Mass Deployment of VMware Fusion

Mass Deployment of
VMware Fusion  
A Practical Guide to Planning, Deploying, and
Managing Windows on the Mac  
May 2009 
Charles Edge, Director Technology, 318, Inc.
Sponsored by VMware
Mass Deployment of VMware Fusion
318
ARTICLE I.  VMWARE FUSION AND RUNNING WINDOWS ON THE MAC  5 
ARTICLE II.  SOFTWARE DEPLOYMENT CHALLENGES  5 
ARTICLE III.  TOOLS FOR SOFTWARE DEPLOYMENT ON MAC OS X  6 
Section 3.01  Apple Products for Mass Deployment  6 

(a)  System Image Utility  6 
(b)  NetInstall  7 
(c)  Apple Software Restore (asr)  7 
(d)  Apple Remote Desktop  7 
(e)  PackageMaker  8 
Section 3.02  Third Party Tools  8 

(a)  The Casper Suite  8 
(b)  LANrev  8 
(c)  NetRestore  8 
(d)  InstaDMG  9 
(e)  Ghost  9 
ARTICLE IV.  VMWARE FUSION SPECIFICS FOR DEPLOYMENT ON MAC

OS X  9 
Section 4.01  Installing VMware Fusion for Monolithic Image Deployment

  9 
Section 4.02  Creating the VMware Fusion Package  14 
Section 4.03  Embedding Volume License Key into the VMware Fusion
Package  15 
Section 4.04  Custom Installation Packaging with Composer   19 
Section 4.05  Deploying an Installation Package  22 
ARTICLE V.  CREATING WINDOWS VIRTUAL MACHINES FOR MAC

USERS  24 
Section 5.01  Creating the Virtual Machine  24 
Section 5.02  Install any necessary Windows applications   24 
Page 2 of 64
318
Section 5.03  Prepping Windows for Mass Deployment  25 
Section 5.04  Modifying the Virtual Machine for Mass Deployment   27 
Section 5.05  Deploying Windows Virtual Machine to Macs  29 
Section 5.06  Populating the Virtual Machine Library with Deployed VM

  32 
ARTICLE VI.  SYSTEMS MANAGEMENT: MANAGING WINDOWS WITH AD

OR OD  32 
Section 6.01  Microsoft Tools for Patch Management and Updates   32 
(a)  Microsoft Windows Server Update Services  33 
(b)  Group Policy  33 
(c)  System Center Configuration Management (SCCM)  33 
Section 6.02  Policies Without Active Directory  34 

(a)  Managing Policies for a Single Workstation  34 
(b)  Pushing Out Policies  36 
ARTICLE VII.  CONCLUSION  37 
ARTICLE VIII.  APPENDIX: DEPLOYING AND MANAGING VMWARE

FUSION VIRTUAL MACHINES WITH LANDESK MANAGEMENT SUITE  40 
Section 8.01  Simplifying Deployment of VMware Fusion and Windows VMs

  40 
Section 8.02  Create a VMware Fusion Distribution Package   42 
Section 8.03  Create a Distribution Package for Sysprep Windows VM

Image  43 
Section 8.04  Create a Distribution Package for Custom Deployment

Tasks  44 
(a)  Discover the Mac’s User Information  45 
(b)  Copy the Windows VM Image to the Mac  45 
(c)  Load the Windows VM Image  45 
(d)  Copy the LANDesk Agent into the Windows VM Environment  45 
(e)  Install the LANDesk Agent into the Windows VM Environment  46 
(f)  Remove the Self-Extracting Agent Executable  46 
(g)  Packaging the Script  46 
Section 8.05  Create Scheduled Distribution Task  47 
Page 3 of 64
318
Section 8.06  Facilitating Managing the VM, Your Macs, and PCs   49 
ARTICLE IX.  APPENDIX: DEPLOYING VMWARE FUSION 2 WITH JAMF

CASPER SUITE  51 
Section 9.01  Deploying VMware Fusion with Casper Remote   52 
Section 9.02  Deploying VMware Fusion with a Policy  53 
Section 9.03  Deploying VMware Fusion During the Imaging Process   55 
(a)  To create a script to trigger a policy at reboot:  55 
(b)  Next, create a policy similar to the one above with the following
changes:  56 
(c)  Finally, to deploy VMware Fusion when imaging you have two options:  57 
Section 9.04  Deploying VMware Fusion with the Self Service

Application  59 
(a)  Create a Self Service policy for the VMware Fusion application:  59 
(b)  Create a Self Service policy for a VMware Fusion Virtual Machine:  61 
 
Page 4 of 64
318
Article I. VMware Fusion and Running Windows on the Mac

While historically considered a more consumer-focused solution, of late, Mac hardware has
been gaining greater and greater traction in the Enterprise. The drivers around this are varied,
but a primary force has been the rise of virtualization—running Windows on the Mac—to solve
application compatibility challenges. Windows-based business critical applications, peripherals,
and web applications, which previously blocked the uptake of Mac hardware are now easily
accessible, thanks to technologies like VMware Fusion, which allows Windows applications and
Mac applications to run side-by-side.
Supporting this reality, a 2008 Yankee Group survey of 750 global IT administrators revealed
that nearly 80% of businesses are managing Macs on their network—up from 47% in the 2006
survey. Even more telling, 21% of respondents noted having more than 50 Macs on their
networks. The ability to run Windows on a Mac is a large part of this, with 50% of the
respondents confirming that they are running Windows on their Macs.
From department-based deployments of Macs, to employee and contractor owned Macs, and
even “Macs as a standard,” deploying Windows on a Mac with VMware Fusion opens the door
to an easier, less complex way of managing Macs in your environment using your existing
Windows application infrastructure.
VMware virtualization is industry-proven, with tens of millions of users worldwide, including 100
of the Fortune 100 and 92% of the Fortune 1000 counted as customers.
Article II. Software Deployment Challenges

The mass deployment of a single imaged operating system in many larger environments can be
a difficult task. When you take into account the licensing required for each piece of software,
the directory services binding required for systems, renaming the systems, the patch
management for future software, the settings (and by host settings) and all the other details,
imaging a large quantity of systems can be a difficult task.
The task of simultaneously mass deploying multiple operating systems to a given host can be
an even more complicated endeavor. You still have all the same requirements for the host
operating system, but in most cases you end up doubling the effort required in order to deploy
each subsequent operating system. Then, if you are deploying a system in a Virtual Machine
(VM) you end up also having to factor in specifics for deploying the software used to run and
manage the guest operating system and increased footprint of a second operating system both
in terms of network infrastructure and licensing costs. All of this leads to an increased reliance
on centralized management caused by the sprawl or a higher staff count to deal with support
tickets.
In this paper we will focus on first defining the methods, tools and software packages used for
mass deploying an application in Mac OS X. Once we have defined the tools we will move on
to explaining aspects of deployment that are unique to the VMware Fusion application. Then
we will explain how to deploy a Windows-based VM and various aspects used to manage of the
actual VM. Once the VM has been deployed we will move into patch management of the VM
itself and end with more advanced topics such as leveraging NetBoot services with VMware.
Page 5 of 64
318
Article III. Tools For Software Deployment on Mac OS X

When mass deploying and imaging the Mac there are a number of products that are typically
used. There are also two overarching methodologies used; each of the products fall into one or
both categories. The first method used is what is commonly referred to as monolithic imaging.
In this case, the team charged with the deployment creates an image that includes the operating
system, the software and any settings used for the deployment. Once the image is ready it is
then pushed out en masse to client systems. Monolithic imaging is a fairly simple process but
there are negatives to having one big image: each client needs the entire image, updates to
each piece of software are time intensive and occasional hardware incompatibilities can require
a multitude of different images. A typical way to go about creating a monolithic image involves
using System Image Utility to create the image and then using NetInstall to push the image to
client workstations. Tools like NetInstall can also be used with package based imaging,
although the quantity of data pushed to the workstation itself at image is monolithic in nature.
The second method used is commonly referred to as package based imaging. When you are
using package-based images you push out an image as a collection of .pkg files. Each package
is a part of the overall image, with the first package being the base operating system (also
known as the bare metal installation). For example, the base operating system would be a
package or .dmg file and each piece of software required or preference change would also be
an additional package.
Using a package based approach is more complicated by nature and requires more time to
initially deploy but ends up saving time long-term as subsequent updates to the image require
drastically less effort. With this method, you can push out only the software needed per
workstation and when you need to perform an update to the operating system or a software
component you can choose to either make a new package for the item being deployed or
augment the existing package to include it. A typical way to go about creating a package-based
image might be to use a tool such as Composer by JAMF Software to create your packages and
then the JAMF JSS server to distribute them.
Section 3.01 Apple Products for Mass Deployment

(a) System Image Utility
System Image Utility is a tool located in the /Application/Server directory of Mac OS X Server (or
a client system with the server tools installed on it) that is used to create images for NetBoot
and NetInstall deployments. In Leopard, System Image Utility includes options for creating
images, automating the binding of the imaged system to directory services, creating user
accounts on imaged workstations, partitioning disks prior to image deployment, adding
packages to the image, etc. The collection of tasks you will put into your image then utilizes
Automator to create Workflows to perform required steps in the imaging process (eg – partition
disk, then put the image on the system then bind to Open Directory), as can be seen in the
below screen shot.
Page 6 of 64
318
(b) NetInstall
NetInstall is a service that is built into Mac OS X Server. NetInstall can be activated and
configured by opening Server Admin and enabling the NetBoot service. Once enabled you
would add the image and clients can install directly from the image files hosted by the server.
NetInstall can perform any of the pre-flight or post-flight tasks (eg – formatting a drive, installing
a package, etc) that were defined using System Image Utility. NetInstall can be run on Mac OS
X Server.
(c) Apple Software Restore (asr)

