Friday, June 23, 2017

Automating dual boot Deployments - Part Two - Native Boot

Windows Native Boot is a technology introduced in Windows 7 that allows a computer to boot directly into a virtual hard drive or VHD. My work leverages this functionality to load the KACE Boot Environment (KBE) on a Bootcamp partition. This provides the ability to perform a scripted installation from the K2000 appliance on the Bootcamp partition.

Many of the steps below are taken from the following MSDN article that details the Native Boot technology.
https://msdn.microsoft.com/en-us/windows/hardware/commercialize/manufacture/desktop/boot-to-vhd--native-boot--add-a-virtual-hard-disk-to-the-boot-menu

The process of creating the VHD containing the KBE requires that we first use the Bootcamp Assistant to create a Bootcamp partition and install Windows. This will help ensure that the partition is formatted correctly for the Apple hardware. 

After the Windows installation is complete we can create the VHD and apply our boot environment. In order to do this you will need the boot.wim file for that environment. To get a copy of this file for the Quest K2000:
  1. Login to the K2000 web interface
  2. Navigate to Deployments, Boot Environments
  3. Select the appropriate boot environment
    Note: I have found that a standard Windows 10 boot environment will boot to Apple hardware with the necessary drivers for deployment. If that is not the case in your environment you will have to build a custom KBE.
  4. On the boot environment detail page click the link to download a bootable ISO for this boot environment.
  5. Open the downloaded ISO file.
  6. Browse to the Sources folder in the ISO.
  7. Copy the boot.wim file to your computer.
Now that you have the boot.wim file we can create the VHD and apply the WIM image to it.

Creating the virtual hard drive


  1. Open a command prompt as administrator
  2. Run diskpart and execute the following commands
    1. create vdisk file=c:\vhdboot.vhd maximum=5000 type=fixed
      Note: I create the file at the root of the system drive to avoid and path issues. We also don't need a very large disk image and 5GB is still more than we need.
    2. attach vdisk
    3. create partition primary
    4. format quick label=vhd
    5. assign letter=v
    6. exit
There should now be a V: drive on your computer that maps to the virtual hard drive. 

Applying the WIM
The next step is to apply the WIM to that drive. While still in the administrative command prompt run this command:
dism /apply-image /imagefile:c:\boot.wim /index:1 /applydir:v:\


This command assumes that you placed the boot.wim file at the root of the C: drive. 

Booting to the Virtual Drive
Now that the image has been applied to the VHD we can add it to the boot menu and boot to the OS on the drive. While still in the administrative command prompt:
  1. v:
  2. cd \windows\system32
  3. bcdboot v:\windows
There should now be an entry in the boot configuration database that points to the V: drive. To verify this you can run bcdedit to list the boot options. When the computer is restarted you should see an options for Windows Pre-installation environment. Booting to that option should load the KACE Boot Environment.

In my next post I will describe how to manipulate the KBE to automatically deploy a desired scripted install.

Automating Dual Boot Deployments - Part 1 - Introduction

I have been putting a lot of effort into the automation of dual boot deployments on Apple hardware and I am ready to start publishing that work. This first post in the series will cover my motivation for this work and future posts will include the details on my approach and methodology.

Trend 1 - Higher Demand
Dickinson College has seen a growth in the demand for dual boot Apple devices in recent years. I personally support three dual boot labs and many classrooms which total to almost 100 devices that need to be configured and re-imaged on an annual basis.

Trend 2 - Imaging Problems
With newer versions of macOS and Windows the benefits of creating "golden master" images are quickly fading and moving towards scripted installations/thin imaging is becoming a more preferred method of deployment. The tools used to create those images are also becoming more difficult to work with. In particular, changes in the macOS architecture have made creating images of Bootcamp partitions more difficult, if not impossible in some scenarios. The differences in hardware also make moving an image from one platform to another very difficult, also. For instance, creating an image on a Dell and applying it to an Apple device is fraught with peril.

Trend 3 - Thin Imaging/Scripted Installation
We have already made the transition to thin imaging on our Apple hardware for macOS and scripted installations for configuring Windows on our Dell systems. There was not a method for replicating this technique for Windows on Apple hardware in a dual boot scenario.

