Slipstream Office 2007 Service Packs & working with the Office Customization Tool

I am currently in the process of creating my first Windows 7 Enterprise Image for Light Touch Deployment via Windows Automated Installation Kit (WAIK) and Windows Deployment Services (more on this at a later date) and am currently at the stage of organising my client applications for deployment.  Office 2007 is on the top of my list and in today’s post I will show you how you can incorporate Service Pack 2 for Office 2007 in the single installation also referred to as slipstreaming and in the second part of this post discuss how you can further customize an installation of Office 2007 via the Office Customization Tool (OCT).

In Office 2007, Microsoft has provided you with the ability to slip stream service packs and updates via the “Updates” folder located in the installation media or the distribution point that you create.  That means that the installation will always look in the updates folder and automatically install these automatically as part of the initial installation process.  This is useful in situations like the one above where you are creating a new Windows Image for deployment and you want to expedite the installation process removing the need to rely on Microsoft Updates for service pack installations. 

So let’s begin by creating a folder in a shared location (your distribution point) and copy the contents of the Office 2007 media to this location.  In my case I will create a folder called Office2007.

\\SERVER\SHARE\Office2007 In my case I have mapped this file share to the letter M for later reference.

We now need to download the latest service pack available for Office.  At the time of this post, Service Pack 2 for Office 2007 is the latest and can be downloaded from the  Microsoft Download Centre via the following link.  http://www.microsoft.com/downloads/details.aspx?FamilyID=b444bf18-79ea-46c6-8a81-9db49b4ab6e5&displaylang=en

You will notice that the file downloaded is an exe file “office2007sp2-kb953195-fullfile-en-us.exe” which we will need to extract in order to retrieve the msp files that are needed for the “Updates” folder that is located in our distribution point.

In order to extract the files, run the following command from command prompt;  In my example I have saved the executable to the root of M.

M:\office2007sp2-kb953195-fullfile-en-us.exe /extract:”M:\Office2007\Updates”

The following screen will appear.  Accept the Microsoft Software License Terms and then click on Continue.

File extraction will now proceed.

Once the file have been extracted, you will receive the below completion notice.  Click OK to acknowledge.

Upon completion the msp files will be listed below as follows.

Now that our distribution share contains the latest updates, let’s now shift our focus to the Office Customization Tool which is available to IT Professionals and Volume Licensing customers providing you with the ability to further customize the installation of Office 2007 by creating a custom msp file that can be deployed as part of the initial deployment, or at a later date if making minor modifications to an existing installation.

The OCT is invoked by typing the following command from the Office 2007 media;

setup.exe /admin

The following window will be displayed as follows;

We will create a new setup customization file so select the first option and then click OK.

You will now proceed and make any modifications that are necessary for your deployment.  Such modifications may include but are not limited to;

Entering your Organization name under “Install location and organization name”

Entering your Volume License Key under “Licensing and user Interface”


Creating a default Outlook profile for your user under “Outlook  profile”

e.g. Modifying the “Install location and organization name” parameter

Once you have entered your modifications, you will need to save the MSP file that you will then copy across to include in the updates folder which also includes the service pack 2 msp’s that we extracted earlier.

More details on the OCT for Office 2007 can be found in the following Microsoft TechNet Link; http://technet.microsoft.com/en-us/library/cc179097.aspx

We are almost done.  We are now ready to deploy Office 2007 to all our computers from our single distribution point that includes the latest service packs, updates and modifications.

My preferred method in deploying Office 2007 is through Group Policy computer start-up scripts which is explained in quite a bit of detail in the following Microsoft TechNet Link; http://technet.microsoft.com/en-us/library/cc179134.aspx  There are notable advantages in deploying Office 2007 via start-up scripts as opposed to the tradition Group Policy Software Installation method with the main advantage in being able to utilise the updates folder that we created and slip stream all updates and modifications in the single installation.  This cannot be done via Group Policy Software Installation as noted in the following Microsoft TechNet Link; http://technet.microsoft.com/en-us/library/cc179214.aspx

Microsoft provides you with the following example script for deploying Office 2007 which you will then assign to Group Policy start-up scripts within your specific Group Policy Object.

setlocal

REM *********************************************************************
REM Environment customization begins here. Modify variables below.
REM *********************************************************************

REM Get ProductName from the Office product's core Setup.xml file.
set ProductName=Enterprise

REM Set DeployServer to a network-accessible location containing the Office source files.
set DeployServer=\\server\share\Office12

