Norton GhostTM Enterprise

Getting Started Guide

Norton Ghost™ Enterprise
Getting Started Guide
The software described in this book is furnished under a license agreement and
may be used only in accordance with the terms of the agreement.

Copyright Notice
Copyright  1998–1999 Symantec Corporation.
All Rights Reserved.
Any technical documentation that is made available by Symantec Corporation is the
copyrighted work of Symantec Corporation and is owned by Symantec
Corporation.
NO WARRANTY. The technical documentation is being delivered to you
AS-IS and Symantec Corporation makes no warranty as to its accuracy or use. Any
use of the technical documentation or the information contained therein is at the
risk of the user. Documentation may include technical or other inaccuracies or
typographical errors. Symantec reserves the right to make changes without prior
notice.
No part of this publication may be copied without the express written permission
of Symantec Corporation, Peter Norton Group, 10201 Torre Avenue, Cupertino, CA
95014.

Trademarks
Symantec, the Symantec logo, Norton Ghost, Ghost Walker, Ghost Explorer, and
GDisk are trademarks of Symantec Corporation.
Microsoft, MS-DOS, Windows, and Windows NT are registered trademarks of
Microsoft Corporation. IBM, OS/2, and OS/2 Warp are registered trademarks of
International Business Machines Corporation. Novell and NetWare are registered
trademarks of Novell Corporation. 3Com and EtherLink are registered trademarks of
3Com Corporation. Compaq is a registered trademark of Compaq Corporation. Zip
and Jaz are registered trademarks of Iomega Corporation. SuperDisk is a trademark
of Imation Enterprises Corporation.
Other product names mentioned in this manual may be trademarks or registered
trademarks of their respective companies and are hereby acknowledged.
Printed in the United States of America.
10 9 8 7 6 5 4 3 2 1
C O N T E N T S

Chapter 1 Getting started

Process overview .................................................................................. 5
Setting up existing Windows machines for cloning .................... 6
Setting up new machines for cloning ........................................... 7

Chapter 2 Cloning your client machines

Preparing client machines to receive images ...................................... 9
Creating your source machine ...................................................... 9
Creating a boot disk .................................................................... 10
Rebooting your source machine ................................................. 10
Creating an image file .................................................................. 10
Creating a boot partition image .................................................. 10
Installing the Console client on the source machine ................. 10
Installing the boot partition ......................................................... 11
Using Norton Ghost Console to clone client machines .................... 12
Creating an image definition ....................................................... 12
Creating a configuration template ............................................... 12
Creating a cloning task ................................................................ 14
Executing the task ........................................................................ 15
Notes ............................................................................................. 15

Chapter 3 Using Norton Ghost Multicast Server and

Multicast Assist
Multicast Server ................................................................................... 17
Using Multicast Server ................................................................. 17
Multicast Assist Wizard ....................................................................... 19
Starting Multicast Assist ............................................................... 19
Adding DOS system files ............................................................. 19
Generating a boot package ......................................................... 20
Locating NDIS support files ........................................................ 21
Selecting a boot package ............................................................ 22
Specifying Norton Ghost parameters .......................................... 22
Specifying the Configurations folder .......................................... 23
Configuring network settings ...................................................... 24
RIS menu details .......................................................................... 25
Reviewing and executing ............................................................ 25

3
Appendix A Console security
Distribution ......................................................................................... 27
Changing Consoles ............................................................................. 28
Generating new certificates ................................................................ 28
NGServer password ............................................................................ 29

4
C H A

Getting started
P T E R

1
This guide outlines the process of rolling out and installing Norton Ghost
client software on machines with no operating system installed and on
Windows 9x/NT machines.

The Norton Ghost Implementation Guide contains detailed information

about Norton Ghost, its utilities, and Norton Ghost Console functionality.
You should consider the following additional information when you install
Norton Ghost Console:
■ During the Norton Ghost Console installation, a Console user called
Admin is created with a password of Norton.
■ Norton Ghost Console must be installed by someone with domain
administrator rights.

Note: The remainder of this document assumes you have installed Norton
Ghost Console.

Process overview
The following sections outline how to set up machines for cloning and
post-cloning configuration. The process differs for:
■ Machines with no operating systems installed.
■ Machines with Windows 9x/NT already installed.

These two scenarios are outlined on the following pages.

