Are you asking if you should include the apps in the image or how to manage the apps post image?
No I am asking the best way in LDMS to automatically install a group of applications to a new system once it has been joined to the domain and the LDMS Agent is installed by a GPO. Please see step 5 below.
1) we join a new system to the Domain
2) we place the computer object into the correct OU
3) GPO adds a startup script that executes the advance agent install exe
4) When the PC is rebooted, the LDMS agent gets installed.
5) **** We want LDMS to automatically install a group of apps****
6) LDMS Patches system based off security baseline repair group
I would suggest using the provisioning task or the unattend to join the computer to the domain and then have the app installs as part of the System Configuration in the template. The patching could be part of the provisioning template as well. The agent install needs to be part of the provisioning task but if you would like to leave it as a GPO you could write an if/then script that would look to see if the agent is already installed. It wouldn't really hurt anything if i is left as a GPO it would just try to install the agent again.
Thanks for the fast reply. We already have the logic in the GPO scrip to not reinstall if present for the LDMS agent.
I hadn't considered letting LDMS do the domain join and I have no experience with the provisioning and OS deployment features. So if I understand correctly, we need to:
1) enable PXE representative
2) create a device entry with the correct new system MAC address and name we want the system to be named.
3) the new system does a PXE boot and the Win PE environment boots reconfigures the local OS then initiates a reboot
4) the system reboots into the local OS and joins the domain?
To enable the PXE representatives you will need to push the pre-configured "PXE Representative Deployment" software distribution package to a windows machine on the same subnet (unless using IP helper) as the machine being imaged. Unless you pre-schedule the provisioning template you PXE boot you will authenticate to the login screen and then you can choose your template. Your template will include the imaging processes that will have all of the steps needed.
If you haven't done so already don't forget to configure your Preferred server settings.
Your template might look something like this;
Where is the system named? We were not planning on having to deploy an OS and use HII.
This is getting more complicated than I had hoped. If we manually join the system to the domain, do you still suggest using the system configuration in OS deployment vs a scheduled task for distribution packeges?
How do we select the target devices for the OS deployment system configuration?
You can have the template start at whatever part of the processes you would like. My example is the entire processes from imaging onward. At what stage are you systems going to be at when you want them to be configured?
We receive them with OS and no apps, we need to accept the EULA and create the local credentials. We then name the system and join it to the domain and put the computer object into the correct OU depending on location.
From there we would like the process automated for landesk agent(which we already have)
Then we want to deploy a group of apps that we already have distribution packages for(apps like Adobe reader, flash, chrome, our phone companion app, etc....)
Then we have several scheduled tasks for a repair groups that will patch.
OK. I think I understand where you are at. At the point you want to have provisioning install the apps you have already joined the PC to the domain and have the LANDesk agent installed correct?
At this point you could have the template populated with all of your apps and the patching processes and just schedule the template. Since the system will have the agent already installed you will not need to create a device entry. You also would not need to configure PXE at all as PXE is only for pre-boot tasks like imaging. Your template would look more like just the System configuration section ( without the Join Domain or agent install ) of my example with the rest of the sections left blank.
Yes, exactly, so still think using provisioning to do this is the way to go? Dumb question though, how would we target the new systems?
What are the steps and how do i associate the patch system action in the template with the new device that is added to the domain and LDMS agent installed?
Anyone? I have created a provisioning template to deploy software, how do I target new systems joined to the domain?
What If I use patch and compliance, can I create a custom definition to look for presence of our AV or other apps and then use patch to deploy?
Or could I create a query that finds systems missing these apps and create a software distribution task that targets this query?
I use the software portal for all my IT engineers. Made special task that are targeting the admin users I have in every site. They logon with their admin account do an inventory scan and run a policy sync afterwards, this make all applications available in the portal, they can all select them and install. But you can also do something like this via AD, target the AD group with directory management and it put new computers in the group to all applications. Or you can just create a query for all devices so new build devices will get targeted by the query.
Finally got a workable solution. We created custom definitions for the presence of the apps we want then set them to autofix.