I wrote this when I moved my company from seperate images for each model of PC to a one image for everything, that makes updating individual programs much easier.

The Process

Scripted Installations work by automating the process of creating a new PC everytime. It installs Windows from source media (a DVD uploaded to KBOX) and runs various post installation (scripts and installs that run after Windows has finished installing) that configure the PC and begins to install the programs that need to be on every PC rolling out to new users. Because this is a universal image and will work on a great deal of different vender and machine models a password has been set on the BootManager so only IT staff can deploy these images. Below is a basic layout of the imaging process:

 

Preinstallation Tasks

These tasks are run in the KBE (KBOX Boot Environment) before the Windows installation kicks off and prepares the hard drive in the following order

Create a single partition

the folllowing runs using DISKPART and creates a single partition on the hard drive for Windows:

select disk 0
clean
create partition primary
select partition 1
active
assign letter=c
exit

Format C: as NTFS

This runs as a BAT script to format the C:\ for NTFS

format /q /y /fs:ntfs c:

Install Vista/2008/7 MBR

This installs the Windows Master Boot Record for Windows Vista, Windows Server 2008 and Windows 7

bootsect.exe /NT60 c:

 

Windows Operating System Installation

Windows 7 is the choosen Operating System for all new PCs and have been uploaded to the KBOX2000. To speed up the installation of Windows along with updates, the source media is slipstreamed with Service Pack 1 and other Windows Updates (using the .msu files direct from Microsoft) to make sure the image is as up to date as possible when it is deployed. This slipstreaming is done once a month after the 3rd week so that the current months updates are included. Also other language updates are removed to make the image smaller and quicker to deploy. 

Once this has been slipstreamed (current program used to do this is RT 7 lite v2.6 beta) it is then uploaded to the KBOX2000 using the KBOX Media Manager (this can be downloaded from the KBOX2000) and a scripted Installation is built around it, replacing previous scripted installations

Drivers

The KBOX2000 has a database of drivers for booting into KBE which allows you to deploy the image. Networking and storage controller drviers for the machine model are needed first otherwise it will not be able to boot into KBE. 

It also has a database for each Operating System (ranging from Windows 2000 - Windows 7/2008 R2 x86 and x64) where the PC will be able to get any drivers it needs after Windows has been installed. You can find out what drivers are missing for a PC by going into the System Inventory in KBOX and selecting the operating system, and you will get a list of all the drivers and any that are missing are marked with a no entry sign (shown below is a confirmed working driver and a missing driver)

Working driver

Missing driver

Any drivers that need to be uploaded can be done using the Driver Harvesting Utility or uploaded manually to the Driver share on KBOX2000 by mapping \\ikbox\drivers to a drive letter on your PC. From there you can upload the .inf, .sys, .cat and any other files required for the driver into the relevant OS folder (Windows 7 x64 drivers need to go into the windows_7_x64 folder for example)

Post Installation Tasks

Once Windows has been installed then a splash screen will appear which hides the various programs installing in the background. These programs are run by uploading the .msi or .exe and running a command line to install it. A list of the programs and command lines are written below:

Disable UAC

This needs to be disabled to allow the following programs to install so a registry edit is made to switch this off:

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f

Join Domain

This runs a .vbs file that is on the KBOX server by default which adds the computer to the domain. It runs the following:

join_domain.vbs <domain> <username> <password>

For security reasons the user details are not listed here. The user that is used is not allowed to login to any PC using Active Directory restrictions and has a random 20 digit password (this is saved in the service account keepass database) and has no rights except to add computers to the domain. This password will be reset each quarter

Activate Windows 7

This runs a .vbs script that already exists in Windows 7 and allows the user to run it beside other switches to activate using a Windows 7 product key

The following line enters in the ENGINE Windows 7 product key:

cscript C:\Windows\System32\slmgr.vbs /IPK xxxxx-xxxxx-xxxxx-xxxxx

and this line activates Windows:

cscript C:\Windows\System32\slmgr.vbs /ato

7Zip 9.20

"7z920.exe" /S

Adobe AiR

AdobeAIRInstaller.exe -silent -eulaAccepted

Adobe Flash Active X (32bit)

install_flash_player_11_active_x_32bit.exe -install

Adobe Flash Plugin (For 3rd party browsers 32bit)

install_flash_player_11_plugin_32bit.exe  -install

Adobe Reader X - 10.1.2

AdbeRdr1012_en_US.exe /sAll /rs /l /msi /qb- /norestart EULA_ACCEPT=YES

Bomgar

This has a seperate installer for each x86 and x64 Operating Systems and is a silent installer by default so just the filename is run to kick off the installation:

bomgar-scc-randomdigitsthatfollow.exe

CutePDF

this is actually a part installer as it needs the Ghost Converter installed first. the converter is installed using:

converter.exe /auto

and then the actual PDF writer is installed using:

CuteWriter.exe /verysilent

FileZilla 3.5

FileZilla_3.5.0_win32-setup.exe /S

Gimp 2.6

gimp-2.6.11-i686-setup-1.exe /SP- /SILENT /NORESTART

Google Chrome

This actually uses the enterprise installer that Google distribute to businesses as the normal installation file for consumers cannot install silently

msiexec /i googlechromestandaloneenterprise.msi /qn /norestart

Java 6 Update 31

jre-6u31-windows-i586-s.exe /s ADDLOCAL=ALL IEXPLORER=1 MOZILLA=1 REBOOT=suppress

KBOX K1000 Agent

KInstallerSetup.exe -server=helpdesk.yourdomain.local -ssl_enabled=0 -amp_ssl=0 -display_mode=silent

Mozilla Firefox

"Firefox Setup versionnumber.exe" /silent

Microsoft Office 2007 Standard + SP3

This is actually installed using a .msp file which you can create using the Office 2007 installer (instructions are here) and it is zipped up and uploaded to the KBOX server and the following command line is run:

"setup.exe" /adminfile Office2007Standard.msp

Any updates for Office 2007 (for example Service Pack 3) are put into the Updates folder using the filename extract:path command and added into the zip file and the .msp file notices this and installs them automatically

Skype

msiexec.exe /i SkypeSetup_5.5.0.112.msi /qn /norestart

VLC Media Player 1.1.11

vlc-1.1.11-win32.exe /S /V /qn