REM Set ConfigFile to the configuration file to be used for deployment REM (required)
set ConfigFile=\\server\share\Office12\Enterprise.WW\config.xml

REM Set LogLocation to a central directory to collect log files.
set LogLocation=\\server\share\Office12Logs

REM *********************************************************************
REM Deployment code begins here. Do not modify anything below this line.
REM *********************************************************************

IF NOT "%ProgramFiles(x86)%"=="" SET WOW6432NODE=WOW6432NODE\

reg query HKEY_LOCAL_MACHINE\SOFTWARE\%WOW6432NODE%Microsoft\Windows\CurrentVersion\Uninstall\%ProductName%
if %errorlevel%==1 (goto DeployOffice) else (goto End)

REM If 1 returned, the product was not found. Run setup here.
:DeployOffice
start /wait %DeployServer%\setup.exe /config %ConfigFile%
echo %date% %time% Setup ended with error code %errorlevel%. >> %LogLocation%\%computername%.txt

REM If 0 or other was returned, the product was found or another error occurred. Do nothing.
:End

Endlocal

I am now ready to deploy Microsoft Office 2007 to my Windows 7 Image.

Introducing your first Windows 2008 R2 Domain Controller

Windows 2008 R2 has only been out for over a week however I have decided to introduce my first Windows 2008 R2 domain controller (DC) almost immediately into an existing Windows 2008 Active Directory (AD) Domain to eventually have a complete R2 forest functional level to benefit from some of the new R2 features.  For a seasoned IT Pro, introducing new domain controllers is fairly straightforward, however I have decided to provide you with a step by step guide on doing so and the pre-work that is required, so let’s begin!

Now before we delve into the step by step guide I thought I would begin by listing the notable enhancements that come with R2 when it comes to Active Directory.  These are;

AD Recycle Bin – For me this is a long awaited feature providing you with the ability to recover deleted objects.  (Note there are already 3rd party products that have been providing this capability for many years).   In order to activate the AD Recycle Bin, you will require the AD functional level raised to R2, i.e all your domain controllers will need to be R2 providing you with the ability to raise the functional level.

AD Administrative Center – Ease of management for domain(s) providing you with task oriented user interface.  Screen capture located at the end of this post.

Powershell Cmdlets – There are approximately 85 Active Directory related PowerShell cmdlets that replace current Active Directory command line tools.  Whether we like it or not, Microsoft is really pushing Powershell and is a skill that is now required by system administrators.

Service Account Management – Forget about managing service account passwords as these are now automatically updated for all services when an administrator changes the password.  This is also a welcome enhancement for most administrators.

Active Directory Best Practices Analyser – Know the health of AD based on best practices.  This is similar to “other notable” best practices Analysers that we have come accustomed to from other Microsoft products notably Exchange.  Screen capture located at the end of this post.

So let's begin by analysing the pre-work that is required before we introduce a Windows 2008 R2 DC.  Because this is the first Windows 2008 R2 DC that is being introduced into an existing domain you will need to run adprep /forestprep command on the server that is holding the schema master operations master.  Note that you will need to do this regardless of whether you are running a Windows 2003 or Windows 2008 domain as the schema database version has changed in R2.  The following KB article from Microsoft http://support.microsoft.com/kb/324801 outlines how to view the Flexible Single Master Operations (FSMO) roles to determine which of your AD servers is holding the schema master operations master.

You will need to run adprep command line utility from the Windows 2008 R2 media which is located under the support\adprep folder.  The below message is what you will receive when trying to run adprep from a DC that is not a schema master operations master.

Once you have located the schema master operations master domain controller, open a command prompt, navigate to the Windows 2008 R2 media support\adprep folder and run the following command;

adprep /forestprep (Word of note, you will notice adprep32.exe is also available to you under the adprep folder if your current schema master operations master DC is a 32 Bit server)

Type C and then press ENTER to continue.

You will notice below that the schema version number for Windows 2008 R2 is 47.

After running forestprep you will need to run the adprep /domainprep /gpprep command on the server that holds the infrastructure operations master.

Once these two commands have been issued you will be ready to deploy your first Windows 2008 R2 domain controller.

We can now invoke the Active Directory Domain Services Installation Wizard by running dcpromo from either command line or Start / Run.

Click Next. The below Operating system compatibility warning is displayed.

Click Next.  We are introducing an additional domain controller into an existing domain as per the below screen capture.