Motivator 1 - Desire for consistency
This divergence of configuration management resulted in a lack of consistency across devices. For example, imagine two classrooms with instructor computers. Classroom A has an iMac that is configured with macOS and Windows. Classroom B has a Dell with just Windows. If a professor teaches in classroom A using Windows she should expect the same experience in classroom B. Having the ability to create the same configuration on both platforms is highly desirable.

Motivator 2 - Making the most of current resources
With the move to thin imaging and scripted installations the desktop support team has put a large amount of time into packaging applications for deployment. This work could not be leveraged effectively when configuring Windows on dual boot systems.

Motivator 3 - Laziness
Let's be honest, I don't want to spend time configuring computers by hand, especially at a large scale. I have found that it is worth putting the time into developing a system that will save countless hours of clicking and typing.

Combining these trends and motivators led me to the work that I will be detailing in the next several posts. The broad strokes of my technique leverage Windows Native Boot to a virtual hard drive that contains the imaging environment for our Quest K2000 appliance. An image containing this virtual hard drive is placed onto the Bootcamp partition of a dual boot Apple device and when booted a scripted installation is performed. The end result is a Deploystudio workflow that completely automates the configuration of a dual boot system for both platforms that is consistent with other deployments across campus.

Wednesday, April 19, 2017

Current Month Slicer

I have been working a lot in Microsoft Power BI recently and came across an interesting problem. The filters and slicers available don't offer a good way to set dynamic values. This makes it difficult to create a dashboard that shows data from the current month without manually updating the report every month with the current dates. While trying to find a way around this I found an interesting work around here: https://community.powerbi.com/t5/Desktop/Setting-the-Default-Value-of-a-Slicer/td-p/16442.

The author of the solution, greggyb, created a list of dates and through various columns designated if those dates were in the current month. Unfortunately, his solution used a set of static dates, which I found less than ideal. I have developed a different solution that generates the list of dates going back one year from the current date. Here is the code that will generate the required table.



Use this code to create a table. You must also create a relationship between the Date column on this table and the column containing the date in the table that you want to filter. Then create a slicer using the Months column.

Note that the table will be generated whenever the data source is updated, so this solution works best with a data source that is updated on a regular basis.

Tuesday, March 07, 2017

Power BI Pro vs Free

I have been working with Power BI recently and wanted to share a big lesson learned regarding the Pro license vs the Free license. Our Office365 license grants everyone access to the free license and for most users that will be sufficient. However, if you need the ability to link Power BI directly to a database you may need a Pro license.
Microsoft provides connectors to several types of databases and depending on your specific needs there are several options available for connectivity. In all of these scenarios I'm assuming that you have a database that you want to prepare reports and dashboards.
  • Scenario 1 - Your reports and dashboards do not need to be updated on a regular basis.
    In this case you do not need a Pro license. You can setup Power BI desktop on your computer with the appropriate connector and publish your reports and dashboards to the Power BI service.
  • Scenario 2 - Your reports and dashboards need to be updated on a regular basis, but not dynamically.
    As an example, you want to have your reports updated on a monthly basis and it isn't a problem for you to login to the Power BI application or service to update the data. 
    This does not require a Pro license, either. There are two options in this scenario, you can launch the Power BI desktop application, update the data, and then publish the updated reports. You can also use the Data Gateway software to update the data via the Power BI service.[1] 
  • Scenario 3 - Your reports rely on dynamic data and should be updated automatically on a schedule.
    This is when we get into needing a Pro license. In conjunction with the Data Gateway software you can create a schedule to update your datasource. Unfortunately, anyone that you want to view reports that are based on a dataset like this will also need Pro licenses. That means that if you have a team that needs access to the dashboard and reports, every team member will need a Pro license.
    I hope these examples help clarify whether or not you need to purchase Pro licenses for Power BI. With our education discount they are not terribly expensive but it is a cost that will need to be considered if they may be required for your project.
    1. I'll write more about the Data Gateway in another post

Friday, December 30, 2016

Was 2016 Really that bad for actors?