5
Getting started

Setting up existing Windows machines for cloning

If you have a machine with Windows 9x/NT installed, the following steps
are required.
1 Create a source machine that will become a template machine for all
the other machines that will be cloned.
See “Creating your source machine” on page 9 for more information.
2 From the Console machine, use Multicast Assist Wizard to create a boot
disk. This is used to take an image of your source machine.
See “Creating a boot disk” on page 10 for more information.
3 Use the boot disk you have created to boot your source machine.
See “Rebooting your source machine” on page 10 for more
information.
4 From the Console machine, use Multicast Server to create an image file
from your source machine.
See “Creating an image file” on page 10 for more information.
5 Create a boot partition image using Multicast Assist.
See “Creating a boot partition image” on page 10 for more information.
6 Install the Console client on the source machine. This allows Norton
Ghost Console to discover your source machine and capture the
configuration.
See “Installing the Console client on the source machine” on page 10
for more information.
7 Install the boot partition on your source machine. This erases the hard
drive.
See “Installing the boot partition” on page 11 for more information.
8 Reboot the source machine to allow the Console client to
communicate with the Console.
The client is ready to be managed from the Console.
9 From the Console create:
a An image file definition.
See “Creating an image definition” on page 12 for more
information.
b A configuration template.
See “Creating a configuration template” on page 12 for more
information.

6
 Process overview

c A task to clone and reconfigure your clients.

See “Creating a cloning task” on page 14 for more information.
10 Execute the task to create your client machines.
See “Executing the task” on page 15 for more information.

Setting up new machines for cloning

If you have a machine with no operating system installed, only the
following steps are required.
1 Install the boot partition on your source machine. This erases the hard
drive.
See “Installing the boot partition” on page 11 for more information.
2 Reboot the source machine to allow the Console client to
communicate with the Console.
The client is ready to be managed from the Console.
3 From the Console create:
a An image file definition.
See “Creating an image definition” on page 12 for more
information.
b A configuration template.
See “Creating a configuration template” on page 12 for more
information.
c A task to clone and reconfigure your clients.
See “Creating a cloning task” on page 14 for more information.
4 Execute the task to create your client machines.
See “Executing the task” on page 15 for more information.

7
Getting started

8
C H A

Cloning your client

machines
P T E R

2
This chapter describes how to prepare your clients to receive images and
how to roll out images once the Console recognizes your client machines.

Preparing client machines to receive images

Before you can use the Console to distribute images to your client
machines, you have to set up the client machines to be recognized by the
Console.

The process of rolling out and installing Norton Ghost client software
varies depending upon whether Windows 9x/NT is already installed on the
client. See “Process overview” on page 5 for an overview of both scenarios.

Creating your source machine

The first step in this process is to set up a Windows machine as a template
for all other machines. To do this, install Windows on the source machine
and configure it as you want all of your machines configured, including all
of its drivers.

The template machine must have the same network card as the machines
that will receive the image. If you have multiple network cards in your
organization, you need an image for each one.

Similarly, especially for Windows NT, if you have machines with major
differences in hardware, like SCSI disks versus IDE disks, you need to have
separate images for these also.

9
Cloning your client machines

Creating a boot disk

To create a boot disk:
1 Determine the vendor and model of the network card on your client
machine. The Multicast Assist Wizard requires this information.
2 Create a boot disk using the instructions in “Multicast Assist Wizard” on
page 19. You use the disk to enable Norton Ghost Multicast Server to
take an image of the machine.
3 Specify the multicast session name to be the same as on the Norton Ghost
Multicast Server.

Rebooting your source machine

Use the boot disk you just created to boot your source machine.

Creating an image file

The next step is to create an image file from your source machine. From
your Console machine, use the Multicast Server to create the file. See
“Multicast Server” on page 17 for more information.

Creating a boot partition image

Now you need to create a Norton Ghost boot partition image. The boot
partition contains the necessary Norton Ghost utilities, including the
Console Client, and drivers for your particular network card.

You use Norton Ghost Multicast Assist to create the boot partition image.
See “Multicast Assist Wizard” on page 19 for instructions.

You should use the same network card template you did to create the boot
disk. Save the image along with the image created in the previous step.
Both images are used on your client machine.

Installing the Console client on the source machine

You need to install the client software on the source machine so Norton
Ghost Console can capture the configuration settings from this machine.
These settings can then be used, if required, to reconfigure the machine
after a clone.

