Friday, June 30, 2017

Automating dual boot Deployments - Part Three - KBE Automation

This is part three of my series on automating dual boot deployments with Deploystudio and the Quest K2000. In parts one and two I covered my motivation for the project and the creation of a virtual hard drive that contains the KACE Boot Environment. In part three I will be covering how to automate deploying an image from the K2000.

Although the K2000 has an automated deployment mechanism in the interface their method works best for computers that are already in the database. One of the K2000 engineers also developed a separate application called "Default Deploy" that can be added to the boot environment via the KBE Manipulator. In our case we can boot to the KBE and add the Default Deploy pieces manually, this is more advantageous because the method can be repeated more easily than using the KBE Manipulator and without the need of uploading our modified KBE to the K2000 appliance.

  1. Download the Default Deploy files from the link on the ITNinja site
  2. Copy the Default Deploy files to a USB drive
  3. Boot to the KBE on your Bootcamp machine.
    At this point you should have an Apple device setup to dual boot with Windows, that Bootcamp partition should also have a boot menu option for the Windows Pre-install environment. Booting into that environment should take you to the KACE K2000 deployment screen.
  4. Click on Recovery and then Command prompt
  5. Insert the USB drive
  6. Change to the drive letter for your USB drive
  7. Create a folder on the x: drive called applications:
    mkdir x:\applications
  8. Copy the default deploy files to x:\applications
  9. Edit the startnet.cmd file to add the default deploy command:
    1. notepad x:\windows\system32\startnet.cmd
    2. Find the section before this line:
      @echo **Performing local startup
    3. Add the default deploy command before this section:
      x:\applications\default_deploy.bat /inifile:t:\default_deploy.ini
    4. Save the startnet.cmd file and exit Notepad
  10. Change to the T: drive
    Note: The T: drive maps to your K2000 petemp share. This is a hidden share that is used for temporary files and you can use it to store other files that you may need for deployment tasks. In this case the default_deploy.ini file will be placed there.
  11. Copy the default_deploy.ini file from your USB drive to the T: drive
  12. Edit the default_deploy.ini file according to the instructions to deploy your scripted install for your Bootcamp machine
At this point you can save your files and shutdown the KBE environment and upload an image of the Bootcamp environment to Deploystudio. Before uploading I do recommend removing the Windows installation files from the C: drive as there is no need for them at this point. Just be sure to leave the VHD file present. You can also use bcdedit to remove the boot option for Windows.

An advantage of using this method to automate deployment is that we can now easily customize the KBE for different scenarios. The default deploy tools can be set to use a custom ini file which enables you to have multiple default_deploy.ini files on the T: drive. This means that you will be able to create multiple images of your Bootcamp partition that when applied to the system contain different instructions for which image to apply to the computer. In a more advanced scenario you could also have the default_deploy.bat look for a file on the C: drive of the Bootcamp partition and use the Deploystudio tools to replace that file at imaging time with a default_deploy.ini that contains the instructions for the image you want to use. This would allow you to have one image uploaded to Deploystudio with the ability to set the image for the Bootcamp partition as part of your imaging workflow.

In Part four of this series I will cover how to setup the workflow for Deploystudio and the K2000.

Monday, June 26, 2017

Clearing applications from Profile Manager

For some unknown reason when editing the Dock payload in Profile Manager there are sometimes applications that won't go away, even if you delete them from the server. Thanks to this post on I was able to figure out how to remove the offending apps from the database. Once they are created again on the server they will appear correctly when editing a Dock payload.

  1. Open a Terminal session on the profile manager server.
    You can do this while connected via Screen Sharing or on your Mac by connecting via ssh
  2. Switch to root with the following command:
    sudo –s
  3. Open the PostgreSQL command line application with the following command:
    sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0
  4. Show a list of applications installed on the system that are in the database with the following command:
    select id,path from system_applications;
    Note the semicolon at the end of the command line, it is needed
  5. To show a list of specific applications, e.g. Photoshop use this command:
    select id,path from system_applications where path like '%Photoshop%';
    Make a note of the id for the application you want to remove.
  6. To delete the offending application:
    delete from system_applications where id=123;
    Substitute the 123 for the actual id found in steps 4 or 5
  7. Exit psql with the following command:
  8. Exit the root shell with the following command:
Once in the psql command line application there is a lot you can do to muck around in the database, of course. If you aren't comfortable in that kind of environment then be very careful or you would ruin your entire Profile Manager setup.