Apple has a built-in image deployment solution that comes bundled with all versions of Mac OS
X called Apple Software Restore, commonly referred to as ‘asr’. The asr command line utility
can be used to deploy images in a unicast or multicast fashion and prepare images for
restoration. While asr is free, it is monolithic in nature and managed through the command line
thus making it seem less user friendly than many other solutions available.
(d) Apple Remote Desktop

Apple Remote Desktop (ARD) is a tool used to control client Mac OS X systems. ARD can be
used to send simple terminal commands to clients, share screens and deploy packages to
systems. ARD is not used to deploy operating systems but instead it is used to deploy software
to the operating systems post-imaging, provided ARD is enabled. The primary aspect we will
Page 7 of 64
318
focus on here is the ability to deploy packages, as would be the case if you already have a
number of systems deployed that you will likely want to deploy a package (or two) as part of
your VMware Fusion mass deployment.
(e) PackageMaker
PackageMaker is a tool used to build packages for Mac OS X. PackageMaker can use
snapshots or files and folders that have been manually selected to create packages.
PackageMaker can also use pre-flight scripts to be run before the files and folders that make up
the package are installed as well as post-flight scripts which can be run following the installation
of the files and folders. PackageMaker does have a slight learning curve and so many of the
third party tools look to ease the transition to creating packages by providing an easier user
interface to get acclimated with.
Section 3.02 Third Party Tools
(a) The Casper Suite

The Casper Suite, by JAMF Software can be used to image systems, manage patch
deployment and manage inventory. Using the Composer application (a part of the Casper
Suite) you can create a package or dmg file with the contents of any installation, which gives
you the ability to create a more unattended installer for application installers that require human
interaction. Composer works by taking a snapshot of the system prior to you performing a set of
actions (like installing a piece of software) and then taking a snapshot afterwards. Once the two
snapshots have been compared you will be able to customize which files go into the package
and once you are satisfied with your choices, create a package installer based on the changes.
The Casper Suite has other features, but for the purpose of this paper Composer will be our
focus.
(b) LANrev
LANrev is similar to the Casper Suite. LANrev is a management suite with a component called
InstallEase, which allows and administrator to quickly create packages using snapshots.
InstallEase does not have the granularity that a tool such as Composer has, in regard to the
snapshot process. However, it is freely distributed and so makes a fairly compelling product to
those who do not want to purchase Composer. You can still use packages created through
LANrev’s free InstallEase to deploy the packages through ARD and as post-flight installers
through NetInstall and NetRestore.
(c) NetRestore
NetRestore is a free application from Bombich Software that can be used to perform asr
restores of monolithic images. Additionally, you can have NetRestore run a script (or collection
of scripts) prior to installation or post-installation. One of the core features of NetRestore is now
the ability to partition a drive for both Mac OS X and Microsoft Windows and place a Microsoft
Windows image on that partition. This Boot Camp installation of Windows can then be
accessed using VMware Fusion or using BootCamp.
Page 8 of 64
318
(d) InstaDMG
InstaDMG is an application that uses a collection of packages to create an automated installer.
Using InstaDMG you can quickly create a monolithic image from a collection of smaller
elements. Therefore, you can continue to use monolithic imaging tools to deploy an image, but
use InstaDMG to generate that image.
(e) Ghost
Ghost is a Windows-centric application from Symantec that can be used to image systems. You
can use Ghost to image Mac OS X using a monolithic image. Ghost can be useful if you
already have plenty of experience with it and wish to image multiple Macs that will dual-boot
between Mac OS X and another operating system using BootCamp. The additional operating
system can then be accessed using VMware Fusion from within Mac OS X.
Article IV. VMware Fusion Specifics for Deployment on Mac OS X

The various requirements for installing an application can be considered a grouping of files and
folders and any actions that need to occur to have those run on a computer. This is known as a
package, which is a bundle of files that the Mac OS X operating system interprets given the
structure and format of the bundle they reside in.
The VMware Fusion 2 installer is distributed as a package file inside an installer application. As
such, you can use this package to deploy VMware Fusion without customizations. However, if
you are going to customize the application then you may want to create your own package to do
so. Or, if you are going to deploy the software as one package and have a separate license file
you can actually deploy VMware Fusion as two separate packages. By deploying VMware
Fusion as two packages you will not have to replace the license file with each subsequent
update.
Section 4.01 Installing VMware Fusion for Monolithic Image

Deployment
Adding VMware Fusion to a monolithic Mac OS X image for deployment is simple, just
performing a manual installation of VMware Fusion on your base image. If you purchased
Volume Licensing for VMware Fusion and you use a single image with your master license key
for all of your software for deployment (eg – Using a unicast asr disk image or using a tool like
Carbon Copy Cloner) then you can install VMware Fusion using the standard installation
package. In this scenario you would install Mac OS X onto a clean system along with any other
software you would be deploying. Then you would move on to installing VMware Fusion.
First, start off by mounting the VMware Fusion disk image or optical media on the system, which
will show you the introductions screen, as can be seen below:
Page 9 of 64
318
Click on the Install VMware Fusion icon, which is an application bundle and at the Welcome to
the VMware Fusion Installer screen click on the Continue button, as seen here:
At the Software License Agreement screen, read the license agreement and click Continue as
can be seen below:
Page 10 of 64
318
This will bring up a dialog box prompting you to accept the license agreement. If you agree with
the licensing terms then click on Agree to continue, as can be seen below:
At the Mount Virtual Disk Support screen you can choose whether to install MacFUSE, as can
be seen below:
Page 11 of 64
318
If you would like to be able to browse the virtual disks that VMware will create then leave
MacFUSE checked, otherwise you can uncheck it. Click Continue to bring up the Standard
Install on screen. Here, you can change which disk the software will be installed on, or click on
the Install button, as can be seen below to install VMware Fusion into the /Applications folder of
your boot volume.
Page 12 of 64
318
Page 13 of 64
318
Once the installation is complete you will be prompted for a license key as seen below. Here,
you will type in your Volume License Master serial number and click on the Continue button.
If you see the Installation Completed Successfully screen, then VMware Fusion will be ready to
open for the first time.
Section 4.02 Creating the VMware Fusion Package

VMware Fusion includes a standard Mac OS X package installer that has been bundled inside
an installer application. Therefore, installing VMware Fusion using standard package tools
simply requires a user or administrator to use the package that is bundled inside the VMware
Fusion installer application. The installer package can be invoked through the application or
extracted from the application and run stand-alone. To get the package, mount the VMware
Fusion disk image or insert your optical media and right-click (or control-click) on the “Install
VMware Fusion” icon and click on Show Package Contents, as seen in the figure below:
Page 14 of 64
318
Here you can open the Contents folder and then the Resources folder to see the “Install
VMware Fusion.pkg” file. Copy this package to another location and you will have the
installation package for VMware Fusion.
Section 4.03 Embedding Volume License Key into the VMware

Fusion Package
With VMware Fusion 1.1 and later, you can create a custom installation package with an
embedded license key, which is then pre-populated as a part of the installation process. This
way, when a user runs the installer package or when you deploy it through Apple Remote
Desktop or whichever patch management solution you prefer the installer will not ask the end
user for a serial number.
First, see section 4.0.2 on “Creating the VMware Fusion package” on how to find the VMware
Fusion installation package. You will need this package on a locally available disk in order to
customize it.
To create a VMware Fusion installation package that is bundled with a license file, create a text
file named “license.txt” that contains only the VMware Fusion serial number for your
organization.
Next, you will embed the license file into the VMware Fusion installation package. Browse to
your “Install VMware Fusion.pkg” file and right-click (or control-click) on the copied “Install
VMware Fusion.app” and click on Show Package Contents as seen in the following image:
Page 15 of 64
318
From here open the Contents folder and then the Plugins folder. In the Plugins folder you will
see a file called licensingPane.bundle. Here, right-click (or control-click) on the file and click on
Show Package Contents as seen below:
Page 16 of 64
318
Next, browse to the Contents folder and then the Resources folder of the bundle and place your
license.txt file into the Resources folder as can be seen here:
Page 17 of 64
318
NOTE: Since a .app, .pkg file and a .bundle file are just folders to the command line, you can
also simply copy the file to the correct location from the command line using the following
command (assuming the VMware Fusion installation package is on the desktop):
cp ~/Desktop/license.txt ~/Desktop/Install\ VMware

Fusion.pkg/Contents/Plugins/licensingPane.bundle/Contents/Resources
Page 18 of 64
318
Using this customized installer package, you can deploy it through Apple Remote Desktop or
whichever patch management solution you prefer and the installer will not ask the end user for a
serial number.
Section 4.04 Custom Installation Packaging with Composer

Alternatively, you could install VMware Fusion manually, creating the installation package using
a third party utility. This can be particularly helpful if you want to deploy VMware Fusion as a
dmg file rather than a .pkg file or if you want to customize it in ways not previously described
(some software, such as InstaDMG will use dmg files instead of packages). In this example we
will cover doing so with Composer, a part of the Casper Suite by JAMF Software.
To start, open Composer on the computer you will be installing VMware Fusion on. Then, set
the Look For: field to New and Modified and click on Take Snapshot as can be seen here:
While the snapshot is running do not perform any other tasks. When it is complete, then you
will see the green arrow move to Install and configure your software. At this point, follow the
instructions from Section 3.01 to install VMware Fusion. When you are complete, click back into
Composer and provide a name for the package in the Package Name: field.
Note: You can choose to embed the license key in the installer at this point or capture a base
snapshot one more time after the installation and then insert the license key and then create a
package with just the files pertaining to licensing VMware Fusion.
Once you are satisfied with the name for your installer, click on the Build Package button as can
be seen below:
Page 19 of 64
318
When you click on the Build Package Composer will go through a second lengthy scan. At this
point it will be taking a second snapshot of the operating system and will compare the two
snapshots to produce a list of what the image (.dmg) or package (.pkg) will consist of. When it
is complete you can click on the Verify Contents button to customize what will be a part of the
installer, as can be seen below:
Page 20 of 64
318
At this point, you will want to remove any extraneous information from the package. Keep an
eye out for any items that are not specific to VMware as configuration files for the computer you
are installing VMware Fusion onto can be captured here. Take extra caution to ensure that you
exclude any machine-specific system configuration files that are not specific to VMware Fusion.
Anything being deployed to /System, /etc or /var warrants particular consideration before
inclusion into your package with the possible exception of anything that specifically references
VMware or Fusion in the file name. However pushing out a file that overwrites /etc/authorization
for example could cause systems to not accept logins in the future.
Once you are satisfied that all of the items for VMware Fusion are listed, and only those items
then click on the Close button and then select a type of installer from the Package Type: field.
This could be a read-only dmg file, a read/write dmg file, a pkg, etc. When you are ready to
save the package, click on the Save To… button and then select a location to save the file. At
this point you have customized your installer. There are several benefits to creating an installer
in this manner.
- One is that you can remove the licensing information from the package and move it into
a separate installer, as described later in this document.
Page 21 of 64
318
- Another is that you can add a Virtual Machine to VMware Fusion and populate VMware
Fusion’s Virtual Machine Library list prior to taking the second snapshot and pushing out
the package. While this would make your installer larger and provide less flexibility with
regard to how you populate this information, it can be quicker than the alternatives listed
in Article V of this document.
Section 4.05 Deploying an Installation Package

