The D-Spot (The Deployment Spot)

Adobe released a new major Reader version, Reader 10 or Reader X as they named it. Time to update our clients with the new Reader! Here at the D-spot we blogged about deploying and slipstreaming Adobe Reader in previous posts. Time to update to version 10!

First grab the Reader X sources and the Adobe Customization Wizard X.

Download Sources

Adobe Reader 10.0: Adobe Reader MUI X – Multiple languages (with these sources the users will need to choose a language at first launch. If you don’t want this behavior goto Adobe Reader X Deployment in a specific language).

Adobe Customization Wizard 10: ftp://ftp.adobe.com/pub/adobe/acrobat/win/10.x/10.0.0/misc/

Create a Distribution Point

Because Reader 10.0 is distributed as a zip archive, we can extract it. No more, no less!

Extracted sources:

Copy these files to a temporary location, and move them to a network location afterwards. Or you can copy them directly to a network location (this will be the Distribution Point).

Create a transform file (.mst) using the Adobe Customization Wizard

Launch Adobe’s Customization Wizard 10, and open the extracted AcroRead.MSI. Then change the settings to suit your needs, use the following screenshots as an example.

 

Create two extra registry keys in the Registry-tab. The same keys as we created for Reader 9. I only changed the version from 9.0 to 10.0:

Create new key: AVGeneral (in HKCU\Software\Adobe\Acrobat Reader\10.0), within that key create a new DWORD Value ‘bCheckForUpdatesAtStartup’.

DWORD: bCheckForUpdatesAtStartup

Value: 0

 

The second one is a new DWORD Value ‘OptIn’:

Create new DWORD: OptIn (in HKCU\Software\Adobe\CommonFiles\Usage\Reader 10)

Value: 0

 

To summarize both created registry keys, click the Summary tab:

 

Accept End User License Agreement (EULA):

 

Disable al Updates:

 

Save your transform file by choosing Generate Transform within the Transform menu:

 

Now your Distribution Point is updated with a MST (Transform) file:

 

Deployment

Use the MST file to deploy Adobe Reader X, with Active Directory, ConfigManager or whatever your deployment solution is. Here is the command line to install AcroRead.msi with the transform file we created:

msiexec /i “dp_path\AcroRead.msi” TRANSFORMS=”dp_path\TransformFileCreatedWithCustomWizard.mst” /qb REBOOT=ReallySuppress /log “logfilepath\reader10.txt”

I was with a customer today for a MDT 2010 installation, and struggled with a very annoying issue.

Just before the task sequence had to be selected and after credential input, the deployment process reboots with no error message whatsoever. And keeps rebooting again and again. The log file couldn’t help me out on this issue.

The only solution I could find with a Google-search was to create a new Deployment Share with the previous MDT 2010 version. This seems no solution to me

Solution

I had a typo in the customsettings.ini file:

If you specified a wrong domain for DomainAdminDomain, you won’t get an error message telling you about the mistake!

Identify your strengths and weaknesses in Windows 7 deployment, do the test and learn even more about operating system deployments!

Windows 7 Deployment Learning Portal on Technet.

In previous parts of this guide we’ve setup MDT 2010 and have it configured. Now it’s time to add WSUS integration to automatically install the latest patches while deploying Windows 7.

Install WSUS

First download and install WSUS 3.0 x64 version or WSUS 3.0 x86 version (for Server 2003), or add the WSUS server role of you’re on Server 2008:

The WSUS installation window is underneath the Server Roles window, use alt-tab or the taskbar to proceed with the installation.

Configure WSUS to your needs:

Enable WSUS for Task Sequences

Update each Task Sequence you want updates installed through WSUS. By default ‘Disable this step’ is checked, to enable WSUS for this TS just remove the check:

 

Update CustomSettings.ini

Add WSUSServer to your CustomSettings.ini:

WSUSServer=http://wsusServerName

or

WSUSServer=http://wsusServerName:portnumber

Depending on your WSUS configuration.

