Closed Bug 967076 Opened 11 years ago Closed 10 years ago

2008 image for bare metal provisioning

Categories

(Infrastructure & Operations :: RelOps: General, task)

Product:
Infrastructure & Operations
Component:
RelOps: General
Platform:
x86_64
Windows 7
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: markco, Assigned: markco)

References

Details

(Whiteboard: [windows])

No description provided.
Assignee: relops → mcornmesser
Blocks: 967064
In order to build a new image for bare metal provisioning, need to take a look at the all the individual parts in the MDT process and the parts from GPO, dive into each part, figure what is needed, the best way to execute the individual parts, and the figure out at which point of the imaging process it should go, base task sequence, deployment task sequence, or the Puppet run.
Individual parts of the current 2008 rev install and configuration: MDT INSTALL General Configuration cmd commands user related: Add cltbld to the 'Remote Desktop Users' group net localgroup "Remote Desktop Users" cltbld /add OS configuration Set Power option to High Performance powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c Turn HDD off = never powercfg /change disk-timeout-ac 0 Turn off UAC for install %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f MAPI headers cmd /c xcopy "z:\files\MAPI headers\*.*" "C:\Office 2010 Developer Resources\Outlook 2010 MAPI Headers\" Enable Clean Manager cmd /c servermanagercmd -install Desktop-Experience -resultPath results.xml Disable Windows Updates cmd /c regedit -s %SCRIPTROOT%\Regedits\NoWinUpdate.reg -s Set Power option to High Performance powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c Allow python through firewall netsh advfirewall firewall add rule name="Allow Python" dir=in action=allow program="C:\mozilla-build\buildbotve\scripts\python.exe" Allow sshtunnel through firewall netsh advfirewall firewall add rule name="Allow SSH tunnel" dir=in action=allow program="C:\slave\test\build\bin\ssltunnel.exe" Allow VNC through firewall netsh advfirewall firewall add rule name="Allow VNC" dir=in action=allow program="C:\Program Files\uvnc bvba\ultravnc\winvnc.exe" Dependent on VNC being installed Application related Make Logs Folder cmd.exe /c mkdir c:\logs Create logging directory mkdir /c/tmp Files Copy Visual Studio 2010 Source Files For specific install xcopy /s "Z:\Scripts\Microsft Visual Studio 2010\*" "c:\Microsft Visual Studio 2010\" Copy Build files cmd /c xcopy Z:\Applications\BuildBot_Upgrade/mozilla-build c:\mozilla-build /Y /E /Q /R /H / I move old python cmd.exe /c xcopy "c:\mozilla-build\python" "c:\mozilla-build\python27" /Y /E /Q /R /H /I (Not sure why we copy this over and then move it) Remove old python cmd.exe /c "rmdir c:\mozilla-build\python /s /q" (Not sure why we are copying files and removing them) Copy Yasm.exe cmd /c xcopy "%SCRIPTROOT%/Applications/vsyasm.exe" "c:/mozilla-build/msys/bin" Replace ultravnc.ini cp -f -R "Z:\Scripts\Applications\UltraVNC\ultravnc.ini" "C:\Program Files\uvnc bvba\UltraVnc\" Dependent on VNC being installed. Clean UP MSVS 2010 cmd /c rmdir /q /s "c:\Microsft Visual Studio 2010" Post VS 2010 install Power shell commands Set Powershell options powershell -noprofile Set-ExecutionPolicy Unrestricted CSCRIPTs Enable RDP cscript.exe "%scriptroot%\ZTI_RemoteDesktop.wsf" MDT Application Installs Python 2.7.3 MDT packaged application Pywin 218 MDT packaged application BuildBot - 2008R2 MDT packaged application BuildBot_Upgrade MDT packaged application MSVS 2010 install defualt "C:\Microsft Visual Studio 2010\Setup\setup.exe" /q /full /norestart Installed by cmd line from source files Microsoft Win 8 SDK MDT packaged application GVIM Shortcuts MDT packaged application Direct X SDK MDT packaged application