Review: Specops Deploy

This tool integrates with Active Directory to deploy software or OSs to specific target computers based on machine specifications.

Nate McAlmond

August 19, 2011

9 Min Read
ITPro Today logo in a gray background | ITPro Today

Desktop management, especially software and OS deployment, can be one of an IT administrator’s most tedious tasks. Specops Software’s Specops Deploy integrates with Active Directory (AD) and uses your organizational unit (OU) structure to target computers for application and OS deployments. Specops Deploy comes as three separate components: Specops Deploy /Application installs applications to Windows computers within AD; Specops Deploy /OS installs or re-installs OSs to bare-metal or existing computers; and Specops Deploy /Log Viewer consolidates and monitors log files.

To perform any of the available installations, you should use the Specops Setup Assistant. Although the assistant makes installation fairly straightforward, you must also install several software components for the product to run correctly. Run the Specopssoft.SetupAssistant file to launch the assistant. All the necessary setup files are included in this self-extracting executable file. As Figure 1 shows, the setup assistant verifies all installation requirements prior to installation.


Figure 1: Using the setup assistant to verify installation requirements

 

Software Deployment

Before installing Specops Deploy /Application, you need to install the following:

  • Microsoft SQL Server (I used SQL Server 2008 Express)

  • .NET 3.5 SP1 or later

  • Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003 R2

  • Group Policy Management Console (GPMC)—for Server 2008, you can add GPMC from Server Manager; for Server 2003, you can download GPMC from the Microsoft Download Center.

These components can be installed on multiple servers, although I used a single server in my lab environment.

After the Specops Deploy /Application installation completes, open the Specops Deploy /Application software and select the Install a new Deployment Server option from the Server Configuration section. If you open GPMC, you’ll see a new section in Group Policy, at [Computer Configuration]/[Policy]/[Software Settings]/[Specops Deploy /Application]. Specops Software recommends that you create a new OU within AD and link a new Group Policy Object (GPO) to this OU. When working within the Specops Deploy /Application console, the vendor recommends that you keep things simple by starting with a new GPO rather than mixing settings with an existing GPO. Specops Deploy /Application updates the selected GPO as you create and deploy software packages.

After the server setup was complete, I installed the client extensions on a Windows XP machine. The client extensions are provided in the form of an MSI file, so you should be able to install the extensions to a large number of desktops using only an AD GPO. After the client extensions were installed, I used Specops Deploy /Application to install additional MSI files. These installations repeatedly failed. Fortunately, the software includes a feedback mechanism that alerted me that access was denied to the deployment share. I promptly gave full control access to everyone for the share and NTFS—but the software still failed to install and still generated an access denied error. At this point, I went back to the documentation to verify that my installation was correct. Then I checked the Specops online documentation and forums, but I didn’t find a resolution. I decided to try changing my installation share to a NAS device. This proved to be a successful workaround, and the MSI installation files installed without any problems. I later contacted a Specops representative, who told me that a conflict occurs when everything is installed on the same server, which can cause this permissions error.

Specops Deploy /Application refers to installation files with .exe extensions as a legacy installation—which is what I chose to test next. Within minutes, I was able to configure a deployment for CCleaner, Java, and Defraggler. To install these types of packages, you must add the installation parameter for an unattended installation—which you can typically find with a quick online search. The unattended installation parameter for CCleaner and Defraggler is /S; the Java parameter is /s IEXPLORE=1 MOZILLA=1. I found the option to add these installation parameters in the Specops Deploy /Application UI. After I added the parameters, all three applications installed without any problems.

In addition to installation parameters, Specops Deploy /Application includes several other options that you can add, such as:

  • Pre-install commands and parameters

  • Post-install commands and parameters

  • Pre-uninstall commands and parameters

  • Post-uninstall commands and parameters

These options are available in the UI’s advanced sections.

Specops Deploy /Application also includes a section where you can specify which computers will receive your deployment package, as Figure 2 shows. This option simplifies deployment by letting Specops Deploy /Application intelligently take into consideration such things as the amount of RAM, free disk space, processor type, OS, group membership, IP range, and Windows Management Instrumentation (WMI) query, to name a few. This option gives administrators the ability to move a large number of computer accounts into the OU and let Specops Deploy /Application decide which deployment packages are appropriate for which computers, without administrators having to continually micromanage the situation.


