In order to deploy multiple computers with least effort and highest consistency in their management and security it is common practise to use an operating system image (image from here on). This image is created once and subsequently put on the mass storage device (SSD, hard drive or SD card) of new computers with the goal of having those computers fully configured and ready for use when it is first turned on.
This way of working is also very usefull for deploying signage players. When creating the image, that is going to be used for deploying signage players, specifically for use with our service there are a number of things to keep in mind.
In general:
Specific for signage players:
The first point is a general rule that applies to all computing devices that are used in a company to ensure the least options for malicious parties to gain entry and foothold insode a company's network. What software is needed for each computer inside a company depends on many things and more detailed advise on this subject than the general "minimize the attack area" is outsie the scope of this article.
If the use of remote management software is needed; make sure to check that the installation and configuration of that software is done so the software will work on multiple players. Most makers of remote access software are aware of the fact that their software is "rolled out" using images and can handle this way of deployment. It usually does, hoewever, require specific configuration or versions of the software to be do this. It is not uncommon for the configuration to be different on different operating systems. So please read the documentation and test that the remote management software will connect to and works properly on multiple players before you roll out the image to all devices.
The signage specific points are addressed in the paragraphs below
When creating an image that will be used to create multiple players you will configure and install the operating system and applications as described in our help pages. Optionally you can add tools to support the security and management of the device. We assume you run all required applications to ensure they work as expected. Before you create an image of the operating system you now have to ensure to take these steps:
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography" /v MachineGuid
The reason for the last two steps is that they remove the two ways our servers identify a specific player. Since you create the operating syste image is to create players that can be registered and assigned content when they are turned on it is important that the player is "new" to our servers, ie it holds no information that our server might recognise to identy the device.
There are imaging tools that remove the MachineGuid registry key when creating an image. If the tool you use does this you do not need to take the second step described above.
Microsoft offers a tool in Windows itself that can be used to prepare the operating system before an image is created from it so it can be safely used to install "clones" of the system ocnfiguration. This tool is called SYSPREP. However, this tool doe smuch more than remove the MachineGuid. It removes hardware specific drivers and much more. This will result in optimally running cloned devices especially if you plan to use different types of hardware. However, we advise you to only use this tool if you have experience using it.
This is what to do when you have an image that was created without clearing the identifyers. You will need to perform the same steps as described above. So every time you create a player device from the operating system image that you have, you start up the device and then:
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography" /v MachineGuid
Now restart the player. It should now show the registration page
This obvioously is more work than taking these steps before creating the operating system image. If you need to create a number of players from an image that was not "cleaned" as described in the paragraph above we suggest creating a new operating system image after taking the steps in this paragraph since that basically creates a clean image as if you created it from scratch as described above.