ntfsclone and partclone (which is what Clonezilla uses) are similar in function (some minor differences in implementation). I know partclone will handle other filesystems as well as NTFS (not ZFS, currently?). And, the default settings for Clonezilla "image splits" take into account the possibility that the "image partition" may exist on a FAT32 filesystem (e.g., don't try to create splits that are too large to be represented as "files" on that filesystem!).
I don't know how partclone/Clonezilla will handle (stored) images that span more than one volume. E.g., if the image is 10GB (5*2G) and doesn't fit on a single DVD. (my "big images" are stored on big external drives so this hasn't been a problem)
There are a couple of problems with basing a "solution" on Clonezilla.
First, it boots a bloated linux kernel capable of running a full shell -- even though Clonezilla itself doesn't need most of those resources IN MY APPLICATION. E.g., no need for networking, it only uses a 640x480 display in TEXT mode, etc. On some of my machines, the boot process (to the Clonezilla "prompt") is as much as 90 seconds (that shouldn't be the case for any of the machines I'll be dealing with here; I just offer it to indicate how much cruft the kernel drags in).
Watching all the "console" messages scroll by will be intimidating to folks accustomed to a splash screen. And, I haven't looked at the implementation to know if there are any events that can cause a panic or if the boot process keeps trying even if is wrong. So, the user would be given instructions like: Wait for the Clonezilla splash screen. If it doesn't appear after XX seconds, call for help.
If I went the "roll my own" route, I would opt for a different "host OS" for the image restore tool.
Second, I suspect OS + even a small suite of apps will easily exceed the space available on the Clonezilla boot CD (even if I move it to a DVD). AFAICT, partclone won't allow the "splits" of the image file that it is trying to restore to reside on multiple volumes. I.e., if it finds the first split on the "image partition", it will expect to find the *last* split on that same partition! No way to "insert DVD 2 of 5", etc.
The question then becomes: how much time do I want to spend understanding someone else's tool vs. creating one that does what I need, directly?
Yes, by understanding the nature of the filesystem (instead of regarding the disk as a set of sectors each of which may -- or may not -- contain live data)
If you assume a sector that is not referenced *by* the VTOC/superblock/FAT/whatever-you-want-to-call-it can NOT be referenced, then its contents can not be referenced and, so, need not be "preserved".
Notable exceptions are things like the boot sector that is referenced by the BIOS (if we're talking about PC's). So, you explicitly grab that sector and keep track of it (as it is NOT referenced in the file system!)
So, this will only work if I can build all the images
*before* the 6 months is up (presumably you can *restore* an image even after that time?)
I (typically) create my "images" on an external USB drive, one per machine. In the case of Windows machines, this lets me store several images representing the build process:
1_Windows (after installing windows)
2_Drivers (after adding machine specific drivers -- like NIC)
3_Updates (after talking to MS's update server)
4_Utilities (add archivers, etc. -- tools that seldom need updates)
5_Tools ("heavier weight" apps that *do* see updates -- firefox, etc.)
6_Applications (the heaviest weight apps)
Finally, I *copy* the installation log detailing the build process (and indicating where each image was created in that process) onto the external disk.
This external disk then sits in a box with other, similar, disks each labeled with the name of the machine that it documents. (I do this for each laptop, tablet PC, server, workstation, etc. here)
This is true for most Dell machines. *If* you use a Dell install CD/DVD.
There is a file on the install media that tells windows how picky it should be.
Yes, but this can be done after the cloned image is "installed".
Clonezilla lets you decide if you want to deal with "disks" or "partitions". In the latter case, you can pick which partitions (on a disk) you want to image/restore.
For example, I create a separate image of the "utility" partition so I can choose NOT to restore it when restoring the "main partition". Similarly, I can restore it without clobbering the current contents of the main partition.
(Updating this partition should, in theory, not involve "Windows")
The licenses will be purchased from an organization that ONLY sells to 501(c)3's -- as they are "genuine" licenses sold "below retail" (e.g., $8 for W7, $25 for Office, etc.). MS also has a "direct" program for these sorts of licensees.
OK - you hadn't said what the requirements, limitations and flexibilities were.
Fair enough - you are trying to /help/ the "customer", not convert them. Similarly, I am only trying to help you, not convert you. So if installing a particular OS is not an option for the end users, even if it makes the job easier for /you/, then you can't use that solution.
Be careful that the embarrassment of coming back a second time does not just stop them coming back a second time - people who quickly get malware once will quickly get it many more times. For such users, you really should consider evangelizing - but pick your own favourite OS if you don't want to copy mine!
The trouble with the "restore from DVD" solution is that it involves a great deal of loss for the user - people who are at a level of knowledge that you describe /will/ lose their personal data in this process. You can pretty much guarantee that even if the malware has not eaten their data, they will fail to copy it correctly before doing the re-install. You can also guarantee 100% that they will lose all software (including system updates) they have installed since the restore DVD was made - and you can also be sure that very few will make regular restore DVDs (and those that do, will store their malware on the newer restore DVDs).
