Automating the Build Process for New Workstations and Servers

Automating the Build Process for New Workstations and Servers

By Mathew Smith

Tech Beats is a series on The MSP Beat blog that features insights from the technical minds on the Datto team and other members of the IT channel. In this series, you’ll find how-tos, product details, and more. Mathew Smith is a Senior Solutions Engineer at Datto, Inc.

Building new workstations and servers often involve repetitive tasks that traditionally involve a checklist and an engineer’s significant time to complete. It's a task many MSPs do manually. Fortunately, for users of the Datto Remote Monitoring and Management (RMM) solution, most of the process can be automated using the initial audit or on connect job scheduler.

Let’s look at how to set up this type of automation.

Starting the Build Process for New Workstations and Servers

Below is an example checklist of items for a new build process:

  • Remove toolbars and 3rd party software
  • Disable the guest account
  • Create a new MSP local admin account
  • Install Java, Shockwave, Adobe Reader, Chrome
  • Enable bitlocker and encrypt the drive - be sure to take note of the recovery key
  • Make a note of the Windows license key
  • Install all available Windows updates

However, there are certain things that you don’t want to do if the new device is a server, for example.

Workstations only:

  • Remove toolbars and 3rd party software
  • Install Java, Flash, Shockwave, Adobe Reader, Chrome
  • Enable bitlocker and encrypt the drive - taking note of the recovery key

Both servers and workstations:

  • Disable the guest account
  • Create a new MSP local admin account
  • Make a note of the Windows license key
  • Install all available Windows updates

The Script: Next Steps

Next, we can use some PowerShell code in our new build component. This will help us determine the operating system type—that information will dictate the next steps the script will take.

Let’s determine if we are executing on a server or workstation using PowerShell.

$osInfo = Get-WmiObject -Class Win32_OperatingSystem

We can now extract the product type out of the Product Type object:

$osInfo.ProductType

Workstation (1)

Domain Controller (2)

Server (3)

The next step is to make the return value from our query useful. To do this, we need to evaluate the variable $osInfo.ProductType with an IF statement.

There are two operators we can use with the IF statement

-eq Equals

-ne Not Equal

Determine if the script is running on a workstation operating system

if ($osInfo.ProductType -eq 1){

write-host Workstation OS Detected

}

Determine if the script is not running on a workstation operating system

if ($osInfo.ProductType -ne 1){

write-host Server OS Detected

}

If we wanted to, we could further define what type of server the script is running on (Domain Controller or member server) by testing for a return value of 2 or 3 as detailed above.

Using ELSE in your IF statement

To simplify the PowerShell code we could use ELSE in our IF statement rather than testing for each Operating System type in turn. For example, if the script is not running on a Server Operating System, it must therefore be running on a Workstation Operating system.

if ($osInfo.ProductType -ne 1){

write-host Server OS Detected

}

else {

write-host Workstation OS Detected

}

Now that we can determine what OS type the script is executing against, we can start to perform the automated actions…

if ($osInfo.ProductType -eq 1){

write-host Workstation OS Detected

<insert your custom PowerShell code here>

}

The next thing to do is run this automatically against all new devices that join a site. Have you been using the platform for a while? If so, you will likely have sites with existing agents that you don’t want to execute your new computer prep script against.

To do this, you could create a new site called “Workshop” and use this as the staging area for all new builds, moving the devices to their correct site once the build process is complete. Note: Remember to disable all the monitoring policies for the new “Workshop” site and ensure it does not sync to any external applications!

Download the agent installer for the new “Workshop” site and use this for all new devices you are building. This ensures all the new devices first join the “Workshop” site.

Select the new ”Workshop” site and then click the “Scheduled Job” icon.

Name the job and click the “Schedule” button.

For our purposes, it doesn’t matter if you chose the “On Connect” or “Initial Audit” option. This is because we are using PowerShell to control what parts of the script are executed against which type of Operating System. We are only using one of these options as a trigger to detect that a new device has been added.

Add your new custom machine prep component.

Ensure that you set the job never to expire - we want to ensure it executes when the device is available.

Lastly, set the notification options if you want to be informed if the machine prep script fails to execute.

Once the machine prep component has been completed, you can move the device from the “Workshop” site to the proper customer site.


Expanding the Idea

Determine if the script is running on a 32bit or 64bit operating system

Sometimes you may have different software installation packages, depending on whether the target Operating System is 32bit or 64bit. You can use the following PowerShell to determine the architecture of the Windows machine the script is being run on.

if ((gwmi win32_operatingsystem | select osarchitecture).osarchitecture -eq "64-bit")

{

Write-host "64-bit OS"

}

else

{

Write-host "32-bit OS"

}

Determine what version of Windows the script is running on

You may only want to execute certain parts of your prep script on certain Operating Systems. You can use the following PowerShell to extract the version of the Operating System that the script is being run on.

$wmiOS = Get-WmiObject -Class Win32_OperatingSystem;

$wmiOS.caption;

Determine the hardware type (desktop/laptop chassis)

Sometimes you may need to know the type of device the script is being run against. For example, you may only want to install a web filtering agent on laptops. In that case, the following PowerShell code will extract the device chassis type, and the return value will be a number that will correspond to one of the types in the table below.

Get-WmiObject win32_systemenclosure | select ChassisTypes

Other (1)

Unknown (2)

Desktop (3)

Low Profile Desktop (4)

Pizza Box (5)

Mini Tower (6)

Tower (7)

Portable (8)

Laptop (9)

Notebook (10)

Hand Held (11)

Docking Station (12)

All in One (13)

Sub Notebook (14)

Space-Saving (15)

Lunch Box (16)

Main System Chassis (17)

Expansion Chassis (18)

SubChassis (19)

Bus Expansion Chassis (20)

Peripheral Chassis (21)

RAID Chassis (22)

Rack Mount Chassis (23)

Sealed-case PC (24)

Multi-system chassis (25)

Compact PCI (26)

Advanced TCA (27)

Blade (28)

Blade Enclosure (29)

Tablet (30)

Convertible (31)

Detachable (32)

IoT Gateway (33)

Embedded PC (34)

Mini PC (35)

Stick PC (36)

You can now combine the examples to create quite a complex new machine prep script, only executing certain parts when certain conditions are met. For example:

“I only want to install the web filtering software agent on Windows workstation Operating Systems that are laptops, and we have a different installation package depending on whether the machine is 32 or 64bit…”

As you can see, building new workstations and servers doesn’t have to be such a repetitive process! Use the tips in this article to save time and effort for your next new build.

How Flightpath IT Streamlines Operations with Datto RMM

Learn how FlightPath IT overcame their remote monitoring and management struggles with Datto RMM.

Read More

Suggested Next Reads

Subscribe to the Blog