Figure 2: Application packaging wizard

 

OS Deployment

The Specops Deploy /OS portion of the software suite runs only on Server 2008 R2 and Server 2008. I therefore prepared another server for this portion of my evaluation. Before installing the Specops Deploy /OS software, you need to install the following:

  • PowerShell or Windows Update

  • Windows Deployment Services—which is a Server 2008 Server Manager role

  • Group Policy Management—which is a Server 2008 Server Manager feature

  • Enough hard drive space to store the OS images

  • Target computers that support booting from the network (Preboot Execution Environment—PXE—boot)


Before deploying an OS, you need to load the base image from media, which I did from an XP CD-ROM. After the base OS image is loaded into Specops Deploy /OS, you can capture an image from one of your AD-connected computers by selecting Load image from existing computer. This option adds a file called SpecopsImageCapture.cmd to the root of the C drive on the target computer that you previously selected. When you double-click SpecopsImageCapture.cmd, the target computer is prepared for duplication with Sysprep, and the necessary files are then copied to the Specops Deploy /OS server. However, you must first make sure that the target computer is accessible from the Specops Deploy /OS server via WMI and that it allows blank passwords. The easiest way to accomplish this is to temporarily turn off the Windows firewall (thus allowing WMI connections), alter the local Group Policy settings to allow passwords of zero length, and disable password complexity.

In addition to images, you can specify which language packs and drivers are included with your OS installations. Drivers can be loaded from the file directory or imported from an existing computer on your network from the Specops Deploy /OS software.

Before you begin deploying OSs, you should look at the Specops Deploy /OS software’s policy section. You can change the default policy, which is used every time you deploy an OS with Specops Deploy /OS unless you specify a custom policy from the Group Management console—which you can launch from the Specops Deploy /OS software’s Policy section. Custom policies are added by configuring a GPO in the [Computer Configuration]/[Policy]/[Software Settings]/[Specops Deploy /OS] section and are applied to computers in their corresponding OUs. From the default policy or a custom policy, you can change installation settings, such as the local administrator password, OS settings (e.g., forcing an x86 image on all computers, which OS to install on x86 and which OS to install on x64 computers), and migration of user state and location settings (e.g., what time zone and language to use when deploying an OS).

To start an OS installation with Specops Deploy /OS, you need to first stage the machine in the Specops Deploy /OS software on the server. To do so, select the Pre-stage Computer or Pre-stage computers from file option. This action launches the Pre-stage Computer wizard, where you must specify the machine’s GUID and where in AD the computer account should be located.

After you have the target computer pre-staged, you might need to verify that the boot order has the hard drive listed after the PXE boot. Then, start the target computer and let it PXE boot during the startup process, which initiates the OS installation. Specops Deploy /OS prepares the hard drive of the target machine by deleting the current hard drive partitions and creating one large partition of maximum size. Then, Specops Deploy /OS downloads all the necessary files to the target machine and reboots. After reboot, the target machine boots from the local hard drive and begins installing the previously downloaded OS installation files. You can watch the OS installation progress from the Specops Deploy /OS software’s Deployment section, as Figure 3 shows.


Figure 3: OS deployment status

I ran into a few problems with Specops Deploy /OS when targeting a virtual machine (VM). In Sun Microsystems’s VirtualBox, the network driver failed to load during the unattended installation; in Microsoft Virtual PC 2007, the installation failed, with an error indicating that 16MHz isn’t a supported processor speed. When I switched to a Lenovo ThinkPad laptop, the XP installation completed without any problems.

 

Log Monitoring

Specops Deploy /Log Viewer is also included with the Specops Deploy suite and is free to continue using even if you don’t purchase Specops Deploy. Specops Deploy /Log Viewer makes it easier to review and monitor log files that are in the Microsoft Deployment Toolkit format. Using this tool gives administrators some obvious advantages over opening a log with Notepad, including the following:

  • Errors and warnings can be filtered.

  • Errors are indicated in red along the right-hand bar, making it easy to go directly to that section of the log.

  • Log files are shown in real time, so you don’t have to keep refreshing to see the new log entries.

You can find the Specops Deploy log files at C:SpecopsDeployInstallLogs, as Figure 4 shows.


Figure 4: Log Viewer review of OS deployment

 

AD Integration Makes for Easy Implementation

Specops Deploy is a great management tool that lets administrators and Help desk staff simplify major new deployments, as well as ongoing application and OS installations. The product’s tight integration with AD lets companies customize Specops Deploy to their own needs and existing hierarchies. In addition, the software’s AD integration makes Specops Deploy familiar to most administrators and therefore decreases the learning curve.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like