNet.UserDomain
strComputer = objWshNet.ComputerName
Set objGroup = GetObject(“WinNT://” & strComputer & “/Administrators,group”)

strUser = adoRS.fields.item(3)

Set objUser = GetObject(“WinNT://” & strDomain & “/” & strUser & “, user”)

If Not objGroup.IsMember(objUser.ADsPath) Then
End If
adoRS.fields.item(4) = strComputer


End Sub
‘______________________ End SetStudentAdmin.vbs ___________________________

Too Cool for School


Recently our Headmaster announced that the School was going to trial a 1:1 netbook program with out Year 9 Students. Currently our Students use desktops in Computer Labs and some class sets of notebooks with the same SOE that’s installed on our desktops. The move to netbooks will create new challenges for our Staff, especially with some of the requirements, most notably that Students will need to have administrator access to their netbooks.

The device that we’ve selected for the trial is the HP Mini 5101 which has the same spec’s as the other netbooks, except we’ve optioned these with the HD screen(1366×768) and a 6 cell battery. The SOE that we’re building for the trial includes Windows 7 Professional, Office 2007, Visio, Adobe Photoshop Elements and Premiere Elements. The SOE is pretty simple and the Students can add any other apps that they need when they’re handed over. The only problem with the software has been the Adobe licensing, which has been summed up by Rob Flavell on Learn | You | Good to perfection.

Since we’ve only ever had a notebook program for Academic Staff, we’ve been talking to colleagues at School’s with successful Student notebook programs to help work out a successful plan for Grammar. We want to the Students to feel ownership over the device which will help motivate them to look after their machines and reduce damage and support requests. However, we want the machines to be on the network, on the domain, and be able to push settings and updates out to the Student’s netbooks and ensure they have the correct printers installed, drive mappings and other group policy settings.

During the year we spoke to a School that has a notebook program for their Students(year 7-12) and their IT Staff have 3500 re-image jobs per year. This worked out to be 2 or 3 reimages for each machine in the School which is probably a full time job for someone! We’ve kept this in the forefront of our minds when planning the SOE for the netbooks even though we’re only deploying 150 machines for the pilot, we have to assume that the pilot will be a success and that before long we’ll have 600-700 netbooks to manage.

We’re dealing with the possible flood of reimaging requests with a two pronged attack. The SOE will have two partitions, one for the OS and one for Student data, and we’re working on an imaging method that the Students can run themselves. The dual partitions are setup with the Windows 7 users folder moved to the second partition and creating a junction/symbolic link to the new location, nice explanation from Scott Hanselman here. This setup allows us to reimage the partition with the OS and programs, and leave the data intact. Once we’re confident with the reimaging we won’t need to worry about backing up the Student’s data before reimaging their machine. The Student self imaging will work, at the moment, using a separate imaging VLAN and getting the Students to boot their machine from the network card and loading a custom Altiris WinPE boot image. We looked at options for imaging the netbooks from a hidden partition or via a USB HDD, but we need the imaging job to be initiated by Altiris so the computer will get the right name and settings etc during the sysprep process.

So that’s just the start, we’ve placed the order for the netbooks with HP and should have delivery before Christmas, and will need to have them finished and ready for the Students at the end of January. As we find problems or something interesting the image, netbook or how we’re supporting them, I’ll post here.

HP 2730p: machine is not in committed state

hp2730pA couple of weeks ago we ran into problems with our new fleet of 2730p Tablets where the machines weren’t booting into Vista. We had a version of the Black Screen of Death, KSOD, that was caused by something upsetting the Altiris SVS client on these machines. While we were troubleshooting the KSOD we tried  updating one of the machines with the latest drivers including the latest BIOS update for the machine from HP. After updating the BIOS to F.0A 31 Jul 2009, the machine rebooted and gave us this error as soon as the machine was powered on:

WARNING!!! – machine is not in committed state!

After some quick Googling I found others had the same issue after a BIOS update on various HP models. Resetting BIOS defaults and installing an older version didn’t make any difference.

