Cloning an existing windows vista image, Image optimization, Scheduled tasks – Lenovo Secure Managed Client User Manual
Page 42: Antivirus

Cloning an existing Windows Vista image
You have a version of Windows Vista that has been running for awhile that has all
of your applications and personal data on it. If you want to run it under Secure
Managed Client, try to clone your existing system to Secure Managed Client.
If you are using a Lenovo Secure Managed Client PE CD to clone your existing
image to Secure Managed Client, follow the CD instructions.
If you are using your own tool to clone the system, you may need to fix a few
problems before the deployed image boots correctly. Follow the steps below:
Fix the BCD entries and registry entries.
For non bit-locker ready Vista, Run a cmd as an administrator from your
deployment OS and enter the following commands:
BCDEDIT /set {bootmgr} device boot
BCDEDIT /set {default} device boot
BCDEDIT /set {default} osdevice boot
BCDEDIT /set {memdiag} device boot
For bit-locker ready Vista, run the provided DriveLetter batch file from the
deploy operating system (the deploy operating system must be Vista or
Vista PE) to adjust the drive letters and BCD entries.
Run regedit while logged in as an Administrator. Click on HKLM\System\
and modify the Start value to 0 to enable
PciIde. Click on HKLM\System\CurrentControlSet\Services\IntelIde and
modify the Start value to 0 to enable IntelIde.
This assumes that the client machine already has the IDE device driver
installed but disabled by Windows optimization. If the client machine does not
have the driver installed, you need to install the necessary driver to support IDE
boot before you start migration.
The system is now ready to be cloned. You can use ImageX, Ghost or xcopy. If you
use ImageX, you can still add Lenovo VNIF drivers offline using the same steps
that were described in Scenario 1. See “Preparing a new Windows Vista image for
Secure Managed Client” on page 25.
Image optimization
Optimizing each image before deployment makes sure that there are no
deficiencies in the client images. Applications can affect the entire Secure Managed
Client environment and not just a single user. Since Secure Managed Client is a
unique environment, it is important that you install applications in a way that is
not the default.
Scheduled tasks
Consider the following when optimizing images in the Secure Managed Client
An active antivirus service should be installed on every client. However,
considerations must be made for the Secure Managed Client environment when
configuring the solution. All commercial antivirus programs contain an active filter
driver that protects the system in real time. Configure system scanning to take
place during non-business hours. If this is not possible, weekly scans or
low-priority smart scans should not disturb the Secure Managed Client
Secure Managed Client Version 2.0 Deployment Guide