Once the package has been created then you can test running it on a workstation. If it
completes as intended then you can move on to testing it through Apple Remote Desktop (or
whichever remote installation package you prefer, although we will use Apple Remote Desktop
for this example). To push it out through Apple Remote Desktop, first open the Remote
Desktop application. Then, highlight the machines you would like to deploy the software to
And click on the Manage menu and then click on Install Packages… as can be seen below.
This will bring up the Install Packages screen, as can be seen below. Here, click on the + icon
and select the VMware Fusion installation package created previously. You can use the
standard package or a customized package that includes a master license key if you desire.
Page 22 of 64
318
Next, select whether you want to restart after the installation using the After installation: field. In
this case there is likely no need to restart. Next, select whether you would like to run the
installer using your system or using a Task Server. Then, select whether to stop the installation
on the target computers if there are any problems in the If a problem occurs: field. Additionally
use the Security: field to select whether or not to encrypt the data and the Network usage: field
to throttle bandwidth if desired. Finally, click on Schedule… to schedule a time for the
installation or Install to install it immediately.
If the installer completed as expected then you will see a message similar to the following just
below the toolbar:
Page 23 of 64
318
Article V. Creating Windows Virtual Machines For Mac Users

At this point you have created a package or installed VMware Fusion on your computers. We
will now move on to creating the Virtual Machines themselves and deploying them. In this
document we will focus on using Windows, as that is the primary use case for running VMware
Fusion on the Mac.
Section 5.01 Creating the Virtual Machine

To start off we will create a base installation of Windows XP or Windows Vista. To do so,
launch VMware Fusion and click New. Insert a Windows installation CD or disk image (.iso) and
follow the steps for Windows Easy Install, which will install Windows automatically including all
necessary VMware drivers. For more details, refer to the VMware Fusion Help topic “Creating a
Virtual Machine with Easy Install”.
When you are setting up your Virtual Machine there are a few settings that can be useful to help
maximize the performance of your systems.
By default, VMware Fusion’s settings for memory, processors, and hard disk are designed to
balance the needs of performance for both Windows and Mac applications.
In addition to virtual hardware settings, there are additional features to consider enabling:
- Shared Folders
- Mirrored Folders
- Shared Applications
- Printing
- Adding Comment in the Virtual Machine Library
Once your virtual machine is setup the way you desire, next install any desired Windows
applications.
NOTE: If you are using a corporate modified or custom-built Windows XP/Vista installation
media or disk image, you should NOT use Windows Easy Install, which assumes a default
Microsoft provided Windows installation media. Make sure to uncheck “Use Easy Install” in the
New Virtual Machine Assistant in this case and install Windows manually.
Section 5.02 Install any necessary Windows applications

When you are deploying a Windows Virtual Machine, you will likely install additional software
that is required for your business into the Virtual Machine prior to deployment. Installing such
applications now will ease your initial deployment.
After initial deployment, you can leverage a solution such as Microsoft System Center
Configuration Manager (SCCM), LANdesk, or LANrev to deploy additional Windows software to
your Windows virtual machine as you would do with many of the solutions available for Mac OS
Page 24 of 64
318
X. In other words, the same monolithic versus package based deployment options are
available, just using different solutions to get the job done.
Section 5.03 Prepping Windows for Mass Deployment

In order to make for an easier Windows deployment, you will want to rename the Windows
computer name on each Mac to have a unique network name and then optionally bind that
virtual machine to a Windows Active Directory
After installing any desired Windows applications, one of the first things you will want to do with
the Virtual Machine is to assign it a new Windows name. This will prevent multiple Virtual
Machines on the network from occupying a conflicting namespace. There are two traditional
ways to rename a system in Windows.
- Sysprep
- Run script on the computer (or in the virtual machine in this case)
The first is to setup sysprep to rename a host as a part of the installation answer file
(sysprep.inf). Sysprep can be downloaded at the following URL:
http://support.microsoft.com/?kbid=838080
Sysprep can automatically assign names to computers. When you run the setupmgr.exe tool,
one of the options will be whether you want to Fully Automate This Install. This setting pertains
to whether you will require someone to manually accept the EULA for Windows. Another option
though, is Automatically Generate Computer Name. Using this option, sysprep will handle
computer naming for you.
The second way is to run a script against the Virtual Machine that renames the computer. For
this, you could use a script as simple as the following, which would change a computer name to
NEWCOMPUTER:
' ------ SCRIPT CONFIGURATION ------
strComputer = "."
strNewName = "NEWCOMPUTER"
' ------ END CONFIGURATION ---------
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\cimv2")
Set colComputers = objWMIService.ExecQuery ("Select * from
Win32_ComputerSystem")
For Each objComputer in colComputers
errReturn = ObjComputer.Rename(strNewName)
WScript.Echo "Computer successfully renamed"
Next
If you save the above script as, for example, rename.vbs then it would rename the machine to
NEWCOMPUTER when run. This script can be saved anywhere on the system (eg in a
C:/scripts directory and then the script itself can later be removed (important if you put any
passwords into the script). You can then take your naming convention and apply it’s logic
through Visual Basic by changing what the strNewName variable is set to. For example, you
would use something similar to the following to grab the MAC address of a system and then add
it to the end of strNewName to append a MAC address to the computer name:
Page 25 of 64
318
MACAddress=objAdapter.MacAddress
Scripts to change names and the like can be activated through SysPrep, through startup items
or using the vmrun command. If you wanted to use the vmrun command, for example, you
could create a second package that gets installed after your VMware Fusion package and
Virtual Machine package. In this package you could put a command (or script) that uses vmrun
to open the Virtual Machine and run the renaming script:
vmrun -T ws -gu administrator -gp MyPassword runScriptInGuest "c:\my VMs\myVM.vmx"
"c:\Installers\myscript.vbs"
Using the runScriptInGuest (or runProgramInGuest if your script has been compiled or if you’ll
be using an application) that is available through VMware Fusion offers a variety of options not
otherwise available if you were using sysprep. DOS batch files (.bat) will not run using the
runScriptInGuest parameter, but you can invoke Visual Basic scripts through the vmrun
interface (depending on the version, you may need to also specify a path to the interpreter).
This allows you to potentially send variables to the script that contain the desired computer
name, guest password, etc. If you are more comfortable writing scripts for your mass
deployment through Mac OS X scripting tools than you would be scripting through Visual Basic
then you can simply pass the parameters of your script to the client system using a file that is
copied locally or using the positional parameters available with your scripting language. This
added flexibility can be very useful in a deployment scenario where you are not using sysprep.
Rather than use the runScriptInGuest or runProgramInGuest you can also use the workstation’s
built-in auto-login options. These can be altered in the registry by using keys located in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. The
keys to enable automatic logon are DefaultUserName, AutoAdminLogon and DefaultPassword.
More Windows centric organizations will want to first rename computers and then bind them into
Active Directory. Binding can be done in the same script or in a separate one. The bind will
typically require another restart after the rename and require not only TCP/IP connectivity to the
network but also valid DNS for Active Directory to properly use. One way to join to a domain
would be to use the JoinDomainOrWorkgroup method with WMI (Windows Management
Instrumentation), as Microsoft describes at the following site:
http://msdn.microsoft.com/en-us/library/aa392154(VS.85).aspx
Finally, there is one other unique identifier associated with each Windows computer that needs
to be updated in Windows. Windows has a Security Identifier, or SID. Even if two computers
have independent network addresses (MAC), if the SID is the same, one won't be able to
access the network as effectively as it would otherwise be able to do. You may use a tool like
NewSID to update the SID of a deployed Windows virtual machine or write a script to do so.
NewSID is available at the following URL:
http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx
These are the basic methods for the deployment of Windows systems. Like the deployment of
Mac systems, this is a full time position in many organizations and therefore there is a wide
variety of information on the Internet and in printed form that is geared to preparing and sharing
information on sysprep and Visual Basic scripting. Many organizations will likely have an
Page 26 of 64
318
existing infrastructure for their Windows deployments and require little retooling for scripts and
methods to work in a VMware Fusion environment.
Section 5.04 Modifying the Virtual Machine for Mass Deployment

Similar to Section 5.0.3, there are a number of things that need to be changed in Windows for
mass deployment. Finally, you need to modify the virtual machine to make it ready for mass
deployment.
First, power off the virtual machine so that it is shut down. This is important as there are slight
differences in Intel processors that could potentially cause problems if resuming the VM on a
older or new computer. Having the machine start from power on will avoid any potential problem
in this area.
There are three areas that you need to address:

- Unique Identifers
- User specific settings such as Shared Folders
- Surpressing the antivirus warning message
Unique Identifers
Computers have various unique identifiers that serve a similar purpose, and if these identifiers
conflict, they might not be able to communicate with each other. A common identifier is the MAC
(short for Media Access Control) address. Every network adapter has one of these. VMware
virtual machines have another identifier called the UUID - this isn't important to the guest, but is
how Fusion (or other VMware products) keeps track of virtual machines.
These settings are stored in the Virtual Machines settings file, which is known as the .vmx file.
To take the virtual machine you created and configured earlier and make it applicable for
distribution, you need to edit the virtual machine settings file (.vmx) to remove machine specific
identifiers. Once they are removed, VMware Fusion will create them on first launch on the
deployed computer.
To do this, right click on the virtual machine bundle and select Show Package Contents. Find
the Virtual Machine Settings .vmx file and open it TextEdit or your favorite text editor.
The aspect of the Virtual Machine that needs to be changed from the VMware Fusion
perspective is to remove lines in this file that localize the Virtual Machine to the system it was
created on.
To do so, remove the lines that begin with the following from the .vmx file that is associated with
each VM you will be deploying:
ethernet0.addressType =
uuid.location =
uuid.bios =
ethernet0.generatedAddress =
ethernet0.generatedAddressOffset =
User Specific Settings (Shared and Mirrored Folders)
Page 27 of 64
318
Shared and Mirrored folders provide great value to your users allowing them to access
documents stored on the Mac directly from Windows. Shared and Mirrored Folders rely on
specific path names to the desired shared directories.
To take the virtual machine you created and configured earlier and make it applicable for
distribution, you need to edit the virtual machine settings file (.vmx) to change absolute paths to
relative paths that will be expanded on first launch on the end users Mac.
To do this, right click on the virtual machine bundle and select Show Package Contents. Find
the Virtual Machine Settings .vmx file and open it TextEdit or your favorite text editor.
sharedFolder1.hostPath = "/Users/pat"
Change the variable to:
sharedFolder1.hostPath = "~"
Once you have made these changes to the virtual machine, do NOT power on this VM. If you
power on the VM, the settings will be reset to user specific settings and will need to be changed
again.
Antivirus warning message

Fusion 2.0 comes bundled with a complimentary 1-year McAfee antivirus subscription. If Fusion
detects the user is running a compatible guest OS, it will present a dialog encouraging the user
to install the antivirus software. This may not be desirable, especially if your policy forbids
installing such software. To work around this, edit the .vmx file to contain the line
skipAntivirusCheck = "TRUE"
If your policy prevents users from installing the bundled antivirus, you might want to remove the
bundled antivirus image entirely. The antivirus iso is located in /Library/Application
Support/VMware Fusion/isoimages/. You could remove it during the custom packaging steps
described in Section 4.03 and 4.04.
Finally, you will also want to setup the VM to automatically rename the Operating System on
first run and if you are using the Virtual Machine with Directory Services (such as Active
Directory) you may wish to automate the binding process. These options are explored further in
Article V of this document.
Optionally, there are a variety of other options that you can push out by editing your .vmx file.
These include customizing the folder that shared folders points to, enabling and disabling
drives, customizing the number of virtual CPUs, etc. This can be done prior to pushing out the
.vmx file or by using commands to push out changes to .vmx files to workstations through, for
example, Apple Remote Desktop or SSH.
When you are customizing a .vmx file it’s important to remember the following:
Page 28 of 64
318
• Shared Folders path should be set to a relative path before deployment. This is done by
replacing the paths with “~”, which will be expanded to the full path of the current user on
first launch
• The UUID and MAC address setting that are removed manually will recreate themselves
automatically
• After making the changes above, do NOT launch the virtual machine again as this will
overwrite the settings desired for deployment
Section 5.05 Deploying Windows Virtual Machine to Macs

Once you have deployed the VMware Fusion software then you will need to deploy the actual
Virtual Machines that Fusion will be utilizing. Deploying the Virtual Machines and .vmx files to
Mac OS X can be done through a script, package or .dmg file. For this example, we will create
a package with the Virtual Machine using PackageMaker.
To start, install the Mac OS X Developer Tools by inserting your installation media and running
the Xcode Tools installation package. Once installed, open PackageMaker from
/Developer/Applications/Utilities/PackageMaker. At the Install Properties screen, type the name
of your organization with a prefix of com. and choose a minimum version of the operating
system for this package to be able to get installed on, as seen below:
At the next screen, supply a name for your package and choose the drive that the package
contents (the Virtual Machine) will get deployed into.
Page 29 of 64
318
Click on the cog wheel icon in the lower left corner of the screen and click Add Contents… to
bring up a standard browse window. Here, select the Virtual Machine you would like to deploy
and then click on OK. This will bring you back to your package creation screen where you can
enter the folder you would like the Virtual Machine to be placed into using the Destination: field.
You can also enter a version number in the Package Version: field, as seen here.
Page 30 of 64
318
You can now click on the Scripts directory and define any postflight actions you would like to
perform, such as populating the VMware Fusion Virtual Machine Library with deployed VM, as
described in Section 5.06 If you have no further customizations to perform then you can click
on the Build icon in the top left corner of the screen to bring up a screen that allows you to save
a copy of your package to an easily accessible location as can be seen here:
Once you have created your installer package then you can push the package out through
Remote Desktop as mentioned previously or through the patch and configuration management
solution you are using in your environment.
Page 31 of 64
318
Section 5.06 Populating the Virtual Machine Library with Deployed

VM
Once all of your Virtual Machines have been deployed you will want to deploy a preference that
populates the VMware Fusion Virtual Machine Library when it is first opened. The Virtual
Machine Library is populated using the defaults command. You can read the existing
preferences for VMware by running the following command:
defaults read com.vmware.fusion
You can read the list of current Virtual Machines accessible by VMware Fusion using the
following command:
defaults read com.vmware.fusion VMFavoritesListDefaults2
The following command will add a Virtual Machine named "Windows XP" to the Virtual Machine
Library (assuming that the Virtual Machine is located at "/VM/WindowsXP.vmwarevm"
defaults write com.vmware.fusion VMFavoritesListDefaults2 -array-add '{name =

"Windows XP"; path = "/VM/WindowsXP.vmwarevm";}'
You can also replace an existing list of Virtual Machines in the library by using the following
command:
defaults write com.vmware.fusion VMFavoritesListDefaults2 -array '{name = “Windows

XP"; path = "/VM/WindowsXP.vmwarevm";}' '{name = "Fedora Core"; path =
"/VM/Fedora.vmwarevm";}'
In the above command we edited the com.vmware.fusion preference by adding an array that
lists the Virtual Machines to be added. By adding additional lines you can create more entries in
your favorites list. An example of another item to place at the end of this command would be to
add a Virtual Machine called Windows Vista that is located at /VM/WindowsVista.vmwarevm
using the following:
'{name = "Windows Vista"; path = "/VM/WindowsVista.vmwarevm";}'
In order to deploy this through ARD, Casper, or another app, you would need to generate a new
package with the preferences file. Alternately, you could leave the preferences file in place and
then manually script the addition using your pattern matching commands of choice.
Article VI. Systems Management: Managing Windows with AD or OD
Section 6.01 Microsoft Tools for Patch Management and Updates

As with Mac OS X, there are a variety of ways to provide patch management and updates to
Microsoft Windows computers. This typically involves one or more products that fill the basic
roles typical to a Mac OS X environment. Because we covered deployment in previous Articles,
this Section will focus on patches and updates to the operating system and any third party
software products installed as a part of your deployment.
Page 32 of 64
318
(a) Microsoft Windows Server Update Services

Windows Software Update Services (WSUS) is a free add-on for Windows Server 2008 and
Windows Server 2003 with Service Pack 1 or higher, provided you are fully licensed for those
products. Similar to how Software Update Server on Mac OS X Server works, WSUS
downloads updates from Microsoft Update onto a server and then provides them to clients in the
environment. This allows administrators control over which updates get deployed to client
systems and doesn’t require each computer in your environment to download and cache all of
the updates from Microsoft Update, thus reducing overall bandwidth consumption for automatic
updates for your Windows deployment.
WSUS isn’t just for Windows desktop operating system updates though. WSUS also has
updates for all of the various flavors of Windows Server (and there are a lot of them), Microsoft
Office, Microsoft Forefront, Microsoft Expression and even the Zune. The management for
WSUS is a little more granular than that of the Mac OS X Server Software Update Server.
Products are broken down into categories to ease the administrative burden and updates are
classified so that you can choose which categories to download and which classifications
(Critical, Definition, Security, Updates, Service Packs, etc) to be released without administrative
intervention.
Unless you control all patch deployment from a centralized location, WSUS is a must have for
any sizeable Windows deployment. To obtain WSUS, see the following link:
http://www.microsoft.com/downloads/details.aspx?FamilyId=C8FA2FD1-72F6-4F19-A1B0-
F689DAE14BE6&displaylang=en
Information on scripts that can be used to extend WSUS can be found at the following location:
http://www.microsoft.com/technet/scriptcenter/scripts/sus/default.mspx?mfr=true
(b) Group Policy

Group Policy is the foundation for centralized control over a Windows deployment. Policies are
managed through Active Directory and can be used to automate most any task, whether it be
controlling access to various resources, controlling settings, pushing out software updates,
pushing out WSUS settings, etc. Policies can be pushed out to a site, domain, organizational
unit, user, group, etc.
Policies in Active Directory are pushed out to workstations (and servers) through the use of a
Group Policy Object, configurable through the Group Policy Management Console of Windows
Server. GPOs allow you to push out Windows updates but also to push out updates to installed
third party software using custom installers (eg - .msi, .mst files). You can also use the same
framework to push out new installations of Microsoft software and third party packages. This
allows you to push out a lean guest operating system and then granularly control what software
is installed from a central location; think package based management.
(c) System Center Configuration Management (SCCM)

