Stuff like Ghost, Altiris, perhaps others have a button to chunk the image up into chunks of <X> GB (insert CD/DVD size), then you just use something to make them into ISO images and make the first one bootable. IIRC Ghost will actually do everything and leave you with a bunch of ISOs. Been years since I’ve done this personally but I’ve worked at a bunch of places which have delivered image to me this way.
Thanks, Brian Desmond br...@briandesmond.com c – 312.731.3132 From: Don Kuhlman [mailto:drkuhl...@yahoo.com] Sent: Friday, June 18, 2010 12:56 PM To: NT System Admin Issues Subject: Re: Handling Developers So dumb question - how would you "put your image up somewhere as a chunked up bootable ISO on an HTTP/SMB share" ? Don K ________________________________ From: Brian Desmond <br...@briandesmond.com> To: NT System Admin Issues <ntsysadmin@lyris.sunbelt-software.com> Sent: Fri, June 18, 2010 10:07:00 AM Subject: RE: Handling Developers I assume by elevation you mean the UAC prompt? That seems reasonable to me. My thought on this whole thread is that IT’s job is to enable the business (in this case your app dev group) and if you’re putting restrictions on them to satisfy some checkbox in every trade rag this month and making the jobs of your customers harder you’re ultimately failing. Personally I typically operate on a you break it you buy it model with folks who are technologically capable and have requirements like this. I don’t really care what they do with their machines as long as they meet minimum spec (e.g. a/v, SCCM, etc) but if they screw it up they get to fix it. Put your image up as a chunked up bootable ISO on a HTTP/SMB share somewhere and let them fix it themselves. This is pretty common. Thanks, Brian Desmond br...@briandesmond.com<mailto:br...@briandesmond.com> c - 312.731.3132 From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, June 18, 2010 8:00 AM To: NT System Admin Issues Subject: RE: Handling Developers My pick would be (1), and the reasons for elevation need to be documented fully. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org<mailto:ezi...@lifespan.org> From: James Hill [mailto:james.h...@superamart.com.au] Sent: Thursday, June 17, 2010 11:34 PM To: NT System Admin Issues Subject: RE: Handling Developers So which scenario would you pick? Scenario 1:- Desktop with normal MOE plus any additional apps they need (Visual Studio etc) No local admin rights (but elevation permitted) Normal GPO’s applied Scenario 2:- Desktop with normal MOE No local admin rights (but elevation permitted) Normal GPO’s applied VM with development tools No local admin rights (but elevation permitted) No gpo’s applied From: Sherry Abercrombie [mailto:saber...@gmail.com] Sent: Friday, 18 June 2010 1:27 PM To: NT System Admin Issues Subject: Re: Handling Developers Developers at my former workplace used to have those kind of rights until one turned off the anti-virus on his pc and then checked his pop email account. We had to send everyone home for the afternoon while we battled Klez. All workstations were manually checked and his was the only one that had it.....the next day some major policy changes were implemented with full sign off from upper management. Just ask the question of what is it worth to the company to lose a half a day of work because you can't contain a viral outbreak on your network? We had to shutdown every server, unplug the network cable, bring it up with a Klez cleaning boot disk, and then shut it back down until we got all the servers done. Everything was back up and functioning normally about an hour before start of business the next day. On Thu, Jun 17, 2010 at 10:08 PM, Gary Whitten <li...@undiscoveredworlds.com<mailto:li...@undiscoveredworlds.com>> wrote: Generally a no-win in my experience but get any decisions overriding your better judgment in writing, in case things go south. ________________________________ From: James Hill [mailto:james.h...@superamart.com.au<mailto:james.h...@superamart.com.au>] Sent: Thursday, June 17, 2010 9:42 PM To: NT System Admin Issues Subject: Handling Developers I’d love some feedback on what kind of infrastructure is provide for Developers in your environment. My experience has been that developers often feel the need to have full blown admin rights and no gpo’s and no AV applied to them etc. They always expect to have the latest and greatest hardware as well. The problem is that they often don’t have the full understanding of the rest of the environment so giving them admin rights has ended up with them creating other issues for themselves (suddenly their outlook doesn’t work etc). I think the best approach is to provide a normal SOE/MOE desktop and then have them use a VM purely for development work. The VM has no gpo’s applied but does have anti-virus and admin right are only permitted by elevation (rather than running as admin). What is the best practice these days? Obviously it will depend on the size of the environment etc. We are 1000+ user shop across multiple locations and have the benefit of good vmware and hardware environments. This issue is causing me a lot of pain at the moment with increasing heat directed at me. Any suggestions would be greatly appreciated! James. -- Sherry Abercrombie "Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
