Installing a Managed Desktop Project Machine

Written by Tim Colles and John Berry

Modified by Paul Smith 20/07/2010

A. BEFORE INSTALLATION

1. Before you can do an MDP installation you will need to have
   • an EUCS A/D account and password with suitable authorization - all of the support-team members should have this, contact Lindsey if you don't have the right permissions.
   • access to the Edlan database - all of the support-team should have have this, contact Lindsey if you don't have access.
   • the latest version of the PIE installation CD - you can download an ISO Image from E.U.C.S.
     Note: the version of pie 2.6.22.6 (which works on the gx755s) can be found in /afs/inf.ed.ac.uk/group/us-unit.
   • an official UUN for the intended user(s) of the machine
2. Obtain the MAC of each machine to be installed. On new HP machines you can find this in the BIOS settings under System Information. For other models the easiest way is to connect the machine to ethernet and boot from network, or boot from a DICE install CD - it will tell you the MAC when it first makes DHCP requests. Alternatively, if there is a version of Windows pre-installed you can choose the Run option from the Start menu and enter cmd to run a command console and at the command console prompt enter the command ipconfig /all which will return the network details including the MAC.
3. Make a DNS entry for each machine to be installed. Machines should be put on a suitable managed wire at the site where they are being installed.
4. If you have access to the EdLAN Database then register the machine through that using these instructions.
5. Make an LCFG entry for each machine to be installed. Here is what it should look like (substituting HOSTNAME and setting the machine model and mac address appropriately):

   /* HOSTNAME */
   
   #include <dice/os/managed-desktop.h>
   #include <lcfg/hw/dell_optiplex_755.h>
   
   dhclient.mac                00:0D:56:F8:BC:C5
   dhclient.cluster            dhcp/all
   dhclient.hostname           HOSTNAME.inf.ed.ac.uk
   
   /* End of file */
   

6. Use inventory commands to link serial number to hostname. Unlike DICE machines this does not happen automatically when connected to network.

   invedit --serial H22HW3J --name revolution  
   

7. This step is only necessary for Appleton Tower wire M machines. In a checked out version of the LCFG headers Subversion repository edit lcfg/live/include/live/ipfilter.h and at the end of this file add the hostname of each machine to be installed to the list of hostnames in the notOffSiteTrusted resource and then commit the changes. If you don't make this change the firewalls will block all the traffic.
8. Check with the user that there is nothing on the local drive of the machine which they need to keep. If there is then copy it onto their network drive. Carefully check their browser profile has not been accidentally stored on the local drive (this might include copies of mail).

