6

When deploying machines in our enterprise we run through a series of checks before deployment. Some of these include:

  • Verify required files and folders have been copied to the computer
  • Verify all required applications have been installed
  • Verify some registry and file configurations have been set up for the intended user
  • Verify the machine is in the correct OU in the Active Directory Domain

I assume this is a pretty standard thing. We use a combination of WDS, GPO, and SCCM to deploy Windows XP to the machine and install some software. However, before the machine can be deployed to the user we need to go through a somewhat manual process to verify that the machine is ready to go.

Is there any software out there that you can create a checklist of things to test and it runs automated on the machine? Right now we use an HTA that I created, but maintaining it is a bear and I'd like something a little more robust. Any suggestions would be greatly appreciated.

We have Windows XP clients currently (moving to Windows 7 soon) and mostly Windows 2003 servers (a few 2008).

EDIT:

In order to clarify what I'm looking for, I'll explain more about what our current HTA does, and what the ideal app would do.

Gather Information about the End User

  • Gather username of the user [entered into a textbox]
  • Gather the role of the user [chosen by a drop-down box]
  • Gather what office the end user will work in [chosen by a drop-down box]

When you click the "Run Checks" button a series of checks run. The above 3 variables are used to determine exactly which checks should run and what their expected values should be.

Checks

  • Verify that all the required software is installed (the Role gathered above is used to determine which software is required for this specific user)
  • Verify that the computer sits in the proper OU (the Office gathered above is used to determine the proper OU for this computer)
  • Verify that some registry values are set correctly (turn off Windows Tour, enable UNC, etc)
  • Verify some files exist (Shortcuts on the desktop to our intranet and some internal apps, etc)
  • Verify some user settings (location of My Documents folder, etc)
  • Verify a local folder matches a template folder on the network

Fixes

  • Install any missing apps
  • Create/Read/Update/Delete registry keys and values
  • Create/Read/Update/Delete files and folders

Right now this is all custom written (in VBScript, ugh). What I'd like to find is an application where I could create templates of fixes and have each saved in an XML file (or some other human-readable file format). Then I could create a new Check Group by selecting some of those checks that I want to run, and save that check group out so that I could easily rerun the specified checks in the future.

EDIT 2 One more thing that would be nice is if we could run these verifications at any time. For instance: a computer that has been deployed for a year. Open up this application and check that the proper applications are installed, the updates are installed, and the files on their machine that we sync are the current versions.

I guess I'm looking for more than just a pre-deployment app. I'm just looking for a Verification application that could be run at any time (perhaps even by the end user?).

... Maybe this is something I have to build myself, but if something exists out there already I would prefer to buy that instead of spend all my time making it.

Andy May
  • 919
  • 11
  • 16
  • Can you expound a little on the specifics that you test for in your hta app? This seems like a really good question! – JGurtz Nov 18 '10 at 18:46
  • I've updated the question to give a little more insight into what our current application does, and what I'm looking for. – Andy May Nov 18 '10 at 21:00

2 Answers2

1

I believe that the most recent version of SCCM can do checks based on users, whereas SCCM 2007 is purely computer based.

Given that, if you have some way, other than user, of organising your computers based on their use (which probably maps to users anyway) then you should be able to use SCCM Desired Configuration functions in SCCM to do all your checks. You should then be able to do some remediation based on results of your checks, or at least have a list of computers and problems to remediate.

dunxd
  • 9,632
  • 22
  • 81
  • 118
  • I'm looking for a way to run these checks "on demand". My experience with SCCM is that it just kind runs when it feels like it. I have SCCM 2007 (not R2) so maybe this has changed? I also haven't seen the functionality to do very granular checks per user (like checking a value in HKCU) and chaining complicated If-Then checks together. Is this available now? I can't see any mention on this functionality on the site. – Andy May Nov 24 '10 at 14:02
  • It often feels like it checks "when it feels like it", because it does run scheduled checks, and then the report updating is also scheduled. Figure out how to run the checks and report updates on demand. The scheduled Desired Configuration checking will be useful for your expanded requirements. As I said the user level checking appears to be in SCCM 2010. If you have enough users to justify complex checks such as this, then maybe you can justify updating to the latest version of SCCM. It is a bit hard to get your head around, but it looks like you have most of the tools you need already. – dunxd Nov 26 '10 at 14:06
0

Have you considered looking into the Microsoft Deployment Toolkit? Most if not all of the requirements you specified can be accomplished. The infrastructure for doing these checks (or "Validation" in MDT) can be migrated into MDT as steps.

Michael Sainz
  • 141
  • 5
  • The only information I've seen about MDT describes the inital loading of the OS and apps on a computer (which we do through WDS, GPO, and SCCM). I'm looking for an app that we can run just before we give it to the user, so that we can verify that the machine is tailored for them. We need to do checks like: Is this a laptop? If yes, is the VPN software installed? If yes, is it configured for the user (specific HKCU registry settings)? Can MDT run on the client (without install) and do the types of checks? – Andy May Nov 18 '10 at 20:53
  • Ok, then I think I misunderstood the question. If you're looking for a separate application that is not tied to your image build/deployment process then MDT might not be the solution. What you could do is create a task sequence that doesn't deploy an OS but runs through validation steps. That would give you a away to access the MDT DB where you could store Make/Model, Roles, Applications and such. – Michael Sainz Nov 18 '10 at 21:27