Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Mozilla The Internet

Rolling Out Mozilla in an Organization? 486

Posted by Cliff
from the bringing-in-the-400-lb-lizard dept.
jdclucidly asks: "I am a network administrator for a small non-profit (about 50 employees). I would like to roll Mozilla 1.2.1 out to all of our desktops. We don't have a single ghost image because the computers on site are too varied. Yes, I did my Googling. The source for the installer is just huge and mind boggling. Is there something like a Mozilla Administration Kit that will generate custom Mozilla installers? If not, would people on Slashdot be interested in starting a new project to make such a kit?" If you were going to deploy a "branded" version of Mozilla, company-wide, how would you do it, especially if you had to worry about a mixed OS environment?

"Here's what I want to do:

  • Install everything but Quality Feedback Agent
  • Set Mozilla as the default browser
  • Disable 'Open Unrequested Windows' (kill pop-ups)
  • Install Elveraldo's Crystal-Classic theme as default
  • Set Google as the default search engine
  • Set 'Georgia' as the default Serif font for Western and Unicode
  • Enable HTTP Pipelining
  • Enable FIPS internal cryptography
  • Set toolbar to 'Pictures only'
  • Set Home Page to my organization's intranet site
  • Set start page to 'Blank page'
  • Disable 'Hide the tab bar'
  • Enable Middle-click for new tab
  • Enable control+enter for new tab
  • Default downloads to 'open a progress dialog'
  • Disable Javascript and Plugins for Mail & News
  • Enable quicklaunch
  • Create an additional shortcut on the desktop and in quicklaunch that uses chrome/icons/mailnew.ico as it's source and points to 'mozilla.exe -mail'
As you can imagine, doing this on 50 computers (and making sure I got each of these) would be quite tedious. Are, there others out there that want to do the same thing. I checked the Mozilla newgroups. I checked the CCK Project page at Mozilla.org -- it appears to be pretty inactive. I checked out the Netscape 7 CCK, which is pretty robust but doesn't do everything I want and it's proprietary -- plus, I don't want all the NS7 proprietary crap on my network.

I installed Mozilla on my machine using the stub installer and had it save all of the .XPI components to a folder. I went in and extracted the .XPI's and examined them. It seems possible to do these things but not without learning XUL, JavaScript, XML and Mozilla.org's own stuffings -- not to mention setting up a Visual C++/Cygwin compiling farm for every next Mozilla release. Can I:
  • Directly modify the defaults/prefs/all.js file to incorporate my preference defaults above and then recompress the .XPI?
  • Add to the installer Crystal-Classic.jar somehow? Where are those changes made?
  • Make the installer NOT allow the user to change any of this?
  • Make the installer create the above mentioned shortcut?"
This discussion has been archived. No new comments can be posted.

Rolling Out Mozilla in an Organization?

Comments Filter:
  • With apt being built for Linux, apt for OS X, I would start by putting together some perl scripts for Windows to work like apt. Then build packages for each OS and use a package repository to distribute them.
  • Georgia?! (Score:2, Funny)

    by VoidEngineer (633446)
    Nay! Times New Roman for everything!
  • by Anonymous Coward on Sunday January 19, 2003 @06:36PM (#5115393)
    just copy the directory, mozilla doesn't need registry entries.. it stores all its settings in some whacky xml files
    • by MikeFM (12491) on Sunday January 19, 2003 @06:51PM (#5115486) Homepage Journal
      Copying the directory is pretty much what I'd suggest. Configure one browser for each platform and make a tarball for Linux, a zip installer for Windows, etc and just copy your settings over. For 50 machines it wouldn't be worth the effort of using a client customization kit or anything like that. As far as keeping users from changing their settings that's easy enough in Linux but am not sure how you'd do it in Windows or MacOS. Just change the owner of the config files away from the user and give them read but not write permissions to those files.
      • by SnowDeath (157414) <peteguhl@@@gmail...com> on Sunday January 19, 2003 @06:58PM (#5115549) Homepage
        Dont forget to copy the registry.dat when you copy Mozilla from Application data so that Mozilla knows where you are storing the Mozilla profile. As long as you are using 2000/XP (NT could work too, that's what I had have to use at work right now), just make all of your profile directories/files ready only *EXCEPT* the parent salted directory, they need read/delete to that for the lock file.

        The way I have Mozilla set on our NT4 machines is to use the profile editor (name?), delete the default, create my own (named modlang, being that I run the modlang computer lab) profile, put it under mozilla.org in the program files directory, set everything to the way I want (popup blocking, default homepage, etc) and then simply copy mozilla.org directory (with mozilla already being installed on the profile creating machine) to each target machine.

        The tricky part was figuring out that I needed to copy the registry.dat to default user's application data directory, after figuring that out it is cake.
      • The problem is that Mozilla stores some settings in user's config. User config is not easy to clone - my prefs.js has many occurences of full path to user's config folder and to Mozilla installation path, so it would not be easy to just deploy a tarball.

        Also he wants to make it default browser, so he need to update some registry keys.