Friday, June 23, 2017

Automating dual boot Deployments - Part Two - Native Boot

Windows Native Boot is a technology introduced in Windows 7 that allows a computer to boot directly into a virtual hard drive or VHD. My work leverages this functionality to load the KACE Boot Environment (KBE) on a Bootcamp partition. This provides the ability to perform a scripted installation from the K2000 appliance on the Bootcamp partition.

Many of the steps below are taken from the following MSDN article that details the Native Boot technology.

The process of creating the VHD containing the KBE requires that we first use the Bootcamp Assistant to create a Bootcamp partition and install Windows. This will help ensure that the partition is formatted correctly for the Apple hardware. 

After the Windows installation is complete we can create the VHD and apply our boot environment. In order to do this you will need the boot.wim file for that environment. To get a copy of this file for the Quest K2000:
  1. Login to the K2000 web interface
  2. Navigate to Deployments, Boot Environments
  3. Select the appropriate boot environment
    Note: I have found that a standard Windows 10 boot environment will boot to Apple hardware with the necessary drivers for deployment. If that is not the case in your environment you will have to build a custom KBE.
  4. On the boot environment detail page click the link to download a bootable ISO for this boot environment.
  5. Open the downloaded ISO file.
  6. Browse to the Sources folder in the ISO.
  7. Copy the boot.wim file to your computer.
Now that you have the boot.wim file we can create the VHD and apply the WIM image to it.

Creating the virtual hard drive

  1. Open a command prompt as administrator
  2. Run diskpart and execute the following commands
    1. create vdisk file=c:\vhdboot.vhd maximum=5000 type=fixed
      Note: I create the file at the root of the system drive to avoid and path issues. We also don't need a very large disk image and 5GB is still more than we need.
    2. attach vdisk
    3. create partition primary
    4. format quick label=vhd
    5. assign letter=v
    6. exit
There should now be a V: drive on your computer that maps to the virtual hard drive. 

Applying the WIM
The next step is to apply the WIM to that drive. While still in the administrative command prompt run this command:
dism /apply-image /imagefile:c:\boot.wim /index:1 /applydir:v:\

This command assumes that you placed the boot.wim file at the root of the C: drive. 

Booting to the Virtual Drive
Now that the image has been applied to the VHD we can add it to the boot menu and boot to the OS on the drive. While still in the administrative command prompt:
  1. v:
  2. cd \windows\system32
  3. bcdboot v:\windows
There should now be an entry in the boot configuration database that points to the V: drive. To verify this you can run bcdedit to list the boot options. When the computer is restarted you should see an options for Windows Pre-installation environment. Booting to that option should load the KACE Boot Environment.

In my next post I will describe how to manipulate the KBE to automatically deploy a desired scripted install.

Automating Dual Boot Deployments - Part 1 - Introduction

I have been putting a lot of effort into the automation of dual boot deployments on Apple hardware and I am ready to start publishing that work. This first post in the series will cover my motivation for this work and future posts will include the details on my approach and methodology.

Trend 1 - Higher Demand
Dickinson College has seen a growth in the demand for dual boot Apple devices in recent years. I personally support three dual boot labs and many classrooms which total to almost 100 devices that need to be configured and re-imaged on an annual basis.

Trend 2 - Imaging Problems
With newer versions of macOS and Windows the benefits of creating "golden master" images are quickly fading and moving towards scripted installations/thin imaging is becoming a more preferred method of deployment. The tools used to create those images are also becoming more difficult to work with. In particular, changes in the macOS architecture have made creating images of Bootcamp partitions more difficult, if not impossible in some scenarios. The differences in hardware also make moving an image from one platform to another very difficult, also. For instance, creating an image on a Dell and applying it to an Apple device is fraught with peril.

Trend 3 - Thin Imaging/Scripted Installation
We have already made the transition to thin imaging on our Apple hardware for macOS and scripted installations for configuring Windows on our Dell systems. There was not a method for replicating this technique for Windows on Apple hardware in a dual boot scenario.

Motivator 1 - Desire for consistency
This divergence of configuration management resulted in a lack of consistency across devices. For example, imagine two classrooms with instructor computers. Classroom A has an iMac that is configured with macOS and Windows. Classroom B has a Dell with just Windows. If a professor teaches in classroom A using Windows she should expect the same experience in classroom B. Having the ability to create the same configuration on both platforms is highly desirable.

Motivator 2 - Making the most of current resources
With the move to thin imaging and scripted installations the desktop support team has put a large amount of time into packaging applications for deployment. This work could not be leveraged effectively when configuring Windows on dual boot systems.

Motivator 3 - Laziness
Let's be honest, I don't want to spend time configuring computers by hand, especially at a large scale. I have found that it is worth putting the time into developing a system that will save countless hours of clicking and typing.