10
 Preparing client machines to receive images

Install Norton Ghost 6.0 Client software on your source machine. The
machine will be discovered by Norton Ghost Console and the machine
configuration captured. The title for the new machine icon is the computer
name and the default user (the last user logged in). These settings may be
useful when cloning many clients, because the settings can be
automatically restored to the machine from which they were taken.

When you start Norton Ghost Console, the client machine appears in the
default machine folder. You can identify it by the computer name and the
default user.

Installing the boot partition

Warning: After this step, the hard drive on the client PC will be completely
erased. The disk will contain only the Ghost boot partition, which is very
small. Do not perform this step unless you are sure you have copied all
data off the machine and that it is safe to proceed.

The next step is to load the boot partition image you created above onto
your client machine.

To install the boot partition onto your client machine:

1 Insert the boot disk in the client’s floppy drive.
2 Use Multicast Server to load the boot partition onto the client.
See “Using Multicast Server” on page 17 for instructions.
3 When the clone finishes, remove the disk and reboot the client PC.

11
Cloning your client machines

The machine will be running the Norton Ghost Client for DOS. The
client can now be controlled from the Console.

Using Norton Ghost Console to clone client

machines
After you set up your clients to be controlled by the Console, you can
create images and distribute them to the clients. If you have not yet set up
your clients, follow the steps outlined in “Preparing client machines to
receive images” on page 9.

Creating an image definition

To use the image file, you must first create a definition of the image in the
Images folder in Norton Ghost Console. For more information about
creating a configuration template, refer to the Norton Ghost
Implementation Guide.

Creating a configuration template

When your machine is added to the Norton Ghost Console database,
configuration data is recorded from the machine. This is recorded as the
Default configuration for that machine. When cloning a machine or group
of machines, if you check the Configuration box in the task and do nothing

12
 Using Norton Ghost Console to clone client machines

else, the Default configuration is restored on each machine as it was

before.

You can alter the configuration on a machine-by-machine basis by using a

Custom configuration in your task or by using a template. A template is a
good idea for a group of machines that are all configured similarly. To use
a template, you first create it in your Configuration Resources folder in the
Console, and then specify it when you create your task.

Templates differ from other configurations in that they can be applied to

multiple machines. This is achieved by allowing variables for Computer
Names. For example, “Computer****” is set to Computer0001 on the first
computer, Computer0002 on the second, and so on. Similarly, IP addresses
can be allocated from a range of numbers.

For more information about creating a configuration template, refer to the

Norton Ghost Implementation Guide.

To create a template configuration:

1 Specify that your configuration is a template.

2 Specify the configuration details.

13
Cloning your client machines

Creating a cloning task

A cloning task applies the source image to your client machine.

To create a cloning task:

1 In the General tab, specify the steps you want to perform in the task,
and the client machines to which the task applies.

2 In the Clone tab, specify the image you have created from the source
machine.

14
 Using Norton Ghost Console to clone client machines

3 In the Configuration tab, specify the configuration template to use.

4 Click OK.

Executing the task

After you execute the task, your client has the boot partition and a
Windows operating system that is a duplicate of your original source
machine, with the exception of configuration settings that have been
applied according to the template.

Your machines are ready to be used!

Note: When executing a Console task, avoid using image files that do not
reside locally. Be aware that tasks are executed by the NGServer user, not
the user at the Console, this might affect access rights to remote files. If
problems occur accessing files on the network, grant appropriate rights to
the NGServer user. For more information, see “NGServer Password” on
page 29.

Notes
■ The Norton Ghost boot partition must exist on every client machine or
it cannot be controlled from the Console.
■ The easiest way to put the boot partition on a machine is to create an
image of one with Multicast Assist together with a matching boot disk.

15
Cloning your client machines

Then use the boot disk and Multicast Server to put the boot partition
onto the hard drive.
■ You can take an image of a machine that includes both the boot
partition and a Windows partition. This image is useful for rolling out
new machines.
■ The boot partition must have network drivers that match the network
card. That is why it is created from Multicast Assist.

16
C H A

Using Norton Ghost

Multicast Server and
Multicast Assist
P T E R

3
Multicast Server
The Multicast Server efficiently distributes Norton Ghost image files over a
network connection. Using Multicast Server, it is possible to clone many
machines at the same time, using the same network bandwidth as you
would for one clone operation.