        • by MikeFM (12491)
          A decent installer program can do that. I used to do such things when I worked at local schools and had to manage several hundred computers more than mortal man can handle. It's been so long though that I'm not sure what the best installer is these days. That was in the days of Win95/98 only. I used some installer that is free to opensource projects. I can't remember it's name anymore but if you look I bet you can find it or something similar. It could manipulate registry keys.
    • I would just SHARE the directory from a single machine running SAMBA or win2k server. Think, you could upgrade everyone at once just by updating ONE install! Make most of the files read-only and roll it out to a few people you know will be 'cool' first and let them test the implementation for you. Also, turn on QuickStart for ALL users so loading moz over the network doesn't slow things down too much or hose the server.
    • by BlueUnderwear (73957) on Monday January 20, 2003 @01:31AM (#5117200)
      There is one thing where Mozilla does need the registry, namely quicklaunch mode. Quicklaunch mode is quite handy if you have impatient users: this launches all lengthy startup stuff in the background as soon as you log in to your workstation. When you then click on the Mozilla icon, Mozilla is there in under a second. Here is the required registry entry (in regedit format, just put this into a .reg file, and load it using regedit -s)

      REGEDIT4

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Run]
      "Mozilla Quick Launch"="\"C:\\PROGRA~1\\MOZILLA.ORG\\MOZILLA\\MOZ ILLA.EXE\" -turbo"

      Other registry entries might be necessary to set Mozilla as the default browser.

      Other handy tips for mozilla configuration (such as locked config items, automatically generated personal config, etc) can be found at http://www.alain.knaff.lu/howto/MozillaCustomizati on/ [knaff.lu]

      This is used in the schools participating in the LLL [www.lll.lu] project.

      Some Highlights:

      • Any configuration options accessible in prefs.js can be stored in a locate mozilla.cfg file (optionnally locked in such a way that it can no longer be overridden by the user):
        • Disable 'Open Unrequested Windows' (kill pop-ups),
        • Enable HTTP Pipelining,
        • Set toolbar to 'Pictures only',
        • Set Home Page to my organization's intranet site,
        • Set start page to 'Blank page',
        • Enable Middle-click for new tab,
        • Enable control+enter for new tab,
        • Default downloads to 'open a progress dialog',
        • Disable Javascript and Plugins for Mail & News
      • Using mozilla's own registry (%USERPROFILE%\Application Data\Mozilla\registry.dat) set the profile directory (which contains prefs.js et al.) to be on the user's home directory (H:\). That way, you can have a personalized configuration (Mail & News) automatically created by a script. When the user first logs in, he doesn't need to set his email address, server name, etc for using Mail & News, everything is already done for him!
      • Disabling of the bulky XUL.mfl file (whose sizes quickly add up if you have thousands of users): just create a directory named XUL.mfl, and Mozilla will be unable to create that file, and it will still work correctly!
      • Automatical loading of the needed registry entries as soon as user logs in, using a netlogon script
      At LLL, we deploy our machines using Udpcast [linux.lu], which might not be appropriate in your case (all your machines are different), but as other posters have pointed out, most of the client-side installation options can also be handled by a Zipfile plus a small install script to put stuff into the correct place.
    • If this is totally true, and you can just copy the directory then all you have to deal with is this-
      Buy Wise installer or some other installer App (perhaps 1 for each OS, can't imagine it would be more than 3)

      1) If what was stated is true (that you can simply copy the folders) then make an installer based on your one computer's Moz setup.

      2) This will compress your files.

      3) You can add any extra files you want (.jar or otherwise) Install those as well, or even make seperate installers for the jar files, and simply include them in the installer. You can put these files anywhere you want on their system as well, simple point, click and naming folders and such, it's very easy.

      4) Any variations of versions of an OS (say windows 95 vs Windows XP) can be detected using scripting in the Wise installer (or hopefully any other installer you use) and then you can install different files based on the version of the OS.

      5) You would maintain total control of how the installer puts files on the end users computer. (One installer I made when ran, didn't ask the user anything, just opened up, installed the files and then closed.)

      6) Any and all shortcuts, and folder groups are all super cake and easy to setup with a good installer application. I highly recommend wise if you do any installing on windows.

      7) A simple wise for windows installer 4 standard edition is $450, with all the power and ease of use you get for it, you will find it can help you with many other things to install besides this. You can make installers to install installers, just to get past people screwing up things. :) (like automated button clicks and the such) though I have only experimented with these things a little.

      8) If you have the money and the time to learn the more robust installers, you may be able to do even more than the above.

      -v

  • Priorities (Score:3, Insightful)

    by trans_err (606306) <ebenoist&gmail,com> on Sunday January 19, 2003 @06:39PM (#5115413) Homepage
    Seems to me like you're just begging for large scale trouble. Take the time and make annnnnnnn image for all the computers, making the one or two neccesary for differences in platforms are still going to save you a lot of time in the long run. What happens when you decide you want to update to Mozilla 1.3 or roll out some other app? In the long run it seems like you could greatly increase stability, continuity, and prohibit a lot of headaches like this one if you just slow down and build from the ground up.

    IMHO of course.

