DS for Windows: Client Side Changes in 8.5 RU4

book

Article ID: 206755

calendar_today

Updated On:

Products

Deployment Solution

Issue/Introduction

Deployment Solution 8.5 RU4 introduced multiple enhancements and changes for the agent side. Please refer to ITMS 8.5 RU4 Release Notes:

  • Ability to use the default Symantec Management Agent installation settings in the Install Windows OS task.

The Deployment Solution predefined task Install Windows OS uses the default Symantec Management Agent installation settings when the task performs a scripted operating system installation on Windows client computers.
In the default Symantec Management Agent installation settings, you can specify how the Symantec Management Agent is installed on the client computer.
For example, you can use the setting Override the default installation path to specify a new appropriate path if you want to install the Symantec Management Agent in a particular location on the managed computer.

  • Ability to use automation folders in Deployment Solution policies.

Deployment Solution lets you perform the preboot configuration and create automation folders at Settings > All Settings > Deployment > Preboot Configurations.
Now you can use the created automation folders in the install, upgrade, and uninstall policies for Windows and Linux client computers.
For example, you can use the Deployment Automation folder for Windows – Install policy to install such automation folders on the client pre-Windows 8 EFI computers.
As you configure the policy settings on the policy page, next to Program Name, you can select the automation folder that you want to install or upgrade.

  • Enhanced image management.
    • (Windows only)
      Enhanced process for deleting redundant images.
      You can now delete an image on the Image Management page. Deleting an image removes the corresponding image package and associated file data. The new Purge Image policy lets you delete redundant image packages on a regular basis.
      You can also configure the new global imaging setting Delete package files after to delete redundant image package files from Package Servers on a regular basis.
      For more information, refer to Deleting images, packages, and resources
    • Enhanced image management.
      The new Image Management page lets you manage sysprep, backup, and personality images that you have captured. You can filter images by type, view image details, view or edit image package details, and delete images.
      For more information, refer to Managing Images
    • Enhanced global imaging settings.
      The new Imaging Settings section on the Global Settings page lets you perform the following actions:
      - Define whether Deployment Solution uses the HTTP, UNC, or HTTPs codebase during images processing. You can also specify codebase usage priority.
      - Define an interval for deleting redundant image package files from Package Servers on a regular basis.
      - (Windows only) Define the location from where Deployment Solution tasks can download imaging tools.
      For more information, refer to Configuring Global Settings

Note:
The enhancements above apply to the images that have a manageable format. Linux and Mac images will be captured in legacy format.
Windows sysprep images already have the required format. To capture Windows backup images in a manageable format, ensure that your client computers have the version 8.5 RU4 or later of an automation folder and Pre-boot eXecution Environment (PXE). To capture Windows personality images in a manageable format, ensure that you use the Deployment plug-in 8.5 RU4 or later.
To manage legacy images (i.e., Linux and Mac images and Windows backup or personality images that you have captured with Deployment Solution 8.5 RU3 or earlier), you must convert such images to a manageable format on the Image Management page.

  • Enhancements of the Prepare for Image Capture task.

The Prepare for Image Capture task is enhanced with the following new options:

    • Execute CMD script before Sysprep
      Lets you run a script to make required changes in OS before running the Sysprep task. You can customize the script according to your requirements.
    • Remove extra user profiles
      Lets you remove all user profiles except the profile of the user that is defined to run Sysprep task.
      By default, both options are disabled.
  • Ability to upgrade the Symantec Management Agent to the latest version while running Deployment Solution tasks.

(Windows only)
You can configure the tasks Deploy Image or Restore BackUp Image to automatically upgrade the Symantec Management Agent to the latest version on the target client computers.
This feature is enabled in the task settings by default.

Environment

DS 8.5 RU4

Resolution

The following is provided just as a reference and not as a "detailed" list of changes and why those changes were made. Most of this information on how to use these changes can be found in our ITMS Help documentation:

General C/C++ changes:

  • Outdated or duplicated code was removed.
  • Credentials stored in memory are properly cleaned after usage in many places.
  • More log entries changed to be readable and do not contain source file names and lines numbers

Process execution changes:

  • A few process execution methods are reduced to two:
    • Running process under SYSTEM account. Used to run GHRegEdit, GHConfig, DeployAnywhere and other tools that do not need to access a shared UNC folder.
    • Running process under SYSTEM account that should have network access. GHost and PCTransplant use that method when reading or writing a file to a shared UNC folder.
  • Command-lines used to start processes are completely logged as they do not contain any passwords now.