Due to the highly specialized nature of this server, the data is delivered
over the network more than twice as fast as over a mapped network drive.

You no longer have to map a network drive in DOS. A TCP/IP stack built
into Norton Ghost allows Ghost to act as a client to the Multicast Server
with only the packet driver loaded, requiring only a single floppy disk.
NDIS2 drivers are also supported in a single disk configuration, although
additional support files and configuration are required.

Another feature of Multicast Server is the ability to pull an image from the
client, so the entire process of image creation and deployment via the
network can be achieved using Multicast Server and a single disk.

Using Multicast Server

The Multicast Server in the example below is configured to Load To
Clients. The session begins when one client attaches. Sessions are

17
Using Norton Ghost Multicast Server and Multicast Assist

identified by name. The names must match on the client and server. The
Accept Clients button is selected to activate the server.

To create an image using the Multicast server:

1 Start the Multicast Server on your Norton Ghost Console machine. Make
sure there is enough disk space to store the image.

Note: Norton Ghost images contain only the actual data on a disk. If
you have a 9 GB drive with only 600 MB of data, the Ghost image is
about 600 MB or smaller if you use compression.

2 Select Dump From Client.

3 Specify an image file to create.
4 Click Accept Clients.

Note: The client must also be configured to dump rather than load. See
the Norton Ghost Implementation Guide for more information.

18
 Multicast Assist Wizard

Multicast Assist Wizard

The Multicast Assist Wizard helps you create the boot disks needed to use
Norton Ghost with the Multicast Server. It collects the required DOS files
and NIC drivers files, and leads you through the process of creating one or
more disks.

Multicast Assist creates templates specifying the NIC that can be used to
create a boot package. These boot packages support Microsoft Remote
Installation Service (RIS) and the creation of Ghost image files.

The following sections show how to create a disk boot package for loading
an image. A similar package could dump an image (creating an image from
a disk) by changing the Ghost command line or create the image file
necessary for the boot partition. See “Specifying Norton Ghost parameters”
on page 22 for more information.

Starting Multicast Assist

To start Multicast Assist:
■ Click the Start button, then select Programs > Norton Ghost > Multicast
Assist as shown.

Adding DOS system files

The first time you use Multicast Assist, it prompts you to add DOS system
files.

19
Using Norton Ghost Multicast Server and Multicast Assist

Note: HIMEM.SYS must be present on the disk you supply if you are
running Windows NT. (This is not shown in the panels below).

Generating a boot package

The next step is to select the template for your network card.

To generate a boot package:

1 Select Generate A Boot Package From An Existing Template.

2 Select a template that matches your network interface card.

20
 Multicast Assist Wizard

Note: If a template for your card is not available, you can create a new
template if you have the drivers.

3 Click Next.

Locating NDIS support files

The files PROTMAN.DOS, PROTMAN.EXE and NETBIND.COM are
required if you want to use NDIS drivers for your network card. Although
packet drivers are preferable, NDIS drivers are very common. There are
several versions of NDIS drivers—version 2 NDIS drivers are required.

To locate the NDIS files:

■ Do one of the following:
■ Select Copy The Files From This Location and enter or browse to
the file path.

Note: If you have an existing Multicast boot disk, you can use it to
provide the NDIS files Norton Ghost Multicast Assist requires.
Otherwise, download them from the Microsoft FTP site.

■ Select Download The Files From Microsoft.

21
Using Norton Ghost Multicast Server and Multicast Assist

Selecting a boot package

During the Client rollout process, you need to create a boot disk and a
boot partition image.

To specify a boot package:

■ Select the boot package option.

Specifying Norton Ghost parameters

Note: This option is for boot disk packages only.

The parameters shown below instruct Norton Ghost to connect to the

multicast session called “test” and to load the disk image to the first drive
(“dst=1” refers to the destination being fixed disk 1).

Switch Description

-sure Removes the need to confirm the specified details.

-rb Causes a reboot immediately after the cloning operation.

-clone Used with the text “src=@mctest.”

@mc indicates that what follows is the Multicast session name. In

this case, the session name is “test.”

The session name must match on the client and server.