    • Re:Priorities (Score:4, Insightful)

      by pavera (320634) on Sunday January 19, 2003 @06:52PM (#5115491) Homepage Journal
      He stated in his post that making images wasn't really going to reduce complexity because the systems themselves are too varied, images do not reduce the amount of time needed in this case. if you have 50 computers and they all have different hardware, you've gotta have 50 images, your average win2k image with no software is about 1 Gb, with stuff like office, and other software, easily 1.5Gb each, so, now you're looking at 75Gb of storage just to keep all of your images (not that 75Gb is some huge amount anymore really, but it is pretty big, I used to work in a 130 employee firm, and until about 1 year ago we only had 100gb of total server storage space, so 75 of that used up for images wasn't feasible at all). plus you have to keep track of which image goes to which computer, besides, you'd have to manually install all of the software on *each* computer anyway to create the initial images, images will not help in this case.
      • Re:Priorities (Score:3, Insightful)

        by nolife (233813)
        Have you ever thought of using SYSPREP [microsoft.com] from the W2K resource kit? It actually does work and can be used on machines with different hardware. There are limitations and for 50 completely different machines it might take considerable time getting it to work correctly for all of them. The more time you put into it the better and more efficient you can make the whole process but, there is a fine line you may cross and end up spending more time then you'd ever save. It comes to a balance of differences in hardware which increases the initial complexity, with how many applications you have to install after the base OS which decreases the overall install time. Of course this won't help you with the Linux machines but there are methods of reducing per machine specific installs for those too like thin clients, rsync, common home and bin dirs etc..
  • Automate It (Score:2, Informative)

    by adrox (206071)
    I recommend Automate [unisyn.com]. It would get the job done and can be deployed over a network. Although it'll only work on windows machines. Alternatively a cheaper solution would be to copy over all the mozilla files and registry settings to each machine.
  • by cscx (541332) on Sunday January 19, 2003 @06:43PM (#5115439) Homepage
    This is 100% the wrong way to go about things, bud. What you want to do is use something like Microsoft Systems Management Server, [microsoft.com] Veritas WinInstall, [ondemandsoftware.com] or Novell ZenWorks SnAPPShot [novell.com] to monitor the install on your install test-bed PC (you DO have one, don't you?), make all those oodles of changes you want to, then redistribute it identically to your clients. If you don't have these, I would buy one of the packages -- the money you spend will save you $$$ in man-hours trying to come up with a hackneyed, crappy homebrew solution in the long run. Once you start using these distribution apps, they will become your next best friend.
    • Yeah - mozilla can work with these systems EASILY.
      IE is a different matter, because installing IE is different for every rev of windows (95OSRB,C,D, 98, 98SE, 2k, sp1/2/3/4/5/6etc).
      But mozilla should run just fine from a Snappshot.
    • Use the zip file. Just unzip right into program directory. Then run it, load additional XPIs to taste, xcopy the program folder up to a server. To install on each station, just xcopy or wrap into an .msi and deploy to workstations automatically via a GPO.

      Mozilla is easy to deploy, but a bitch to configure. See my other note in this thread for that nightmare...

    • Cross Platform?
      I don't think any of these solutions support multiple OS's
      • Most of them do. They tend to be more file system dependent than OS dependent. Basically, they all just write 1s and 0s to a hard disk. The question is whether they have the right algorithm to write the 1s and 0s so that the OS can read it correctly.

        That, and the fact that most of them can actually handle an entire OS image.

        Of course, some solutions work better than others...
    • I have to agree that all of those applications will become your next best friend, if you're supporting a bunch of workstations (50+). I would also include Ghost [symantec.com] and Altiris LabExpert [altiris.com] to the list, as two other very good products. These two products may be slightly better for non-profit company, however, as they generally cost less money.
    • by FatherOfONe (515801) on Sunday January 19, 2003 @07:44PM (#5115782)
      I agree with you, and am a HUGE fan of WinInstall, but there is a couple of issues.

      1. WinInstall handles win9x and winnt/2k/XP clients differently.

      2. All the systems you mentioned cost money. A significant amount of money.

      3. SMS will only work with Microsoft stuff and it kinda sucks, although I heard the new version is ok. Just expect vendor lock-in.

      4. Novell Zenworks will require an NT server or a Novell server, and the version that I used put all the files in NDS. You couldn't edit them or do much with them after you did a scan. WinInstall blew them out of the water.

      The core reason you use an unatended install is the EXCACT reason this guy wants one and WinInstall isn't such a good option. He has 50 desktops probably all different. Some have multiple drives some don't. If you made a WinInstall or SMS or ZenWorks package to do this type of install, you better be great a building those packages, because you will be using your "test" machine as a template for all the desktops in the organization. If for some reason that test machine had a DLL that the other 40 didn't have...

    • typical (Score:4, Insightful)

      by g4dget (579145) on Sunday January 19, 2003 @09:30PM (#5116235)
      What you want to do is use something like Microsoft Systems Management Server, [microsoft.com] Veritas WinInstall, [ondemandsoftware.com] or Novell ZenWorks SnAPPShot [novell.com]

      This is pretty typical: in order to get even the simplest task done on Windows, the usual answer is: get another software package.

      the money you spend will save you $$$ in man-hours trying

      First, you are going to spend many man hours getting your manager to approve the purchase and order the applications. Then you are going to spend many more man hours installing them. Then you are going to spend many man hours trying to figure them out. Then you are going to spend even more man hours fiddling around with them trying to package up Mozilla. Then, you still need to figure out how to get the packages themselves or the client packages for those packages onto the clients. Then, if everything goes really well, you may be ready to install the software.

      And when some major software upgrade comes from Microsoft or these vendors, you can start pretty much from square one.

      That's of course assuming that those packages are completely bug free. More than likely, they will interact in some unknown way with some other software package and mess up something or other.

      hackneyed, crappy homebrew solution in the long run

      Professional chefs use a couple of knives to get the job done: they are reliable, predictable, simple, and efficient. Amateurs run out and buy every kitchen appliance under the sun, hoping to compensate with appliances for skills that they lack. It's no different with system management: if you don't know what you are doing, your answer is going to be: "oh, just buy another piece of software".