Some people suggested running HPSetCfg 1.36, downloaded from here, or later to reset the serial and model number for the machine. This is a handy little tool from HP and runs from a bootable CD or USB stick, seemed to only want to work on FAT (not NTFS), and made the USB stick bootable with HPUSBFW.EXE. This worked nicely but did nothing to remove the Warning on boot….


After making my way to the end of that thread on itrc.hp.com I looked at the AMT settings. Checking the AMT settings in the BIOS showed that it was greyed out and not able to be enabled? Thinking that the machine needed a firmware update for the AMT to go with the BIOS update, I attempted to install the version from the HP site. This should have been the version that was on the machine, Dec 2008, since the machines were purchased in early 2009. The AMT update failed installation so I started the hunt for the AMT Branding Tool that was mentioned in the thread above and found here

This is straight from allaboutmicrosoft.net:

Swapped MB on a HP Elitebook 6930P and need get the serial number into BIOS.
At boot I get a message stating “Warning. Machine is not in committed state. Invalid serial number”, but when entering BIOS there is no way for me to enter it. Read on HP forums that I need HP SetConfig Utility 1.36 to do this, but I can’t find it anywhere. Does anyone have this program or maybe another solution that could help me?

Solution: Machine is not in committed state

use this tool. run it from a bootable flash drive.  read the readme.txt inside the archive.

I downloaded the AMT tool and copied it to the bootable USB stick that I’d used before. Because I copied the files to their own folder I had to run Brand.bat from the command line, should have run from autoexec.bat. The Tool checks the current settings and prompts you to see if you’d like to make changes

VPro Uncommitted
Descriptor Unlocked
Management Engine disabled
Flash Protection Override disabled

Do you want to enable or disable AMT now [Y, N]?

The text above is copied from the readme.txt that comes with the AMT tool, but is essentially the same as what I saw at the command line. After selecting Y to enable AMT, there was another prompt or two, followed by a reboot. On boot up the warning message was gone and entering the BIOS showed that the AMT was now enabled and I could change the AMT settings etc too!

ProCurve – Front-Panel Security & Authentication

I was looking for some ProCurve documentation on AAA security and stumbled across the Hardening ProCurve Switches White Paper and found a few nice things to add to our ProCurve config.

Password Clear Protection – Front-Panel Securitylogo_procurve_networking_by_hp
ProCurve devices utilize the Reset and Clear buttons on the front panel to help users reset the switch configuration to factory default or to reset the console password. This capability creates a security risk anywhere it’s impossible to  prevent physical access to the switch. ProCurve makes it possible to disable this functionality to protect from malicious use of these features.

There are two components to front-panel security: “password clear” and “factory reset.” Both must be disabled to fully secure the device.

In the switch’s default mode, a malicious user can utilize the front-panel clear button to reset a console password stored locally on the switch. To disable this feature, issue the command:

ProCurve Switch(config)# no front-panel-security password-clear

The other capability built into ProCurve switches is the ability to reset the switch configuration to the factory default mode:

ProCurve Switch(config)# [no] front-panel-security factory-reset

Executing this command prevents reset of the switch configuration by use of the front-panel Reset and Clear buttons.

It’s critical to understand that disabling these features severely restricts administrator options if the password is lost or forgotten. Before making these changes, users are strongly encouraged to review all considerations outlined in the Access and Security Guide for your model.
Authentication – Server-Supplied Privilege Level
Login privilege level instructs the switch to accept the authenticating user’s command level (manager or operator) that is supplied by the server. This allows manager-level users to skip the login context and proceed immediately to enable context, thus eliminating the need for a manager-level user to login twice.

