Domain Join / Install software

  1. 2 years ago

    Domain Join / Install software

    Is it possible to have CloneDeploy automatically join PC's to a domain and install software such as Office Suite?

    Thanks

  2. clonedeploy

    17 Jun 2016 Administrator

    No. CloneDeploy is strictly for OS cloning. You would need to join a domain via a sysprep answer file or custom script. I have no intention of ever implementing Software Deployment. Thanks for your interest.

  3. last year
    Edited last year by T3chGuy007

    @gwith

    I have Office installed on my images and I have a script to automatically join deployed PCs to my domain. For Office, I have it activated on the image but in a script that I use to start sysprep, I re-arm Office. I haven't had any issues with activation after I deploy the image to other PCs. The same goes for activating Windows, I have it activated on my image but in a script, it automatically activates once deployed. Essentially, once I deploy an image, I do nothing else because CD renames it and my scripts activate Office and Windows and joins to my domain. If you want more info, let me know.

  4. @T3chGuy007

    Please elaborate. I tried for a while with Crucible to make joining to my domain work and haven't yet been able to in CD, either. Any info you can share is greatly appreciated!

  5. @snowbear

    There may be a better/easier way to do this but this way works for me. Below is a listing of files and directories that I use to accomplish the sysprep, activation of Windows and Office, and domain join. Let me know if you have any questions.

    - At the root of C:\, create a directory called Scripts.

    - In C:\Windows\Setup\, create a folder called Scripts and then create a file called SetupComplete.cmd. The only thing I have in this file is a command to call my .bat file that does various tasks after reimaging.

    - In C:\Windows\System32\Sysprep\, create a file called StartSysprep.bat. This file will first re-arm Office and then start sysprep and when finished, it will shutdown the PC. The re-arm Office command, is configured to re-arm Office 2016. If you have Office 2013 or 2007, you will need to change the path to the .exe that is referenced. Also in this directory you will need to create and store your .xml file for sysprep. You can use Windows System Image Manager to create your .xml. Be sure to include the component to change the computer name and make sure you call your .xml file unattend.xml.

    - In C:\Scripts\, create a .bat file called SetupFinalize.bat and a Powershell script called JoinDomain.ps1. The JoinDomain.ps1 file is the file used to actually join the PC to your domain. Be sure to modify it with your domain information. The SetupFinalize.bat has several commands in it that run after the system has been deployed with a new image. One command activates Office, one activates Windows, one calls JoinDomain.ps1, and the rest of the command deletes certain files. Finally, it reboots the PC once joined to domain.

    SetupComplete.cmd:
    C:\Scripts\SetupFinalize.bat

    StartSysprep.bat:
    REM **Rearms Office**
    "C:\Program Files (x86)\Microsoft Office\Office16\ospprearm.exe"
    REM **Starts Sysprep with the unattend.xml file**
    sysprep /generalize /oobe /shutdown /unattend:unattend.xml

    SetupFinalize.bat:
    REM **Activating Windows**
    cscript //b C:\Windows\System32\slmgr.vbs /ato
    REM **Activating Office**
    cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /act
    REM **Running Powershell script to join to Domain**
    Powershell.exe -ExecutionPolicy Unrestricted -File C:\Scripts\JoinDomain.ps1
    REM **Deleting some password sensitive files**
    del /Q /F C:\Windows\System32\sysprep\unattend.xml
    del /Q /F C:\Windows\panther\unattend.xml
    del /Q /F C:\Scripts\Sysprep\unattend.xml
    del /Q /F C:\Scripts\JoinDomain.ps1
    REM **Rebooting PC**
    shutdown /r /f /t 15

    JoinDomain.ps1:
    $domain = “YourDomainHere”
    $user = "UserToUseToJoinToDomain"
    $password = “EnterUserPasswordHere” | ConvertTo-SecureString -asPlainText -Force
    $username = “$domain name\$user”
    $credential = New-Object System.Management.Automation.PSCredential($username,$password)
    Add-Computer -DomainName $domain -Credential $credential

  6. Very nice T3chGuy007.
    I do have a question though: Are you able to make sure that you have network when trying to join domain?
    Mine just skips this step even though I make sure to install drivers before joining, with another script. The drivers work when I get into Windows.
    I would also like to know if and how you have gotten Sysprep tags to work with the Computer name given when deployment starts. Is it just to have an unattend.xml in c:\system32\sysprep when uploading?

    A small suggestion for the CloneDeploy developer: Is it possible to do filecopy before sysprep tags? That way we can have the uattend.xml file on the deployment server, change what we want, use filecopy to copy it to the target computer after deployment and still use the Sysprep tags.

  7. @jmn

    What I do is install Windows on my master device and at a certain point during setup, I press SHIFT+CTRL+F3 to put the device in Audit Mode. I install all of my software, drivers, etc, and place the files I previously mentioned in the correct location. Once all of this is done, I upload the image to CloneDeploy. Next, I close the audit window and then run the batch file that I created earlier to sysprep the device. Once the device shuts down, I upload another image. Basically, I have two images associated with each device I have. One to revert back to the pre-sysprep state and one that I can use to deploy to identical devices. Once I have the second image uploaded, I deploy the first image to my master device so it is ready to update again when I'm ready to make changes.

    With the unattend.xml, I include the component for <PersistAllDeviceInstalls> so that when sysprep runs, no drivers are removed. By doing this, I know for sure when I deploy an image to an identical device, all of the drivers are already installed and this allows the device to be able to join to the domain after the image has been deployed. As far as the computer name, I believe if you have the <ComputerName> component listed in your .xml, CloneDeploy will pick that up and rename your PC automatically. The only place I have my .xml file is in C:\Windows\System32\Sysprep\.