SCCM (System Center Configuration Management) uses GPO, Active Directory, IIS and a few
other key pieces of technology to provide a more comprehensive solution to centrally managing
a Windows deployment than is available through the use GPOs. SCCM provides Software
Page 33 of 64
318
Updates, Asset Management (referred to in SCCM as Asset Intelligence), Configuration

Management (similar to the Casper Suite) and operating system deployment, which you are not
likely to use in a predominately VMware Fusion environment.
Section 6.02 Policies Without Active Directory

All of the options in the previous Section referenced solutions reliant on Active Directory.
However, it is possible to centrally manage policies for a Windows environment without Active
Directory. This can be especially useful in environments running Open Directory where you are
using Mac OS X as a PDC (Primary Domain Controller).
(a) Managing Policies for a Single Workstation

From Windows Server 2003 or Windows XP there are two utilities that can be used to create
policies. The first is Group Policy Object Editor, gpedit.msc. The second is secpol.msc. For
the purposes of this document we will use gpedit.msc as it provides most of what is available in
secpol and far more granular policies for workstation control.
To open GPO Editor click on start then click run and then type gpedit.msc. Now you will be
looking at two sections, Computer Configuration and User Configuration. Computer
Configuration controls global settings such as password policies and Log on Locally as can be
seen below:
Page 34 of 64
318
The User Configuration will show a folder called Administrative Templates. Open this and you
will see Windows Components, which are Windows XP applications, such as Terminal Services
(RDC), Windows Media Player, Windows Update, Windows Explorer, etc. An example of
setting these policies is to use the Windows Media/Playback/Prevent Codec Download policy to
prevent the downloads of Windows Media Player Codecs. Start Menu and Taskbar can be
used to configure settings in the start menu and task bar (seems pretty straight forward, right?).
For example, you can use the Remove Run Menu from Start Menu to configure the system not
to show a run dialog box in the Start Menu. Some other items you can do here include locking
the taskbar, showing users the classic Start Menu, disable history of recently opened
documents or remove Run/My Pictures/My Music/My Network Places/Favorites from the start
menu.
User Configuration also allows you to configure the Desktop using the Desktop subfolder. For
example, the Properties dialog box can be removed from My Documents, My Computer or
Recycle Bin. Or you could remove My Computer, My Documents or Recycle Bin from the
Page 35 of 64
318
desktop completely. You can also block users from adjusting desktop toolbars or hide the
Network Places and/or Internet Explorer Icon on the desktop.
User Configuration is also where you can allow or disallow specified groups of users access to
the Control Panel using the Control Panel sub-set of folders. Control Panel not only includes
the Control Panel but also includes Printing, Language, Add/Remove Programs, etc. You can
limit which Control Panel items are displayed to end users or just prohibit any users from
accessing any Control Panels. You can also perform more finely grained access control for
certain Control Panel items. For example, you can allow a user access to the Display Control
Panel and allow them to enable a Screen Saver there but disable the ability to change the
wallpaper. You could also force a password to wake a system from Screen Saver mode.
The Add or Remove Programs sub-folder will allow you to limit users from being able to install
software or allow you to limit certain options within the software installation wizard. Through the
Printers sub-folder you can limit whether a user can add or delete printers, or limit them from
being able to browse to printers. Shared Folders can be used to disable a users ability to share
folders. Network can be used to limit users from changing TCP/IP, NIC or other items that
involve the network stack. Network can also be used to set offline file caching settings. System
has a number of settings that can be configured, including profile quota's (under User Profiles),
login script behavior (under Scripts), Task Manager and computer locking (under Ctrl+Alt+Del
Options), the ability to start programs at login (under Logon), GPO controls such as refresh
intervals (under Group Policy - although many of these will not be enforceable if you are not
using a domain) and finally Movie Maker and HTTP printing (using Internet Communications).
There are a lot of policies. If you're curious about what a specific policy will do then you can use
the Extended view (by clicking on Extended on the bottom navigation bar). Using the Extended
view, system requirements (version of Windows, etc) will be listed and a description of what the
policy will do will be displayed on the left hand side of the screen. If you are comfortable with
what a policy will be doing, you can double-click on the policy and configure the settings for it.
(b) Pushing Out Policies

If you're looking to push policies out from a centralized directory service that is not Active
Directory then you will have slightly more work to do. You will be using the poledit.exe utility
rather than gpedit.msc. The poledit.exe tool is stored on a Windows 2000 Server CD. If you
install the Admin Tools using the driveletter\i386\adminpak.msi installer then you will be able to
build a policy file in adm format that can then be distributed. Once you open the Poledit.exe
application you will click on the File menu and then select New New Policy. From here you will
see Default User and Default computer (much as with it's successor gpedit.msc).
Options in poledit.exe for Computers include a variety of settings. One of the more important
here is the Local Computer->Network->System Policies Update->Remote Update which can be
used to identify where the system will be getting policy updates and how they will be updated.
To set/create the policy file (Ntconfig.pol), first remove all #if version and #endif statements from
the System.adm, Inetres.adm and conf.adm files on the local workstation in order to prevent the
unintended loading of these files by the Poledit.exe tool. This isn’t absolutely necessary.
Next, save your policy settings as Ntconfig.pol. Save the file to the Netlogon share of the
Windows NT 4.0 domain controller. But, what if you do not have a Netlogon share or a
Page 36 of 64
318
replication service to replicate between shares. Well, create the share by adding the following
lines to your SMB config:
[netlogon]
comment = Network Logon Service
path = /path
guest ok = Yes
browseable = No
# If you have problems, try adding the following line
# acl check permissions = no
Using the above, you would replace the /path with the actual directory you will store the data on
your server. This directory needs to allow everyone read only access and be accessible by all
hosts that will be controlled using these policies. Copy the ntconfig.pol file into this directory
and you will now be pushing the policy out to your local Windows workstations that are bound
into the PDC.
Options in poledit.exe for users include policies dealing with Control Panels (restrict access to
display), Desktop (wallpaper and color scheme), Shell (Start Menu controls and Network
Neighborhood controls), System (Run Dialog), Windows NT Network ($ hidden shares),
Windows NT Printers (beeps and priorities), Windows NT Remote Access (dialup networking),
etc.
One final way to manage policies is through the login scripts option available to Windows
workstations that log into your PDC. Using the login scripts you could script the import of a
policy and apply it to the user or computer using gpupdate.exe.
Article VII. Conclusion

Windows and Mac mass deployments are fairly similar in nature, in regard to the methodologies
used. However, deploying both simultaneously to result in a heterogeneous operating system
environment per host can be a fairly complicated task. In this document we have reviewed the
steps and procedures for setting up a Virtual Machine deployment infrastructure using VMware
Fusion. When you are preparing any system for mass deployment, it is critical to “measure twice
and cut once.” The more testing you do, the better off you will be.
If you are already familiar with Windows scripting then we would also recommend getting
prepared to learn as much shell scripting and AppleScript as possible. This will only help you to
further automate your deployment. However, if you are already familiar with scripting for the
Mac then we would recommend that you familiarize yourself with WMI and Visual Basic to help
automate Windows-oriented tasks.
In many environments where multiple operating systems are presented to end users,
organizations will attempt to unify the environment that is presented to their users. For
example, using a combination of features within VMware Fusion and GPOs you can allow your
users to see the same Documents folder whether they are in Windows or Mac OS X and then
synchronize this folder with your servers using Mobility or have the folder live on the server
using Network Home Folders. You can also synchronize other directories or use aliases,
symbolic links, shortcuts, etc. to unify the environment. However, this is an area that requires
Page 37 of 64
318
extensive planning and testing as small GPO policy changes or changes to features within a
product can cause profound differences in how the data is presented to the user, potentially
jeopardizing the perception of your entire deployment.
Finally, the additional footprint of multiple operating systems will establish a greater need for
security for your environment. It is strongly recommended that considerations for how to secure
each operating system en masse be handled separately and be well thought out. Training is
essential to making sure that your environment is as secure as possible. This extends beyond
the operating systems in use and into each application that is deployed.
Page 38 of 64
318
About 318:
318 is a national technology solutions company delivering comprehensive technical support

services and software solutions to businesses. At 318, our trained and certified technology
professionals know the business of our clients. 318's array of technology services will
complement your organization's business logic while allowing you to focus on moving your
business forward. Services include mass deployment, directory services, SAN, scripting and
other centralized IT technologies for Linux, Windows and Mac OS X. 318 is on the web at
www.318.com
About VMware:
VMware (NYSE: VMW) is the global leader in virtualization solutions from the desktop to the
datacenter. Customers of all sizes rely on VMware to reduce capital and operating expenses,
ensure business continuity, strengthen security and go green. With 2007 revenues of $1.3
billion, more than 120,000 customers and nearly 18,000 partners, VMware is one of the fastest
growing public software companies. Headquartered in Palo Alto, California, VMware is majority-
owned by EMC Corporation (NYSE: EMC) and on the web at www.vmware.com.
Author: Charles Edge, Director of Technology :: 318
Page 39 of 64
318
Article VIII. Appendix: Deploying and Managing VMware Fusion Virtual

Machines with LANDesk Management Suite
This appendix describes an alternative workflow to deploy of VMware Fusion using LANDesk
Management Suite. The entire section is provided and copyrighted by Avocent Corporation.
VMware Fusion enables users to experience the best of both Mac and Windows worlds.
Unfortunately, IT teams often lack the means to deploy and manage these guest operating
systems easily and effectively. However, Avocent’s LANDesk Management Suite not only
extends your deployment and management capabilities to VMware Fusion guest operating
systems, it enables you to control your entire environment of Macs, PCs, and other platforms
from a single centralized workstation console.
Section 8.01 Simplifying Deployment of VMware Fusion and

Windows VMs
In addition to simplifying management of both Mac and PC environments, LANDesk
Management Suite facilitates the deployment of VMware Fusion and guest Windows VMs onto
your Mac hardware as illustrated in this diagram.
Page 40 of 64
318
The following sections of the document provide insights on how LANDesk can help you
accomplish this, enabling you to end up with a Mac that is completely manageable from the
LANDesk console, and a Windows guest operating system or virtual machine (VM) running on
the same machine that is completely manageable from that same console as well. These
sections will direct you through how LANDesk Management Suite can help you easily automate
and execute the following main steps:
1. Create the VMware Fusion distribution package