To allow the switch to accept the privilege level provided by the server, use the following configuration command:

ProCurve Switch(config)# aaa authentication login privilege-mode

To supply a privilege level via RADIUS, specify the “Service-Type” attribute in the user’s credentials.
• Service-Type = 6 allows manager-level access
• Service-Type = 7 allows operator-level access
• A user with Service-Type not equal to 6 or 7 is denied access
• A user with no Service-Type attribute supplied is denied access when privilege mode is enabled

– The Radius Authentication for switch access sounds interesting. If our Staff are using their network credentials to access the switch config, or contractors that are working on the network, we can easily enable/disable their access to the switches without hassle and letting everyone know the Manager/Operator passwords

HP 2710p Battery issues resolved

Just over 12 months ago we purchased 55 HP 2710p Tablets with Vista Business for our Teaching Staff. The machines have generally been pretty good but we had some unsolvable battery issues that we couldn’t solve ourselves and eventually opened a support case with HP to try and rectify. We had various problems with batteries not holding much, or any charge and some machines that wouldn’t recognise their battery at all and would only work with the AC adapter connected to the power. If we swapped batteries around between machines they would start to work normally again and the battery would charge and be usable, however, it wouldn’t be long before the machine would have battery issues again.

HP Support got us to run the Battery Check and Health Check on some effected machines as well as machines that hadn’t had any battery issues and send them the .XML files that were generated for their engineers to check. We also sent them the .nfo System Info files from MSINFO32.exe for these machines.

C:\Program Files (x86)\Hewlett-Packard\HP Battery Check\hpbc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc.exe

Running these two applications generates two logs files that are stored under HP Active Support
C:\Program Files (x86)\Hewlett-Packard\HP Active Support\Logs

Battery Check Results: HealthCheckBC.xml

   1: <?xml version="1.0"?>
   2: <HC_BCheck Generated="17/10/2008 11:25:39 AM">
   3:   <Battery>
   4:     <HealthStatus SerialNumber="2CE7412ZL5">Test Passed</HealthStatus>
   5:     <TestResult>0</TestResult>
   6:     <DesignCapacity>4000</DesignCapacity>
   7:     <FullChargeCapacity>3791</FullChargeCapacity>
   8:     <RemainingCapacity>1163</RemainingCapacity>
   9:     <StorageCapacity>98.9473684210526</StorageCapacity>
  10:     <MaxError>0</MaxError>
  11:     <CycleCount>1</CycleCount>
  12:     <Temperature>23</Temperature>
  13:     <TerminalVoltage>11077</TerminalVoltage>
  14:     <Current>0</Current>
  15:     <DesignVoltage>11100</DesignVoltage>
  16:     <BatteryManufactureName>HP                </BatteryManufactureName>
  17:     <Status>128</Status>
  18:     <CellVoltage1>0</CellVoltage1>
  19:     <CellVoltage2>3688</CellVoltage2>
  20:     <CellVoltage3>3700</CellVoltage3>
  21:     <CellVoltage4>3700</CellVoltage4>
  22:     <BatteryACPower>1</BatteryACPower>
  23:     <BatterySupportedCount>2</BatterySupportedCount>
  24:     <SerialNumber>00577 2008/04/10</SerialNumber>
  25:     <satId>00577</satId>
  26:     <ManufactureDate>04/10/2008</ManufactureDate>
  27:     <Source>1</Source>
  28:     <Table>0</Table>
  29:     <SubTable>0</SubTable>
  30:     <InWarranty>False</InWarranty>
  31:     <WarrantyID>12ZL5-18100-18287-2CE74-00000-01</WarrantyID>
  32:   </Battery>
  33: </HC_BCheck>