      Windows, unfortunately, doesn't ship with any knives, but with Cygwin and Perl, you can get by. System management on Windows still like preparing a banquet in a kitchenette, but you don't need to make the effort even harder by stuffing the kitchenette full with useless junk.

  • by Anonymous Coward on Sunday January 19, 2003 @06:44PM (#5115444)
    Why make it harder than you need to? How about this:

    Make one install on your PC. Setup all of the preferences how you want them.

    Copy the .mozilla directory (or whatever) to wherever you plan on installing this from. chmod a-w on it for *nix users, set permissions accordingly on it for Windows.

    Put your .jar theme where it needs to be

    Install on everyone else's PCs and just copy the preferences folder via a script or by hand.

    Profit!

    It such a small number of people, it should be painless to do it by hand anyways.

  • by DaveOnNet (636006) <dscotese@[ ]oo.com ['yah' in gap]> on Sunday January 19, 2003 @06:45PM (#5115449) Homepage Journal
    Just prohibit the use of Mozilla in your organization and then make sure employees have access to the Internet. They're bound to set it up themselves that way.
  • It' won't be easy... (Score:5, Interesting)

    by weave (48069) on Sunday January 19, 2003 @06:46PM (#5115452) Journal
    I tried, went through hell. I assume you're doing this in a Windows environment. If so, be aware of some real killer limitations.

    First of all, Mozilla doesn't understand UNC paths. If your GPO redirects %appdata%, you're screwed. Quit now. The mozilla registry.dat file goes in %appdata%\mozilla and if %appdata% is in a UNC of DFS share, it won't find it.

    Then ... if you allow users to create profiles in the default location, below %appdata%\mozilla, expect profiles to go missing. Windows has a nasty habit of duplicating roaming profiles, like profiles\user, profiles\user.domain, profiles\user.domain.000, etc... Since your profile location is a hardcoded path in registry.dat, Mozilla will find it, but will try to load the profile in the stale profile location. If that doesn't exist now, it'll throw up a profile manager asking you to recreate one.

    The solution to above is to create the profile manually via a command like:

    mozilla.exe -CreateProfile "default z:\mozilla"

    That will move the bulk of the profile (except registry.dat) to a fixed location out of the roaming profile.

    For a lot more detail and my rant, read bug #162025, comment #28.

    We have done a lot to get it working finally, including some logon vbscripts to create the profiles, repair prefs.js file, have some mandatory prefs.js entries that are replaced during logon if user changes them (like home page for us), etc...

    We've been through hell but think we finally have it licked by working around mozilla bugs. We intend to post a page on our experiences, but not in the next 12 hours (the effective life of a slashdot story)

    When it's ready, I'll e-mail you or feel free to contact me if you want the scripts as they stand now (we are still debugging some things).

    • Eazy way to fix this is to mount y: to a UNC name like \\homesserver\home , we use samba to host a box that maps home to whatever user is connected. Lots more applications than mozilla dont support this.
      • That works for the home directory, but not for redirecting %appdata% to a home directory, because windows applies the GPO for %appdata% before any drives are mapped, including the home directory.

        GPO (Group Policy Objects) is an Active Directory thing. I don't believe Samba support that (yet) so it's probably n/a in your case.

        A lot of installations try to redirect everything they can out of the roaming profile because roaming profiles are the most evil and most horribly implemented thing that Microsoft has ever hoisted upon IT departments.

    • by BlueUnderwear (73957) on Monday January 20, 2003 @02:14AM (#5117339)
      Windows has a nasty habit of duplicating roaming profiles, like profiles\user, profiles\user.domain, profiles\user.domain.000, etc...

      We have seen this behaviour too. However, apparently, as far as we could see, it would only happen on Win2k, on NTFS partitions. Win2k + FAT32 was ok. So, what we did was create a small D: partition as FAT32, and configured Windows to store the cached user profile on that partition. From then on, our "multiple profiles" problem was gone.

      Since your profile location is a hardcoded path in registry.dat, Mozilla will find it, but will try to load the profile in the stale profile location. If that doesn't exist now, it'll throw up a profile manager asking you to recreate one.

      Or just store the profile somewhere on the user's home directory (H:\Mozilla\)

      ...repair prefs.js file, have some mandatory prefs.js entries that are replaced during logon if user changes them (like home page for us), etc...

      No need to bother with vbscript. Just use locked settings in the mozilla.cfg file. This page [knaff.lu] described how. Just insert entries such as the following into your mozilla.cfg.txt:

      lockPref("browser.startup.homepage", "http://my.home.page/");

      Then encrypt the file to mozilla.cfg using this program [knaff.lu] (with an offset of 13). N.B. The mozilla.cfg.txt file must start with a comment (two slashes), and be referenced from all.js or else it will be ignored by mozilla. After having set up a mozilla.cfg, the user can no longer change the relevant settings (they are greyed out), and even if he does manually edit his prefs.js, mozilla will fix prefs.js the next time it starts up.

  • Question... (Score:2, Insightful)

    by blixel (158224)
    What's the point of forcing all the employees to set their user preferences to settings that are based soley on your own personal opinions?
    • Re:Question... (Score:3, Insightful)

      by Alex (342)
      Its called a "corporate standard" for a reason.