Combining these trends and motivators led me to the work that I will be detailing in the next several posts. The broad strokes of my technique leverage Windows Native Boot to a virtual hard drive that contains the imaging environment for our Quest K2000 appliance. An image containing this virtual hard drive is placed onto the Bootcamp partition of a dual boot Apple device and when booted a scripted installation is performed. The end result is a Deploystudio workflow that completely automates the configuration of a dual boot system for both platforms that is consistent with other deployments across campus.

Wednesday, April 19, 2017

Current Month Slicer

I have been working a lot in Microsoft Power BI recently and came across an interesting problem. The filters and slicers available don't offer a good way to set dynamic values. This makes it difficult to create a dashboard that shows data from the current month without manually updating the report every month with the current dates. While trying to find a way around this I found an interesting work around here:

The author of the solution, greggyb, created a list of dates and through various columns designated if those dates were in the current month. Unfortunately, his solution used a set of static dates, which I found less than ideal. I have developed a different solution that generates the list of dates going back one year from the current date. Here is the code that will generate the required table.

Use this code to create a table. You must also create a relationship between the Date column on this table and the column containing the date in the table that you want to filter. Then create a slicer using the Months column.

Note that the table will be generated whenever the data source is updated, so this solution works best with a data source that is updated on a regular basis.

Tuesday, March 07, 2017

Power BI Pro vs Free

I have been working with Power BI recently and wanted to share a big lesson learned regarding the Pro license vs the Free license. Our Office365 license grants everyone access to the free license and for most users that will be sufficient. However, if you need the ability to link Power BI directly to a database you may need a Pro license.
Microsoft provides connectors to several types of databases and depending on your specific needs there are several options available for connectivity. In all of these scenarios I'm assuming that you have a database that you want to prepare reports and dashboards.
  • Scenario 1 - Your reports and dashboards do not need to be updated on a regular basis.
    In this case you do not need a Pro license. You can setup Power BI desktop on your computer with the appropriate connector and publish your reports and dashboards to the Power BI service.
  • Scenario 2 - Your reports and dashboards need to be updated on a regular basis, but not dynamically.
    As an example, you want to have your reports updated on a monthly basis and it isn't a problem for you to login to the Power BI application or service to update the data. 
    This does not require a Pro license, either. There are two options in this scenario, you can launch the Power BI desktop application, update the data, and then publish the updated reports. You can also use the Data Gateway software to update the data via the Power BI service.[1] 
  • Scenario 3 - Your reports rely on dynamic data and should be updated automatically on a schedule.
    This is when we get into needing a Pro license. In conjunction with the Data Gateway software you can create a schedule to update your datasource. Unfortunately, anyone that you want to view reports that are based on a dataset like this will also need Pro licenses. That means that if you have a team that needs access to the dashboard and reports, every team member will need a Pro license.
    I hope these examples help clarify whether or not you need to purchase Pro licenses for Power BI. With our education discount they are not terribly expensive but it is a cost that will need to be considered if they may be required for your project.
    1. I'll write more about the Data Gateway in another post

Friday, December 30, 2016

Was 2016 Really that bad for actors?

There has been a lot of talk about this year being bad for a lot of folks. We certainly lost a lot of celebrities this year like Prince, David Bowie, Carrie Fisher and many more. I was curious if 2016 was worse than other years for losing actors and actresses so I decided to make a visualization (of course). Most people don't know this, but the Internet Movie Database has downloadable text versions of their database available online. Here is what a section from the biographies file looks like:
NM: 'K', Murray the

RN: Murray Kaufman

NK: The Fifth Beatle

DB: 14 February 1922, New York City, New York, USA

DD: 21 February 1982, Los Angeles, California, USA (cancer)

BG: Murray the K was born Murray Kaufman in New York, New York, on 14
BG: February 1922. After an early career as a song-plugger, he moved into
BG: radio and in 1958 joined 1010 WINS. He remained there for seven years,
BG: becoming the most popular New York radio DJ. He was an early supporter
BG: of singer Bobby Darin, inspired and then 'broke' his hit single,
BG: 'Splish-Splash', and made a guest appearance on his "This is Your Life"
BG: TV tribute in late 1959.
BG: In 1964, he was one of the first Americans to interview The Beatles,
BG: firstly by phone, later joining them in their hotel suite. From then on
BG: he acted as their "Mr. Fix-it", arranging for them to visit all the
BG: best clubs and restaurants. He also championed their records and for a
BG: while, he dubbed himself "the fifth Beatle" and became a trusted friend
BG: of the group during their American tours, though not of manager Brian
BG: Epstein, who apparently resented his considerable influence.
BG: He left WINS in 1965 and later resurfaced as a presenter on WOR-FM - the
BG: first FM rock station.
BG: Married six times, he died of cancer on 21 February 1982, in Los
BG: Angeles, California.

