Deploying totally patched Home windows 10 computer systems: A information for IT execs

I do know it’s not very politically appropriate nowadays, however it’s been mentioned that there’s a couple of approach to pores and skin a cat. In different phrases, there are sometimes many alternative methods to carry out a activity or accomplish some aim. Properly, the identical is often true in terms of nearly something if you’re working within the tech discipline, together with deploying Home windows 10 computer systems. Home windows deployment is one thing I’ve been concerned with for the reason that early days of private computer systems. Within the outdated days, we might simply put the setup program on a community share and run it from there. Third-party instruments like Ghost made our work as IT professionals even simpler as a result of they allowed us to seize a picture of an present Home windows set up and clone (copy) it onto the disk drive of a bare-metal PC. After all, we had to make use of Sysprep on it afterward to make sure our cloned PC was distinctive so it might talk with different PCs already on our community. Then Microsoft launched its Enterprise Desktop Deployment (BDD), which grew to become Microsoft Deployment Toolkit (MDT) and made deploying Home windows computer systems a breeze. Integrating MDT with System Heart Configuration Supervisor (SCCM or ConfigMgr) created an much more highly effective — but additionally extra complicated — answer for deploying Home windows in enterprise environments. Quick-forward to at the moment, nevertheless, and there are a plethora (outlined as a big or extreme quantity) of instruments and options for getting Home windows 10 onto the PCs and different end-user computing gadgets in your atmosphere. On the Microsoft facet, there’s the fixed push in the direction of the cloud expressed in Home windows AutoPilot. And quite a few third-party options are actually obtainable for deploying Home windows.

Windows 10 version 1909


So, given this huge selection of deployment options and methodologies now obtainable, which is finest? The reply is, in fact, it relies upon. What’s finest for you might not be what’s finest for others as a result of what’s finest for me actually means what I really feel most snug with. And what you’re snug with depends upon what you’re used to utilizing, how a lot you prefer to study new issues, how a lot strain you’re beneath in your job, and so forth.

Since I’m a packrat, I’m at all times amassing info from different IT execs on which instrument is finest for this, what technique is sweet for doing that, and so forth. And certainly one of my Evernote notebooks is filled with snippets from numerous sources describing other ways of deploying Home windows 10 PCs. And never simply deploying them, however deploying them totally patched so that they’re able to be dropped onto the community and assigned to customers. Since lots of our readers who work in IT have been and can proceed to be concerned with deploying Home windows, I believed I’d share a number of the snippets from my pocket book — cleaned up, in fact, so they’re hopefully comprehensible. And if after studying this text you’d prefer to share briefly your personal method for deploying fully-patched Home windows PCs, be happy to take action utilizing the feedback characteristic on the backside of this text.

So with out additional ado — and in no specific order — listed below are a number of methods I’ve realized how different IT execs have been deploying Home windows PCs totally patched. For this text, I’ll focus solely on strategies that make the most of Microsoft instruments and options.

Methodology #538

Mobile device management


This method is to make use of OSDBuilder to service your WIM file. OSDBuilder is a PowerShell module that permits you to carry out Offline Servicing to a Home windows working system picture, and you need to use it to replace your WIM file. Then when you’ve serviced your picture, you may add it to MDT together with apps and drivers after which deploy it utilizing a activity sequence, both in MDT alone or with SCCM for enterprise environments.

There’s an excellent walkthrough on this on the location ModernDeployment and I encourage IT execs who battle with deploying Home windows 10 to stroll by way of this tutorial fastidiously as you may study lots by studying it (and by attempting out the procedures in your lab atmosphere).

Two ideas regarding this method that have been shared with me by a colleague who realized about them from another person have been to make sure you use Trendy Driver and BIOS administration as a part of your OSD activity sequence and to have a separate activity sequence for updating present gadgets with drivers and BIOS.

One limitation of OSDBuilder must be talked about, nevertheless, and that’s that OSDBuilder can’t be used to patch Microsoft Workplace (at the very least the domestically deployed model). After all, in case you give in to Microsoft’s light nudge (lol) and swap from Workplace 2016 to Workplace 365, then you definitely don’t have to fret about this.

Methodology #812

This can be a modified model of the OSDBuilder method in Methodology #633 that entails rerunning OSDBuilder each few months to patch your WIM file after which use SCCM with OSD to deploy your WIM file as a plain vanilla picture onto goal programs. At that time, you may run a PowerShell script that cleans up any undesirable Home windows Retailer apps out of your picture, and you need to use WSUS to replace the programs with any patches launched for the reason that final time you ran OSDBuilder. And in case you’re utilizing SCCM you may configure it to uninstall any of the apps you don’t need through the deployment.

The issue with this method is that it appears to be like like Microsoft is planning to part out the Home windows Retailer for Enterprise (WSfB) as Mary Jo Foley recently reported. If that’s the case, then this method to deploying Home windows might should be reconsidered, and it additionally highlights the tough IT execs are having with Home windows nowadays as Microsoft retains making modifications that may have an effect on these prospects who most dislike change: giant enterprise prospects. And never solely that, ever since Home windows 10 was launched 5 years in the past Microsoft stored altering which apps have been put in by default, which made upgrading Home windows 10 variations a nightmare for organizations that needed to lock down which apps customers had on their machines.

Methodology #49

deploying Windows 10


Sure, some persons are nonetheless utilizing “fat images” to deploy Home windows 10 utilizing MDT alone or with Home windows Deployment Providers working on Home windows Server. System builders usually use this method and maintain a number of WIM information for various prospects or websites. MDT by itself has fairly good driver administration, and you may arrange a activity sequence to replace a goal PC as a part of the set up course of.

Methodology #666

And at last, right here’s a snippet that a colleague copied from some message board someplace and forwarded it over to me and which I’m together with right here as-is with solely slight reformatting. Word that the method described right here doesn’t contain utilizing both MDT or SCCM for performing your deployment:

  1. Begin with ISO picture
  2. Put in audit mode
  3. Set up all wanted drivers
  4. Set up person apps
  5. Set up all wanted patches
  6. Seize Picture utilizing DISM (Pre-Sysprep)
  7. Generalize with unattended XML
  8. Seize Picture utilizing DISM (Publish-Sysprep)
  9. Apply picture utilizing DISM
  10. Run a bat file to repair points that 1703 launched
  11. Add to area
  12. Apply Group Insurance policies to set Startup tiles, lockdown begin menu, and usually screw up Home windows 10

I don’t know who got here up with this specific technique, however it feels like the best (and due to this fact finest) method for OCD-brained individuals like myself.

Featured picture: Shutterstock

Publish Views:

Learn Subsequent

About the Author

Leave a Reply

Your email address will not be published. Required fields are marked *