Configuration is done, time to deploy a Win 7 client.

After the image is applied, Windows Update is doing its job using our WSUS server:

Just to make sure, take a look at the Installed Updates on the newly deployed client:

WSUS integration succeeded!

Please find other parts here:

Windows 7 Lite Touch installation with MDT 2010 – Part 1

Windows 7 Lite Touch installation with MDT 2010 – Part 2

Windows 7 Lite Touch installation with MDT 2010 – Part 3

Meanwhile MDT 2010 has reached Update 1, time to catch up where we left in part 2.

We will configure WDS to use PXE boot, use SQL Server to retrieve the computer name and have some beer afterwards.

PXE Boot

First configure a DHCP scope to serve the clients with an IP address. Then install the Windows Deployment Service (WDS) role on your MDT box, and configure WDS. I like to have a PXE delay of 3 seconds and I’m running DHCP on the same server as WDS. So I need to check ‘Do not listen on port 67’ and ‘Configure DHCP option 60 to indicate that this server is also a PXE server’.

 

Now we have to import the WinPE boot images, previous generated by MDT, into WDS:

Browse to the Boot-folder in the Deployment Share, and select the LiteTouch-wim-file(s) (I’m importing the x64 version only, as I don’t use Windows 7 x86 for now):

Boot your client machine and hit F12 to boot into PXE, or choose boot from network card in the BIOS.

We still have to choose a computer name during deployment:

Using MS SQL Server (Express) you can fully automate this!

Preparing SQL Server

In my test lab I will use SQL Express 2008 SP1. Open SQL Server Configuration manager, set SQL Server Browser to automatic and start the service:

Enable Named Pipes in SQL Server Configuration Manager:

Restart the SQL Server service:

Start SQL Management Studio and create a Security Login (I’ll use my MDT domain-join-user):

 

Add the db_datareader and db_datawriter permissions for the domain\svc-join user to the MDT database:

Create a database

Open the Deployment Workbench and Create a new database:

   

We have finished creating the MDT database.

Now we have to configure CustomSettings.ini before we can use the database:

By clicking Configure Database Rules, you actually adding extra lines to CustomSettings.ini in order to make a connection to the database. Select what you need:

Take a look at your CustomSettings.ini file (by right-clicking the DeploymentShare > Properties > Rules tab):

You can modify CustomSettings.ini further. To join a domain for example:

SkipDomainMembership=YES
JoinDomain=thedspot.local
DomainAdmin=svc-join
DomainAdminDomain=thedspot.local
DomainAdminPassword=*
MachineObjectOU=OU=Computers,OU=Unmanaged,DC=thedspot,DC=local

Obtaining Computer names from the SQL database

Hit Computers > New to add a MAC address and corresponding computername (OSDComputerName):

 

Our LiteTouch deployment succeeded:

The computer name was retrieved from the database and domain join was successful.

Please find other parts here:

Windows 7 Lite Touch installation with MDT 2010 – Part 1

Windows 7 Lite Touch installation with MDT 2010 – Part 2

Windows 7 Lite Touch installation with MDT 2010 – Part 4

Many company’s choose to deploy Microsoft Office 2010 with the Windows 7 rollout, including mine. I will describe in short our Office 2010 deployment process in this post.

1. Create a network installation point

• Create a folder on a file server. For example: \\servername\sharename\office2010standard
• Copy the Office 2010 CD to that folder, this location becomes the network installation point (this approach differs from previous versions, such as Office 2003).
• Copy each language pack that you want from the source media to the installation point. When you are prompted to overwrite duplicate Setup files, click No.

2. Make a customization file with Office Customization Tool in Office 2010

• Start setup with the /admin parameter, to launch OCT (\\servername\sharename\office2010standard\setup.exe /Admin)
• Select your Office version, I choose Standard 32bit, or open a previous created msp file.