HP Health Check Results: HealthCheckAC.xml

   1: <?xml version="1.0"?>
   2: <HC_ACheck AC_Server="h20397.www2.hp.com" Generated="25/08/2008 12:13:32 PM" HealthStatus="Poor">
   3:   <ISSUE GUID="10007315-0281-0514-8344-020194660001">
   4:     <STATUS>Detected</STATUS>
   5:     <QA>True</QA>
   6:     <URLRESULT>
   7:     </URLRESULT>
   8:     <FREEINFO>
   9:       <CATEGORY>Maintenance</CATEGORY>
  10:       <PERSISTANT value="always" timestamp="" />
  11:       <ALERT>Please update HP Health Check by clicking on REPAIR and following the instructions.</ALERT>
  12:       <SYMPTOM>HP Health Check update available.</SYMPTOM>
  13:       <SEVERITY>Alert</SEVERITY>
  14:     </FREEINFO>
  15:   </ISSUE>
  16:   <ISSUE GUID="10007315-0281-0514-8344-020194660047">
  17:     <STATUS>Detected</STATUS>
  18:     <QA>True</QA>
  19:     <URLRESULT>
  20:     </URLRESULT>
  21:     <FREEINFO>
  22:       <CATEGORY>Security</CATEGORY>
  23:       <PERSISTANT value="always" timestamp="" />
  24:       <ALERT>There is a critical security update available for HP Quick Launch Button software. This update removes a security vulnerability by disabling HP Info Center.  Click the GREEN button to apply the security update.</ALERT>
  25:       <SYMPTOM>HP Quick Launch Buttons security update available.</SYMPTOM>
  26:       <SEVERITY>Alert</SEVERITY>
  27:     </FREEINFO>
  28:   </ISSUE>
  29: </HC_ACheck>

The Health Check managed to find that the machine’s were missing an update for the HP Quick Launch buttons, but didn’t find that there was an updated BIOS available for the 2710p. The HP Health check seems to be pretty good at finding updates for HP software and drivers, but not so good at finding and recommending firmware updates. The issue has been resolved by updating to the latest BIOS, which for us was F.13, F.14 is now available. All machines that had experienced battery problems have now received the BIOS update, and have not had any problems with batteries holding their charge or not being detected since then.

Mic Check // Oh Wait a minute now…

Over the last 12 months since we’ve installed our J9051A ZL Wireless Edge Services Module (WESM), we’ve had some intermittent issues with some of our wireless notebooks causing the WESM to freak out and run at 100% CPU and boot all of our wireless stations of the Wireless network. These notebooks work fine on the WLAN 99% of the time but every now and then they freak out and cause problems with the TKIP integrity check.

The notebooks that we’ve had trouble with have had either an Intel or Broadcom wireless NIC:

  • Acer 3230 with WLAN: integrated Intel® PRO/Wireless 2200ABG
  • HP 1100 Tablet with WLAN: Intel PRO/Wireless LAN 2100 3B Mini PCI
  • Motion Computing Tablet with WLAN: Broadcom Wireless

We have many other 3230’s on the WLAN and one other Motion tablet that are identical to the machines that we’ve had issues with, but no other machines have caused the TKIP failure. We’ve updated drivers for the wireless NICs and installed all Windows updates and still haven’t been able to correct the problem?

When the TKIP failure occurs the CPU on the WESM hits 100%, see below, while it tries to perform the TKIP Countermeasures. TechDuke has a great explanation of the TKIP Message Integrity Check (MIC), and explains that when a wireless station fails the MIC, or Michael, hash check twice within 60 seconds then all wireless stations are booted off the wireless network for a minute and forced to reconnect/re-authenticate. Zack de la Rocha was way ahead of his time when he wrote Mic Check, he explains the MIC failure perfectly…

Rage Against The Machine – Mic Check (The Battle of Los Angeles (1999))
Mic Check
Oh Wait a minute now
Ha ha ha
Come on
Wait a Minute Now

The Diagnostic page on the WESM showing that the CPU had been running at 100%, as soon as we disabled Dial-in access in Active Directory for the offending notebook we broke the Radius authentication and the WESM went back to running as normal.

