Hello All,
Long time lurker, first time poster. I have always found my anwsers without having to create an account! Thank You. However I seem to have run into an issue that I am either not searching the proper term or I am crazy.

I would like to start deploying applications on a weekley schedual rather than just deploying at will (How we have been doing) some of our deployments get pretty intense with multiple pieces installing to have a single effect.

What I would like to be able to do is lock down a machine at login (AD 2003, Windows XP SP2/3) so that the applciation can install and reboot (if need be) before the user can gain access to the OS. My packages are being deployed using SMS 2003 SP3 and would like to be able to only use AD or SMS to make this possinble rather than adding another piece to the puzzel that is packaging and deployment. Is that possible? :)
Thanks Again.
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
Group Policy machine-based installs will do exactly what you want, in terms of installing before the user has access to the workstation. Scheduling...not sure, as my current client is the first place I have encountered GP deployments and here we deploy at will.

Doesn't SMS do the above already, though?
Answered 06/06/2008 by: VBScab
Red Belt

Please log in to comment
0
ORIGINAL: VBScab

Group Policy machine-based installs will do exactly what you want, in terms of installing before the user has access to the workstation. Scheduling...not sure, as my current client is the first place I have encountered GP deployments and here we deploy at will.

Doesn't SMS do the above already, though?



Indeed on the Group Policy... Just with SMS we gain all of the management and monitoring tools.

However that is the crap shoot, My team packages the application another advertises and deploys with SMS, I am being told that SMS cannot do this but honestly do not think that is a true statement especially when you can lock down with less than SMS.
Answered 06/06/2008 by: Drpwne
Yellow Belt

Please log in to comment
0
ORIGINAL: Drpwne
I am being told that SMS cannot do this but honestly do not think that is a true statement
It's always been my understanding that one of SMS's features is the ability to do push installs to workstations.

Is anyone able to enlighten us one way or the other?
Answered 06/06/2008 by: VBScab
Red Belt

Please log in to comment
0
Drpwne,

With SMS you can schedule advertisements for specific times/dates.

So you could create a recurring advert for every 1st Monday of the month - for example - so that you populate the collections throughout the month, but they only get actioned on the 1st Monday.

From within the advertisement you can specify that it will run at 'login' or 'logoff' or as 'soon as possible' - I've never used the 'at login' option, but imagine that it wouldn't prevent the machine from being used during the installation.

The only thing I can't help you with is the locking of a machine and reboot before the user gets control of the machine.
OnCommand's CCM (now Symantec I think, but called something else) had the facility to log into the machine, run an installation, reboot, log in again to check nothing else was due, and then log off and return control back to the user - we migrated from that system years ago because it interrupted users whilst they were working.

One of the 'benefits' of SMS is that it handles deployments silently and in the background with minimal interference to the end user.

I'm sure there must be some util out there you could use, I imagine it would be leveraging something either with autoadminlogon, intercepting the logon gina or replacing the shell with something other than explorer.exe.

The other option would be to schedule for a night-time deployment, and force a reboot from SMS. There is a 3rd- party add-in for SMS (SMS Companion) that utilises Wake On Lan.


That's the best my brain can do at this time on a friday [:D]

Hope it helps,

Dunnpy
Answered 06/06/2008 by: dunnpy
Red Belt

Please log in to comment
0
SMS can't do a logged-off install? That seems surprising to me. Every other tool I've used can do that.
Answered 06/06/2008 by: turbokitty
Sixth Degree Black Belt

Please log in to comment
0
Thanks dunnpy,
The schedualing we are good with and we have used Wake on LAN as well. My real issue is the install at logon issue. Sorry I should have been a little more detailed in my design explination .

My company has about 3000 employees 90% of which are laptop users so essentially the machine may not be in the office once the advertisement goes out so we also use caching for some apps.

Turbokitty, SMS will do a logged-off install. Essentially a machine just has to be attached to the network and turned on, Wake on LAN can fixed the turned off issue too.

My main issue is wanted to lock the machine down at login as the app installs. [:)]
Answered 06/06/2008 by: Drpwne
Yellow Belt

Please log in to comment
0
Ah.. I see now.
Answered 06/06/2008 by: turbokitty
Sixth Degree Black Belt

Please log in to comment
Answer this question or Comment on this question for clarity