  8. clonedeploy

    14 Jul 2016 Administrator

    @jmn

    Is it possible to do filecopy before sysprep tags?

    yes, we just need to move the function call on the deploy script for file copy before the sysprep tags call

    @T3chGuy007

    I believe if you have the <ComputerName> component listed in your .xml, CloneDeploy will pick that up and rename your PC automatically.

    That is correct.

  9. The first part about the domain joining I think is caused by trying to add the -server parameter to the add-computer command. The command simply will not work if I specify a server and I don't know if it is a bug in powershell or something I do wrong. Removing it works tough but gives a little less control.

    @clonedeploy
    Okay. I was wondering if there was a specific reason and it simply wasn't possible. I will try and switch them in the scripts.
    Regarding the sysprep tags: So you don't need to have it defined in sysprep tags on CD with the $computer_name variable?

    @T3chGuy007
    I actually have my setup a little different than usual. I use CloneDeploy to copy all the files over to the machine on deployment and a shortcut for the StartSysprep.bat in the Administrator Startup folder. I remove the password for the account before upload so when it is deployed, it will log in automatically, do a sysprep, install drivers and join domain. I know it takes a little longer but with a /reboot instead of /shutdown in the sysprep command it will all be automatic so that doesn't matter much.
    The advantage is that you don't have to worry about audit mode or rearming limits and so on which means that you only need 1 machine for updating. Another advantage is since all files are copied with CD's file copy feature, it is easy to edit everything directly on the server, though most of this could also be done if you sysprep before.
    Is there a disadvantage to doing it this way that you know of? I was just wondering if the 5-10 minutes is the only reason for sysprepping before uploading or if I am making a huge mistake.

    Thank you for your time and answers. I am quite new to deployment so it is nice to get some help.

  10. @jmn

    I think you can setup devices any way that you feel most comfortable with. In my situation, I like having all of my drivers, files and scripts on the image before I upload but if your scripts are changing, it probably would be easier to have them on the server. Also, I like having two images per device but I can see the advantages to just one image too. It really boils down to personal preference.

  11. @T3chGuy007

    Thank you for posting that! I'm finally getting around to trying it out. Would you mind posting a sample of your .xml file? I used Windows System Image Manager to create one but I'd like to compare it to something I know works.

    Thanks, again!

  12. @snowbear

    Below is my .xml file I use for Windows 7 64-bit devices.

    <?xml version="1.0" encoding="utf-8"?>
    <unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="generalize">
    <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <SkipRearm>1</SkipRearm>
    </component>
    <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>
    </component>
    </settings>
    <settings pass="specialize">
    <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <SkipAutoActivation>true</SkipAutoActivation>
    </component>
    <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <CopyProfile>true</CopyProfile>
    <ShowWindowsLive>false</ShowWindowsLive>
    <TimeZone>Eastern Standard Time</TimeZone>
    <ComputerName>CloneDeploy</ComputerName>
    </component>
    </settings>
    <settings pass="oobeSystem">
    <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <InputLocale>en-us</InputLocale>
    <SystemLocale>en-us</SystemLocale>
    <UILanguage>en-us</UILanguage>
    <UILanguageFallback>en-us</UILanguageFallback>
    <UserLocale>en-us</UserLocale>
    </component>
    <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <OOBE>
    <HideEULAPage>true</HideEULAPage>
    <NetworkLocation>Work</NetworkLocation>
    <ProtectYourPC>1</ProtectYourPC>
    </OOBE>
    </component>
    </settings>
    <cpi:offlineImage cpi:source="catalog:InsertCatalogSourcePathHere" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
    </unattend>

  13. @T3chGuy007

    You're awesome! Thanks!

  14. @T3chGuy007

    Do you know if your xml file work with windows 10 also?

    Thanks

  15. Yes, I believe it does because I've used it on a Windows 10 x64 PC.

  16. Edited last year by vbourke

    I would like to add a slight modification to T3chGuy007's post (which is absolutely fantastic). In my situation, I use groups and profiles to install different types of software for different departments automatically, so I needed to also be able to autonomously add computers to the correct OUs in AD. The final line of the JoinDomain.ps1 looks like this:

    Add-Computer -DomainName $domain -Credential $credential -OUPath "OU=Test1,OU=Test2,DC=DomainController,DC=Local"

    Then, in each group I have custom attributes set to each OU name on each group, so I can use a post-deploy script to modify the JoinDomain.ps1 file as follows:

    #!/bin/bash
    mkdir /mnt/ntfs_mnt
    ntfs-3g -o force,rw,remove_hiberfile ${hard_drive}3 /mnt/ntfs_mnt
    sed -i '6s/.*/Add-Computer -DomainName $domain -Credential $credential -OUPath "OU='$cust_attr_3',OU='$cust_attr_2',DC=DomainController,DC=Local"/' /mnt/ntfs_mnt/Scripts/JoinDomain.ps1
    umount /mnt/ntfs_mnt

    Where cust_attr_3 and 2 are the names of the OUs to be placed in for that deployment

    (Thanks to the post Here)

  17. Hello!

    I know this is an old topic, but I have to ask, at what point do these scripts are being applied? I need to add the pc to domain after it gets cloned. I tried the JoinDomain.ps1 script and it works. I just need to know how to execute it after cloning.

    Thanks for the help.

  18. clonedeploy

    24 Feb 2017 Administrator

    In the example provided by T3chGuy007 it is running from setupcomplete.cmd which is automatically run when sysprep is used. The easiest way to join domain in my opinion is just to supply the info in the unattend.xml file used with sysprep. Without sysprep you would need to add the script to the windows startup scripts so that it fires before logon and then delete the script when done. I would just go with sysprep

 

or Sign Up to reply!