PXE Booting Shadow Protect

If you’ve purchased a copy of StorageCraft’s ShadowProtect and have a copy of their ShadowProtect CD, you may not realise that the ISO contains a WinPE WIM image that you use to PXE boot ShadowProtect over the network


Currently, we’re using Altiris 6.9 for image deployment and use the Altiris PXE service, but the ShadowProtect BOOT.WIM will work with any PXE boot server that supports WinPE

To add the ShadowProtect boot image in Altiris, open the PXE Configuration Utility, and add a New Boot Menu Option


From here you can select the ShadowProtect BOOT.WIM but I found that to be unreliable in Altiris 6.9. I ended up getting it to work by adding an Altiris WinPE boot image that it had created, and replaced the Altiris boot image with the ShadowProtect BOOT.WIM in Windows Explorer


To replace the default Altiris BOOT.WIM, take note of the “Final Location on PXE Server” on the menu option you’ve just created and browse to the file location for your deployment server, in our case

C:\Program Files\Altiris\eXpress\Deployment Server\PXE\Images\MenuOption163\X86PC\sources


Simply replace the existing BOOT.WIM with the file from the ShadowProtect ISO and you’re finished

Next time you network boot a device, press F8 at the PXE menu to see all the menu items and ShadowProtect will be there!

The ShadowProtect ISO has drivers included for a lot of network cards, but if your device is fairly recent you may need to add NIC drivers after the ISO has loaded before you can backup a disk over the LAN

Pushing Microsoft Interactive Classroom

The Microsoft Interactive Classroom is a nifty tool for teachers to share their PowerPoint presentation with students running OneNote

“With Microsoft Interactive Classroom, students participate like never before while staying up-to-speed on instructor notes. It gives educators the power to add in-class polling and to share lessons over a wireless network. If a teacher updates a presentation, students capture the notes in real-time via Microsoft OneNote.”

Our staff trainer presented this to the teachers last night and with 460 student netbooks on campus, with another 320 coming in December, should get a bit of use.

We extracted the files from ICSetup.exe and used Altiris to push the InteractiveClassroom_O14.en-US_x86.MSI silently to our staff tablets and student netbooks. PowerPoint and OneNote gain an Academic menu which in PowerPoint is used to start a shared preso, and in OneNote is used to connect to the preso.

Even though we have separate VLAN’s for staff and students it was easy to get the machines talking to each other over the network. Most traffic seems to be over port 80, which is what we have allowed. The only restriction is that students have to manually enter the name of the staff machine to join the session

Vista Black Screen of Death and Altiris SVS

When we rolled out the HP 2730p tablets to Staff last year, we decided to try out the Altiris software virtualisation (SVS).

Since it came bundled with our Altiris purchase it seemed like the easiest choice for getting into software virtualisation. We had tried the demo for VMWare’s Thinapp but were discouraged by the pricing and had been impressed with demos if Microsoft App-V. Software virtualisation would let us have a much smaller SOE with just Vista, Office 2007 and the Adobe CS4 Master Collection, and have every other application installed as an SVS layer. This way we could reduce the time needed for imaging and control the application deployment through Altiris. We could also enable the web portal which would let Staff select which SVS layers they’d like deployed to their machine!

Since the 2730p machines have been imaged, we’ve had a few come back because Vista seems to hang on a black screen after the green progress bar on boot up

Vista Green Bars

The problem seems to be with a driver for SVS (fslx.sys) and after browsing the web for reasons why we’ve had this issue found that it may be a problem with one of the SVS packages we’ve deployed.

A thread on the Symantec forums details some of the SVS KSOD issues that people have had and found that troublesome SVS layers are the culprit. This thread confirmed our suspicions that we were having trouble with SVS packages that we’d made for applications like Skype and iTunes that have regular/frequent updates. The files in the SVS layer can’t be updated when there’s an update or patch for an application. With software virtualisation on the rise it would be handy if the application knew it was virtualised and would warn the user that new versions can’t be installed until the virtualised application is removed.

Anyway, here’s the fix:

· Boot the machine into Safe Mode

· Login as Admin

· Rename C:\Windows\system32\drivers\fslx.sys to C:\Windows\system32\drivers\fslx_old.sys

· Restart the machine

This will disable SVS and all the SVS layers. We’ve had some success with updating the SVS software to a slightly newer version, though, in most cases we’ve still had trouble after updating the SVS client. The best bet is to work out which SVS layer us causing the problem and disable it. Easier said than done.

