Norton GhostTM Enterprise Getting Started Guide

Norton Ghost™ Enterprise Getting Started Guide
The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

Copyright Notice
All Rights Reserved.

Copyright © 1998–1999 Symantec Corporation.

Any technical documentation that is made available by Symantec Corporation is the copyrighted work of Symantec Corporation and is owned by Symantec Corporation. NO WARRANTY. The technical documentation is being delivered to you AS-IS and Symantec Corporation makes no warranty as to its accuracy or use. Any use of the technical documentation or the information contained therein is at the risk of the user. Documentation may include technical or other inaccuracies or typographical errors. Symantec reserves the right to make changes without prior notice. No part of this publication may be copied without the express written permission of Symantec Corporation, Peter Norton Group, 10201 Torre Avenue, Cupertino, CA 95014.

Trademarks
Symantec, the Symantec logo, Norton Ghost, Ghost Walker, Ghost Explorer, and GDisk are trademarks of Symantec Corporation. Microsoft, MS-DOS, Windows, and Windows NT are registered trademarks of Microsoft Corporation. IBM, OS/2, and OS/2 Warp are registered trademarks of International Business Machines Corporation. Novell and NetWare are registered trademarks of Novell Corporation. 3Com and EtherLink are registered trademarks of 3Com Corporation. Compaq is a registered trademark of Compaq Corporation. Zip and Jaz are registered trademarks of Iomega Corporation. SuperDisk is a trademark of Imation Enterprises Corporation. Other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies and are hereby acknowledged. Printed in the United States of America. 10 9 8 7 6 5 4 3 2 1

C

O

N

T

E

N

T

S

Chapter 1

Getting started
Process overview .................................................................................. 5 Setting up existing Windows machines for cloning .................... 6 Setting up new machines for cloning ........................................... 7

Chapter 2

Cloning your client machines
Preparing client machines to receive images ...................................... 9 Creating your source machine ...................................................... 9 Creating a boot disk .................................................................... 10 Rebooting your source machine ................................................. 10 Creating an image file .................................................................. 10 Creating a boot partition image .................................................. 10 Installing the Console client on the source machine ................. 10 Installing the boot partition ......................................................... 11 Using Norton Ghost Console to clone client machines .................... 12 Creating an image definition ....................................................... 12 Creating a configuration template ............................................... 12 Creating a cloning task ................................................................ 14 Executing the task ........................................................................ 15 Notes ............................................................................................. 15

Chapter 3

Using Norton Ghost Multicast Server and Multicast Assist
Multicast Server ................................................................................... 17 Using Multicast Server ................................................................. 17 Multicast Assist Wizard ....................................................................... 19 Starting Multicast Assist ............................................................... 19 Adding DOS system files ............................................................. 19 Generating a boot package ......................................................... 20 Locating NDIS support files ........................................................ 21 Selecting a boot package ............................................................ 22 Specifying Norton Ghost parameters .......................................... 22 Specifying the Configurations folder .......................................... 23 Configuring network settings ...................................................... 24 RIS menu details .......................................................................... 25 Reviewing and executing ............................................................ 25

3

Appendix A

Console security
Distribution ......................................................................................... 27 Changing Consoles ............................................................................. 28 Generating new certificates ................................................................ 28 NGServer password ............................................................................ 29

4

C

H

A

P

T

E

R

Getting started

1

This guide outlines the process of rolling out and installing Norton Ghost client software on machines with no operating system installed and on Windows 9x/NT machines. The Norton Ghost Implementation Guide contains detailed information about Norton Ghost, its utilities, and Norton Ghost Console functionality. You should consider the following additional information when you install Norton Ghost Console:
s

During the Norton Ghost Console installation, a Console user called Admin is created with a password of Norton. Norton Ghost Console must be installed by someone with domain administrator rights.

s

Note: The remainder of this document assumes you have installed Norton Ghost Console.

Process overview
The following sections outline how to set up machines for cloning and post-cloning configuration. The process differs for:
s s

Machines with no operating systems installed. Machines with Windows 9x/NT already installed.

These two scenarios are outlined on the following pages.