There has been a lot of talk about this year being bad for a lot of folks. We certainly lost a lot of celebrities this year like Prince, David Bowie, Carrie Fisher and many more. I was curious if 2016 was worse than other years for losing actors and actresses so I decided to make a visualization (of course). Most people don't know this, but the Internet Movie Database has downloadable text versions of their database available online. Here is what a section from the biographies file looks like:
NM: 'K', Murray the

RN: Murray Kaufman

NK: The Fifth Beatle

DB: 14 February 1922, New York City, New York, USA

DD: 21 February 1982, Los Angeles, California, USA (cancer)

BG: Murray the K was born Murray Kaufman in New York, New York, on 14
BG: February 1922. After an early career as a song-plugger, he moved into
BG: radio and in 1958 joined 1010 WINS. He remained there for seven years,
BG: becoming the most popular New York radio DJ. He was an early supporter
BG: of singer Bobby Darin, inspired and then 'broke' his hit single,
BG: 'Splish-Splash', and made a guest appearance on his "This is Your Life"
BG: TV tribute in late 1959.
BG:
BG: In 1964, he was one of the first Americans to interview The Beatles,
BG: firstly by phone, later joining them in their hotel suite. From then on
BG: he acted as their "Mr. Fix-it", arranging for them to visit all the
BG: best clubs and restaurants. He also championed their records and for a
BG: while, he dubbed himself "the fifth Beatle" and became a trusted friend
BG: of the group during their American tours, though not of manager Brian
BG: Epstein, who apparently resented his considerable influence.
BG:
BG: He left WINS in 1965 and later resurfaced as a presenter on WOR-FM - the
BG: first FM rock station.
BG:
BG: Married six times, he died of cancer on 21 February 1982, in Los
BG: Angeles, California.

BY: Anonymous

SP: * 'Jacklyn Zeman' (qv) (14 February 1979 - 1981) (divorced)

TR: * Legendary disk jockey who made his name at WINS (New York) in the 1950s
TR:   and 60s; a pioneer of progressive radio at WOR-FM (New York) in 1966.
TR: * Biography in: "The Scribner Encyclopedia of American Lives". Volume One,
TR:   1981-1985, pages 443-444. New York: Charles Scribner's Sons, 1998.
TR: * Father of 'Peter Altschuler'.
TR: * In 1963 took his 1010WINS NYC Radio show to the High Schools in the New
TR:   York City area as part of a "stay in school" campaign.

AT: * "Creem" (USA), March 1973, Vol. 4, Iss. 10, pg. 20+22, by: Gerrit Graham, "Da "K" Still Cruisin' In Big Apple"

-------------------------------------------------------------------------------

Using PowerShell I extracted the DD lines into a new text file:
Get-Content .\biographies.list | Select-String -Pattern "^DD:" > deaths.txt

I then used Excel to perform some data cleanup and create broad categories of causes of death. The method I used to do this was probably not the best, but it works. I nested six if statements that searched the Cause column for keywords with an output for the appropriate category.

The resulting file was suitable for use in Tableau Public to create a visualization which can be viewed online and I have pasted a screenshot below. Note that the online version is interactive, please check it out.

The graph shows that deaths in 2016 are actually down from 2015 by about 500. It is difficult to know how accurate the data from IMDB is, however, so I'm not sure if that will make anyone feel any better.