Setup

• Choose install location and company name.
• Setup licensing and user interface; we ‘re using a Key Management Server (KMS), we don’t like having users canceling the setup, we don’t like setup to display error messages and other dialog boxes that might interrupt the installation and we’re accepting the EULA automatically:

Features

• Modify user settings;
  • Disable Opt-in Wizard on first run: Enable (to disable the Wizard)
  • Enable customer experience improvenment program: Disable
  • Automatically receive small updates to improve reliability: Disable

• Language settings:

• Choose features you’d like to install.

Additional content

• We’re moving the shortcuts to another place in the Start Menu, it’s your choice to adapt this.

Outlook

• Outlook profile

• Add accounts

Save the customization file in de Updates folder: \\servername\sharename\office2010standard\Updates\yourFile.msp

3. Config.xml

Although some settings are already configured with OCT, this is my Config.xml file:

<Configuration Product=”Standard”>

  <Display Level=”basic” CompletionNotice=”no” SuppressModal=”No” AcceptEula=”Yes” />
  <Logging Type=”standard” Path=”C:\YourLogPath” Template=”Microsoft Office 2010 Standard Setup(*).txt” />
  <COMPANYNAME Value=”CompanyName” />
  <Setting Id=”SETUP_REBOOT” Value=”Never” />
  <AddLanguage Id=”match” ShellTransform=”Yes” />
  <AddLanguage Id=”en-us” />
  <AddLanguage Id=”nl-nl” />
  <AddLanguage Id=”fr-fr” />
  <LIS SOURCELIST=”\\servername\sharename\office2010standard” />
</Configuration>

Display

I like to immitate the /qb installation method, this can be done with this line:

<Display Level=”Basic” CompletionNotice=”No” SuppressModal=”No” AcceptEula=”Yes” />

Other options for Display Level are : None / Basic / Full

CompletionNotice set to None. To hide the setup end screen. Users don’t need this screen.

SuppressModal set to None, This way setup doesn’t display error messages and other dialog boxes that might interrupt the installation.

AcceptEula to accept the End User Licensing automatically.

Logging

We like to have some logging to troubleshoot install failures.

<Logging Type=”standard” Path=”C:\YourLogPath” Template=”Microsoft Office 2010 Standard Setup(*).txt” />

Setting – Reboot

To suppress a reboot after setup:

<Setting Id=”SETUP_REBOOT” Value=”Never” />

Setting – Suppress Activation using MAK actication

If you’re using a Multiple Activation Key (MAK) and you want to automatically (silent) activate Office 2010, add the following line to your config.xml. So users don’t get bothered with activation.

<Setting Id=”AUTO_ACTIVATE” Value=”1″ />

AddLanguage

A system engineer in a multilanguage environment needs to enable extra languages. Use the following lines to match the User Interface (Shell UI) language of the user’s Locale, and install some languages used in Belgium.

<AddLanguage Id=”match” />
<AddLanguage Id=”en-us” ShellTransform=”Yes” />
<AddLanguage Id=”nl-nl” />
<AddLanguage Id=”fr-fr” />

LIS Sourcelist

Add extra lines to the LIS Sourcelist if you’re having multiple fileservers holding the Office network installation point.

<LIS SOURCELIST=”\\servername\sharename\office2010standard” />

 

Hotfixes and patches

Hotfixes can be placed in the directory \Updates. These patches will be installed by setup during Office installation.

4. Deployment

Install Office with the /config parameter, pointing to the config.xml file.

\\servername\sharename\office2010standard\setup.exe” /config \\servername\sharename\office2010standard\Standard.WW\Config.xml”

 

Happy deploying!

Update: Integrate Service Pack 1 into the network installation point.

Microsoft released an update for the company’s free operating system deloyment solution.  If you’re planning to migrate to Windows 7, Server 2008 R2 or Office 2010, MDT is the tool you need.  Here at the D Spot we have blogged a lot about MDT already.  Keep yourself up to date and read our MDT related posts.

What has changed in MDT 2010 Update 1

 

For native MDT users (Lite Touch Installation)

Support for Office 2010. Easily configure Office 2010 installation and deployment settings through the Deployment Workbench and integration with the Office Customization Tool.