      Alex
    • Re:Question... (Score:2, Insightful)

      by DavittJPotter (160113)
      As an employee, it's not "your computer". It's the property of the company. I wish more end users would remember that. "Why are you messing with *my* computer? I've got it just the way I like it!" Sorry. Pink fonts in Monotype Corsiva on a light blue background makes it tough for me to troubleshoot. Don't put your kid's picture up as wallpaper (less of a gripe, I don't really care, but give an inch...). Don't install the "little program" you brought from home.

      **These machines are not for your personal use.** Please reread that statement again and again when you feel like it's "Your Computer". If you didn't pay for it, it ain't. If you did, and you're accessing a corporate network, you are still subject to the rules of your employer/contractee. The computers you were provided as PART OF YOUR EMPLOYMENT are a tool you use to get your job done. Microsoft spent millions of dollars and countless man-hours on the multitude of color schemes you can pick from. Use one of those. If I find non-approved themes of software, it's gone. That's how it works, and makes less downtime for you and less headache for me.
      • Re:Question... (Score:4, Insightful)

        by dvdeug (5033) <[dvdeug] [at] [email.ro]> on Sunday January 19, 2003 @07:11PM (#5115616)
        Don't put your kid's picture up as wallpaper (less of a gripe, I don't really care, but give an inch...).

        You aren't working with robots. People personalize their space to make it more comfortable to work in; lock them in cold blank walls with everything ISO-standard, they won't be happy. Give an inch.

        Pink fonts in Monotype Corsiva on a light blue background makes it tough for me to troubleshoot.

        Remember who uses the computer day in and day out. Not you.

        Please reread that statement again and again when you feel like it's "Your Computer".

        It's not "Your Computer", either. I'm not saying you should let pirate software and porn run around the computers, but complaining when the people that use the things change the fonts and colors to something that will make them more comfortable is excessive. Would you complain if someone moved the chair in the company car?
      • Re:Question... (Score:4, Insightful)

        by SlashdotLemming (640272) on Sunday January 19, 2003 @07:23PM (#5115690)
        So let me get this straight, the "end user" sitting in front of the machine 99% of the time should use the personal preferences of the grumpy SA. Makes sense. I hope those idiots keep their chairs at the proper height for you too. I mean, you need to be able to do *YOUR* job without distraction.

        A genius in a sea of stupidity. How do you deal with it?
      • Re:Question... (Score:5, Insightful)

        by Bake (2609) on Sunday January 19, 2003 @07:25PM (#5115698) Homepage
        Do you put a picture of the family on your desk?
        Now why would you do that? The desk is not for your personal use, it's the property of the company, if you didn't pay for it, it ain't yours.

        Do you fiddle with the settings on your office chair?
        Now why would you do that? The chair is not for your personal use, it's the property of the company. It isn't any of the company's business what settings on the chair are most comfortable for you. Personalisation does not benefit the company.

        I wish more end users would remember that.

        (</sarcastic-rant> for those who need it)

        The computer, just like any other accessory you use in your workplace must allow for some personalisation.
        As an IT drone, it is not your job to dictate what background picture/colour I have. If having BIG white letters on a black background increases my productivity, you, on behalf of the company, should be happy, even though it means you'll get to spend a few more minutes with me in the event that I need some help.

        Dispite what you may have read when reading the BOFH archives, the system administrator should NOT get to dictate every single detail about the computing environment in the workplace.
        • Re:Question... (Score:3, Insightful)

          by DavittJPotter (160113)
          Feh. You're deliberately missing the point I attempted to make. What's very frustrating for most admins is the repeated visits to Ms. Jones machine because she insists on changing, deleting, or adding this to her machine. You can ask her, you can tell her, but you can't change it.

          I'm not advocating a total lockdown. But some simple constraints can enormously streamline admin time and user time - I've known many, many users who will spend hours mucking about with desktop colors/schemes, surfing for 'just that right' background image, etc. Yes, they should be fired for wasting time; if they stood around the water cooler that long they'd surely be noticed.

          I'd be interested in the feedback from admins who've worked at other LARGE corporations - I'm talking thousands of desktops here, not ten or twenty.
      • by Kjella (173770) on Sunday January 19, 2003 @07:46PM (#5115789) Homepage
        As an employee, it's not "your computer". It's the property of the company. I wish more end users would remember that. "Why are you messing with *my* computer? I've got it just the way I like it!" Sorry. Pink fonts in Monotype Corsiva on a light blue background makes it tough for me to troubleshoot. Don't put your kid's picture up as wallpaper (less of a gripe, I don't really care, but give an inch...). Don't install the "little program" you brought from home.

        Those machines are also not there for the IT staff to use for some kind of power trip. Those machines are there to provide value to the company, which they presumably do when the users are working on them, not you. If the customizations they do make them work more effectively (translation: more motivated), that is good for the company. Certainly if they install viruses and stuff that creates trouble you need to take action, but the whining about text and background images is pathetic.

        Somehow I thought that kind of tayloristic management (your desktop will show in 0.04 seconds faster if you don't have a background image) became almost extinct long ago. If you treat people like machines, they also react very cynical - and do as little work as possible without getting fired. Since there's an economic downturn I guess people will stick around - but if all your best men leave when it starts going up, I can't say I'm surprised. I wouldn't want to stick around at least...