B. INSTALLATION

1. Boot from the PIE CD. On the Dell machines you will probably have to press F12 at the BIOS startup to get the boot menu. HPs will boot automatically from CD, so remember to remove this from the BIOS boot options after the machine has been installed.
2. PIE will now start. Hit Return when the boot: prompt appears.
3. The machine should then pick up network details via DHCP. If it does not (and prompts for manual configuration) then something is wrong. To start off with check that the DHCP server has updated properly with the information for the machine. Do not attempt to proceed by entering network details manually as you will hit problems later on if DHCP configuration is not working.
4. Installation proceeds and you will get some progress messages and then the full screen Pre-Installation Environment Main Menu.
5. From the Pre-Installation Environment Main Menu choose option (1) - Image build XP for service.
6. Now you should get the XP Image Build Methods menu.
7. From the XP Image Build Methods menu choose option (2) - Image build XP from network.
8. Installation proceeds and you will get some progress messages. If this is an initial installation you will then get a warning message about repartitioning/formatting the disk, the default is No, select Yes and then hit Return to allow this to go ahead. You will then get a partition layout message and after partitioning and formatting the disk the installation will continue automatically.
9. If the machine has been registered in the EdLAN database it will establish its name automatically, otherwise you will now be prompted to supply a workstation name. If you are hit Return and on the next dialog enter the NetBIOS hostname without the domain (ie. no .inf.ed.ac.uk). Hit Return again to continue. The NetBIOS hostname is the local hostname with inf- pre-pended.
10. If the machine has been registered in the EdLAN database it will establish its OU automatically, otherwise you will now be prompted to supply a workstation OU. If you are hit Return and on the next dialog hit Return again to accept the default OU (which is dc=ed,dc=ac,dc=uk).
11. Installation proceeds and you will get a progress bar message indicating the transfer of the winxp-pro image from the CD onto the disk. Then you will get messages about stretching the filesystem. After this there will be multiple messages about downloading drivers. These will be followed by messages about recreating DLL cache and creating Cmdlines.txt.
12. Now you will be prompted to remove the PIE CD. Do so and hit Return and the machine will reboot.
13. From the EUCS/PIE boot menu select the first option (WindowsXP) which is also the default.
14. WindowsXP will boot. You will get a basic Windows XP Setup splash screen and there will be intermittent disk activity for a while. Then Windows XP proper will start. You will get a message about installing network components.
15. Now you will get a dialog titled Workgroup or computer domain menu. There may be a considerable delay and then the installation should continue automatically. If it does not and you get an error message and are prompted to enter information or to proceed manually then you may have got the NetBIOS hostname wrong or the machine may have been incorrectly registered or not in the ipfilter.h file. You will need to fix the problem and start the installation again.
16. Installation proceeds with a message about performing final tasks and the machine should reboot.
17. You will get messages about the disk drive being checked and the drive being converted to NTFS (this may involve another automatic restart). After converting the filesystem the machine will reboot again. Allow it to reboot back into WindowsXP.
18. Before completing the WindowsXP startup you should get multiple messages about managed software being installed. If you don't and it goes straight to the Ctrl-Alt-Del prompt instead then wait for the disk activity to stop (a few minutes) and restart the machine. Next time around at this same point you should then see the messages about managed software being installed. Wait for the managed software to be installed, this will be about ten minutes or so. The machine will then reboot again. Allow it to reboot back into WindowsXP.
19. Now you should get a normal Ctrl+Alt+Del WindowsXP prompt. Press Ctrl-Alt-Del and you should then be able to login with your Active Directory account. Check that your network home directory is available under My Documents (this will only be automatically mounted correctly if your Active Directory account password is the same as your DICE account password, see D-1 if not). Do a cursory check that all the managed software has been installed (eg. Office, Adobe and Exceed are there) - if not logout and reboot again and probably more software will be installed. Repeat until it looks okay. The MDP installation stage is now complete. Logout.

C. AFTER INSTALLATION

1. Logon as yourself. All CSOs are Administrators.
2. Switch off "Offline Files"
   • Open "My Computer"
   • Select "Folder Options" from the "Tools" menu.
   • Select "Offline Files"
   • Uncheck "Offline Files"
3. Kaspersky is now installed by default. It does require a reboot to be fully installed and it does require a bit of tweeking.
   • Open Kaspersky from bottom left on screen.
   • Open Settings.
   • Under "Scan" select "Critical Areas"
   • Check "Run Mode", "every day"
   • Select "Change"
   • Check "Run task if skipped"
   • Repeat for "My Computer"
   • Under Service select "Updates"
   • Under "Run Mode" select "Every Day"
   • Select "Change"
   • Change "Frequency" to Daily
   • Ensure "Run task if skipped" is checked
4. Make sure that eFinancials is working. Sometimes it works by installing the plugin, sometimes it need the GPO.
5. Configure network printers that would be suitable to make available based on where the machine will eventually be physically located:
   • Under the Start menu choose Printers and Faxes and under the Printer Tasks list click on the Add a printer option.
   • On the Wizard click Next and then set the A network printer, ... toggle and click Next.
   • Set the first Connect to this printer ... toggle and enter the network printer path URL, for example http://infcups.inf.ed.ac.uk:631/printers/if132c0.
   • On the driver installation prompt click the Okay button to choose and install the driver for the printer. There may be quite a long delay (with disk activity) at this point while the driver database loads.
   • From the driver lists choose the appropriate manufacturer and printer model (if you don't know which use the printers command on a DICE machine to get the manufacturer and model). Make sure to select the PS (Postscript) version of the model if there is a choice. If there is not an exact model match download a driver set for the printer from the web and start this procedure again.
     If you are installing an HP4300, the best driver is available from the support shared area. Do not use the driver from the HP web site which mentions vista as it screws up the machine. The other driver does not include all necessary features.
   • After selecting the printer model click on the Okay button to install the driver (this can take a while).
   • Back on the Wizard dialog click on the Next button to continue (at this stage you can also choose whether the printer should be the default printer or not). Then click on the Finish button.
   • Right click on the icon of the printer just added and choose the Printing Preferences option. Click on the Advanced button and expand the Postscript Options item in the list and click on Optimize for Speed and change to Optimize for Portability and click on Okay.
   • Right click on the icon of the printer again and this time choose Properties and then click on the Device Settings tab.
   • Under the Form To Tray Assignment entry make sure all trays are set to A4 (or as appropriate to the particular printer).
   • Under the Installable Options entry, set the Total Printer Memory entry to a suitable value for the particular printer (this can be established via the menus on the printer itself or by printing a diagnostic page from the printer) and also set any other printer specific parameters (such as whether the printer has a Duplex Unit installed).
   • Click on Okay to save the changes.
   Each printer can be setup using the same procedure above.
6. Log off.
7. Restart the machine and enter the BIOS. Set a BIOS password and configure the boot sequence so that the machine will only boot from the hard disk.
8. Time to move it onto the users desk - you need a spare port on the appropriate wire. Final setup must be done with the user present.

