To be able to define customizations based on a tag for an image that can be pre-configured outside of the image.
While imaging a device, we can inject a tag into the computer that signifies to everything else what customizations the device should have.
These tags also allow us to version our images and provide updates to all previously imaged devices based on their version tag.
How to tag a Windows device:
Batch file: reg load hklm\hklmtemp c:\windows\system32\config\system reg import imagetag_win7_classroom.REG reg unload hklm\hklmtemp imagetag_win7_classroom.REG: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\hklmtemp\ControlSet001\Control\Session Manager\Environment] "ImageTag"="Windows7x64ClassroomImage" [HKEY_LOCAL_MACHINE\hklmtemp\ControlSet002\Control\Session Manager\Environment] "ImageTag"="Windows7x64ClassroomImage"
How to tag an OSX device:
echo "MacintoshOSX_8_4_ClassroomImage" > /etc/imagetag_8_4_classrooms.txt
Or add it as an environment variable:
sudo echo setenv IMAGETAG MacintoshOSX_8_4_ClassroomImage >> /etc/launchd.conf
Integration with GPO (for Windows):
Namespace: root\CIMv2 Query: SELECT * FROM win32_environment WHERE name="ImageTag" and variablevalue="Windows7x64ClassroomImage"
*Note – The reason why we write our Windows tag to an environmental variable is because the amount of time for WMI (utilized by GP to do filtering) takes up to 25 minutes to parse the registry for a key/value pair, while it takes a fraction of a second for it to find an environmental variable. So by using an environmental variable we get the best of both worlds – it is in the registry and it is in the environmental variables.
Integration with LANDesk (for Windows and OX):
Windows: The tag will now be displayed in your devices inventory under environmental variables.
OSX: You can now do a simple check in your scripts to see if a device has your tag. Very useful in custom patch and compliance scripts.
primaryKey="/etc/imagetag_8_4_classrooms.txt" # Has our Image if [ -f "$primaryKey" ]; then fi
Along with the name of the image in an ImageTag, you can also create a version tag:
Create the following key, and for consecutive updates – change this key to be a larger number:
Create the following files, and for consecutive updates – create more files to check existence of:
echo “patch” > /etc/imageversion_1.txt
Image updates logic:
With-in LANDesk you can create custom vulnerabilities that check for these versions in your scripts.
So you could create a custom vulnerability to upgrade your image from version 2 to 3.
On your Windows side – it might look something like this:
if %imageversion% == "2" then //do update set imageversion=3 endif
On the OSX side – it might look something like this:
primaryKey="/etc/imageversion_2.txt" if [ -f "$primaryKey" ]; then //do update echo "patch" > /etc/imageversion_3.txt fi
If you have any questions on this process, feel free to reach out to me or post a comment.