"Upgrading" a laptop for the Police Department

CharlesHTN

So here's the fun I'm having lately. Our PD just got some "new" software, so it was a good time to get their Windows 7 laptops moved over to Windows 10 (already licensed for it) and speed things up with an SSD.

So here's the process:

• Copy off any files (should be ZERO on it, but I check anyway)
• Remove from domain
• Replace spinning rust with 240Gb SanDisk SSD (<$35 on Amazon)
• Install Windows 10 Pro
• Run Windows 10 Decrapifier
• Rename and Join Domain, correct OU, etc.
• Install O365 and other standard software.

So far so good...

Now to install software the THP requires they use. Oh look, it's installing SQL 2005. Click ignore on the "hey dummy, this old version of SQL has no business being on W10" a couple of times and glare angrily at screen.

Now to install the NEW software package they just got. Oh look, MS Access 2000 Runtime SR1. Doh! And MS Office 2k SP3.

Banging head now...At least They don't need IE6 I suppose.

Good news is, these 4 year old laptops run a LOT faster with the SSD's. Hopefully I can take the old drives out to the range sometime soon. I wonder if I can expense some 9mm hollow points as "secure data destruction"? LOL Actually, my experience says 9mm HP's are overkill for 2.5" drives (you can shatter a glass platter 2.5" with a BB gun!), but wholly inadequate for 3.5" drives, especially enterprise drives that tend to be well built. 45 HP's do better there, but I think the PD may have some even better options. :smiling_face_with_horns: Not sure if they'll give me a shot to use them though (pardon the pun!).

DustinB3403

PD and modern don't mix because of their "security standards".

CharlesHTN

@DustinB3403

The SQL thing isn't the local PD's fault...they are stuck with it as they have to use what the HWY Patrol gives them to use. Boggles my mind though that THP's developers are still forcing SQL 2005 though. It's not like it was replaced in 2008, then again in 2012, then again in 2014, then again in 2016...

Oh, wait, never mind. Yes, it was. The last OS that Microsoft officially supported SQL 2005 on was Windows XP SP2...

DustinB3403

@CharlesHTN said in "Upgrading" a laptop for the Police Department:

@DustinB3403

The SQL thing isn't the local PD's fault...they are stuck with it as they have to use what the HWY Patrol gives them to use. Boggles my mind though that THP's developers are still forcing SQL 2005 though. It's not like it was replaced in 2008, then again in 2012, then again in 2014, then again in 2016...

Oh, wait, never mind. Yes, it was. The last OS that Microsoft officially supported SQL 2005 on was Windows XP SP2...

That is exactly what I said.

A failure to update is either because the business is playing business or some stupid ass "requirement" like "security". But updating always increases security over long periods like this.

So the PD and the THP are playing business if it's not an compliance/security issue.

scottalanmiller

@CharlesHTN said in "Upgrading" a laptop for the Police Department:

The SQL thing isn't the local PD's fault...they are stuck with it as they have to use what the HWY Patrol gives them to use. Boggles my mind though that THP's developers are still forcing SQL 2005 though.

Nothing surprising, as long as the clients accept it, no logical reason to change it. The fault goes to those choosing the product and not pressuring the devs to fix it.

Dashrender

@CharlesHTN said in "Upgrading" a laptop for the Police Department:

So here's the process:

• Copy off any files (should be ZERO on it, but I check anyway)
• Remove from domain
• Replace spinning rust with 240Gb SanDisk SSD (<$35 on Amazon)
• Install Windows 10 Pro
• Run Windows 10 Decrapifier
• Rename and Join Domain, correct OU, etc.
• Install O365 and other standard software.

Why not make an image and use something Clonezilla to blast the image down?
Also, you didn't mention installing updates for Windows - or what version of Windows 10 you're deploying?

Are you using the decrapifier script from SW? I love the one they have there. I've modded it to my own needs.

Also instead of running decrapifier in the first logged in user - I book the computer to audit mode (from the GUI setup of Windows, press Shift + Control + F3), then install any shared software - like Office - and run the decrap script, then finish sysprep, shutdown and image.

CharlesHTN

@Dashrender said in "Upgrading" a laptop for the Police Department:

Why not make an image and use something Clonezilla to blast the image down?
Also, you didn't mention installing updates for Windows - or what version of Windows 10 you're deploying?

Are you using the decrapifier script from SW? I love the one they have there. I've modded it to my own needs.

Also instead of running decrapifier in the first logged in user - I book the computer to audit mode (from the GUI setup of Windows, press Shift + Control + F3), then install any shared software - like Office - and run the decrap script, then finish sysprep, shutdown and image.