2. Create a distribution package for sysprep Windows VM image
3. Create a distribution package for custom deployment tasks
4. Create a scheduled task that deploys the packages, installs VMware Fusion, copies and
loads Windows VM, and deploys a LANDesk agent onto the Windows VM
5. Easily manage both the Mac and the Windows VM running on the Mac
Page 41 of 64
318
Section 8.02 Create a VMware Fusion Distribution Package

Before deploying VMware Fusion to a Mac, you need to have the LANDesk agent installed on
the Mac to allow you to manage it with LANDesk Management Suite. There are a number of
ways of installing the agent, but one way is to simply browse to its location on your LANDesk
core server. If you browse to it with Safari, the agent’s package will automatically be extracted
and the installation will be carried out on the Mac. Once the agent is installed, that Mac will
appear in the list of managed devices from within the LANDesk console from where you can
perform a variety of management operations on it.
Figure 1- With the LANDesk agent installed, Mac devices can be easily managed from the LANDesk console
Before you deploy VMware Fusion, you must obtain a distribution package for the application.
You can use the package file provided by VMware, or you can create a custom one using
LANDesk Management Suite. In either case, refer to section 4.02 of this guide for details on
how to obtain the package, as well as how to embed the VMware Fusion license keys into the
package. To facilitate package creation, you should copy the package files to your LANDesk
core server into the directory /ldlogon/mac/.
To create a package file from within the LANDesk console, simply click Tools| Distribution |
Distribution Packages and select New Macintosh package. The LANDesk interface makes it easy
to specify the files and settings necessary to successfully install the package, including any
dependencies, prerequisites, command-line parameters, or additional files needed for the
install. Once you’ve created a VMware Fusion distribution package in LANDesk, it is compressed
and stored in the LANDesk core server database where it can be easily accessed for
deployment.
Page 42 of 64
318
Figure 2 - VMWare Fusion distribution packages can easily be created with LANDesk
Section 8.03 Create a Distribution Package for Sysprep Windows

VM Image
To make sure your Windows VM loads with the correct computer name, licensing, domain host,
IP address, DNS settings, and other unique attributes, you need to run sysprep on your
Windows workstation before imaging it. Sysprep customizes a Windows installation so that
when the OS reboots, it looks for an answer file (SYSPREP.INF) and reconfigures itself for the
new device.
The Microsoft Setup Manager utility (SETUPMGR.EXE) creates the SYSPREP.INF answer file
that Sysprep uses for the images you deploy. After you sysprep your image, you need to zip the
resulting files and copy them to the /ldlogon/mac/ directory on your LANDesk core server. Then
to create the distribution package, once again you select New Macintosh package from Tools|
Distribution | Distribution Packages from within the LANDesk console and then browse to the
location of the zipped Windows VM image.
Page 43 of 64
318
Figure 3 - LANDesk facilitates the creation of distribution packages for sysprep'd Windows VM images
Note: If you’re not familiar with sysprep, you can find more information on it at
http://support.microsoft.com/?kbid=838080, as well as in section 5.03 of this guide. The
LANDesk Management Suite user documentation also has information on how to use sysprep in
conjunction with deploying Windows images.
Section 8.04 Create a Distribution Package for Custom

Deployment Tasks
LANDesk Management Suite lets you take advantage of bash scripts to execute custom tasks.
You can leverage this scripting capability to simplify the copying and loading of your Windows
VM images onto your Macs, as well as deploying the LANDesk management agent into your
Windows VM environments.
You can create the script using the vi editor on Mac OSX. (Note: You cannot create the script
with a text editor in Windows or DOS because the LANDesk Mac agent won’t be able to
interpret it correctly). The script you create might look something like the following (please note
that the format wrapping is due to the document and is not the way the script should be written):
Page 44 of 64
318
#!/bin/bash
lastUser=`last -t console -1 | awk '{print $1}'`
cp -r "/Library/Application Support/LANDesk/sdcache/XP" "/Users/${lastUser}/Documents/Virtual Machines"
"/Library/Application Support/VMWare Fusion/vmrun" start "/Users/${lastUser}/Documents/Virtual
Machines/XP/Windows XP Professional.vmx"
"/Library/Application Support/VMWare Fusion/vmrun" -gu Administrator -gp AdminPW copyFileFromHostToGuest
"/Users/${lastUser}/Documents/Virtual Machines/XP/Windows XP Professional.vmx"
/Users/${lastUser}/Documents/XPAgent.exe "c:\\Documents and Settings\\${lastUser}\\Desktop\\XPAgent.exe"
"/Library/Application Support/VMWare Fusion/vmrun" -gu Administrator -gp AdminPW runProgramInGuest
"/Users/${lastUser}/Documents/Virtual Machines/XP/Windows XP Professional.vmx" "c:\\Documents and
Settings\\${lastUser}\\Desktop\\XPAgent.exe"
"/Library/Application Support/VMWare Fusion/vmrun" -gu Administrator -gp AdminPW deleteFileInGuest
  
(a) Discover the Mac’s User Information

The second line of the script facilitates your ability to perform mass deployments of Windows
VM images to multiple Macs by discovering who the last user was that logged onto that specific
Mac. This user information is then inserted into the substitution variables used later in the script
that enables the VM image to be copied to the appropriate directory on the Mac. This script line
looks like this:
lastUser=`last -t console -1 | awk '{print $1}'`
(b) Copy the Windows VM Image to the Mac

The next line copies the contents of the folder containing the Windows VM image file to the appropriate 
directory on the Mac: 
 
cp -r "/Library/Application Support/LANDesk/sdcache/XP" "/Users/${lastUser}/Documents/Virtual Machines"
(c) Load the Windows VM Image

The following line takes advantage of the VMRUN utility in VMware Fusion to automatically load
the Windows VM image:
"/Library/Application Support/VMWare Fusion/vmrun" start "/Users/${lastUser}/Documents/Virtual

Machines/XP/Windows XP Professional.vmx"
(d) Copy the LANDesk Agent into the Windows VM Environment

Once you have your Windows VM running, you’ll want to be able to manage it from your
centralized LANDesk console just as easily as you can manage the Mac physical machine itself.
To be able to do this, you need to deploy and load a LANDesk Windows agent onto the virtual
machine. This line copies the agent from the Mac environment into the Windows VM
environment:
"/Library/Application Support/VMWare Fusion/vmrun" -gu Administrator -gp AdminPW

copyFileFromHostToGuest "/Users/${lastUser}/Documents/Virtual Machines/XP/Windows XP
Page 45 of 64
318
Professional.vmx" /Users/${lastUser}/Documents/XPAgent.exe "c:\\Documents and

In this script, the –gu and –gp parameters are respectively the admin username and password
for the Windows VM. These must be valid credentials, or the script will not be able to
authenticate correctly and carry out the script.
The path "/Users/${lastUser}/Documents/Virtual Machines/XP/Windows XP Professional.vmx" is

simply the path to the .vmx file on the Mac. The path
/Users/${lastUser}/Documents/XPAgent.exe is the location where the LANDesk agent for
Windows happens to be stored on the Mac in this example. In this case, the agent has been
preconfigured in LANDesk to be a self-extracting executable installation package. The path
"c:\\Documents and Settings\\${lastUser}\\Desktop\\XPAgent.exe" is the destination inside the
Windows VM where you would like to copy the agent.
(e) Install the LANDesk Agent into the Windows VM Environment

To have the agent automatically install itself, you can add a line to the script similar to the
following:
"/Library/Application Support/VMWare Fusion/vmrun" -gu Administrator -gp AdminPW runProgramInGuest

This script line simply tells the file XPAgent.exe to run. Since installing the agent requires
administrator rights, the script must supply the appropriate Windows administrator credentials
for the VM. Once the agent is installed, the Windows VM will appear in the LANDesk console as
a device that can now be managed.
(f) Remove the Self-Extracting Agent Executable

With the agent installed, its self-extracting executable installation package is no longer needed.
An additional line can be added to the script to automatically delete it from the Windows VM
such as the following:
"/Library/Application Support/VMWare Fusion/vmrun" -gu Administrator -gp AdminPW deleteFileInGuest

(g) Packaging the Script

When you finish creating your script, you simply copy it to the /ldlogon/mac/ directory on your
LANDesk core server. Then you create a distribution package for it by selecting New Macintosh
package from Tools| Distribution | Distribution Packages within the LANDesk console and
browsing to the location of the script file.
Page 46 of 64
318
Figure 4 - LANDesk lets you create custom deployment tasks that leverage scripts
Section 8.05 Create Scheduled Distribution Task

Now that you have the three main distribution packages created, you need to create a
scheduled distribution task that will deploy the packages in the following order:
• VMware Fusion will be installed

