My preferred method is to use Active Setup. What it does, is check when a user logs into a machine if they've ran a particular script or command (Such as the one you would have) and if not, execute it. So, you'll only run a particular script for a user one time on their workstation. I found this to be perfect for writing to HKCU, because you don't have to load each hive and only the accounts that people log into are modified.
Not to self promote, but I did write a blog post about doing this. The basic solution is as follows:
Add the following registry entries:
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\UniqueID]
"Version"=""
"Stubpath"=""
@=""
- You can choose any Unique ID you want. GUID's are often used, but you can use anything that will be unique.
Version
is whatever version number you want to use.
Stubpath
is the command that will be executed. MSI, EXE, and VBS calls all seem to be fine.
- The
@
is what should be displayed when the command is running.
With this solution, the scripting language is irrelevant. You could do a VBScript, Powershell, Batch file. Whatever lets you write to HKCU as the logged in user. Using reg.exe
directly works fine as well.
The other, optional final touch you could make is load and modify the default user Hive. That would set the registry value for any new users that log on for the first time to that particular system.
You say you're building the sytems from scratch, so it sounds like you're more interested in the automated setup than you are grabbing configuration from a "live" system.
The installation of every version of Windows since Windows 2000 has been fairly straightforward to automate via "answer files".
The installation of Active Directory (dcpromo.exe) can be performed from an answer file.
Objects can be imported into Active Directory from CSV/LDIF files, or added programmatically via script. If you're creating a single domain those objects will only need to be imported once and CSV/LDIF import will probably be fine. If you're creating multiple domains or multiple forests then you'll probably be best served by writing a script (since distinguished names of objects will be different on a domain-for-domain, forest-for-forest basis).
The installation of every version of Exchange since Exchange 2000 can be automated with an answer file.
In an Active Directory environment a lot of configuration consistency can be had by using Group Policy to enforce settings on computers. I shoot for a goal of having all non-stock configuration settings re: the OS set by group policy such that when I deploy a new server I'm not hand-ticking configuration items (allowing 'Remote Desktop', running 'Add/Remove Windows Components' / SYSOCMGR to change the loaded Windows components, applying local filesystem and registry permissions, etc).
Beyond the initial installation of the products, knowledge about where each product stores its configuration will take you a long way toward consistency. Scripting to manipulate the filesystem and registry isn't a whole lot different on Windows than manipulating configuration files on a *nix machine. Where registry manipulation isn't appropriate there are typically command-line utilities to perform most other configuration tasks (netsh, the "net" command, resource kit tools, etc). I'd be fairly certain that most configuration tasks you're going to run up against have already been automated and made scriptable by somebody if you look hard enough.
re: disk imaging - If you have identical hardware you can get away with disk imaging after using the SYSPREP tool to reset the computer's security ID (SID) and prepare it for imaging. If you hardware isn't consistent, though, I'd recommend against disk imaging. Your server vendor, assuming it's a name brand, should have a "story" for automated OS deployment that includes provisioning the drivers for the hardware (OpenManage Server Assistant, SmartStart, etc).
Best Answer
I use a program called InstallPad. It's really easy to use and you can add them as silent installs and just start it and the program does the rest... only requirement is a place where all the programs are located. Can be network share usb drive or similar.