Improved driver importing. All drivers are inspected during the import process to accurately determine what platforms they really support, avoiding common inaccuracies that can cause deployment issues.

 

For ConfigMgr 2007 users (Zero Touch)

New User Driven Installation deployment method. An easy-to-use UDI Wizard allows users to initiate and customize an OS deployment on their PCs that’s tailored to their individual needs.

Support for Configuration Manager R3 Prestaged Media.For those deploying Windows 7 and Office 2010 along with new PCs, a custom OS image can easily be loaded in the factory and then customized once deployed.

 

For all users

A smooth and simple upgrade process. Installing MDT 2010 Update 1 will preserve your existing MDT configuration, with simple wizards to upgrade existing deployment shares and Configuration Manager installations.

Many small enhancements and bug fixes. Made in direct response to feedback received from customers and partners all around the world, MDT 2010 Update 1 is an indispensible upgrade for those currently using MDT (as well as a great starting point for those just starting).

Continued support for older products. MDT 2010 Update 1 still supports deployment of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Office 2007.

 

Download binaries and documentation at Microsoft.

The populair PDF reader and writer from Adobe are often plagued by critical vulnerabilities. Therefore updating and patching Adobe Reader and Adobe Acrobat applications is highly necessary.

Here is how to slipstream the Reader 9.3.3 patch into the 9.3 source, suppress the automatic updates, and acrobat.com online services.

First step: get the sources.

Download sources

Adobe Reader 9.3: AdbeRdr930_en_US.msi

Adobe Reader 9.3.2 Patch: AdbeRdrUpd932_all_incr.msp

Adobe Reader 9.3.3 Patch: AdbeRdrUpd933_all_incr.msp

Adobe Customization Wizard 9: CustWiz90_en_US.exe

Because the upgrade path is 9.3 > 9.3.2 > 9.3.3, we also need the 9.3.2 patch file.

In the second step we need to create a network installation point (administrative installation point). I use C:\temp\reader933\adminpoint, you can choose your own.

Perform an administrative installation

1. Copy the sources to a directory of your choose, for example:
   

   C:\temp\reader933\sources

2. Create a distribution point folder (a folder where the installer can install the uncompressed program files)
   

   C:\temp\reader933\adminpoint

3. Open a command prompt and execute this command:
   

   Msiexec /a <path of AdbeRdr930_en_US.msi>

   With the /a parameter, you’re extracting the MSI to the administrative installation point (folder).

   

   When asked, point to the administrative installation point created in step 2 and hit Install.

   

   

   Admin point has been created:

   

   The 9.3 source files are extracted, now we will slipstream the 9.3.2 and 9.3.3 patches.

4. Apply the 9.3.2 patch:
   

   msiexec /a <path of msi at distribution point> /p <path of Reader 9.3.2.msp>

   for example in my situation:

   msiexec /a "C:\Temp\reader933\adminpoint933\AdbeRdr930_en_US.msi" /p "C:\Temp\adobereader\sources\AdbeRdrUpd932_all_incr.msp"

   

   

   

   

5. Then apply the 9.3.3 path:
   

   msiexec /a "C:\Temp\reader933\adminpoint933\AdbeRdr930_en_US.msi" /p "C:\Temp\adobereader\sources\AdbeRdrUpd933_all_incr.msp"

   

   

   

   

   Last step is to create a transform file. Here you can disable automatic updates and apply custom settings.

Create a transform file (.mst) using the Adobe Customization Wizard:

Run Adobe’s Customization Wizard and open the extracted MSI (leave other files in place). Then change the settings to suit your needs, use the screenshots as an example (this are our adaptations).

Create new key: AVGeneral (in HKCU\Software\Adobe\Acrobat Reader\9.0)

DWORD: bCheckForUpdatesAtStartup

Value: 0

Create new DWORD: OptIn (in HKCU\Software\Adobe\CommonFiles\Usage\Reader 9)

Value: 0

Before saving the package, create an empty setup.ini file in the root of your admin point. If you don’t create this file the Customization Wizard will throw the error: “Setup.ini not found”. (thanks Terry for letting me know)

Save the package, and you’re done.