Complete Package Delivery (PD) integration into DS agent and tasks:

  • Symantec Management Agent (SMA) Package Delivery (PD) module is used to deliver any files required during DS tasks execution or PXE server configuration.
    • Block-by-block downloads are used.
    • Download attempts are retried in 5, 10, 20 sec ... 10 min intervals.
    • Partially available packages can be now downloaded from a Package Server (PS) while they are still being downloaded by PS.
    • Peer-to-Peer (P2P) downloads are not supported.
    • New PD's partial package download feature is used to download parts of DriversDB package or a tool.
  • Most of the packages are downloaded into "\Agents\Deployment\Downloads" folder managed by PD
    • No more custom download location for every package.
    • Copy File task downloads package into the target folder directly.
      • 203430

        Is it expected that each Child SMP has a copy of the "CopyFile" folder? How “CopyFile” task works in a Hierarchy.

      • 204966

        "Copy File" Tasks created on the Child SMP are replicating up to the Parent SMP

      • 196334

        Copy File task - copy folder option only copies files within folder in 8.5 RU4

    • Scripted OS Install (SOI) task downloads drivers into the folder on the Window partition.
  • All the custom UNC/HTTP download methods are eliminated.
  • Package download progress is logged every 10 seconds.
  • Local package location and codebases are reported in the logs.
  • Package server is reported in the logs for the external packages.
  • Minimum free space requirement is set to 10 MB to allow some logs to be created.
  • GHRegEdit and GHConfig are still used from Ghost sub-folder since these tools are used prior to any PD download attempt.
  • Other GIF tools required during task execution gets downloaded from NS or PS if configured in Deployment Global Settings in NS console:

Deployment Solution Agent integration into PECTAgent:

  • DS plugin is loaded into PECTAgent.
  • DS plugin starts, hosts and configures Package Delivery module.
  • DS plugin allows access to PD via COM interface including IDispatch, i.e. automation can get access to DS packages via PD interface from VBScript or C# interop for example.

Remote UNC share mapping:

  • Drive mapping to an UNC share are not performed now.  "net use" approach. is not used anymore. There are no more dependencies on the already mapped shared folders so no more "Multiple connections to a server or shared resource by the same user, using more than one user name are not allowed. Disconnect all previous connections to the server or shared resource and try again" errors.
  • An impersonated SYSTEM process is executed instead of that, the impersonated process runs as SYSTEM account and still can access UNC shares.
  • Affected tasks: SOI, Copy File and any task that copied files from UNC share before.

Task cancelling:

  • Any pending or retrying package download can be cancelled.
  • Any tool execution can be cancelled, the tool's process gets killed.
  • Any task now should finish quickly after the cancel regardless of what the task was doing.

PECTAgent changes:

  • DSUniqeueID gets written into "\Windows\AeXNSAgent.ini" by DS tasks.
  • 8.5 RU4 SMA reads DSUniqeueID from "\Windows\AeXNSAgent.ini".
  • IP address is not sent to NS during PECTAgent registration. That was needed for CTA to be able to find the proper TS in the past, not needed anymore.

Logging changes:

  • Console colors introduced in RU3 are fixed, they wasn't right in all the cases in RU3.
  • PECTAgent's console window does not get minimized once it was restored.
  • Used passwords are never reported in the logs, the user names and domain are.
  • User can see the first 1KB of every log file that was created by a failed task, no need to look for logs in DS folders every time.

Copy File Task changes:

  • PD is used to download packages directly into a target folder for "Upload from local system" type of tasks.
  • Double-space requirement has been eliminated for "Upload from local system" type of tasks. 
  • Authorization method for "Access from UNC location" type of tasks has been changed.
  • Used access and execution credentials get logged.
  • Now, a Task does not set execution permission for any file specified as a file to execute during the task. Permissions are set only for the downloaded files and only for the executing user account.

Create/Backup Image task changes:

  • Fresh GHost tool gets downloaded prior the imaging.
  • Used credentials gets reported into the logs.
  • Credentials from server's connection profile get used to access the remote package location, the default credentials are used if the Agent communication profile is not found
  • Package creation method is changed: 
    • Task itself now creates an external package prior to imaging by calling DS SOAP web page on NS.
    • DS' server part creates package either on NS or on PS.
    • DS' server part accelerates package to PS.
    • PS creates package folder and reports package codebases back to NS.
    • The client meanwhile uses PD to wait for package information be available on the client.
    • Task creates the image once PD receives package codebases.
    • Task updates package information once image files are created.
  • Task always creates the new proper SMP package in all the scenarios.
  • The new package is always created, the existing packages are managed by the server and can be removed if configured so by "Image Purging" settings
  • The new package is removed at the and of the task in case image creation fails or task is cancelled.
  • The new package info gets updated with partitions information at the end of the successful task (only if package was saved to UNC share).
  • GHostImageFile.dll is used to retrieve the partition information from a remote image files both HTTP and UNC. The partition info gets written into the logs.
  • No more drive mapping, to access shared UNC package location.
  • The short name of PS/SMP will be used during image capturing in case the server is no available by FQDN.