Wireless Edge Service Log

   1: Feb 06 11:27:46 2009: %CC-4-TKIPCNTRMEASSTART: TKIP countermeasures started on wlan 1
   2: Feb 06 11:28:15 2009: %MGMT-4-OTHERREQQUED: request queued in delegated requests
   3: Feb 06 11:28:46 2009: %CC-4-TKIPCNTRMEASEND: TKIP countermeasures ended on wlan 1
   4: Feb 06 11:28:47 2009: %CC-4-TKIPMICCHECKFAIL: TKIP message integrity check failed in frame on wlan 1
   5: Feb 06 11:28:47 2009: %KERN-3-ERR: mic check failure <00-13-CE-04-FB-4A>. (pkt_len 360 prio: 0) rx: <2B-2B-02-DC-00-FF> calc: <A7-CE-2B-B8-45-C6>.
   6: Feb 06 11:28:51 2009: %CC-4-TKIPMICCHECKFAIL: TKIP message integrity check failed in frame on wlan 1

Checking the message log on the WESM, we could identify which machine was failing the MIC and which WLAN they were connected to. Line 5 shows the MIC check failure and the MAC address of the offending machine.


We traced the offending MAC address back to its owner via the DHCP console and disabled Dial-in access for the computer and on the user account of its owner. This causes WLAN Radius authentication to fail the EAP-TLS auth because a valid certificate and dial-in access are required for access to that particular WLAN.

Currently we’re still running the original firmware wt.01.03 that came with the ZL module, but will update to wt.01.15 shortly and test these machines on the WLAN to see if the updated firmware can handle integrity check failure with a little more grace than the original firmware.

HP Case Study – Ballarat Grammar

thm_ballarat_grammerHewlett Packard have just release a Case Study on the hard work that we’ve done over the last year or two with them, and our HP reseller Trident. Check it out here.

The Case Study explains some of the challenges that we had with our previous network, servers and workstations, and how HP and Trident helped us find a solution that would help us overcome these challenges.

As well as the HP Case Study, earlier this year HP ProCurve released a Case Study on our migration from Cisco/Alloy switches to ProCurve, Wireless Edge Services and 802.1x port security. The Press Release Foundersis here on CIO. With a lot of help from Lisa and Fotios we’ve been able to develop our network, provide a 10Gb fibre backbone and much improved services for Staff and Students, including our Boarders on the wireless network, using the Wireless Edge Services Module (WESM). Expect to see some How-To’s posted soon on some of the funky things that we setup with our HP gear, especially the 802.1x, the WESM and our guest wireless network.

All of the work discussed in these case studies is obviously a team effort, and wouldn’t have been possible without the hard work and planning from Des, Nathan B, Nathan H, Leon and Rian.

* Photo of Ballarat Grammar by Rob Olston

Project 2009 Rollout

Follow Nathan as he blogs our 2009 Desktop rollout here. Track our progress as we unpack, assemble and configure 187 new Rollout2009HP 7800 Ultra Slim Desktops and install around the School. To help us, we have a team of Students working with our IT Staff to take the 28 pallets of gear that arrived on two trucks on Monday, and over the next week or so, and unpack the boxes, assemble the HP machines on their desktop stands, and position around the School.

A major part of our new rollout process is using Altiris to image our machines. Previously we’ve used Ghost for all our imaging but have been disappointed with post-sysprep functionality. Altiris, which has recently been acquired by Symantec, provides all the functionality that Ghost *should* have. As we become more familiar with Altiris and the different add-ons that we purchased, like SVS, I’ll post interesting snippets and How-To’s on things we’ve discovered.

So far the only issues we’ve had with the imaging process has been re-imaging older systems around the School. We have two labs of IBM clones with MSI motherboards that have been troublesome. We’ve had issues getting them to network boot, PXE, and also a strange issue with multicasting one of the labs. Altiris’ multicast works by selecting a master machine for the imaging session, and copying the image from the Altiris server to the master machine. Then from the Master the image is sent, multicast, to the the other machines in the session. The issue we had was that after session got to around 10% the Slave machines would freeze, however the Master machine kept on Imaging. The error message on the Altiris console seemed unrelated to the actual problem, something to do with a problem with the subst command!? As always, Rian solved the problem and improvised, adapted and overcome. He set the machines to start imaging 5 minutes apart, effectively running a unicast to each machine in the lab, and after an hour or 3 the lab was successfully imaged.

Will update as we go