Add sites to the Trust Manager

We needed to add some sites to the Trust Manager, this step isn’t necessary in the deployment process. We added this IP ranges to the Trust Manager:

172.33.*

172.75.*

Use this .reg file to deploy via scripting:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\TrustManager]

[HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\TrustManager\cDefaultLaunchURLPerms]

"tHostPerms"="version:2|172.33.*:2|172.75.*:2"

Import via Customization Wizard should also work, although I didn’t tested the import feature. If somesome has experience with importing these settings, please share and make a comment!

Deployment:

I use this command line to deploy my slipstreamed Adobe Reader via ConfigManager 2007:

msiexec /i "path\AdbeRdr930_en_US.msi" TRANSFORMS="path\tranformfile.mst" /qb REBOOT=ReallySuppress /log "path\reader933.txt"

Update Sept 2010:

Patch to reader 9.3.4

Here is how to patch the Reader 9.3.3 administrative distribution point with the updated Reader 9.3.4 version.

First get the Adobe Reader 9.3.4 sources file from Adobe’s website. Then apply the 9.3.4 (.msp) patch to the previous created distribution point:

msiexec /a <path of msi at the distribution point> /p <path of downloaded patch>

for example in my situation:

msiexec /a “C:\Temp\reader933\adminpoint933\AdbeRdr930_en_US.msi” /p “C:\Temp\adobereader\sources\AdbeRdrUpd934_all_incr.msp”

It can be confusing, because I named the distribution point “reader933”.

Copy the files from distribution point to your desired location and you’re done!

This kit will help you complete a Proof of Concept (PoC) at your organization, at a customer or get familar with some Microsoft products in a lab environment.

Allowing you to quickly evaluate the new Microsoft desktop technologies, including Windows 7, Office 2010, Internet Explorer 8, and Application Virtualization (AppV) with Microsoft Desktop Optimization Pack technology.

It will also familiarize you with some of the important deployment tools provided by Microsoft to assist with your broader deployment efforts. This PoC isn’t meant to be comprehensive training mechanism but rather an introductory set of modules to familiarize you with tools and technologies.

Included in the package:

• Microsoft Assessment and Planning Toolkit (MAP)
• Microsoft Application Compatibility Toolkit (ACT)
• Microsoft Office Migration and Planning Manager (OMPM) (A tool to assess and upgrade Office versions and files, like macro compatibility for example)
• Microsoft Deployment Toolkit (MDT)
• Windows 7 Enterprise 90-day Trial image
• Microsoft Office Professional Plus 2010
• Office 2010 with Application Virtualization (App-V)

In short, a package that any consultant arriving on a mission around Windows 7 should have.

Download: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=26301cd1-cc72-4dd8-819e-12ef48322743

Recently I had a problem with my Windows 7 clients (built with my new and freshly created image) where they would not get activated by the KMS server. After some research I noticed that the KMS counter was not updated with new client and so my KMS server would never reach the point where it would actually start activating my clients (25 clients).

The reason for the KMS server not updating it’s counter was the fact that all my clients where reporting to the KMS server with the same Client Machine ID (CMID) which I noticed trough the events it reported in the Key Management Service event log of my KMS server.

If you ‘Bing’ on this one you will get lot’s of posts where this is due to the sysprep command which is not ran with the /generalize parameter. This parameter removes all hardware dependencies and when building a new client, it will create a new CMID.

However I did use the /generalize parameter so why do I get the same behavior. The solution is simple but it did take me some time to notice that  I seemed to have missed the <skiprearm> setting in my xml answer file. This setting should be removed before using the image in a production environment! If not you’ll end up rebuilding your image like me…

More info: http://support.microsoft.com/kb/929829

Grtz,
Steve.