5

Getting started

Setting up existing Windows machines for cloning
If you have a machine with Windows 9x/NT installed, the following steps are required.
1

Create a source machine that will become a template machine for all the other machines that will be cloned. See “Creating your source machine” on page 9 for more information. From the Console machine, use Multicast Assist Wizard to create a boot disk. This is used to take an image of your source machine. See “Creating a boot disk” on page 10 for more information. Use the boot disk you have created to boot your source machine. See “Rebooting your source machine” on page 10 for more information.

2

3

4

From the Console machine, use Multicast Server to create an image file from your source machine. See “Creating an image file” on page 10 for more information. Create a boot partition image using Multicast Assist. See “Creating a boot partition image” on page 10 for more information. Install the Console client on the source machine. This allows Norton Ghost Console to discover your source machine and capture the configuration. See “Installing the Console client on the source machine” on page 10 for more information.

5

6

7

Install the boot partition on your source machine. This erases the hard drive. See “Installing the boot partition” on page 11 for more information. Reboot the source machine to allow the Console client to communicate with the Console. The client is ready to be managed from the Console. From the Console create:
a

8

9

An image file definition. See “Creating an image definition” on page 12 for more information.

b

A configuration template. See “Creating a configuration template” on page 12 for more information.

6

Process overview

c

A task to clone and reconfigure your clients. See “Creating a cloning task” on page 14 for more information.

10 Execute the task to create your client machines.

See “Executing the task” on page 15 for more information.

Setting up new machines for cloning
If you have a machine with no operating system installed, only the following steps are required.
1

Install the boot partition on your source machine. This erases the hard drive. See “Installing the boot partition” on page 11 for more information. Reboot the source machine to allow the Console client to communicate with the Console. The client is ready to be managed from the Console. From the Console create:
a

2

3

An image file definition. See “Creating an image definition” on page 12 for more information.

b

A configuration template. See “Creating a configuration template” on page 12 for more information.

c

A task to clone and reconfigure your clients. See “Creating a cloning task” on page 14 for more information.

4

Execute the task to create your client machines. See “Executing the task” on page 15 for more information.

7

Getting started

8

C

H

A

P

T

E

R

Cloning your client machines

2

This chapter describes how to prepare your clients to receive images and how to roll out images once the Console recognizes your client machines.

Preparing client machines to receive images
Before you can use the Console to distribute images to your client machines, you have to set up the client machines to be recognized by the Console. The process of rolling out and installing Norton Ghost client software varies depending upon whether Windows 9x/NT is already installed on the client. See “Process overview” on page 5 for an overview of both scenarios.

Creating your source machine
The first step in this process is to set up a Windows machine as a template for all other machines. To do this, install Windows on the source machine and configure it as you want all of your machines configured, including all of its drivers. The template machine must have the same network card as the machines that will receive the image. If you have multiple network cards in your organization, you need an image for each one. Similarly, especially for Windows NT, if you have machines with major differences in hardware, like SCSI disks versus IDE disks, you need to have separate images for these also.

9

Cloning your client machines

Creating a boot disk
To create a boot disk:
1 2

Determine the vendor and model of the network card on your client machine. The Multicast Assist Wizard requires this information. Create a boot disk using the instructions in “Multicast Assist Wizard” on page 19. You use the disk to enable Norton Ghost Multicast Server to take an image of the machine. Specify the multicast session name to be the same as on the Norton Ghost Multicast Server.

3

Rebooting your source machine
Use the boot disk you just created to boot your source machine.

Creating an image file
The next step is to create an image file from your source machine. From your Console machine, use the Multicast Server to create the file. See “Multicast Server” on page 17 for more information.

Creating a boot partition image
Now you need to create a Norton Ghost boot partition image. The boot partition contains the necessary Norton Ghost utilities, including the Console Client, and drivers for your particular network card. You use Norton Ghost Multicast Assist to create the boot partition image. See “Multicast Assist Wizard” on page 19 for instructions. You should use the same network card template you did to create the boot disk. Save the image along with the image created in the previous step. Both images are used on your client machine.

Installing the Console client on the source machine
You need to install the client software on the source machine so Norton Ghost Console can capture the configuration settings from this machine. These settings can then be used, if required, to reconfigure the machine after a clone.

