There are many machines in the global network with windows embeded (win7 x86). All twist one program that performs one task. All Windows settings and installed libraries and program version must be identical. Question: Is there a way to propagate the changes to all these machines? Maybe it will be an image of the system on a flash drive, which can be poured over the Internet and flashed with the help of some kind of supervisor?

UPD1:

  1. Changes may include installing / uninstalling drivers and installing updates. Well, there is an opportunity to extinguish.
  2. By libs are meant not only the ones that the application uses, but also the whole environment. Type update version of .Net Framework
  3. There is a standard that needs to be distributed.
  4. Initially they are in the global Internet. You can implement vpn or something else that is required. Without physical presence.

These wishes - the ideal, any suggestions, even not suitable for 100%, are accepted.

  • Changes should be applied on the fly or the machine on which you need to fill in the software \ settings can be extinguished, progruzit something and then turn on the OS? - don Rumata
  • Prog and must be installed or suitable to dump them into one folder and just drag? - don Rumata
  • Is there a master computer with reference settings that should be thrown at other computers or in the process of work all the settings of all the machines also need to be considered / distributed? - don Rumata
  • How is the network between 2 (3,4, n) these machines organized? Direct access, vpn, proxy, separate optics, etc? - don Rumata
  • Answers should be arranged in the form of an update question. - don Rumata

1 answer 1

Enterprise way : Enable all machines in AD and throw configs, software, files through GPO . It’s better to wrap it all up in a VPN.

Pros:

  1. According to AD \ GPO a lot of docks, both official and custom.
  2. A flexible and powerful thing that was developed for just that.

Minuses:

  1. It is necessary to twist somewhere desirable pair of AD nodes, so that fault tolerance and all that. Well, that is on different physical machines (even inside virtual machines)
  2. Configuring at random is very difficult.
  3. License price bites (if licensing is important).

Homeless way number 1. BTSync \ Syncthing + pack of self-written cmd.

The scheme is this: everywhere we put a program for synchronization, in the folder \ folder we throw the necessary software, scripts, configs. We configure the clients to perform it somehow (by scheduler, trigger, upon reboot, with rdp / TW / AmmyAdmin, they run local enikeyschiki)

Pros:

  1. 100% licensed (if it is important).
  2. Just add new chips: just drop a new text file, just add another line call script-10.cmd

Minuses:

  1. It is not known how well it will be executed on a specific machine (it does not mean that everything is bad at all, it’s just that one can start to do something that will prevent the self-contained script from starting or working properly)
  2. Some installers do not support "silent mode" and then you have to shamanize already with wrappers like AutoIt or exe2msi. However, this minus is relevant for the enterprise.

Homeless way number 2. The method of images.

The scheme is as follows: we take the reference machine, set up everything there that can be configured (system settings, buttons \ menus), add \ install all the firewood you may need (for different views, printers, controllers), pack everything into an image (the bootloader, partition table, the sections themselves) and roll it out on clients. Changing hostnames, network settings as needed

Pros:

  1. Clear configuration interface: just configure one machine in the usual way - no GPO, scripts, cmd, powershell and other regedit. Many times you need to stick with the mouse on the desired buttons.
  2. If the image is made correctly and there is no garbage there - it weighs a little, it turns around quickly (faster than installing Windows, installing updates, installing progs even in a completely silent mode) and with a guaranteed result that programs, icons, settings will not go away.

Minuses:

  1. If you update, then generally the entire partition or disk. Remove everything that did not have time to save.
  2. To make it remotely very cunning (but possible) task. It is easier to reach with legs and deploy. So if the computers are geographically separated - either a business trip or local enikeyschiki or a computer are brought to the head office, the image is rolled, the computer is dropped into place.

I do not even know in which direction way number 3. Puppet 4 Windows.

Stuck is good for managing Linux machines (supports distrospetsificnyh chips like package manager and structure in / etc). How to run on Windows and how it will work is not a clue, although there are clients for x86 and amd64 . Personally, I tried the Windows version a couple of years ago. It turned out to create files and even msi some kind of run. Unfortunately, I didn’t get to more serious scenarios, so I’m not going to tell you the real practice.

Pros:

  1. The program was created just like GPO4UNIX, or something like that, so the mechanisms for managing, monitoring and controlling the system configuration are already sewn into it.
  2. SPO (if important).
  3. There are a bunch of custom wrappers, manifests and utilities for working with this system. Most on Github.

Minuses:

  1. With regard to your case, you need to look at how clients will work under Windows.
  2. Superficial googling in runet about windows + puppet gave deplorable results. Either I was looking badly, or did everyone really repost the hello world from each other.

In general, you can combine: first, we make a reference image, after turning the script, we include it into the domain, wait until specific policies are applied and taken to the point.

PS Maybe I will add that.

  • Can you paint a little this moment: "so that it is somehow executed"? A program that will run batch files from a folder (only new ones only once) or a client-server system in order to simply indicate the batch file that should be run on everyone. - IVS
  • @IVS, added about puppet. If you don’t want AD, I’d pick up Pappet if I were you. - don Rumata
  • I rummaged myself a bit, here is a good comparison of different packages: link Until I found a suitable one. The most famous: Puppet, Chef, Salt require Linux-servera, but clients are under Windows. In addition, there are free use options. - IVS
  • @IVS, yes, I found this table myself. Everywhere that I had time to read - puppet does everything on the features. It would be nice to see here those who tried all the clients on the Windows and can tell their experience. I see nothing wrong with the linux management server. For me personally, it is the opposite of dignity. - don Rumata
  • Yes, it is not necessary to put Windows customers directly into the network. Even Microsoft doesn’t recommend it and let its servers go through an openbsd-based firewall. Take care of the intermediate link or even VPN. - don Rumata