D. AFTER INSTALLATION WITH END-USER PRESENT

If the user has already been setup to use an MDP machine then they will have a roaming profile but you may need to set up Thunderbird and Nvu.
If this is a new user for MDP then follow all the steps below.

1. After pressing Ctrl+Alt+Del to get the login screen choose the Options menu and then select ED from the Log on to options. Login as the user, using their official UUN and password. The users original AD password is retrievable from IDMS. If they have changed their password then get them to enter it themselves. This must be the same as their DICE password. If it isn't then use Ctrl-Alt-Del so that the user can reset their Windows/AD password.
2. Check that the users network home directory is available under My Documents. If it is not or you are prompted for a username and password then the users SMB password needs to be reset to be the same as their DICE and AD passwords. To do this use the SSH client (from the Start menu, choose All Programs, SSH Secure Shell then Secure Shell Client) and connect to admin.smb.inf.ed.ac.uk (use the Quick Connect button and enter the hostname and username and you will be prompted for the password, click No on the remember keys dialog). Run the command smbpasswd USERNAME as root and get the user to enter the same password as they used for the Windows login (ie. their DICE account). If this is a completely new user then you will need to run the command smbpasswd -a USERNAME instead.
3. Map any additional shares required (such as common administration areas). Right click on My Computer (from the Start menu) and select the Map Network Drive option. Choose the drive for the share and as the Folder enter the share path (\\admin.smb.inf.ed.ac.uk\SHARENAME). Make sure the Reconnect at logon toggle is enabled and click on the Finish button. This same procedure can also be followed at any other time as the user to add new shares.
4. Set the users default printer. From the Start menu choose the Printers and Faxes option. Right click on the icon of the printer the users wants as their default and from the menu select Set as Default Printer. Close the window.
5. Configure access for the School Database. This step is only necessary if the user the machine is for actually uses the database. This procedure can however be followed at any time as the user to setup access. First configure Exceed to start automatically when the user logs in and then create a startup icon for the database:
   1. Configure Exceed to start automatically when the user logs in:
      1. From the Start menu choose My Computer and then double click on Local Disk, Documents and Settings, the users USERNAME entry, Start Menu, Programs, Startup.
      2. Next open another directory window. From the Start menu choose My Computer and then double click on Local Disk then Program Files and then click on Show the contents of this folder if program files are not already listed. Now double click on Hummingbird, Connectivity, 10.00 and Exceed.
      3. Right click on the exceed program icon, drag it to the window opened previously, release the mouse button and select Create Shortcuts Here from the menu.
      4. Close both windows.
   2. Create a database startup icon on the desktop:
      1. From the Start menu choose My Computer and then double click on Local Disk then Program Files. Click on Show the contents of this folder if program files are not already listed. Then double click on SSH Communications Security and SSH Secure Shell.
      2. Right click on the ssh2 program icon, select Send to -> Desktop (create shortcut).
      3. Close the directory window.
      4. Right click on the desktop icon just created and select Properties.
      5. In the Target field append to the end of the line (after the double quote with a space) dblogin.inf.ed.ac.uk tecdat. You might use itodb instead of tecdat if the user is in the ITO.
      6. Next click on the Change Icon button, click the OK button to pass the warning message, and select a suitable icon, the one 11 across and 3 down for example (a computer monitor on top of a folder). Click on the icon and then click on the OK button.
      7. Now click on the General tab and replace Shortcut to ssh2 with School Database (or ITO Database).
      8. Click on the OK button to finish.
   3. Check it works by first starting Exceed (from the Start menu click on All Programs, Hummingbird Connectivity 10, Exceed then Exceed). Then double click on the startup icon. This should bring up a terminal window which will pause for a while and then prompt for the users DICE password. Get the user to enter their password. The database interface should then be started automatically. Note that the user must first click on the database login window box to enter their database password otherwise the password will appear in the terminal window by default.
   You can also create a startup icon for a Unix command shell in exactly the same way but by missing out the tecdat or itodb command in the Target and also perhaps using a different host from dblogin.
   Some users may also need an icon for genrep. This set up in the same way but the target machine is infdb.