        Kjella
      • Good point! (Score:5, Funny)

        by iamacat (583406) on Sunday January 19, 2003 @07:58PM (#5115836)
        As an employee, it's not your network. I wish more system administrators would remember that. "Why are you messing with *my* data center? I've got it just the way I like it". Sorry. SSH and VNC are SECURITY HOLES. Any HACKER can DOWNLOAD the source code ON THE INTERNET and BREAK IN. Microsoft spent millions of dollars and countless man-hours designing remote administation tools. Just keep a cart with a keyboard and monitor, connect it to the server in the rack that stops responding and click Ok on that message box. Also, If I find any non-approved scripting language like Perl, it (and you) are gone. Microsoft already has batch files and you have no reason to muck around.



        What, you just said you are going to use Mozilla? You will trust our company security to some FREEWARE when Microsoft has made security the company's first priority for the whole year??? Right here I have a resume of a Visual Basic programmer who wants to migrate our e-commerce server to IIS, SQL server and server-side VBSCript, using Microsoft passport security architecture. I think I would give him a call. Certainly PROPRIETORY SOFTWARE is better than all the FREE-WARE you installed on our network...

      • But.... (Score:3, Funny)

        by hswerdfe (569925)
        No it is! My Computer....it tells me so.
        Just look in the "Top-Left" corner of the screen.

        You will find a picture of a computer and it says "My Computer".

        Therefor it is. My Computer!...

      • Re:Question... (Score:3, Insightful)

        by blixel (158224)
        Based on your comments and by glancing over your resume I can tell your job involves a lot of hand holding and baby sitting. (I'm not being derogatory.) So if you work at some call center or something and have to support a bunch of relatively uneducated employees such as high school kids and mothers who got sick of staying at home, then I can see your point. When I made my original comment, I was thinking more along of the lines of competent end users. That is the work environment I'm most familiar with. As such, I really don't want (or need) someone changing my personal Desktop environment back to some "IT friendly" Microsoft default setting.
  • by VoidEngineer (633446) on Sunday January 19, 2003 @06:52PM (#5115496)
    Ah, I used to do something similar at the Department of Networking Services & Information Technologies, at the University of Chicago, were I used to work. Setup up webkiosks and the like for the campus.

    Your probably already know this, but I'll point out the obvious:

    1. Set up a Ghost server for yourself. Maybe even look at a copy of Alteris LabExpert [altiris.com].

    2. Backup often.

    3. Set yourself a timeline with mile markers. Give yourself a few months, so you don't pull out your hair or have a mental break down. Plan a reasonable project timeline, such as 3 months.

    4. Set up testing workstations. Get all of your networking issues out of the way before you start on Mozilla. TCP/IP or other protocol stacks should already be installed. All device drivers should already be installed.

    5. Take the list which you've already made, and make the changes to the box. When you get the change to work, backup the box with your image server. Keep detailed notes of what you've just accomplished.

    6. Repeat step 5 until all items are completed.

    7. When step 6 is completed, backup the workstation, diff the image if needed, and push it onto workstations of similar hardware configuration. Either package the image as an application (tar, zip), an application image (ZenWorks, Active Directory resource, Ghost, etc), or an operating system image (SMS, Alteris, Ghost).

    Once you get into the groove of the project, it'll go quickly.

    Sorry for stating the obvious, but you're talking about a fairly complex network engineering task. Don't expect it to happen next week or even next month. Just make sure you have an imaging server and that you take good notes, and the project will go fine.
  • Some simple ideas. (Score:4, Interesting)

    by The Creator (4611) on Sunday January 19, 2003 @06:53PM (#5115499) Homepage Journal
    First install mozilla on one machine. Then obtain the source, find where the signal handler(i think that is what it is called) for the meny ithem edit->preferences is set and comment that out, compile. Now you should have a version of mozilla that the user cannot configure.

    Use the first installation(full version) to generate all the files that contain the settings you want for each machine. And copy them to each machine after installing the crippled mozilla on them.

    You should be able to achiave your goals like this, if each machine requires uniqe settings(email and such) then you have some work to do, but it should'nt be impossible.
    • Now you should have a version of mozilla that the user cannot configure.
      He said he wanted the defaults to be what he listed in the article, but he didn't say he wanted to keep the users from changing the settings around. Also, you can just get Preferential [mozdev.org], QuickPrefs [mozdev.org], or MultiZilla [mozdev.org], and there's always editing prefs.js.
    • No need for recompilation. You can "lock" configuration settings easily using the mozilla.cfg file. Here's how to do it in 3 easy steps:
      1. Put the following line into C:\Program Files\mozilla.org\Mozilla\defaults\pref\all.js:
        pref("general.config.filename", "mozilla.cfg");
      2. Write a mozilla.cfg.txt file containing the config items that you want to lock:

        // Mozilla cfg file

        lockPref("browser.startup.homepage", "http://my.home.page/");
        lockPref("network.proxy.type", 2);
        lockPref("network.proxy.autoconfig_url", "http://intranet/~admin/proxy.pac");

        There is also use a defaultPref command for setting defaults that the user may change.

      3. Using the moz-byteshift.pl [knaff.lu] program, "encrypt" the file using an offset of 13, and put it into C:\Program Files\mozilla.org\Mozilla

      Check this page [knaff.lu] for more details.

      Granted, this is not foolproof (the user could use the same method as described here to change his settings), but you can make it difficult enough by making the mozilla.cfg file writeable only by the Administrator.

  • by SiO2 (124860) on Sunday January 19, 2003 @06:53PM (#5115500) Homepage
    You stated that the computers in your organization vary and that you can't have one standard Ghost image. Is this because the operating systems are different or because the hardware is different? If the problem is just hardware, I have a solution for you.