22
 Multicast Assist Wizard

To create a boot package for dumping (creating images):

1 Do one of the following:
■ Swap dst and src so the command line reads:
-clone,src=1,dst=@mctest

Note: A complete description of Norton Ghost command-line switches

is included in the Norton Ghost Implementation Guide.

■ Create a general purpose boot package by not supplying a

command line at all. This requires you to run the user interface at
the client PC.

Specifying the Configurations folder

Note: This option is for Boot Partition packages only.

When a Console Client is first discovered on the network, Norton Ghost

Console creates an icon for it the Default folder in Machine Group. You
can change this folder in the Configurations Folder field.

23
Using Norton Ghost Multicast Server and Multicast Assist

When DOS machines are discovered, they are identified by Adapter

Address only. Specifying a folder makes identification of the machine
easier.

Configuring network settings

Configure network settings as shown below.

24
 Multicast Assist Wizard

RIS menu details

Note: This section applies only if you create an entry in the RIS (Remote
Installation Service) Menu under Windows 2000 server. This is for use with
a Network Service Boot on a PXE-enabled PC. No floppy disk is required.

Reviewing and executing

The window below displays the details of the boot package before it is
created.

25
Using Norton Ghost Multicast Server and Multicast Assist

Click Next to create the boot package.

26
A P P

Console security
E N D I X

A
The Norton Ghost Console and clients use public-key cryptography
techniques to authenticate the Console to the client. This ensures that only
the authorized Consoles can remotely control, clone, and reconfigure client
machines.

During Console installation, public and private certificate files are

generated. These files are called pubkey.crt and privkey.crt.

Caution: The private certificate must be safeguarded. If an unauthorized

user copies it, security is compromised. If you accidentally delete your
private certificate, and have no other copy, you will have to generate a
new certificate pair and distribute the public certificate to all clients. See
“Generating new certificates” on page 28 for more information.

When a client communicates with the Console, it uses a

challenge-response protocol. The client must have the Console’s public
certificate to perform this operation. Therefore, the Console’s public
certificate must be distributed to all clients.

Distribution
When the clients are first installed, a boot disk and a boot partition image
file might be generated with the Multicast Assist Wizard.

As long as you use Multicast Assist from the Console machine, the correct
public certificate file will automatically be included with all boot partition
image files that include the Console client.

The Windows client needs the public certificate to communicate with the
Console. When the client is installed, it prompts you for the Console's
computer name. This is the Windows computer name specified in

27
Console security

Windows Network Settings. The client uses this name to communicate with
the correct Console.

Changing Consoles
If you have more than one Norton Ghost Console in your organization, and
you want to move a client from one to the other, you need to change the
public certificate on the client.

There are two certificates for the Console on each client, one in the Norton
Ghost boot partition, and one with the Windows client in the Norton Ghost
directory. You only need to update the boot partition copy because the
Windows client copy automatically refreshes from the boot partition.

To update the boot partition certificate:

1 Generate a new boot partition image in the new Console.
2 Use a console task to distribute the new image to the client.
3 Specify that the clone is a Partition Load and select partition number 1.
In Advanced options, select Overwrite Hidden Partition.

Generating new certificates

If you lose your private certificate, or if you think security has been
compromised, you have to generate a new certificate pair and distribute
the public certificate to all the clients.

To generate new certificates:

1 Click the Start button and select Run.
2 Browse to the Norton Ghost installation directory (generally
C:\Program Files\Norton Ghost).
3 Enter ngserver.exe -keygen and click Run.
4 Use Multicast Assist to generate a new boot partition image that
includes the public certificate.
5 Distribute the boot partition to the clients as described in the Changing
Consoles section above.
An alternative if you are technically adept, is to unhide the boot
partition using GDISK from a boot disk and copy the file into the ghost
directory.

28
 NGServer password

NGServer password
On Windows NT systems, an NT service is installed called ngserver. This
service is responsible for Task execution and client communications. One
of its roles is to create machine accounts in NT Domains if machines are
added to domains during execution of a Task. To perform this role, a user
is created during installation called ngserver with the password ngserver.
The ngserver service logs in as this user. The ngserver user does not have
interactive login rights, is not a member of any groups, and only has the
privilege to manage machine accounts.

Although unlikely to be a security risk, you might want to use Windows NT

administration tools to change the password for this user. If you do so, you
must inform the ngserver service of the new password by setting the
registry value Password under the key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\Ngserver\Params.

29
Console security

30