Friday, November 04, 2016

Deploying Creative Cloud Applications with the Dell K1000 Appliance

This document outlines the procedures for building Adobe Creative Cloud packages for distribution with the K1000. The document assumes that you have knowledge of using the Creative Cloud Packager already. You will need the ability to create packages using the Creative Cloud Packager and be able to install them on a Mac.
A few notes:
Because the end goal of this process is creating a managed install the instructions below are designed for installers that only include one application from the Creative Cloud.
The K1000 relies on specific version numbers of products which don't always align with the human friendly names of the Creative Cloud apps. Because of this we will be using the number release names for installers and not always the year release names, i.e. Dreamweaver 16.0 instead of Dreamweaver CC 2015.
In this document I will be using the example of creating a package for Photoshop CC 2015 which has a version number of 16.0.0. I recommend creating a folder on the root of your drive to save packages. Avoid using spaces in the folder and package names to make things easier later. You will be using  command line tools to manipulate files so you will need to know the paths to the packages you are creating. The Creative Cloud Packager will create a folder using the package name you specify.
1.     Using the Creative Cloud Packager create a package for a Creative Cloud Application.
a.     Note that if you are using serial numbers for device based application Adobe recommends not including the Creative Cloud application (as of Summer 2016).
2.     Install the package on your Mac.
3.     In the K1000 force an inventory update of your computer.
4.     Expand the Installed Programs section and find the title that you just installed.
5.     Click on the title to edit it.
6.     Make a note of the version number displayed for the title.
7.     Select the operating systems that this title supports.
Information about the Creative Cloud requirements is available here: https://helpx.adobe.com/creative-cloud/system-requirements.html
8.     Open Terminal.
9.     Create a disk image that contains the package. The disk image name should include the exact version number of the software title.
a.     The syntax for the command is:
hdiutil create –format UDZO –srcfolder /path/to/package.pkg -volname "Name of Volume" /path/to/output.dmg
b.     If you told Creative Cloud Packager to create a package named Photoshop in /Adobe then it will place the installer package at /Adobe/Photoshop/Build/Photoshop_Install.pkg
c.     The command to place that in a disk image would then be:
hdiutil create –format UDZO –srcfolder /Adobe/Photoshop/Build/Photoshop_Install.pkg -volname "Adobe Photoshop" /Adobe/Photoshop/Build/Photoshop16.0.0.dmg
d.     For more help on the hdiutil command view my document on creating disk images or the manual page: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/hdiutil.1.html
10.  Upload the disk image to the software title for this package.
11.  In the K1000 click Distribution.
12.  Click Choose Action, New
13.  Enter the name of the software title including the version number followed by (Mac) to indicate that this is the Mac installer.
14.  Select the title from the Software dropdown menu.
15.  Under execution select Anytime.
16.  Add a device to the devices list or a label to the Labels list.
Note: If you do not specify a device then the K1000 will want to deploy to all devices. If I do not have a specific target device planned, then I will add my own machine as a placeholder.
17.  Save the managed installation.



Friday, July 29, 2016

Managing the Dock on Apple MacOS Systems

We have been migrating the management of our computer labs at Dickinson to Profile Manager this summer and a recent sticking point was managing the Dock. In most cases Profile Manager does a good job of allowing you to specify the applications in the Dock but one of my colleagues wanted her users to be able to add other items they use frequently. Profile Manager includes an option to Merge with User's Dock, which does allow the user to add their own items, but the default Dock items that Apple places there are also present.

That's a lot of extra icons
In an effort to find a happy medium I researched where Apple stores the items that are added to the Dock when new users log into the computer for the first time. I found the answer over at JAMF Nation in this post: https://jamfnation.jamfsoftware.com/discussion.html?id=12266 

The following two commands will alter the two files that contain the default applications:


After the files are modified you can customize your own set of Dock applications using Profile Manager and select the Merge with User's Dock option. Users will then be able to add other applications to their dock but they won't be able to remove those you specified.

The one catch here is that since the files we are modifying are under /System they are protected by System Integrity Protection (SIP). That means that in order to make these changes you must first disable SIP. Whether or not you want to do that in your environment is a question you will have to answer yourself. You should also keep in mind that any updates from Apple might undo these changes and possibly make them more difficult in the future.

Thursday, March 03, 2016

Deploying MacOS X Upgrades with the Dell K1000

At work we will be deploying Office 2016 to campus this summer and it requires at least MacOS X version 10.10. In our environment we normally don't upgrade operating systems in place so we have a fair number of computers with earlier versions installed. This presents a problem. Our initial thought was that we would need to deploy the sneaker net and get to work. I realized that the K1000 detects Mac OS X as an installed program so I wondered if I could setup a managed install to deploy it and it turns out you can. I used the following procedure to deploy Mac OS X 10.11 El Capitan but it should also work for other versions.

