The following steps describe the setup and use of the OS capture functionality of the SquareOne Recovery Tool.
Note: The Image Capture operation cannot be carried out on a drive that is encrypted with BitLocker. Disable encryption before capturing the image.
Before capturing the image for deployment, additional customization can be performed. For example:
- Installation of drivers
- Installation/updates of application software
- User configuration
- Security configuration
Image Capture for Remote Management
When using Remote Management, any OS images captured must contain the correct SquareOne Agent and certificate components to allow secure remote communications to continue after a system is updated to this new image.
Install SquareOne Agent
When capturing an image with the SquareOne Recovery Tool, a warning will be displayed if the image does not contain the required SquareOne Agent components.
SquareOne uses certificate and keys to securely register devices to the system. These can be assigned on a per-device basis, or for a batch (multiple devices using the same certificate). The following sections provide guidance on when to include these in captured images.
Single Device Certificate/Key
If using individual device certificates/keys, these should not be included in the captured image. When individual certificates and keys are provisioned to each device, they will be stored appropriately so that updated OS images can be deployed without having to re-register.
If using a batch certificate/key, these may be included in the image so that devices receiving the OS image for the first time (e.g. through a local imaging process) can register with the SquareOne system.
To achieve this, the device certificate/key pair must be installed just before capturing the image for wider deployment, without registration taking place. Undertake the following steps:
- Stop the SquareOne Edge Client service from running (using the ‘Services’ application, Windows->Run->”services.msc”).
- The service will be named SquareOne Edge Client.
- Do not change the Startup Type so that it will restart on next boot.
- Copy the certificate (pem) and key (device_private_key.pem) to the device (C:\ProgramData\SquareOne\IqEdge) as described in the section “Installing Key/Cert in Windows” in Manual Key/Cert Installation
- If required, follow the SysPrep instructions below.
- Shut down the system.
Note: If a certificate/key pair has been included in the image, it is important that the device does not boot back into Windows at this point as the device may register prematurely and move the certificates to the Provisioning folder.
Generalizing the Installation (SysPrep)
To deploy a new OS to multiple devices it must be generalized so that computer specific information is removed from the image. This includes the internal computer security identifier (SID) and the Computer Name. For more detailed information, refer to the Microsoft online documentation: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/sysprep--generalize--a-windows-installation?view=windows-10
At this point, the process to capture the OS image can begin. Boot the device from a USB key into the SquareOne Recovery Tool.
With the device booted from the USB Recovery Key:
- Attach an NTFS formatted USB hard drive to the target hardware.
- Choose Capture Windows OS Image to capture the OS from the device to the attached USB hard drive (Note: it is strongly recommended to use a USB hard drive due to the limited write speeds of USB memory sticks).
- On the Capture UI screen, click Scan Drives to find the device with the Windows OS installed and select it. The UI will indicate the version detected.
- Note that if the SquareOne agent is not detected, the UI will display a warning
- If no OS is detected, this UI will indicate this, and the Start Capture button will be disabled
- Specify a version number for the OS image (in the format <major>.<minor>.<revision>). The capture process will not start until the full version number is entered.
- Browse to the connected USB hard drive and choose a suitable name for the file.
- Choose Start Capture to begin the capture process. This will take several minutes.
Alternatively, the .WIM file can be copied to the USB Recovery Key. By default, the recovery tool looks for a subdirectory \WIM on the Recovery Key, however, it is possible to browse to other directories and drives.