• The Windows VM will be copied and loaded onto the target Mac
• A LANDesk agent will be deployed onto the Windows VM allowing it to be easily managed by
LANDesk
To do so, click the Create software distribution task toolbar button under Scheduled task. Then,
from the Distribution package page, you can select a Preliminary (#1) distribution package, a
Main (#2) distribution package, and a Final (#3) distribution package. For Preliminary
distribution you’ll use the VMware Fusion distribution package you created. The Main
distribution package will be the one you created for the Windows VM image. The Final
distribution package will be the package containing the scripts.
After you select the distribution packages, you need to select a delivery method for the task,
which can be any of the following:
Page 47 of 64
318
• Push - The LANDesk core server immediately deploys and installs the packages onto the Mac, or to
multiple Macs using multicast.
• Policy - When managed devices check in with the core server, the packages are automatically
installed according to the policies that you define.
• Policy-supported push – Immediately pushes out the distributions according to the policies you
define.
• Multicast – Enables the packages to be deployed simultaneously to multiple managed devices in a
manner that minimizes network bandwidth consumption.
At this time you can also specify the devices that need to receive the distribution packages and
when the task should run, which can be immediate or at a later date. Also, if you don’t want to
specify the target devices at this time, you can simply save the distribution task for now.
If you look at the properties of the distribution task in the LANDesk console, it will likely appear
similar to the following:
Figure 5 - LANDesk lets you create a single distribution task that uses multiple distribution packages to
seamlessly install VMWare Fusion, copy and load your Windows VM image, and install the LANDesk agent
into your Windows VM environment
Page 48 of 64
318
When you’re ready to execute the distribution task, you can simply drag the targeted managed
Mac or Macs onto the task in the Scheduled tasks window, and then schedule the task for
deployment. In just minutes from when it is deployed, VMware Fusion will be installed, the
Windows VM will be loaded, and the LANDesk agent will be installed into the Windows VM
environment, enabling you to easily manage both its Windows VM and Mac environments from
the LANDesk console.
Figure 6 - LANDesk not only facilitates the deployment of Windows VMs, it facilitates management of Mac,
Windows VM, and Windows environments
Note: In addition to being able to deploy VMware Fusion as a software distribution package,
you can leverage LANDesk to simplify the creation and deployment of OS images for mass
distribution to your Macs. For details on how to properly include an installed version of VMware
Fusion in OS images for mass distribution, refer to section 4.01 of this guide.
Section 8.06 Facilitating Managing the VM, Your Macs, and PCs
®
While LANDesk Management Suite can help you automate the deployment of the VMware
Fusion Windows environment onto your Macs, its capabilities don’t stop there. Once the
Page 49 of 64
318
environment is established, LANDesk provides complete management of both environments,

including the ability to:
• Remote control Macs and PCs from PCs and Macs

• Distribute software packages via push, policy, or policy-supported push
• Track software usage against purchased licenses
• Enforce patching and security compliance
Additionally, the following elements of the LANDesk solution cater specifically to the needs of
organizations that plan to install Apple hardware with the intent of running Microsoft Windows as
VMware Fusion guests on those machines:
OS Deployment and Profile Migration

• The LANDesk OS Deployment Wizard guides you through the entire OS deployment and migration
process.
• The task scheduler automates target selection, options and schedules for automated software
distribution and configuration tasks.
• Web console availability lets you manage any client from any browser that supports NTLM
authentication—including Safari under Mac OS X 10.4.x or newer.
• Policy-based management uses inventory-based policies to enable automated configuration
management.
Asset Inventory and Software License Monitoring

• Unified database enables easy querying, reporting, targeting and policy creation for all managed
computers across the enterprise.
• Configurable inventory scanning catalogs hardware and software assets on each machine
• Full inventory of Bluetooth devices allows for more complete identification and mapping of corporate
assets.
Remote Control
• Remote control enables remote problem resolution and maintenance with high render rates and low
latency.
• Update user systems from your platform of choice, as the Mac remote control client allows you to
update from a PC or a Mac.
Remote Script Execution

• The ability to deploy shell scripts as applications gives you complete control over the desktop
environment.
Windows Client
• LANDesk provides similar functionality for Windows platforms (physical and virtual) as it does for the
Mac.
From OS deployment through remote control, patch management, software distribution and
software license monitoring, LANDesk provides you comprehensive management of your Mac,
Windows, and guest Windows environments. For more information, please visit
www.landesk.com or call 1-800-982-2130.
Copyright © 2008, Avocent Corporation. All rights reserved. Avocent, LANDesk and Touchpaper and their respective logos are
among the registered trademarks or trademarks of Avocent Corporation, its subsidiaries or its affiliated companies in the United
States and/or other countries. *Other brands and names are the property of their respective owners.
Page 50 of 64
318
Article IX. Appendix: Deploying VMware Fusion 2 with JAMF Casper Suite
This appendix describes alternative workflows to deploy of VMware Fusion using JAMF Casper
Suite. The entire section is provided and copyrighted by JAMF Software.
Once you have created the necessary packages, you can now easily deploy the VMware Fusion
application, settings, and Virtual Machines to Macs on your network using the Casper Suite.
Casper offers four primary methods of distributing VMware Fusion to your managed Macs, all of
which can be enabled at the same time:
• Using Casper Remote, when immediate deployments are required.

• Automatically via Casper’s Policy Engine, which allows for unattended, automatic
installation when clients appear on the network.
• During the imaging process, eliminating further steps to make a computer ready for a
user.
• User-initiated via the Self Service application, allowing the user to install VMware
Fusion or additional Virtual Machines when they need it.
Page 51 of 64
318
Section 9.01 Deploying VMware Fusion with Casper Remote
The Casper Remote application can be used to immediately deploy VMware Fusion and
associated Virtual Machine(s) to you managed Macs. This method is best for an immediate
deployment. However, it will overwrite any existing VMware Fusion installation and also
requires the target system to be connected to the network.
1. Launch Casper Remote and authenticate to your JAMF Software Server (JSS).
2. In the Computers tab, select the target systems to which VMware Fusion will be deployed.
3. In the packages tab, select the VMware Fusion installer package, the VMware Fusion
settings package, and the Virtual Machine you wish to deploy.
4. Ensure that the VMware Fusion settings package has the options selected to “Fill User
Templates (FUT)” and “Full Existing User Home Directories (FEU)”.
5. In the Advanced tab check “Update Inventory (Recon)”.

6. Click “Show plan” in the toolbar of the Casper Remote window and verify that the
appropriate computers are selected
7. Click Go to begin the installation.
Page 52 of 64
318
Section 9.02 Deploying VMware Fusion with a Policy
Policies allow you to automatically install VMware Fusion along with a Virtual Machine onto a
specific group of computers based on a certain trigger such as startup, login, or a particular
timed event such as a known maintenance window.
1. Connect to the web interface of your JSS.

2. Click Management and choose Policies.
3. In the Policies window, click “Create New Policy...”
4. In the General tab, enter something like “Install VMware Fusion” as the Display Name and
set the Category to “VMware Fusion”.
5. In the “Triggered by” drop down menu, choose the trigger you would like to begin the
installation (“startup” is recommended).
6. In the “Execution Frequency” drop down menu, choose “Once Per Computer”.
7. Choose any days or time range where you do not want the installation process to occur.
8. Click the Scope tab and choose which computers, groups, departments, or buildings will
receive VMware Fusion. It is highly recommended that in addition to a department or
building you also scope the policy to a specific Smart Computer Group that is set to the
minimum hardware requirements and disk space required for VMware Fusion. If
necessary, limit the installation to a particular network segment. For example; you could
exclude your wireless or VPN network segment to only allow the installation when the
client system is physically plugged into the network.
Page 53 of 64
318
9. In the packages tab, click “Add Package” and choose the Install action for the VMware
Fusion installation package, the settings file, and at least one Virtual Machine.
10. Click “Add Package(s)” to add the packages to the policy.
Templates (FUT)” and “Full Existing User Home Directories (FEU)”
12. In the Advanced tab, check “Update Inventory (Recon)”.
Page 54 of 64
318
13. Click the Save Policy button at the bottom of the browser window.
When a client meeting the scope criteria (group membership, network segment, department,
etc) checks in with the JSS on the specified trigger, it will automatically pull down the VMware
Fusion packages and log the action to the JSS when the installation is complete.
Section 9.03 Deploying VMware Fusion During the Imaging

Process
VMware Fusion can be deployed when a Mac is imaged with Casper Imaging. However, the
VMware Fusion installer can only be run when the computer is booted off the primary drive. To
automate this process you will need to create a script to call a policy as soon as the computer
reboots. This ensures VMware Fusion is installed on the correct drive and still allows the
imaging process to be automated.
(a) To create a script to trigger a policy at reboot:
1. In TextEdit, create a new file called “FirstBoot.sh” containing the following lines:
#!/bin/bash
#### This is a script to automatically run any policies trigged

#### by the manual run action of “firstboot”, allowing you to
#### install packages that require the Mac to be booted to the
#### primary boot volume.
/usr/sbin/jamf policy -trigger firstboot
2. Save this file in plaintext and drag it into Casper Admin.

3. Double click on the script inside Casper Admin and click the Options tab.
4. Set the Priority drop down menu to “At Reboot”.
Page 55 of 64
318
5. Click OK and save your changes in Casper Admin.
(b) Next, create a policy similar to the one above with the following
changes:
1. In the General tab, set the Triggered by: drop down menu to “other” and enter “firstboot” in
the run action field.
2. In the Execution Frequency drop down menu, choose “Ongoing” to allow the option to
install VMware Fusion again if the computer is ever re-imaged.
Page 56 of 64
318
3. In the Scope tab, you can choose “Assign to All Computers” as the deployment will be
specified with a configuration in Casper Admin or at image time with Casper Imaging.
(c) Finally, to deploy VMware Fusion when imaging you have two
options:
1. Drag the FirstBoot script into the desired configuration in Casper Admin so as to be
automatically applied to any Mac imaged with that configuration.
OR
Page 57 of 64
318
2. When using the Casper Imaging application, click the Scripts tab and select the FirstBoot
script. Ensure it is set to run At Reboot.
Page 58 of 64
318
Section 9.04 Deploying VMware Fusion with the Self Service

Application
By configuring a policy to be triggered by Self-Service, your users can install VMware Fusion
and Virtual Machines on demand without assistance from IT. This offers the flexibility of also
allowing the users to choose exactly when the installation will occur, as well as allowing them to
reinstall a corrupt Virtual Machine or upgrade to a new one.
(a) Create a Self Service policy for the VMware Fusion application:

2. Click the Management tab and choose Policies.
3. Click “Create New Policy...”
4. In the General tab, enter something like “Install VMware Fusion” as the Display Name and
set the Category to “VMware Fusion”.
5. In the “Triggered by” drop down menu, choose “None (or Self Service Only)”.
6. In the “Execution Frequency” drop down menu, choose “Once Per Computer”.
7. Choose any days or time range when you do not want the installation process to occur.
8. Click “Scope” and choose which computers, groups, departments, or buildings will receive
VMware Fusion. You will still want to make special note of the scoping options to
ensure only appropriate computers are able to install the software.
9. Click “Self Service” and choose Allow this Policy to be used for Self Service.
10. Enter a brief description of the VMware Fusion application along with the current version you
are deploying.
11. Click “Choose File...” and locate an icon to represent VMware Fusion. This icon can be a
PNG, JPEG, or ICNS file. (You can find the actual icon file in /Applications/VMware
Page 59 of 64
318
Fusion.app/Contents/Resources/fusion.icns) Upload the selected file and you will be

returned to the Self Service tab.
12. If you would like this policy to appear on the first page presented to the user when they
launch the Self Service application, click the box next to “Feature this Policy on the Main
Page”. Otherwise choose “Display” and/or “Featured” for the policy to appear in the VMware
Fusion category inside the Self Service application.
13. In the Packages tab, click “Add Package” and choose the Install action for the VMware
Fusion installation package and settings file.
Templates (FUT)” and “Full Existing User Home Directories (FEU)”
Page 60 of 64
318
16. In the Advanced tab, check the box next to “Update Inventory (Recon)”.
17. Click “Save Policy” at the bottom of the browser window.
(b) Create a Self Service policy for a VMware Fusion Virtual Machine:

2. Click “Management” and choose “Policies”.
3. Click “Create New Policy...”
4. Click “General” and enter something like “VM-Windows XP” as the Display Name and set
the Category to “VMware”.
5. In the “Triggered by” drop down menu, choose “None (or Self Service Only)”.
6. In the “Execution Frequency” drop down menu, choose “Ongoing” to allow users to reinstall
the Virtual Machine if necessary.
7. Choose any days or time range when you do not want the installation process to occur.
8. Click “Scope” tab and choose which computers, groups, departments, or buildings will
receive the Virtual Machine. You will still want to make special note of the scoping
options to ensure only appropriate computers are able to install the software. If you
are deploying a Virtual Machine that requires a specific version of VMware Fusion,
be sure to consider that selection criteria in the Smart Computer Group along with
Page 61 of 64
318
available disk space. If you are introducing a new virtual machine to your
environment, you can simply create a Smart Computer Group containing only those
computers that have VMware Fusion already installed.
9. Click Self Service and choose Allow this Policy to be used for Self Service.
10. Enter a brief description of the Virtual Machine you are deploying.
11. Click “Choose File...” and locate an icon to represent the virtual machine. This can be in the
format of a PNG, JPEG, or ICNS file. Upload the selected file and you will be returned to the
Self Service tab.
12. If you would like this policy to appear on the first page presented to the user when they
launch the Self Service application, click the box next to “Feature this Policy on the Main
Page”. Otherwise choose “Display” and/or “Featured” for the policy to appear in the VMware
Fusion category inside the Self Service application.
Page 62 of 64
318
13. In the Packages tab, click “Add Package” and choose the Install action for the Virtual
Machine.
15. In the Advanced tab, check “Update Inventory (Recon)”.

16. To ensure this Virtual Machine is listed in the Virtual Machine Library once installed, enter
the following command in the “Run Unix Command” field of the advanced tab (this assumes
that the Virtual Machine is located at "/Users/Shared/VM/Windows XP Professional”):
defaults write com.vmware.fusion VMFavoritesListDefaults2 -array-add

'{name = "Windows XP Professional"; path = "/Users/Shared/VM/Windows
XP Professional.vmwarevm";}'
Page 63 of 64
318
17. Click Save Policy at the bottom of the browser window.
When users launch the Self Service application, they will be presented with the VMware Fusion
and Virtual Machine policies and can install them without local administrator rights to their
computer.
Page 64 of 64

Mass Deployment of VMware Fusion

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Mass Deployment of VMware Fusion

Uploaded by

Copyright:

Available Formats

Mass Deployment of

Charles Edge, Director Technology, 318, Inc.

ARTICLE I. VMWARE FUSION AND RUNNING WINDOWS ON THE MAC 5

ARTICLE II. SOFTWARE DEPLOYMENT CHALLENGES 5

ARTICLE III. TOOLS FOR SOFTWARE DEPLOYMENT ON MAC OS X 6

Section 3.01 Apple Products for Mass Deployment 6

Section 3.02 Third Party Tools 8

ARTICLE IV. VMWARE FUSION SPECIFICS FOR DEPLOYMENT ON MAC

Section 4.01 Installing VMware Fusion for Monolithic Image Deployment

Section 4.02 Creating the VMware Fusion Package 14

Section 4.04 Custom Installation Packaging with Composer 19

Section 4.05 Deploying an Installation Package 22

ARTICLE V. CREATING WINDOWS VIRTUAL MACHINES FOR MAC

Section 5.01 Creating the Virtual Machine 24

Section 5.02 Install any necessary Windows applications 24

Section 5.03 Prepping Windows for Mass Deployment 25

Section 5.05 Deploying Windows Virtual Machine to Macs 29

Section 5.06 Populating the Virtual Machine Library with Deployed VM

ARTICLE VI. SYSTEMS MANAGEMENT: MANAGING WINDOWS WITH AD

Section 6.02 Policies Without Active Directory 34

ARTICLE VII. CONCLUSION 37

ARTICLE VIII. APPENDIX: DEPLOYING AND MANAGING VMWARE

Section 8.01 Simplifying Deployment of VMware Fusion and Windows VMs

Section 8.02 Create a VMware Fusion Distribution Package 42

Section 8.03 Create a Distribution Package for Sysprep Windows VM

Section 8.04 Create a Distribution Package for Custom Deployment

Section 8.05 Create Scheduled Distribution Task 47

ARTICLE IX. APPENDIX: DEPLOYING VMWARE FUSION 2 WITH JAMF

Section 9.01 Deploying VMware Fusion with Casper Remote 52

Section 9.02 Deploying VMware Fusion with a Policy 53

Section 9.04 Deploying VMware Fusion with the Self Service

Article I. VMware Fusion and Running Windows on the Mac

Article II. Software Deployment Challenges

Article III. Tools For Software Deployment on Mac OS X

Section 3.01 Apple Products for Mass Deployment

(c) Apple Software Restore (asr)

(d) Apple Remote Desktop

Section 3.02 Third Party Tools

(a) The Casper Suite

Article IV. VMware Fusion Specifics for Deployment on Mac OS X

Section 4.01 Installing VMware Fusion for Monolithic Image

Section 4.02 Creating the VMware Fusion Package

Section 4.03 Embedding Volume License Key into the VMware

cp ~/Desktop/license.txt ~/Desktop/Install\ VMware

Section 4.04 Custom Installation Packaging with Composer

Section 4.05 Deploying an Installation Package

Article V. Creating Windows Virtual Machines For Mac Users

Section 5.01 Creating the Virtual Machine

Section 5.02 Install any necessary Windows applications

Section 5.03 Prepping Windows for Mass Deployment

Section 5.04 Modifying the Virtual Machine for Mass Deployment

There are three areas that you need to address:

User Specific Settings (Shared and Mirrored Folders)

Change the variable to:

Antivirus warning message

Section 5.05 Deploying Windows Virtual Machine to Macs

Section 5.06 Populating the Virtual Machine Library with Deployed

defaults read com.vmware.fusion VMFavoritesListDefaults2

defaults write com.vmware.fusion VMFavoritesListDefaults2 -array-add '{name =

defaults write com.vmware.fusion VMFavoritesListDefaults2 -array '{name = “Windows

'{name = "Windows Vista"; path = "/VM/WindowsVista.vmwarevm";}'

Article VI. Systems Management: Managing Windows with AD or OD

Section 6.01 Microsoft Tools for Patch Management and Updates

ARTICLE I.  VMWARE FUSION AND RUNNING WINDOWS ON THE MAC  5 

ARTICLE II.  SOFTWARE DEPLOYMENT CHALLENGES  5 

ARTICLE III.  TOOLS FOR SOFTWARE DEPLOYMENT ON MAC OS X  6 

Section 3.01  Apple Products for Mass Deployment  6 

Section 3.02  Third Party Tools  8 

ARTICLE IV.  VMWARE FUSION SPECIFICS FOR DEPLOYMENT ON MAC

Section 4.01  Installing VMware Fusion for Monolithic Image Deployment

Section 4.02  Creating the VMware Fusion Package  14 

Section 4.04  Custom Installation Packaging with Composer   19 

Section 4.05  Deploying an Installation Package  22 

ARTICLE V.  CREATING WINDOWS VIRTUAL MACHINES FOR MAC

Section 5.01  Creating the Virtual Machine  24 

Section 5.02  Install any necessary Windows applications   24 

Section 5.03  Prepping Windows for Mass Deployment  25 

Section 5.05  Deploying Windows Virtual Machine to Macs  29 

Section 5.06  Populating the Virtual Machine Library with Deployed VM

ARTICLE VI.  SYSTEMS MANAGEMENT: MANAGING WINDOWS WITH AD

Section 6.02  Policies Without Active Directory  34 

ARTICLE VII.  CONCLUSION  37 

ARTICLE VIII.  APPENDIX: DEPLOYING AND MANAGING VMWARE

Section 8.01  Simplifying Deployment of VMware Fusion and Windows VMs

Section 8.02  Create a VMware Fusion Distribution Package   42 

Section 8.03  Create a Distribution Package for Sysprep Windows VM

Section 8.04  Create a Distribution Package for Custom Deployment

Section 8.05  Create Scheduled Distribution Task  47 

ARTICLE IX.  APPENDIX: DEPLOYING VMWARE FUSION 2 WITH JAMF

Section 9.01  Deploying VMware Fusion with Casper Remote   52 

Section 9.02  Deploying VMware Fusion with a Policy  53 

Section 9.04  Deploying VMware Fusion with the Self Service