Microsoft_VC100_DebugCRT_x86 MDT packaged application CoreUtils 5.3.0 MDT packaged application Mozilla Maintenance Service MDT packaged application Windows 7 Disable Driver Signing MDT packaged application Install UltraVNC cscript.exe "%SCRIPTROOT%\ZTI-UltraVNC.wsf" Installed by cmd line from source files BinScope MDT packaged application Power Shell Scripts Append Path %SCRIPTROOT%\AppendPath.ps1 BAT files %SCRIPTROOT%\ZTI-MakeDir.bat KB Updates cmd /c %SCRIPTROOT%\2008updates.bat Registry Paging File Size cmd /c regedit -s "%SCRIPTROOT%\RegEdits\2008memPage.reg" -sDisable Windows Disable Windows Updates cmd /c regedit -s %SCRIPTROOT%\Regedits\NoWinUpdate.reg -s Improve performance reg 1 cmd /c regedit -s "%SCRIPTROOT%\RegEdits\2008HKLMperf.reg" -s Improve performance reg 2 cmd /c regedit -s "%SCRIPTROOT%\RegEdits\2008HKCUperf.reg" -s 2008 Logon pop ups cmd /c regedit -s "%SCRIPTROOT%\RegEdits\2008NagWindows2.reg -s USER Configuration cltbld creation net user cltbld PASSWORD /add GPOs 2008_compatibility_off Computer Configuration->Policy->Admin Templates-> Windows Components/Application Compatibility Disable Turn off Application Compatibility Engine Disable Turn off Program Compatibility Assistant 2008_gapi_key Computer Configuration->Preferences -> Windows Settings->Files Source \\releng\SYSVOL\releng.ad.mozilla.com\files\gapi\*.* to c:\builds\ 2008_shutdown_tracker Computer Configuration->Policies Admin Templates Disable Shutdown Event Tracker 2008_supress_logon_windows Computer Configuration->Policies Admin Templates->System/Server Manager Enable Do not display initial Configuration tasks Windows at logon Enable Do not display Server manager automatically logon Auto_login Computer configuration->Preference->Windows Settings->registry HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,AutoAdminLogon,REG_SZ,1 HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,AutoLogonCount,REG_SZ,999 HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,AutoRestartShell,REG_DWORD,00000001 HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,Background,REG_SZ,0 0 0 HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,CachedLogonsCount,REG_SZ,10 HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,DebugServerCommand,REG_SZ,no HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,DefaultDomainName,REG_SZ HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,DefaultPassword,REG_SZ,APASSWORD HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,DefaultUserName,REG_SZ,cltbld HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,DisableCAD,REG_DWORD,00000001 HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,DisableLockWorkstation,REG_DWORD,00000000 HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,EnableFirstLogonAnimation,REG_DWORD,00000000 HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,ForceUnlockLogon,REG_DWORD,00000000 HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,LastUsedUsername,REG_SZ,cltbld HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,LegalNoticeCaption,REG_SZ HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,LegalNoticeText,REG_SZ HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,PasswordExpiryWarning,REG_DWORD,00000005 HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,PowerdownAfterShutdown,REG_SZ,0 HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,PreCreateKnownFolders,REG_SZ,{A520A1A4-1780- 4FF6-BD18-167343C5AF16} HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,scremoveoption,REG_SZ,0 HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,Shell,REG_SZ,explorer.exe HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,ShutdownFlags,REG_DWORD,80000027 HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,ShutdownWithoutLogon,REG_SZ,0 HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,Userinit,REG_SZ,C:\Windows\system32\userinit.exe, HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,VMApplet,REG_SZ,SystemPropertiesPerformance.exe /pagefile HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,WinStationsDisabled,REG_SZ,0 Disable_auto_updates Computer Configuration->Policies-> Admin Templates->Windows Components/Windows Updates Disable Configured Automatic Updates Enable Do Not display “install updates...” Enable No auto restart... Disable turn off Software Notifications Disable_JIT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger (No Value assigned) Disable_moz_maintian_svc_certs Computer Configuration->Windows Settings->Registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MaintenanceService\ 3932ecacee736d366d6436db0f55bce4\0 Delete keys name issuer programName PublisherLink SOFTWARE\Mozilla\MaintenanceService\3932ecacee736d366d6436db0f55bce4\1 Delete keys name issuer programName PublisherLink Disable_MS_Auto_Maintain Computer configuration->Preference->Windows Settings-.File Target \\releng\SYSVOL\releng.ad.mozilla.com\files\disable_sched_tasks\*.* to C:\gpo_files\disable_sched_tasks\ Computer configuration->control panel->Schedule task-> Scheduled tasks and immediate task runs C:\gpo_files\disable_sched_tasks\disable_tasks.bat immediate and at start up Disable_notifications Computer configuration->Preference->Windows Settings->File Target \\releng\SYSVOL\releng.ad.mozilla.com\files\disable_notifications\*.* to C:\gpo_files\disable_notifications\ Computer configuration->Preference->Windows Settings->registry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ Advanced EnableBalloonTips set value 0 HKEY_CLASSES_ROOT\CLSID\{7007ACCF-3202-11D1-AAD2-00805FC1270E} Delete key HKEY_CLASSES_ROOT\CLSID\{7007ACCF-3202-11D1-AAD2-00805FC1270E} DefaultIcon Delete Key HKEY_CLASSES_ROOT\CLSID\{7007ACCF-3202-11D1-AAD2-00805FC1270E} \InProcServer32 Delete Key HKEY_CLASSES_ROOT\CLSID\{7007ACCF-3202-11D1-AAD2-00805FC1270E} \InProcServer32\ThreadingModel Delete Key Computer configuration->Preference->Control panel-> Schedule tasks At logon run REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\ Explorer\Advanced /v EnableBalloonTips /t REG_DWORD /d 0 /f Computer configuration->Preference->Control panel->Services Disable nvUpdatusService Item level targeting based on GPO start key Disable_Screen_Savers Computer configuration->Preference->Windows Settings->registry HKEY_USERS\Control Panel\Desktop\ScreenSaveActive Set value to 0 HKEY_USERS\.Default\Control Panel\Desktop\ScreenSaveActive Set value 0 HKEY_USERS\Control Panel\Desktop\ScreenSaveTimeOut Set value to 0 HKEY_USERS\.Default\Control Panel\Desktop\ScreenSaveTimeOut Set value 0 HKEY_Current_USER\Control Panel\Desktop\SCRNSAVE.EXE HKEY_USERS|.Default\Control Panel\Desktop\SCRNSAVE.EXE no value Computer configuration->Preference->Control Panel-> Power Options When computer is: Plugged in Running on batteries Require a password on wakeup: No No Turn off hard disk after: Never Never Sleep after: Never Never Allow hybrid sleep: Off Off Hibernate after: Never Never Lid close action: Sleep Sleep Power button action: Shutdown Shutdown Start menu power button: Hibernate Hibernate Link State Power Management: Off Off Minimum processor state: After 100 minutes After 5 minutes Maximum processor state: After 100 minutes After 100 minutes Turn off display after: Never Never Adaptive display: Off Off Critical battery action: Do nothing Hibernate Low battery level: After 10 minutes After 10 minutes Critical battery level: After 5 minutes After 5 minutes Low battery notification: Off Off Low battery action: Do nothing Do nothing Computer configuration->Preference->Control Panel-> Schedule Tasks At log on run C:\Windows\System32\reg.exe add "HKCU\Control