    At the university where I am the network administrator, we use Microsoft's sysprep in conjunction with our Ghost images. If you run sysprep on your master machine before taking your Ghost image, Windows 2000 for instance will rebuild it's P-n-P database the first time it boots on a target machine and load all of the necessary drivers for the different hardware.

    You can check out sysprep here [microsoft.com].

    If, however, hardware is not your problem with deploying a single Ghost image, I'm sorry for the wasted bandwidth.

    I feel so dirty. I'm a Mac guy giving advice for Windows. I'm going to shower now.

    SiO2
  • Netscape has a modify installer kit in whihc you modify netscapes installer to do most of the things you have asked for..

    check http://www.netscape.com for details..

    schools usually use this method because their needes are similar to yours..
  • by digitalgimpus (468277) on Sunday January 19, 2003 @07:07PM (#5115592) Homepage
    I was considering starting this as a project for Evanglelmoz (http://evangelmoz.mozdev.org).
  • CCK and other items (Score:5, Informative)

    by GarfBond (565331) on Sunday January 19, 2003 @07:08PM (#5115593)
    Don't ditch the Netscape 7 CCK so fast. It already does a lot of what you're looking to do, and it's not *that* bad. A lot of the Netscape 7 proprietary crap can be turned off while building with the CCK (ain't that nice?), for example, AOL On Desktop. It automagically sets the specified default home page, bookmarks, titlebar, mail/news settings, proxy settings, and others. If there's any reason to not use Netscape 7 (keeping in mind that AOD, Winamp, RP8, and HP plugin can all be turned off), it's because it uses the 1.0.1/1.0.2 codebase (a little dated but it does the job admirably). It should be noted that 7.0.1 uses 1.0.2 and has a nifty little PopUp manager (which isn't availble in Mozilla AFAIK). I am not aware if the 7.0 CCK allows you to use the 7.01 XPIs.

    Most of the features can be edited with notepad in the prefs file, found in default/pref/all.js (and all-ns.js for Netscape builds). However, these are the few that I believe are not possible to change with those files:

    • default homepage
    • default browser
    • Default Theme w/ Crystal
    • Default Search Engine - Google
    • default font (not sure)
    • Quicklaunch (not sure about this one, see if something labeled "quicklaunch" is in the all.js file)
    • Shortcut file
    These are the items that I believe require some XUL knowledge in order for you to change them. And, if you read the Netscape 7 CCK license, you'll notice that Netscape does not allow you to change the default theme or Search Engine (mozilla.org does not have this restriction of course...Netscape has their own reasons for making this admittedly minor restriction). You'll notice that the default theme/search engine/homepage is referenced in the prefs.js as a chrome:// address.

    To change your setup options, you'll need to edit the SETUP.INI (or is it CONFIG.INI? i don't remember) file found with the install files. Note that if you use Netscape 7's CCK, you'll need to do this to expose the Instant Messenger option (and then disable that), since Netscape 7 only allows you to select both Mail and IM, not either/or.

    I would also advise against not installing QFA. It's what allows the Mozilla/Netscape developers to figure out why crashes are happening and what they can do to fix it. It truly is the least you can do to contribute back to the project.

    You CAN unzip the XPIs, edit the files, and rezip them. For more information on this, consult the CCK documentation that Netscape produces (it's actually helpful in this case). Using Winzip, all you'll have to do is make sure that you preserve the directory structure (Winzip doesn't make it immediately clear how the directories within a ZIP are organized...Winrar is better at this), and then rename the resulting .ZIP file to .XPI. (PDF LINK [netscape.com])

  • by briancnorton (586947) on Sunday January 19, 2003 @07:10PM (#5115605) Homepage
    How I would do it is set up everything as you like it on one computer and winzip it into a self extractor. You can have it execute a simple batch file that will install desktop/start menu icons and it will be ready to fly. All a user has to do is click a file and hit "yes" a few times.(I assume this is on windows) In all honesty, you may just be better off updating IE on all the computers by directing people to windowsupdate.microsoft.com.
    • "In all honesty, you may just be better off updating IE on all the computers by directing people to windowsupdate.microsoft.com."

      First off why would he switch to an inferior browser? Second I don't he want's to deal with 50 users installing WMP 9, Movie Maker, driver updates and whatever else users can find check boxes for when they visit windowsupdate.
    • If are adminning (sp?) a Windows network larger than ~5 hosts, you may want to set up an SUS server [microsoft.com].

      What is SUS, you say?
      • SUS (Software Updated Services) [microsoft.com] is a FREE (as in Beer) product from MS that allows controlled deployment of IE,OE, and OS updates from Windows Update.


      How do I install this?
      • Well, if you have a Win2000 domain, you can push it through GPO.
      • If not, you can push a manual installation via a batch file like so: (This assumes a few file paths which you may have to edit)

        @echo off
        copy wuau22.msi \\%1\c$
        psexec \\%1 c:\winnt\system32\msiexec.exe /i c:\wuau22.msi /q
        echo Done with computer %1!


        PSExec is a Free (again, beer) tool from Sysinternals. If you don't already have it (shame on you!) you can get it here [sysinternals.com].

      Okay, how does this work?
      • Your SUS Server will check for new updates from the Windows Update servers on a regular schedule (nightly at 3am is the default, IIRC). Depending on your configuration, it will either
        • download any new updates to your server, saving you dl time and bandwidth, or
        • download the list of new updates to your server, requiring the clients to talk to the WU servers to actually get the files. (I don't know why you would do this, but it's an option)
      • You drop by a web interface (http://mysusserver/SUSAdmin/) and check for new updates. If any have arrived, you get to approve them before they are deployed to your clients. (This keeps your clients from automatically installing the .Net Framework in, say, Mongolian and Korean.)

