本脚本适合于中小型企业域环境
大型企业可以部署RIS+SCCM2007
需要如下:
1、部署dhcp服务器(windows或linux):
建立保留ip(以便结合上网行为管理设备sinfor m5400的外网管理)
允许dns动态更新
定义用户类别,灵活的调整dns、gateway、租约
2、三层交换机部署dhcp中继(以便同数据中心不同网段的访问dhcp)
interface vlan 12
dhcp server 0
3、安全
对于部分vlan限制只能访问dhcp服务器的udp 67、68端口,并限制其访问数据中心所在的vlan所有的tcp、udp、ip所有端口
对于新增的vlan需要在三层交换机和sinfor m5400上增加静态路由,以便访问外网。
脚本中的域账户,请使用委派授权,不要将域管理员直接应用,这样拿到这个安装脚本的既可以拿到整个域管理员权限(对域来说很危险)
4、系统集成最新的hotfix(这也为WSUS 3.0和SMS2003省掉时间)
对于域软件分发的office、program 等hotfix
使用wsus3.0升级
5、系统集成网卡驱动程序(这步关系着dhcp的成功运行,只有获得ip才能加入域)
;Auto join domain:cisco.com
;Created by me for clients @20091108
;Please modify your computer name in UserDATE before join domian
;Created by me for clients @20091108
;Please modify your computer name in UserDATE before join domian
[Data]
AutoPartition=0
MsDosInitiated="0"
UnattendedInstall="Yes"
AutoPartition=0
MsDosInitiated="0"
UnattendedInstall="Yes"
[Unattended]
UnattendMode=FullUnattended
OemSkipEula=Yes
OemPreinstall=Yes
FileSystem=ConvertNTFS
TargetPath=\WINDOWS
ProgramfilesDir="C:\Program Files"
commonprogramfilesdir="d:\Common Files"
WaitForReboot="No"
DriverSigningPolicy=Ignore
UnattendMode=FullUnattended
OemSkipEula=Yes
OemPreinstall=Yes
FileSystem=ConvertNTFS
TargetPath=\WINDOWS
ProgramfilesDir="C:\Program Files"
commonprogramfilesdir="d:\Common Files"
WaitForReboot="No"
DriverSigningPolicy=Ignore
[GuiUnattended]
AdminPassword="cisco2009"
EncryptedAdminPassword=NO
AutoLogon=Yes
AutoLogonCount=2
OEMSkipRegional=1
TimeZone=210
OemSkipWelcome=1
profilesdir="d:\Documents and Settings"
AdminPassword="cisco2009"
EncryptedAdminPassword=NO
AutoLogon=Yes
AutoLogonCount=2
OEMSkipRegional=1
TimeZone=210
OemSkipWelcome=1
profilesdir="d:\Documents and Settings"
[UserData]
ProductKey=MRX3F-47B9T-2487J-KWKMF-RPWBY
FullName="yw"
OrgName="cisco"
ComputerName=*
ProductKey=MRX3F-47B9T-2487J-KWKMF-RPWBY
FullName="yw"
OrgName="cisco"
ComputerName=*
[Display]
Xresolution=1024
YResolution=768
Xresolution=1024
YResolution=768
[RegionalSettings]
LanguageGroup=10
LanguageGroup=10
[Branding]
BrandIEUsingUnattended=Yes
BrandIEUsingUnattended=Yes
[Proxy]
Proxy_Enable=0
Use_Same_Proxy=1
Proxy_Enable=0
Use_Same_Proxy=1
[GuiRunOnce]
Command0="gpupdate /force"
Command1="shutdown -r -t 60"
Command0="gpupdate /force"
Command1="shutdown -r -t 60"
DomainAdminPassword=1234
[Networking]
InstallDefaultComponents=No
InstallDefaultComponents=No
[NetAdapters]
Adapter1=params.Adapter1
Adapter1=params.Adapter1
[params.Adapter1]
INFID=*
INFID=*
[NetClients]
MS_MSClient=params.MS_MSClient
MS_MSClient=params.MS_MSClient
[NetServices]
MS_SERVER=params.MS_SERVER
MS_SERVER=params.MS_SERVER
[NetProtocols]
MS_TCPIP=params.MS_TCPIP
MS_TCPIP=params.MS_TCPIP
[params.MS_TCPIP]
DNS=Yes
UseDomainNameDevolution=No
EnableLMHosts=Yes
AdapterSections=params.MS_TCPIP.Adapter1
DNS=Yes
UseDomainNameDevolution=No
EnableLMHosts=Yes
AdapterSections=params.MS_TCPIP.Adapter1
[params.MS_TCPIP.Adapter1]
SpecificTo=Adapter1
DHCP=Yes
WINS=No
NetBIOSOptions=0
SpecificTo=Adapter1
DHCP=Yes
WINS=No
NetBIOSOptions=0
[Components]
freecell=off
hearts=off
minesweeper=off
pinball=off
solitaire=off
spider=off
zonegames=off