10

Preparing client machines to receive images

Install Norton Ghost 6.0 Client software on your source machine. The machine will be discovered by Norton Ghost Console and the machine configuration captured. The title for the new machine icon is the computer name and the default user (the last user logged in). These settings may be useful when cloning many clients, because the settings can be automatically restored to the machine from which they were taken. When you start Norton Ghost Console, the client machine appears in the default machine folder. You can identify it by the computer name and the default user.

Installing the boot partition
Warning: After this step, the hard drive on the client PC will be completely erased. The disk will contain only the Ghost boot partition, which is very small. Do not perform this step unless you are sure you have copied all data off the machine and that it is safe to proceed. The next step is to load the boot partition image you created above onto your client machine. To install the boot partition onto your client machine:
1 2

Insert the boot disk in the client’s floppy drive. Use Multicast Server to load the boot partition onto the client. See “Using Multicast Server” on page 17 for instructions. When the clone finishes, remove the disk and reboot the client PC.

3

11

Cloning your client machines

The machine will be running the Norton Ghost Client for DOS. The client can now be controlled from the Console.

Using Norton Ghost Console to clone client machines
After you set up your clients to be controlled by the Console, you can create images and distribute them to the clients. If you have not yet set up your clients, follow the steps outlined in “Preparing client machines to receive images” on page 9.

Creating an image definition
To use the image file, you must first create a definition of the image in the Images folder in Norton Ghost Console. For more information about creating a configuration template, refer to the Norton Ghost Implementation Guide.

Creating a configuration template
When your machine is added to the Norton Ghost Console database, configuration data is recorded from the machine. This is recorded as the Default configuration for that machine. When cloning a machine or group of machines, if you check the Configuration box in the task and do nothing

12

Using Norton Ghost Console to clone client machines

else, the Default configuration is restored on each machine as it was before. You can alter the configuration on a machine-by-machine basis by using a Custom configuration in your task or by using a template. A template is a good idea for a group of machines that are all configured similarly. To use a template, you first create it in your Configuration Resources folder in the Console, and then specify it when you create your task. Templates differ from other configurations in that they can be applied to multiple machines. This is achieved by allowing variables for Computer Names. For example, “Computer****” is set to Computer0001 on the first computer, Computer0002 on the second, and so on. Similarly, IP addresses can be allocated from a range of numbers. For more information about creating a configuration template, refer to the Norton Ghost Implementation Guide. To create a template configuration:
1

Specify that your configuration is a template.

2

Specify the configuration details.

13

Cloning your client machines

Creating a cloning task
A cloning task applies the source image to your client machine. To create a cloning task:
1

In the General tab, specify the steps you want to perform in the task, and the client machines to which the task applies.

2

In the Clone tab, specify the image you have created from the source machine.

14

Using Norton Ghost Console to clone client machines

3

In the Configuration tab, specify the configuration template to use.

4

Click OK.

Executing the task
After you execute the task, your client has the boot partition and a Windows operating system that is a duplicate of your original source machine, with the exception of configuration settings that have been applied according to the template. Your machines are ready to be used! Note: When executing a Console task, avoid using image files that do not reside locally. Be aware that tasks are executed by the NGServer user, not the user at the Console, this might affect access rights to remote files. If problems occur accessing files on the network, grant appropriate rights to the NGServer user. For more information, see “NGServer Password” on page 29.

Notes
s

The Norton Ghost boot partition must exist on every client machine or it cannot be controlled from the Console. The easiest way to put the boot partition on a machine is to create an image of one with Multicast Assist together with a matching boot disk.

s

15

Cloning your client machines

Then use the boot disk and Multicast Server to put the boot partition onto the hard drive.
s

You can take an image of a machine that includes both the boot partition and a Windows partition. This image is useful for rolling out new machines. The boot partition must have network drivers that match the network card. That is why it is created from Multicast Assist.

s

16

C

H

A

P

T

E

R

Using Norton Ghost Multicast Server and Multicast Assist

3

Multicast Server
The Multicast Server efficiently distributes Norton Ghost image files over a network connection. Using Multicast Server, it is possible to clone many machines at the same time, using the same network bandwidth as you would for one clone operation. Due to the highly specialized nature of this server, the data is delivered over the network more than twice as fast as over a mapped network drive. You no longer have to map a network drive in DOS. A TCP/IP stack built into Norton Ghost allows Ghost to act as a client to the Multicast Server with only the packet driver loaded, requiring only a single floppy disk. NDIS2 drivers are also supported in a single disk configuration, although additional support files and configuration are required. Another feature of Multicast Server is the ability to pull an image from the client, so the entire process of image creation and deployment via the network can be achieved using Multicast Server and a single disk.