Panel\Desktop" /v ScreenSaveActive /t REG_SZ /d 0 /f C:\Windows\System32\reg.exe add "HKCU\Control Panel\Desktop" /v ScreenSaveActive /t REG_SZ /d 0 /f C:\Windows\System32\reg.exe add "HKCU\Control Panel\Desktop" /v ScreenSaverIsSecure /t REG_SZ /d 0 /f Disable_windows_reporting Computer configuration->Policies->Admin Templates-> System/Internet Communication Management/Internet Communication settings Enable Turn off windows Error Reporting Windows Components/Windows Error Reporting Enable Disable Windows Reporting Enable Display Notification Enable Prevent display of user interface for critical errors File_local_users Computer configuration->Preference->Files Delete c:\users\cltbld\.ssh\ Files_mozilla_build Computer configuration->Windows Settings->Security Settings->Files System %SYSTEMDRIVE%\slave Full control to Owner, System, Admins, BUILTIN\users Computer Configuration\Preferences\Windows Settings\Files Target \\wds1\data-mdt\depshares\ProdShare\Applications\BuildBot_Upgrade\mozilla- build\buildbotve\Lib\site-packages\twisted\internet\_dumbwin*.py to c:\mozilla- build\buildbotve\Lib\site-packages\twisted\internet\ Suppress errors on individual file actions Disabled Files_Python_Psutil Computer Configuration\Preferences\Windows Settings\Files Target \\releng\SYSVOL\releng.ad.mozilla.com\files\python_psutil\*.* to c:\mozilla- build\python27\Lib\site-packages\ Target \\releng\SYSVOL\releng.ad.mozilla.com\files\python_psutil\psutil\*.* to c:\mozilla-build\python27\Lib\site-packages\psutil\ Target \\releng\SYSVOL\releng.ad.mozilla.com\files\python_psutil\psutil-1.0.1- py2.7.egg-info\* to c:\mozilla-build\python27\Lib\site-packages\psutil-1.0.1-py2.7.egg- info\ Files_sshd_testers_builders Computer Configuration\Preferences\Windows Settings\Files target \\releng\SYSVOL\releng.ad.mozilla.com\files\ssh\KTS\* to C:\Program Files\KTS\ Target \\releng\SYSVOL\releng.ad.mozilla.com\files\ssh\KTS\scripts\*.* to C:\Program Files\KTS\scripts Target \\releng\SYSVOL\releng.ad.mozilla.com\files\ssh\KTS\subsystems\*.* to C:\Program Files\KTS\subsystems Target \\releng\SYSVOL\releng.ad.mozilla.com\files\ssh\updates\scripts\*.* to C:\Program Files\KTS\scripts\ Computer Configuration\Preferences\Control Panel\ Schedule Tasks Deny_pub Immediate runs C:\Program Files\KTS\deny_pub.bat Install ssh Immediate runs C:\Program Files\KTS\install.bat Files_UVNC_config Computer Configuration\Preferences\Windows Settings\Files Target \\releng\SYSVOL\releng.ad.mozilla.com\files\uvnc_config\*.* to Firewall_exceptions_testers_builders Computer Configuration-> Policies -> Windows Settings->Windows Firewall with Advance Security->Global Settings Inbound Allow: by Apache C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe Ping any Python C:\slave\test\build\venv\scripts\python.exe Python C:\talos-slave\test\build\venv\scripts\python.exe Python C:\mozilla-build\buildbotve\scripts\python.exe SSH C:\Program Files\KTS\daemon.exe ssltunnel C:\slave\test\build\bin\ssltunnel.exe ssltunnel C:\slave\test\build\tests\bin\ssltunnel.exe ssltunnel C:\talos-slave\test\build\bin\ssltunnel.exe ssltunnel C:\talos-slave\test\build\bin\ssltunnel.exe VNC C:\Program Files\uvnc bvba\ultravnc\winvnc.exe NSCLient++ C:\Program Files\NSClient++\nsclient++.exe Outbound Allow: by Apache C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe Python C:\slave\test\build\venv\scripts\python.exe Python C:\talos-slave\test\build\venv\scripts\python.exe Python C:\mozilla-build\buildbotve\scripts\python.exe SSH C:\Program Files\KTS\daemon.exe ssltunnel C:\slave\test\build\bin\ssltunnel.exe ssltunnel C:\slave\test\build\tests\bin\ssltunnel.exe VNC C:\Program Files\uvnc bvba\ultravnc\winvnc.exe NSCLient++ C:\Program Files\NSClient++\nsclient++.exe Computer Configuration->Policy->Admin templates-> Network/Network Connections/Windows Firewall/Domain Profile Allow outbound destination unreachable Enabled Allow outbound source quench Enabled Allow redirect Enabled Allow inbound echo request Enabled Allow inbound router request Enabled Allow outbound time exceeded Enabled Allow outbound parameter problem Enabled Allow inbound timestamp request Enabled Allow inbound mask request Enabled Allow outbound packet too big Enabled Metrics Computer Configuration\Preferences\Windows Settings\Files Target \\releng\SYSVOL\releng.ad.mozilla.com\files\metrics\*.