Step 1: Download the OS Installer from the AppStore
If you don't already have a copy of the Install OS X El Capitan application from the Apple AppStore login and download a copy of it. You can leave it in the /Applications folder.

Step 2: Build a Mac OS X install package
Download createOSXInstallPkg script from GitHub and store it somewhere on your computer.
https://github.com/munki/createOSXinstallPkg
Open a terminal window and change to the location of the script.
The documentation for the script is well written but there isn't too much necessary for a basic package. The following command will create the package in the same location as the script:
sudo ./createOSXInstallPkg --source /Applications/Install\ OS\ X\ El\ Capitan.app/

You should end up with a file named something like InstallOSX_10.11.3_15D21.pkg. The version and build number (10.11.3 and 15D21 respectively) will depend on when you download the installer from the App Store.

Step 3: Create a disk image to hold the package
The K1000 appliance will deploy packages stored on a disk image and I have found this method to be the most reliable for uploading packages to the appliance.
Open Disk Utility
Click New Image
Give the disk image a name, I called mine MacOSX_10.11.3_15D21.dmg.
For the size you need to make the image larger than the size of the package because once the disk is formatted it will loose some space. My install package was 6.1GB so I made the disk image 7.5GB.
Leave the Format, Encryption, Partitions and Image Format defaults.
Click Create

Step 4: Copy the install package to the newly created disk image
The disk image should be mounted when created, but if it isn't mount it and then copy the file to the volume. Once it is copied, unmount the disk.

Step 5: Copy the disk image to the K1000 appliance
The web interface won't allow you to upload files more than 2GB so you will need to mount the clientdrop share on your K1000 and copy the file there. If you have not already enabled the SAMBA share on your appliance login to the admin interface and browse to Settings, Security.

Step 6: Associate the disk image with the software title
When creating a managed install it is very important that you associate the installer with the correct title. If you have any doubt about which software title to use then I strongly recommend that you use the installer to update one machine in your environment manually and then associate the file with the software title found in that machines software inventory after the setup is complete and the machine has checked into the K1000 again.
Once you are satisfied that you have the correct software title select the disk image from the Upload and Associate Client Drop File menu.
In the Supported Operating Systems list select the operating systems that you will be upgrading to 10.11.
Save the software title.

Step 7: Create the managed install
In the K1000 interface click Distribution
Under Managed Installs click Choose Action, New
Give your MI a name, I called mine Mac OS X El Capitan Install
Select 10.11.3 software title from the dropdown
Set the execution option based on whether or not you want to interrupt users with the installation or not.
Leave the Default installation option selected
For the notification options we setup both Alert user before run and Completion messages. This is what we have set for our environment:
Alert user before run:
Your computer has been scheduled to be upgraded to OS X El Capitan (10.11). You can continue to use the computer and will be notified when the first phase is complete.
Completion message:
The first phase of your upgrade to Mac OS X El Capitan is complete. Please restart your computer to begin the next phase. Phase two will take about half an hour to complete.
Save the managed install.

You should now be able to target computers with the installation and they will receive the upgrade. Note that the first phase of the installation (before the computer restarts) is silent. Unless you use a completion message the user will not be prompted to restart. Once the computer does restart the installation will proceed. I have had varied reports of whether or not there is interaction required during this phase of the upgrade.

The installation of 10.11 has been resetting the Sharing preferences in our environment. We normally have remote login and remote desktop enabled for certain users and after the upgrade those options are turned off. Thankfully the KACE agent is still checking in so you can use a script to set those options. Here is our script:
#!/bin/sh
# start here
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -specifiedUsers
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -users admin -access -on -privs -DeleteFiles -ControlObserve -TextMessages -OpenQuitApps -GenerateReports -RestartShutDown -SendFiles -ChangeSettings
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -clientopts -setmenuextra -menuextra no
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -clientopts -setvnclegacy -vnclegacy yes -clientopts -setvncpw -vncpw VNCPasswordHere
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -restart -agent -menu -console
sudo systemsetup -setremotelogin on
exit 0