Yep, the SW decrapifier script. That thing has been awesome, at least since I finally read the instructions and figured out I was actively killing OneDrive with it, which was not my intent. LOL Helps when you RTM.

I actually was using WDS a few years ago to deploy Windows 7, but struggled with getting it to work with a Windows 10 image that was decrapified. Kept getting errors either capturing or deploying the image and I'll admit I finally gave up. This was back around 1607 or 1703, and I haven't tried it again lately. Been a long time since I used Clonezilla as we started using WDS at a previous job in 2013 as we started migrating off XP to W7 and I liked it so well. I need to give it a go again. WDS is great when you are setting up machines in batches, but I tend to just do a small number at a time now, so I tend to just setup 3-4 on my bench and use a checklist to do the installs. I've been getting new PCs in one or two at a time a lot lately, and Dell doesn't seem to clutter them up as much as they used to, so I generally just do the initial boot, decrapify, then join to the domain and install the software. I did five at once a month or so ago. Absolutely hilarious when five copies of Siri all start talking at once.

My process isn't quite as manual as it sounds, but no where near as automated as it could be. On first boot, I plug in a thumb drive with an "IT" folder. Copy it to the drive, and pull the thumb drive. That folder contains the decrapifier script, with a text document I just copy/paste into powershell to launch the script. It also contains a script that I run after I join the PC to the domain that launches (mostly silent) installers (located in a network share) of all my standard software and cleans up the desktop and start menu. So I copy folder, decrapify, reboot, join domain, reboot, move to appropriate OU, login as a domain admin, run the SuperAutoAppInstallScript, reboot, run Windows updates (failed to mention that before...I maintain a WSUS server to deploy the updates). For the PD computers, I then have the annoying custom software to install.

It's one of those unfortunate things when you get too busy to actually setup a tool that will ultimately save a lot of time. If you already had the tool in place, you wouldn't be too busy to set it up, but you wouldn't need to, because you already did. LOL So yeah, I need to start doing imaging again. Especially for these PD machines.

EDIT: As to version - I'm currently installing Windows 10 Pro 1809 from volume media. We bought a single W10 Pro open license so we have imaging rights, but the machines are individually licensed utilizing the OEM license of the machine (either a W10 OEM license, or a W7/W8 OEM license with the free W10 claimed during the 1year free upgrade period).

CharlesHTN

@scottalanmiller said in "Upgrading" a laptop for the Police Department:

@CharlesHTN said in "Upgrading" a laptop for the Police Department:

The SQL thing isn't the local PD's fault...they are stuck with it as they have to use what the HWY Patrol gives them to use. Boggles my mind though that THP's developers are still forcing SQL 2005 though.

Nothing surprising, as long as the clients accept it, no logical reason to change it. The fault goes to those choosing the product and not pressuring the devs to fix it.

Agreed. We have very little voice in the matter as our PD is one step removed from the actual client (THP), who is stuck supporting a whole states worth of agencies. I'm hoping the looming W7 EOL is going to force THP to start pressuring the developers of this software to step up. It's going to be UGLY though, as SQL 2005 will have to be upgraded on EVERY PC at EVERY agency in the state who uses the software, pretty much all at once. I'm sure that challenge is actually a huge part of the problem, as a LOT of the smaller agencies just don't have IT staffing to support a quick rollout of new software at all (the PD is just ONE department I support, along with Fire, Treasury, Court, Mayor's Office, Codes, Event Center, and Parks & Rec), let alone someone who could, oh, I dunno, just rollout a fresh W10 image with the new software.

scottalanmiller

@CharlesHTN said in "Upgrading" a laptop for the Police Department:

I'm hoping the looming W7 EOL is going to force THP to start pressuring the developers of this software to step up

that would make no sense. They already have no support. SQL Server 2005 went out of support in 2016. So it's been an unsupported, unpatched system for years already. So Windows 7 also going out of support would have no effect if support is already deemed of no importance.

scottalanmiller

We often talk about "lacking support" as being the end all of decision making. But the reality is, most small businesses and governments actually pay no attention to if things are supported or not, and never define "supported". It's simply not a thing that they care about in reality.