We’re yet to decide if we’ll consider SVS for the 2010 Staff image. If we do, we’ll have to exclude applications like iTunes and Skype and try to avoid the black screen issues. We also need to decide if we’re going to move to Windows 7 for this image and whether it will be 32 or 64bit. Symantec have released the beta version of Symantec Workspace Virtualization,new version of SVS, which is compatible with 64bit Windows but it’s unlikely that the final version will be released in time for our internal testing.

Netbooks: Setting Student as Admin’s during deployment

3761637114_47d8ac8cf0 As part of our config for the Student Netbook SOE, we’re going to make each Student an Administrator on their netbook. We don’t want to make every student an administrator on the machines, because of the security/privacy issues that may arise. If every Student is an administrator then it’s possible for them to log onto another Students machine and look/edit/delete/copy their files.

When we unboxed the netbooks we attached our Asset tags (BGSID) and used the barcode scanner to grab the BGSID and Serial for each netbook and put them into Excel. We thought we could use this data and run a post imaging script from Altiris to set the student admin on each machine after they’re sysprep’d and before they’re given out to Students.

We created a SQL database with one table, see below. The image shows our test data, but we’re able to copy the BGSID’s and Serials from the spreadsheet to the database and assign a username for each netbook. The database also has a field for MachineName, which is blank initially and is populated when the script is run. Altiris automatically names the machines, according to the template we’ve specified, but we thought it would be handy to grab the machine name and store it next to the Serial as the machines are assigned to Students.
We can also be sneaky, and use the StudentUserName field to query AD and grab the Student’s firstname and surname to make sticky labels for their machine and maybe their bags too… will see


‘______________________ Start SetStudentAdmin.vbs __________________________
‘Option Explicit

dim adoConn, adoRS, adoStrm
Set adoConn = CreateObject(“ADODB.Connection”)
Set adoRS = CreateObject(“ADODB.Recordset”)


Sub GetBGSID()

Dim NetBookSerial

winmgmt1 = “winmgmts:{impersonationLevel=impersonate}!//.”
Set SNSet = GetObject( winmgmt1 ).InstancesOf (“Win32_BIOS”)

for each SN in SNSet
NetBookSerial = SN.SerialNumber

adoConn.Open “Provider=SQLOLEDB;Data Source=lumberjack;User ID=sa;Password=12345;Initial Catalog=Netbooks;”
adoRS.Open “select * from netbooks where (Serial = ‘” & NetBookSerial & “‘)”, adoConn, 1, 3

Set objWshNet = CreateObject(“WScript.Network”)
strDomain = objWshNet.UserDomain
strComputer = objWshNet.ComputerName
Set objGroup = GetObject(“WinNT://” & strComputer & “/Administrators,group”)

strUser = adoRS.fields.item(3)

Set objUser = GetObject(“WinNT://” & strDomain & “/” & strUser & “, user”)

If Not objGroup.IsMember(objUser.ADsPath) Then
End If
adoRS.fields.item(4) = strComputer


End Sub
‘______________________ End SetStudentAdmin.vbs ___________________________

Project 2009 Rollout

Follow Nathan as he blogs our 2009 Desktop rollout here. Track our progress as we unpack, assemble and configure 187 new Rollout2009HP 7800 Ultra Slim Desktops and install around the School. To help us, we have a team of Students working with our IT Staff to take the 28 pallets of gear that arrived on two trucks on Monday, and over the next week or so, and unpack the boxes, assemble the HP machines on their desktop stands, and position around the School.

A major part of our new rollout process is using Altiris to image our machines. Previously we’ve used Ghost for all our imaging but have been disappointed with post-sysprep functionality. Altiris, which has recently been acquired by Symantec, provides all the functionality that Ghost *should* have. As we become more familiar with Altiris and the different add-ons that we purchased, like SVS, I’ll post interesting snippets and How-To’s on things we’ve discovered.

So far the only issues we’ve had with the imaging process has been re-imaging older systems around the School. We have two labs of IBM clones with MSI motherboards that have been troublesome. We’ve had issues getting them to network boot, PXE, and also a strange issue with multicasting one of the labs. Altiris’ multicast works by selecting a master machine for the imaging session, and copying the image from the Altiris server to the master machine. Then from the Master the image is sent, multicast, to the the other machines in the session. The issue we had was that after session got to around 10% the Slave machines would freeze, however the Master machine kept on Imaging. The error message on the Altiris console seemed unrelated to the actual problem, something to do with a problem with the subst command!? As always, Rian solved the problem and improvised, adapted and overcome. He set the machines to start imaging 5 minutes apart, effectively running a unicast to each machine in the lab, and after an hour or 3 the lab was successfully imaged.

Will update as we go