Click Next. It will detect the current forest and current logged on credentials.

A list of domains in the forest will be listed as per the below screen shot.  Select the domain that you will introduce the new DC into and then click next.

You will receive the below warning “You will not be able to install a read-only domain controller in this domain…”.

You must first run "adprep /rodcprep" from a command window on any computer in this forest. The Adprep utility is available on the Windows Server 2008 R2 installation media in the \support\adprep folder.

Click Yes to acknowledge the warning as we are not installing a read-only domain controller at this time.

Select your site for the new domain controller.

Click Next.  The wizard will begin to examine your current DNS configuration.

You will be presented with additional Domain Controller Options that you can select or deselect.  Again we are notified that a domain controller running Windows Server 2008 or Windows Server 2008 R2 could not be located in this domain. To install a read-only domain controller, the domain must have a domain controller running Windows Server 2008 or Windows Server 2008 R2.  I admire Microsoft’s thoroughness and rigorous checks and warnings but they can sometimes be annoying.

Select a location for your database, log files and SYSVOL. It is best practice here to specify a separate disk for your logs and database.

Now specify your Directory Services Restore Mode Administrator Password.

Click Next.  The installation and configuration process now begins.

The below screen appears upon completion.  That’s it!  Reboot your machine and your new Windows 2008 R2 server will have transformed into a domain controller.

At the beginning of this post, I outlined some of the features and enhancements provided by R2 and as promised, below are screen captures of the Best Practices Analyser in action for Windows Active Directory and the new Active Directory Administrative Center.

I will leave you with a link to the TechNet Webcast: Active Directory Domain Services in Windows Server 2008 R2 Technical Overview (Level 300) which is worth watching.

My goal now will be to update the remaining two Active Domain controllers and raise the forest functional level opening the door to the new R2 Active Directory features that I will blog about in future posts.

So what is your favourite or sought after R2 feature when it comes to Active Directory?  I would be more than happy to hear your thoughts.

Forefront Server Security engines retiring soon

If you aren’t already aware, or haven’t been notified for that matter through Forefront’s diagnostic notification system, Microsoft’s Forefront Server Security for Exchange and SharePoint is retiring 3 of it’s 9 engines on 1 December 2009.  Forefront server security products has been renowned for its multiple scanning engine technology that allows you to scan items using up to 5 of its 9 engines at any one time, but that is about to change.  So which engines are being deprecated and why?

If you are running any of the Forefront Server security products such as Forefront Security for Exchange Server or Forefront Security for SharePoint and you have diagnostics email alerts setup you should have received 3 emails in your mailbox recently notifying you of the deprecation similar to the below;

Sophos Virus Detection Engine has been deprecated as of 1/07/2009 and will be available only until 1/12/2009. Updates for this engine will stop after 1/12/2009. For more information, see http://go.microsoft.com/fwlink/?LinkId=152864

The other engines that are also retiring are CA and AhnLab.  Microsoft makes the following statement in their Forefront Server Security Engines Revisions FAQ document.

“The set of five engines available in Forefront server security products as of Dec. 1, 2009 includes Microsoft AV, Kaspersky, Norman, VirusBuster and Authentium. However, these engines may change over time as we seek to improve overall protection metrics and to maintain our detection advantage relative to our competition and in support of our customer needs”

It is noted that Forefront Server Security customers should update to the latest service packs before the 1 December 2009 in order to take advantage of the five engines that Microsoft are retaining.

More details and the full “Engine Revision Overview and FAQ” document can be found on the Microsoft TechNet Site.

Let’s first begin to ensure that Forefront Diagnostics has been setup.  The Forefront Server Security Administrator console is similar for both Exchange 2007 and SharePoint so let’s begin by launching the console and navigating to Settings and General Options.  Under the Diagnostics heading, ensure that the following options are ticked as follows.

Let’s now de-select the engines that are being retired and select alternatives as replacements.  This is achieved by navigating to Settings / Antivirus and deselecting the File Scanners for each of your listed Jobs.

After ensuring that none of the retiring scanners are selected, we can proceed to disable the automatic signature downloads for those scanners.  We do this by navigating to Settings / Scanner Updates and clicking on Disable against each respective retiring engine.

 

That’s it for now!  So what’s next?  We will just have to wait and see but hopefully Microsoft’s next generation of Forefront products codename “Stirling” which is now in beta 2 is just around the corner.  You can read more about Stirling on the  Microsoft TechNet Site.