It is a simple fact that for ignorant users (I don't mean that as an insult - everyone is ignorant until they have learned about a topic), you either have to provide a safe and reliable system, preferably locked down to limit risks, or someone has to provide support and help. That someone does not have to be /you/ - maybe the users can even get together and help each other.
I fully understand that you don't want to be an eternal free technical support for the end users. Maybe recovery DVDs are the best you can do with the resources you have and the requirements of the "customers" - but they can never be more than /part/ of a good maintenance and support solution.
It doesn't matter how *bad* I think THE SCHOOL SYSTEM'S CHOICE OF OS is... there's simply no way I am going to get them to change their minds as to what they expect their students to use. I'm sure lots of "interests" have had a say in that decision. I don't have kids in the school system so I've got no skin in that game -- and not anxious to *put* any skin in there, either!
Yup. If you don't learn from your first (or second or twenty-fifth) mistake, maybe you *can't* learn. But, *you* bear the cost of your ignorance.
E.g., here, I simply don't want to have to keep watching for all the latest security updates, etc. So, I don't let machines talk to the outside world. That's *my* solution. Other folks may wish to gamble and/or take other measures to minimize what they "expose".
I have learned from first-hand experience that if you provide a service to fix their mistakes, they will RELY on it. Even if you charge a fee to act as a deterrent -- in a perverse sense, they figure that they are now *paying* you (i.e., the non-profit) so you no longer have any VALID objections to their misuse.
A "repair" solution that can work is NOT to charge them anything. BUT, to sit on their machine for several weeks -- without making a "loaner" available for their use! And, return the machine with all their "personal files" *lost*.
However, this ties up staff doing mindless restores -- which take a really long time (even if you do several machines at once and leave them largely unattended). As staff have limited hours (donated time isn't infinite time!), that means some *other* student doesn't get a "new machine", or some other equipment donation gets refused because there aren't enough man-hours to make use of it, etc.
[Hint: these kids don't pick up this malware visiting "innocent" sites!]
I can't think of any other way to motivate them to be smart about
*how* they use the machines. I.e., *lose* the machine and you end up at the local public library -- where you *won't* be (allowed!) visiting any of those "non-innocent" sites!
Sorry, I meant that you could influence the choice of OS for your friends and neighbours. Getting the school to change systems would be more challenging!
If there is no internet connection, then the machines will be pretty safe (USB sticks and other media are still a possibility for malware, but much less risky).
However, a PC that is not connected to the internet these days is either a poor games console or an expensive doorstop. Maybe things are different where you live, but here a PC without internet would not be worth the money even if it is free.
I can see your problem, and I don't know any good way to solve the issue
- as I say, things seem to be different for you than for students over here.
Why not just use the Windows deployment tools. Setup one machine with all the drivers, generalize and image the file system, should work on all the machines. I just deployed 15 blade servers over ethernet in about 30 minutes. But I'm pretty sure you can make DVD images also.
If you can fill the unused blocks with a simple pattern (like all zeroes) they become of little consequence, especially if you use something better than gzip for compressing. there used to be defragmenting tools that could do that.
Because you are *buying* a "new" disk -- and, buy whatever is economical *today* (or, suits your *increasing* storage needs).
OTOH, if you are relying on whatever some corporate donor drops in your lap, you have no idea how large the next disk you receive will be. E.g., if first donor gave you a system with 500G drive(s) and a subsequent donor gives you a system (less capable?) with 250G drives, you may choose to just pull the drives from the second donation (as they will work in a *higher* performance machine) and use them as spares for the earlier machine(s).
The world of donation-based nonprofits is very different from the one of deep corporate pockets. E.g., a very high end server is typically of less value to you AS A MACHINE than a more modest minitower -- because folks can't accommodate a 2U form factor "in their bedroom"; or, the server has only minimal video capabilities; etc. So, you treat the server as a source of commodity parts and discard most of its value.
E.g., I rescued an older blade server (14 blades, each with dual 3GHz Xeon's, 8G RAM and 72G 2" disks per blade, quad power supplies, etc.) for a song. Aside from the RAM, most of it was headed for the tip! Who's going to use something like that in a home/school/small business? It's a beast and requires a fair bit of specialized administration!
You *couldn't* restore 300G to a 250G drive (hence the "obviousness"). But, you might want to restore a 500G disk of which 100G are used onto a 250G replacement drive (see above). OOTB, Clonezilla can't downsize like this. (But, can be coerced into doing it with a bit of technical expertise)
Or, pick a "kernel"/OS that doesn't expect all that bloat!
OK. Then *add* something that removes the drapery (slash screen) when/if something goes wrong in the boot.
I don't think anything "MS" fits that description! :> I can
*easily* do that for one of my *BSD boxes -- even with a decent set of tools installed. But, something like Windows+Updates+Office would probably easily require two DVD's (or, dual layer plus some)
[I can actually figure out what each of the machines here used at various points in their "build" process as my install logs include the number of "used blocks" reported by Clonezilla each time I built an image in the process.]