By definition, because it uses SQL Server 2005, the application can't be a supported app. For something to logically be supported, its whole stack has to be. So therefore, the app itself doesn't have support. And the agencies are okay with that.

scottalanmiller

@CharlesHTN said in "Upgrading" a laptop for the Police Department:

I'm sure that challenge is actually a huge part of the problem, as a LOT of the smaller agencies just don't have IT staffing to support a quick rollout of new software at all (the PD is just ONE department I support, along with Fire, Treasury, Court, Mayor's Office, Codes, Event Center, and Parks & Rec), let alone someone who could, oh, I dunno, just rollout a fresh W10 image with the new software.

There are companies that handle that kind of stuff

CharlesHTN

@scottalanmiller said in "Upgrading" a laptop for the Police Department:

@CharlesHTN said in "Upgrading" a laptop for the Police Department:

I'm hoping the looming W7 EOL is going to force THP to start pressuring the developers of this software to step up

that would make no sense. They already have no support. SQL Server 2005 went out of support in 2016. So it's been an unsupported, unpatched system for years already. So Windows 7 also going out of support would have no effect if support is already deemed of no importance.

Only change would be in the amount of complaining coming from the agencies who are trying to install the software on new machines running Windows 10. In fact, THP finally pulled the very broken installer download (would not install at all on W10) from their support page, and provide a working software install (actually, an OLDER install file) via a file transfer over a screen sharing session :pensive_face: for manual installs. Takes about two hours to transfer across. Of course, I did that once with them, and saved the installer for all the subsequent installs. Once it installs, you have to launch it 3x times for it to run through a series of upgrades to get current.

So really, the pressure on THP's end would come from the fact that installs now cost them a lot in extra tech support calls with agencies needing help due to how manual the install process has become (THP has a support department that is stuck helping agencies with this software...what a miserable job that would be!).

CharlesHTN

@scottalanmiller said in "Upgrading" a laptop for the Police Department:

There are companies that handle that kind of stuff

Yup...and in government, for the most part, low bid wins, so unfortunately the companies that wind up handling it are, well, not always great. That's not so much the fault of the bidding process, as the fact that the ones creating the requirements for the bidding don't understand enough about the "product" to be specific enough in their requirements to weed out bad MSP's.

CharlesHTN

@scottalanmiller said in "Upgrading" a laptop for the Police Department:

We often talk about "lacking support" as being the end all of decision making. But the reality is, most small businesses and governments actually pay no attention to if things are supported or not, and never define "supported". It's simply not a thing that they care about in reality.

By definition, because it uses SQL Server 2005, the application can't be a supported app. For something to logically be supported, its whole stack has to be. So therefore, the app itself doesn't have support. And the agencies are okay with that.

Well, the agencies are stuck with it, as they are forced to use the tools the THP provides (OK, not entirely, but this software is "free", and the alternatives are not). And that leaves THP stuck being the ones providing support for old, broken software that should have been replaced years ago.

scottalanmiller

@CharlesHTN said in "Upgrading" a laptop for the Police Department:

Yup...and in government, for the most part, low bid wins,

Even if they don't do the job. Because it's not a bid for the work, just a bid for getting paid.

scottalanmiller

@CharlesHTN said in "Upgrading" a laptop for the Police Department:

That's not so much the fault of the bidding process,

Actually it is. Bidding is designed specifically to not get good work done. It's why no real business or sensible person ever does it for creative work, makes no sense and guarantees that the results can't be good. Bidding itself is definitely a serious flaw.

scottalanmiller

@CharlesHTN said in "Upgrading" a laptop for the Police Department:

as the fact that the ones creating the requirements for the bidding don't understand enough about the "product" to be specific enough in their requirements to weed out bad MSP's.

The only people who CAN create a real bid are the people who would do the work, hence why the bidding process is flawed. The ability to scope a bid requires the ultimate ability to do the work. So bidding can't work, because you could do the work more easily than making a good bid.

Obsolesce

@DustinB3403 said in "Upgrading" a laptop for the Police Department:

PD and modern don't mix because of their "security standards".

You'd think that running software 1.5 decades old and bypassing modern Win10 security measures is anything but secure...

wirestyle22

@DustinB3403 said in "Upgrading" a laptop for the Police Department:

PD and modern don't mix because of their "security standards".

Idk who is worse the FD or the PD

IRJ

@wirestyle22 said in "Upgrading" a laptop for the Police Department:

@DustinB3403 said in "Upgrading" a laptop for the Police Department:

PD and modern don't mix because of their "security standards".

Idk who is worse the FD or the PD

It's all government. :crying_face:

Look at the gap between protecting public information and defense information. When it comes to defense information, they pay billions of dollars for information security. When it comes to protecting tax payer's services that affect the tax payer on a daily basis, they have the absolute worst security practice possible.