Firefox, Thunderbird and SeaMonkey

• We are not installing Mozilla any more. Mozilla has been replaced by Firefox/Thunderbird.
• Firefox stores the user's bookmarks in their home directory - other settings remain in the roaming profile.
• Thunderbird's profile is stored in C:\Documents and Settings\uun\Local Settings\Application Data\Thunderbird\Profiles
• NVu replaced by SeaMonkey

Thunderbird

Start Thunderbird. The default mail account is Staffmail, logging in with the EASE password. If the user has not already registered, they can do so here EASE Registration using their default Windows password (Open Access Labs)

To install a Mail Account:-

All staff are now using Staffmail. This comes by default with Thunderbird but some of the settings are fixed and irritate users. It is better to delete the account which comes by default and set up a new one.

• Choose the Tools-->Account Settings-->Add Account menu option.
• Enter the users full name and email address and click on the Next button to continue.
• Select IMAP and enter the incoming mail server as imap.staffmail.ed.ac.uk and the outgoing mail server as smtp.staffmail.ed.ac.uk and click on the Next button to continue.
• The incoming and outgoing username should both be set the to users username by default so click on the Next button to continue.
• The account name can be anything but including Staffmail in the name reminds people that they are no longer using Informatics mail. Click on the Next button to continue.
• Check the settings and click on the Finish button to create the account.
• Now click on Server Settings in the list of options on the left of the dialog and set the Use secure connection (SSL) toggle (the port should change to 993).
• Click on the the OK button.
• Back on the main window click on the mail account just created on the left panel, click on Inbox. You should then be prompted for a password and the user should enter their EASE password and their Inbox should then be accessable.
• We have a script which will save the user's profile in their homedirectory. (This will not save settings lost at logout, that is a different problem.) Put the backupthis.inf file in the following directory:-
  C:\Documents and Settings\uun\Application Data\Thunderbird\Profiles\4s043sm3.default\backupthis.inf and the tbird-inf-logouts script on the desktop. Ask the user to double click on the script once they have closed Tbird before they log out. This should write their profile to M:\Thunderbird\ProfileBackup
• If the user wishes to use the Local Folder facility, please make sure that this is in their home directory and not on the C drive.

SeaMonkey

• Start SeaMonkey.
• Open the Composer window using the Window-->Composer menu option.
• Choose the Edit-->Preferences menu option.
• Click on the Composer in the list on the left (should be highlighted anyway).
  • Set the Retain original source formatting toggle.
  • Unset the Save images and other associated files when saving pages toggle.
  • Set the Always show Publish dialog when publishing pages and click on the OK button.
• Choose the Edit-->Publishing Site Settings menu option.
• Enter the site name as www.inf.ed.ac.uk (http), the publishing address as http://publish.inf.ed.ac.uk/,the HTTP address as http://www.inf.ed.ac.uk/ and the users username (but leave the password blank). Click on the OK button to save the setup.
• Now do the same again but create an SSL publishing account. Choose the Edit-->Publishing Site Settings menu option. Enter the site name as www.inf.ed.ac.uk (https), the publishing address as https://publish.inf.ed.ac.uk/, the HTTP address as https://www.inf.ed.ac.uk/ and the users username (but leave the password blank). Click on the OK button to save the setup.
• So that desktop shorcut launches directly to Composer window: Go to Edit->Preferences->Appearance to set Composer only, and unset Browser, Chatzilla etc, and click OK
• To avoid Composer using outdated versions of a page: Edit->Preferences->Advanced->Cache and set Cache Size to 0
• Choose the File-->Close menu option to exit Composer. See also the Web Publishing Guide.

Other Software.

Logoff and get the user to login themselves again and check it all works.

 : Units : User_support 

Please contact us with any comments or corrections. Unless explicitly stated otherwise, all material is copyright The University of Edinburgh