      • Your clients talk to your server on a regular schedule (again, default is nightly) and do one of the following:
        • Download any new updates and apply them, automatically rebooting the computer if necessary.
        • Download any new updates and do nothing. The next time a member of the Local Administrators group logs in, they will see the "New updates have been downloaded and are ready to install" button in the Systray. Pretty straight forward from there :)

      Caveats:
      • SUS Server will only install on Win2k Server or better. No Win2k Pro installs.
      • SUS Server will not install or run on a Domain Controller.
      • SUS Server cannot be used to deploy OS Service Packs. This is MS's choice, not mine.

      Anyway, check out the link at the top of this post, and RTFWP (White Paper) on that site. It will tell you all you want to know about SUS :)

      Danke
  • by fwarren (579763) on Sunday January 19, 2003 @07:11PM (#5115612) Homepage
    Sounds like what you need to do is this:
    1. Install Mozillia on one machine and set it up how you want
    2. Create an installer to do the installation
    To make an installer download the following files
    1. Inno Setup [jrsoftware.org] for building setups
    2. Script Maker [tafweb.com] a visual IDE to created Inno Setup Scripts for building installs.
    It only takes about an hour or so to install both, then to run ScriptMaker to create an install, test that install on another machine, and the go back and tweek it till it works right. It will even support current user installs on NT/2000/XP.

    It should be able to install Georga as font on the machine if it is not already there. I will leave it up to you to figure out if you are violating any copyrights/software agreements by doing such.

    Bart Bucks are not legal tender

  • To make mail setup easy, you can customize mozilla with a single additional file [www.cwi.nl] somewhere in mozilla/default/isp --- this way, the first time a user opens the mail window (or if she/he creates a new mail account) there will be a new radio button for your local mail configuration.
  • I would install mozilla as the default browser for my 160 clients if it would install and run in a read-only shared network drive.

    It doesn't. It wants to put crap on the C: drive.
  • Just open mozilla.dmg, and drag Mozilla from the Mozilla 1.2 drive to the applications folder! (Just a gentle reminder that not everyone runs Windows. :)
  • by MoThugz (560556) on Sunday January 19, 2003 @07:33PM (#5115738) Homepage
    Being the M$ lowlife that I am, I can only recommend something for your rollout on Windows-based clients.

    I recommend using InstallRite [epsilonsquared.com] by Epsilon Squared Inc. [epsilonsquared.com] to automate installation of any application on multiple PCs with different hardware and software configurations.

    It's easy to use and the documentation is good, IMHO. A big plus is that it is Freeware. Checking it out might be beneficial to you.
  • by BroadbandBradley (237267) on Sunday January 19, 2003 @08:13PM (#5115924) Homepage
    Beonex [beonex.com] is a consulting company working on this very issue. They have the start of roaming profile support working in mozilla, and create thier own browser Beonex communicator for this purpose.
    Check out this bug on bugzilla [mozilla.org] where the start of roaming profile code exists for your compiling and testing pleasure. roaming profile setup IMHO is the way to go if folks use at different machines at different times. Outside of what's in the works...for now, I'd manually configure one for each platform and copy the folder over. Several different XPI's can be rolled into one, but it does take some hacking skills.
    Later this year, Hopefully, roaming will be up and running in Mozilla and with that bwill likely come some nice deployment tools.

  • At my high school they serve Mozilla across the network. It seems to work pretty well, and they control the things that you seem to want control over. Sorry I can't provide more technical details; my experience with the system pretty much extends to trying to get past the swear-word censorware. Anyway, server-side deployment might be something to look into.
  • by Billly Gates (198444) on Sunday January 19, 2003 @08:16PM (#5115935) Journal
    *Here comes the flames (gulp)

    If all your users use Windows then why do you need to switch them? I am using mozilla to type this and its a great browser but alot of websites send my "connection refused" errors because I do not use IE. It takes alot of man hours and hassle to upgrade all the users not to mention can cause complaints if your users recieve the same error messages that I do on a few sites.

    I know Microsoft is a bully and want to prevent users from switching since IE is free and comes standard with every computer, but there really is inertia that locks people in.

    You have to ask yourself time is it really worth it to switch them? And also what benefits will it bring to your organization.

  • by jmagar.com (67146) on Sunday January 19, 2003 @09:14PM (#5116182) Homepage
    The question has interesting aspects where it relates to software management on the desktop. But it falls terribly short on reason. Why would you replace the user's prefered browser with your idea of what is right? Some may already have Moz on the desk, but I bet most will hate you for replacing IE. Have you nothing better to do than push out a browser (and IMHO a bad one) to the desktop? Surely there are more pressing issues for your IT shop to address.
    • by cornice (9801)
      It's all about security. I let my boss know whenever a major security patch came out for IE or Outlook. I then let him know whenever a major worm made headlines. Sure we have scanners and sure we catch just about everything (that we know of) but you would be amazed at how creative users can be. I think my boss saw one too many private e-mails or Word docs sent by worms. Anyway, after a while I was required to switch. Users can use IE but are asked to use it only for specific tasks. Sure we have exposure using Mozilla but it's not wide open by default.

The idle man does not know what it is to enjoy rest.

Working...