* to C:\metcollect Computer Configuration\Preferences\Control Panel\ Schedule Tasks Immediate run c:\metcollect\metcollect2.bat NSClient++ Computer Configuration->Policies-> Software Settings-> Assigned application NSClient++ Computer Configuration\Preferences\Windows Settings\Files Delete C:\Program Files\NSClient++ Target \\releng\SYSVOL\releng.ad.mozilla.com\files\NSCleintINI\*.* to c:\program files\nsclient++\ Registry_tweaks_builder Computer Configuration->Preferences -> Windows Settings->Registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\DumpType value 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\ NtfsDisable8dot3NameCreation value 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\ NtfsDisableLastAccessUpdate value 1 Schedule_tasks_testers_and_builders Computer Configuration->Preferences->Windows Settings->Files target \\releng.ad.mozilla.com\data\mdt\depshares\DevShare\Applications\ BuildBot_Upgrade\mozilla-build\*.bat to c:\mozilla-build\ Target \\releng.ad.mozilla.com\data\mdt\depshares\DevShare\Applications\ BuildBot_Upgrade\mozilla-build\*.py to c:\mozilla-build\ Computer Configuration->Preferences->Control Panels-> Scheduled Tasks start C:\mozilla-build\start-buildbot.bat trigger by cltbld log on SDK_patch_builder Computer Configuration->Preferences->Windows Settings->Files Target \\releng\SYSVOL\releng.ad.mozilla.com\files\builder_sdk_patch\*.* to C:\Program Files (x86)\Windows Kits\8.0\Include\winrt\ Users_local_testers Computer Configuration->Windows Settings->Security settings->local policies-> User rights Force shutdown from a remote system by BUILTIN\Users, cltbld, BUILTIN\Administrators Shut down the system by BUILTIN\Users, cltbld, BUILTIN\Backup Operators, BUILTIN\Administrators, BUILTIN\Administrators Security Options Accounts: Rename administrator account to root Computer Configuration->Preference-> Control panel-> Local Users Groups-> Group administrators add cltbld, root, administrator, releng\administrator User cltbld User root
Using this etherpad to keep track of what items fall in which part of the imaging process: https://infra.etherpad.mozilla.org/925080
Depends on: 972575
Depends on: 974265
Depends on: 974605
Whiteboard: [kanban:engops:https://kanbanize.com/ctrl_board/6/369]
Whiteboard: [kanban:engops:https://kanbanize.com/ctrl_board/6/369] → [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/865] [kanban:engops:https://kanbanize.com/ctrl_board/6/369]
Whiteboard: [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/865] [kanban:engops:https://kanbanize.com/ctrl_board/6/369] [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/869] [kanban:engops:https://kanbanize.com/ctrl_board/6/369] → [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/869] [kanban:engops:https://kanbanize.com/ctrl_board/6/369] [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/870] [kanban:engops:https://kanbanize.com/ctrl_board/6/369]
Whiteboard: [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/870] [kanban:engops:https://kanbanize.com/ctrl_board/6/369] → [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/870]
Whiteboard: [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/870] → [windows]
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.