Using Multicast Server
The Multicast Server in the example below is configured to Load To Clients. The session begins when one client attaches. Sessions are

17

Using Norton Ghost Multicast Server and Multicast Assist

identified by name. The names must match on the client and server. The Accept Clients button is selected to activate the server.

To create an image using the Multicast server:
1

Start the Multicast Server on your Norton Ghost Console machine. Make sure there is enough disk space to store the image. Note: Norton Ghost images contain only the actual data on a disk. If you have a 9 GB drive with only 600 MB of data, the Ghost image is about 600 MB or smaller if you use compression.

2 3 4

Select Dump From Client. Specify an image file to create. Click Accept Clients. Note: The client must also be configured to dump rather than load. See the Norton Ghost Implementation Guide for more information.

18

Multicast Assist Wizard

Multicast Assist Wizard
The Multicast Assist Wizard helps you create the boot disks needed to use Norton Ghost with the Multicast Server. It collects the required DOS files and NIC drivers files, and leads you through the process of creating one or more disks. Multicast Assist creates templates specifying the NIC that can be used to create a boot package. These boot packages support Microsoft Remote Installation Service (RIS) and the creation of Ghost image files. The following sections show how to create a disk boot package for loading an image. A similar package could dump an image (creating an image from a disk) by changing the Ghost command line or create the image file necessary for the boot partition. See “Specifying Norton Ghost parameters” on page 22 for more information.

Starting Multicast Assist
To start Multicast Assist:
s

Click the Start button, then select Programs > Norton Ghost > Multicast Assist as shown.

Adding DOS system files
The first time you use Multicast Assist, it prompts you to add DOS system files.

19

Using Norton Ghost Multicast Server and Multicast Assist

Note: HIMEM.SYS must be present on the disk you supply if you are running Windows NT. (This is not shown in the panels below).

Generating a boot package
The next step is to select the template for your network card. To generate a boot package:
1

Select Generate A Boot Package From An Existing Template.

2

Select a template that matches your network interface card.

20

Multicast Assist Wizard

Note: If a template for your card is not available, you can create a new template if you have the drivers.
3

Click Next.

Locating NDIS support files
The files PROTMAN.DOS, PROTMAN.EXE and NETBIND.COM are required if you want to use NDIS drivers for your network card. Although packet drivers are preferable, NDIS drivers are very common. There are several versions of NDIS drivers—version 2 NDIS drivers are required. To locate the NDIS files:
s

Do one of the following:
s

Select Copy The Files From This Location and enter or browse to the file path.

Note: If you have an existing Multicast boot disk, you can use it to provide the NDIS files Norton Ghost Multicast Assist requires. Otherwise, download them from the Microsoft FTP site.
s

Select Download The Files From Microsoft.

21

Using Norton Ghost Multicast Server and Multicast Assist

Selecting a boot package
During the Client rollout process, you need to create a boot disk and a boot partition image. To specify a boot package:
s

Select the boot package option.

Specifying Norton Ghost parameters
Note: This option is for boot disk packages only. The parameters shown below instruct Norton Ghost to connect to the multicast session called “test” and to load the disk image to the first drive (“dst=1” refers to the destination being fixed disk 1).
Switch -sure -rb -clone Description Removes the need to confirm the specified details. Causes a reboot immediately after the cloning operation. Used with the text “src=@mctest.” @mc indicates that what follows is the Multicast session name. In this case, the session name is “test.” The session name must match on the client and server.