BY: Anonymous

SP: * 'Jacklyn Zeman' (qv) (14 February 1979 - 1981) (divorced)

TR: * Legendary disk jockey who made his name at WINS (New York) in the 1950s
TR:   and 60s; a pioneer of progressive radio at WOR-FM (New York) in 1966.
TR: * Biography in: "The Scribner Encyclopedia of American Lives". Volume One,
TR:   1981-1985, pages 443-444. New York: Charles Scribner's Sons, 1998.
TR: * Father of 'Peter Altschuler'.
TR: * In 1963 took his 1010WINS NYC Radio show to the High Schools in the New
TR:   York City area as part of a "stay in school" campaign.

AT: * "Creem" (USA), March 1973, Vol. 4, Iss. 10, pg. 20+22, by: Gerrit Graham, "Da "K" Still Cruisin' In Big Apple"


Using PowerShell I extracted the DD lines into a new text file:
Get-Content .\biographies.list | Select-String -Pattern "^DD:" > deaths.txt

I then used Excel to perform some data cleanup and create broad categories of causes of death. The method I used to do this was probably not the best, but it works. I nested six if statements that searched the Cause column for keywords with an output for the appropriate category.

The resulting file was suitable for use in Tableau Public to create a visualization which can be viewed online and I have pasted a screenshot below. Note that the online version is interactive, please check it out.

The graph shows that deaths in 2016 are actually down from 2015 by about 500. It is difficult to know how accurate the data from IMDB is, however, so I'm not sure if that will make anyone feel any better.

Friday, November 04, 2016

Deploying Creative Cloud Applications with the Dell K1000 Appliance

This document outlines the procedures for building Adobe Creative Cloud packages for distribution with the K1000. The document assumes that you have knowledge of using the Creative Cloud Packager already. You will need the ability to create packages using the Creative Cloud Packager and be able to install them on a Mac.
A few notes:
Because the end goal of this process is creating a managed install the instructions below are designed for installers that only include one application from the Creative Cloud.
The K1000 relies on specific version numbers of products which don't always align with the human friendly names of the Creative Cloud apps. Because of this we will be using the number release names for installers and not always the year release names, i.e. Dreamweaver 16.0 instead of Dreamweaver CC 2015.
In this document I will be using the example of creating a package for Photoshop CC 2015 which has a version number of 16.0.0. I recommend creating a folder on the root of your drive to save packages. Avoid using spaces in the folder and package names to make things easier later. You will be using  command line tools to manipulate files so you will need to know the paths to the packages you are creating. The Creative Cloud Packager will create a folder using the package name you specify.
1.     Using the Creative Cloud Packager create a package for a Creative Cloud Application.
a.     Note that if you are using serial numbers for device based application Adobe recommends not including the Creative Cloud application (as of Summer 2016).
2.     Install the package on your Mac.
3.     In the K1000 force an inventory update of your computer.
4.     Expand the Installed Programs section and find the title that you just installed.
5.     Click on the title to edit it.
6.     Make a note of the version number displayed for the title.
7.     Select the operating systems that this title supports.
Information about the Creative Cloud requirements is available here:
8.     Open Terminal.
9.     Create a disk image that contains the package. The disk image name should include the exact version number of the software title.
a.     The syntax for the command is:
hdiutil create –format UDZO –srcfolder /path/to/package.pkg -volname "Name of Volume" /path/to/output.dmg
b.     If you told Creative Cloud Packager to create a package named Photoshop in /Adobe then it will place the installer package at /Adobe/Photoshop/Build/Photoshop_Install.pkg
c.     The command to place that in a disk image would then be:
hdiutil create –format UDZO –srcfolder /Adobe/Photoshop/Build/Photoshop_Install.pkg -volname "Adobe Photoshop" /Adobe/Photoshop/Build/Photoshop16.0.0.dmg
d.     For more help on the hdiutil command view my document on creating disk images or the manual page:
10.  Upload the disk image to the software title for this package.
11.  In the K1000 click Distribution.
12.  Click Choose Action, New
13.  Enter the name of the software title including the version number followed by (Mac) to indicate that this is the Mac installer.
14.  Select the title from the Software dropdown menu.
15.  Under execution select Anytime.
16.  Add a device to the devices list or a label to the Labels list.
Note: If you do not specify a device then the K1000 will want to deploy to all devices. If I do not have a specific target device planned, then I will add my own machine as a placeholder.
17.  Save the managed installation.