Deploy/Restore Image task changes:

  • Fresh GHost gets downloaded from SMP/PS prior the task if configured so.
  • Fresh DeployAnywhere, DriverManager and DPInst gets downloaded prior the task.
  • DriversDB is partially downloaded using PD.
  • Image package location obtained via PD.
  • Used credentials get reported into the logs.
  • Credentials from communication profile are used for HTTP and PS/NS downloads if any are specified there otherwise the default credentials are used.
  • No drive mapping to access images on shared UNC folders.
  • Legacy packages made by previous DS versions are still supported.
  • Deploy/Restore image tasks have option to upgrade SMA to the latest version:
    • AeXNSC.exe and AeXNSC.xml gets downloaded into "Windows\Setup\Scripts\SMA" folder on the production OS drive.
    • Fresh ConfigService.exe gets copied from WinPE to the production OS driver.
    • ConfigService is directed to run SMA installer upon reboot and cleanup some SMA files prior to that.
    • AeXNSC.xml contain the latest SMA installer settings and the latest server profile

PCT task changes:

  • Used credentials get reported into the logs.
  • Package creation method is changed, package is created the same way as image package gets created, see above for details.
  • Package creation works over UNC or HTTP/S
    • UNC packages get created directly on PS or SMP, assuming UNC codebase is available for the package.
    • HTTP/S packages get created locally and then uploaded to PS or NS via HTTP/S, assuming HTTP/S codebases are available for the package.
  • The new package is always created, the existing packages are managed by the server and can be removed if configured so by "Image Purging" settings.
  • The new package is removed at the end of the task in case image creation fails or task is canceled.
  • PCT logs get created and copied into Deployment\Logs folder at the end of the task.
  • No more drive mapping, to access shared UNC package location.
  • The short name of PS/SMP will be used during image capturing in case the server is no available by FQDN.
  • Legacy packages made by previous DS versions are still supported.

Client Wipe task changes:

  • Fresh GDisk gets downloaded from NS/PS prior to the wiping if configured.

SOI task changes:

  • No more drive mapping, to access shared UNC Windows setup location, Windows setup is executed remotely from UNC as impersonated application.
  • Fresh DeployAnywhere, DriverManager, and DPInst get downloaded prior to the task if configured.
  • Drivers DB is partially downloaded using PD.
  • Windows' setup.exe  can be located in either "sources" sub-folder or package root folder.
  • SMA installation at the end of SOI task is changed:
    • AeXNSC.exe, AeXNSC.xml and Symantec_DeploymentSolutionAgent_8_5_x64.msi gets downloaded from SMP or PS into %WINDIR%\Setup\Scripts\SMA.
    • SetupComplete.cmd then configured to install SMA and DS plugin  one after another.
    • AeXNSC.xml contain the latest SMA installer settings and the latest server profile.

Pre-Image task changes:

  • Task does not clean up SMA files or folders anymore, it merely runs SysPrep, disables SMA service and enabled ConfigService.
  • Fixed bug that caused SysPrep to "hang" in case of failure, bad command-line caused SysPrep to show a message box in the hidden Windows session.
  • setupact.log and setuperro.txt files get copied into the Logs folder.
  •  A custom script can be specified in the task parameters:
    • The script will be executed prior to SysPrep.
    • the script will be executed in the same user context as SysPrep.
    • The script can be especially useful on Windows 8/10 where it can remove AppStore applications which presence can lead to SysPrep failure.
    • The default script removes AppStore applications but it is turned off by default.
  • The new "Remove extra user profiles" option can be selected 
    • SysPrep account name should be specified for the option to work.
    • The option directs the task to remove every other non default user profile except for the specified one, i.e. NetworkService, LocalService, and other system account's profiles get excluded from the removal.
    • The option can be useful on Windows 8/10 to assist custom script in preparation for SysPrep execution.
    • The option is off by default.

Partition Disk task changes:

  • Fresh GDisk gets downloaded from NS/PS prior the task if configured.

WInPE image changes:

  • Scratch disk space is increased to 512MB.

  • ConfigService32.exe and ConfigService64.exe are included, required by restore/deploy image task.

Image Capture settings:

  • GHost and PCTransplant tools can be configured to use specific network protocols (HTTP, HTPS or UNC) while capturing a GHO or PCT images.
  • The protocols can be configured on "Global Settings" page in SMP console.
  •  SMP or PS server must provide the corresponding package codebase for a protocol to be available for capturing.
  •  If protocols specified in the settings and protocols available in the codebases do not match then image capture will fail.
  •  The tasks try protocols in the order specified in the settings.

Image Purging settings:

  • GHO and PCT image files are subject to purging according to the "Image Purging" settings, which are off by default:

Related imaging tools changes:

  •  The new GHost is included in DS packages.
  •  GHost supports NTLM domain authentication now.

PXE Server configuration changes:

  • Fresh BDC and Imaging packages get downloaded prior to boot images updating.
  • Fresh imaging tool set gets downloaded and injected.

Additional Information

206726

DS images management and processing during an upgrade to 8.5 RU4

206748

Driver Management UI improvements with DS 8.5 RU4 release

Attachments