22

Multicast Assist Wizard

To create a boot package for dumping (creating images):
1

Do one of the following:
s

Swap dst and src so the command line reads:
-clone,src=1,dst=@mctest

Note: A complete description of Norton Ghost command-line switches is included in the Norton Ghost Implementation Guide.
s

Create a general purpose boot package by not supplying a command line at all. This requires you to run the user interface at the client PC.

Specifying the Configurations folder
Note: This option is for Boot Partition packages only. When a Console Client is first discovered on the network, Norton Ghost Console creates an icon for it the Default folder in Machine Group. You can change this folder in the Configurations Folder field.

23

Using Norton Ghost Multicast Server and Multicast Assist

When DOS machines are discovered, they are identified by Adapter Address only. Specifying a folder makes identification of the machine easier.

Configuring network settings
Configure network settings as shown below.

24

Multicast Assist Wizard

RIS menu details
Note: This section applies only if you create an entry in the RIS (Remote Installation Service) Menu under Windows 2000 server. This is for use with a Network Service Boot on a PXE-enabled PC. No floppy disk is required.

Reviewing and executing
The window below displays the details of the boot package before it is created.

25

Using Norton Ghost Multicast Server and Multicast Assist

Click Next to create the boot package.

26

A

P

P

E

N

D

I

X

Console security

A

The Norton Ghost Console and clients use public-key cryptography techniques to authenticate the Console to the client. This ensures that only the authorized Consoles can remotely control, clone, and reconfigure client machines. During Console installation, public and private certificate files are generated. These files are called pubkey.crt and privkey.crt. Caution: The private certificate must be safeguarded. If an unauthorized user copies it, security is compromised. If you accidentally delete your private certificate, and have no other copy, you will have to generate a new certificate pair and distribute the public certificate to all clients. See “Generating new certificates” on page 28 for more information. When a client communicates with the Console, it uses a challenge-response protocol. The client must have the Console’s public certificate to perform this operation. Therefore, the Console’s public certificate must be distributed to all clients.

Distribution
When the clients are first installed, a boot disk and a boot partition image file might be generated with the Multicast Assist Wizard. As long as you use Multicast Assist from the Console machine, the correct public certificate file will automatically be included with all boot partition image files that include the Console client. The Windows client needs the public certificate to communicate with the Console. When the client is installed, it prompts you for the Console's computer name. This is the Windows computer name specified in
27

Console security

Windows Network Settings. The client uses this name to communicate with the correct Console.

Changing Consoles
If you have more than one Norton Ghost Console in your organization, and you want to move a client from one to the other, you need to change the public certificate on the client. There are two certificates for the Console on each client, one in the Norton Ghost boot partition, and one with the Windows client in the Norton Ghost directory. You only need to update the boot partition copy because the Windows client copy automatically refreshes from the boot partition. To update the boot partition certificate:
1 2 3

Generate a new boot partition image in the new Console. Use a console task to distribute the new image to the client. Specify that the clone is a Partition Load and select partition number 1. In Advanced options, select Overwrite Hidden Partition.

Generating new certificates
If you lose your private certificate, or if you think security has been compromised, you have to generate a new certificate pair and distribute the public certificate to all the clients. To generate new certificates:
1 2 3 4 5

Click the Start button and select Run. Browse to the Norton Ghost installation directory (generally C:\Program Files\Norton Ghost). Enter ngserver.exe -keygen and click Run. Use Multicast Assist to generate a new boot partition image that includes the public certificate. Distribute the boot partition to the clients as described in the Changing Consoles section above. An alternative if you are technically adept, is to unhide the boot partition using GDISK from a boot disk and copy the file into the ghost directory.

28

NGServer password

NGServer password
On Windows NT systems, an NT service is installed called ngserver. This service is responsible for Task execution and client communications. One of its roles is to create machine accounts in NT Domains if machines are added to domains during execution of a Task. To perform this role, a user is created during installation called ngserver with the password ngserver. The ngserver service logs in as this user. The ngserver user does not have interactive login rights, is not a member of any groups, and only has the privilege to manage machine accounts. Although unlikely to be a security risk, you might want to use Windows NT administration tools to change the password for this user. If you do so, you must inform the ngserver service of the new password by setting the registry value Password under the key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Services\Ngserver\Params.

29

Console security

30