AFAICT, the "image" shouldn't care about the file system on the medium. I.e., it should be like a "hole-y" dd(1) image so something like:
... ... ...
As such, access to the raw device should be all I need - and a checksum to provide some assurance that what I'm pushing to the medium is intact (followed by a verify cycle)
I was planning on setting up one machine "of each make/model".
1 - install windows
2 - install machine specific drivers
3 - download/install updates (incl hw updates)
4 - install apps & updates
5 - mark the machine to reprompt for licensing(s)
6 - create image
Then, transfer the image to each "similar" machine. When student boots machine, they are only prompted for the "personalization" information (so I can leave that up to them to choose instead of having all machines say "Generic Student" at "Charity, Inc.")
But, the student needs to be able to restore the image that I created in step 6 -- from one or more DVDs (etc).
Can Windows, itself, do this? Or, does it place preconditions on *when* it will allow an image to be created (e.g., only after "registration")?
ah, yeah, that would make life tricky windows doesn't like it if you use 3rd party tools to shrink a partition. I got a vista install that wont accept SP3 due it being shrunk using gparted.
Or the server has really loud fans, I was offered one with that affliction.
I've not seen that problem with XP. Though it could depend on how *much* you shrink the partition!
Most servers have loud fans. I think the thinking is that the box resides in a "server room" and not where folks are likely to be working. And, 1U or 2U servers are probably the noisiest as the fans have to be pretty small (as well as redundant).
And, if the fans weren't enough, they tend to have a multitude of drives (I think my smallest has five). So, there's a fair bit of "spindle noise" (in addition to the extra cooling for the extra drives!)
The blade server I mentioned sounds like a shop vac when running. The dual fans are more like *blowers* than fans!
OTOH, I think it pulls 2000W so you'd expect it to move a fair bit of air! (esp given the poor ventilation characteristic of thin blades)
The way I have done it in the past for generaly close but not identical machines is:
1) Install windows but not product key.
2) Install all updates.
3) Install drivers for all the machines it might be used on.
4) Install all software. This has to be done carefully, as not all software supports the OS generalization process.
5) Boot machine from WinPE and generalize and image the hard drive. I do this over ethernet but I'm sure it works from DVD also.
formatting link
formatting link
formatting link
Anyway, I hope the links above point you in the right direction. I don't really have any more details on your exact situation.
I thought I had to install with *a* product key -- then remove with sysprep afterwards (?)
In my case, all machines are identical. So, this becomes step 1.5 (as the machine will probably need a driver for the NIC, chipset, etc. if not supported natively)
I'm hoping that if *all* they want is the OS + Office (et al.) that I can just build a "real" machine and then backout the OS product key, SID, and HKLM\...\Office\ keys. Add these back in *after* the "basic image" has been copied to the other machines. *Then*, separately image each of them (so the end user is not bothered with knowing product keys -- just "Name" and "Organization").
Will it support the need for *multiple* DVD's and, on restore, prompt for those in succession? Ethernet has no "media size" :>
Thanks! I'd read through much of the sysprep stuff, already but I'll chase down these other links. Goal here is NOT to become a Windows SysAdmin :-/
I'm off to see what they have/need so I'll have to remember to take good notes...
Not sure, never used this on Windows 7,all of my deployments are Win2008 R2. At least with Win 2008 there is no difference in the availible updates with or without a product key. This may not be true on Windows 7. Sysprep will remove the product keys for Windows and office during generalization.
I would, if I were you, take your windows install media and use, I think sysprep, to generalize the install media. I would then deploy the new generalized install media to the template machine. I would avoid using the on DVD installer which came with your windows media. This should basically do a "quiet" install of windows and it should then prompt you for the details on first boot. Fully setup this template machine and then image it.
You can build custom deployment images with product keys encoded in them. It's in the manual, really, I've seen it ;-)
Yeah me neither. Only reason I learned all this was because I had access to HPC Cluster licenses and I am SOOOO sick of the free linux clustering tools. I have been fighting with linux clustering for 4 years now and it has NEVER been easy to administer. One or two linux boxes, fine, 20+ and it is a nightmere. I wiped out the linux cluster, took a few days to learn the new tools, and now admin is a breeze. I have to hand it to Microsoft, it really was point and click deployment with minimal hair pulling.
Oh, OK. I thought I had to do that explicitly beforehand.
OK.
I paid these folks a visit and they apparently have some site/volume licenses. Nearest I can tell, these are effectively "honor system" enforced? Regardless, I should be able to install OS+Office with valid licenses/product keys and just leave the keys in place.
Call it the "FOSS-tax"... simlar to the MS-tax but *different* (free)! :-/
Can you spell "not-ready-for-prime-time"?
Hopefully, I will find mine a similar experience. At my age, I'd like to keep the hair I've got for a wee bit longer! :>
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.