ITS Partners Insights

10 Things You Must Know Before Your Next Windows Deployment

Written by Troy Whittaker | October 26, 2015

This is the first article in a series of articles on Windows 10 deployment and management.  In this first article, I will cover some of the basics for a refresher or if Windows 10 is your first time deploying an OS.  I will also cover what has changed or updated recently as well as what is new.  This series will get progressively deeper into deployment and then I will cover management of your newly deployed Windows 10 computers and devices starting with the basics again followed by deeper technical articles.  With Windows 10 being available on July 29th and the paradigm shift in Windows and Windows deployment my intention is to provide enough information to enable others with the ability to confidently deploy and manage Windows 10 before the 29th of July.

Series of articles:

    1. What is new in Windows deployment
    2. Options for deploying Windows 10
    3. How-to successfully deploy Windows 10
    4. What is new in Windows systems management
    5. Options for managing Windows 10
    6. How-to manage Windows 10

What's New in Windows Deployment

Windows 10 deployment is not like your father’s Windows deployments. But before we jump in let’s review the basics.

The three types of deployments are In-place upgrades, Wipe-and-(re)load, and Provisioning.

In-place upgrade is when you install the operating system on top of an existing installation, for example upgrading a system from Windows Vista to Windows 8.1.  Often times done when you are not replacing the user’s hardware.

Wipe-and-(re)load is the most common deployment I have seen with customers and is when you wipe the hard drive of its contents and then lay down an image, applications, any users data you migrated and can be used for existing hardware or when the user gets a new computer.

Provisioning is used to deliver Windows 10 to a device or computer and contains only a bundle of settings, profiles and file assets.

The debate on which tool to use for which scenario still rages today, with everyone still sticking to their chosen tool. The approach I take is much like when I purchase a new car, it is utilitarian. This is what I need, this is what I know how to use to accomplish that today, is there a better way(s), if so how well do I understand that, how much time would it require to relearn, is it worth the investment, and then choose the best tool for me to accomplish what I need. Complete. Which means I mostly use Configmgr’s OSD because that is what I know best, but I also use MDT on occasion and I am using ICD now as well to build ppkg’s. I will highlight which tool  I use, and possibly what other experts recommend using, but will not go into depth on other tools.  Ultimately, you should decide on which tool will work best for you to be successful.

In-Place Upgrades instead of wipe and reload

Why use this method?

  • Upgrades in W10 preserves all data, users settings, applications and drivers
  • Full support for Windows 7 and beyond
  • Faster, 30-60 mins
  • Smaller, is just the OS, no apps
  • Includes automatic rollback for error recovery
  • User can even elect to remove W10 and roll back
  • Uses default image – not a custom image (yet)
  • Does not touch the OEM partition
    • You could (re)use the OEM partition if you want
  • No ADK dependencies, no WIM to update

 

Which tool to use?   Configmgr’s OSD

Wipe-and-(re)load old school style

Why use this method?

  • UEFI upgrades from BIOS
  • 3rd party full disk encryption
  • Disk or partition layout
  • Custom WinPE
  • Custom image
  • Domain change
  • Architecture change from x86 to x64
  • New base language for the OS
  • Bulk application changes
  • Dirty environment (OS, apps, data or any combination)
  • Traditional process of capture image, data, settings, build custom image(s), inject drivers, apps, restore data, settings, apps.

Which tool to use? Configmgr’s OSD

Provisioning a new computer or device using Windows ICD

Why use this method?

  • New computers, BYOD, CYOD, Windows Phone, or IoT
  • Apply or user runs a custom .ppkg file
    • You can encrypt the .pkkg if needed
  • Customized image without the need to create an image
  • Asset binaries can be included in the package or referenced by URL
  • Can be installed without a network connection
  • Login with AD credentials
    • Auto enroll to Intune by joining Azure AD join
    • Auto install Configmgr client by joining the domain
  • This will sync your settings, apps and OneDrive on new system
  • Use Configmgr or Intune to setup VPN, Wi-Fi, etc. automatically
  • Can be distributed by SD card, USB, NFC, email, local storage, URL and QR code (some for mobile only)
  • Can also be embedded into an image distributed through OSD, MDT or WDS
  • A .ppkg file ‘gives it enough information to get on the network’ – Mark Florida, PPM for Configmgr
  • Today the .ppkg files are created in ICD. In Nov. you will have the ability to create them in the CM console
  • If initial .ppkg contains certificate then .ppkg files can be silently deployed
  • If the user or admin removes the .ppkg all items installed with .ppkg are removed

Which tool to use? ICD or ICD +  OSD

What's New and Updated in Deployment

Configmgr OSD

  • Deployment verification for high-risk task sequences
  • Task sequence is categorized as OS deployment is considered a high-risk object
  • Definable criteria for high-risk deployments
    • Configurable collection membership thresholds min/max default is 100
    • Filters out collections that container servers
    • “All Systems” collection is filtered
  • When a task sequence is considered high risk only a custom set of collections are displayed based on thresholds and criteria
  • Configured in the site properties
  • Block or warn options
  • Updated the task sequence engine
  • Task sequence resiliency during software update restarts
    • Configurable number of restarts allowed before failing
    • Restart task sequence
    • Retry previous step or
    • Continue with next step
  • Split WIM support for standalone UEFI
  • Support for Windows 10 OS deployments
  • Setup prerequisite is still Windows 8.1 ADK but it supports installing Windows 10 ADK post CM install
  • Improvements to driver management UI
  • Improved consistency of Smsts.ini logging so that events are fully tracked throughout the deployment
  • Role-based access for standalone media
  • Enhanced audit messages
  • Clearing a PXE flag on a collection audit status message with ID 30,000 is not generated if a task sequence is created and the console user is “Operating System Deployment Manager”
  • “OS Installer Package” renamed to “OS Upgrade Packages”
  • Increased task sequence media supports >32GB for USB

MDT

Updated to support Windows 10

  • Works with the new ADK for Windows 10
  • New upgrade task sequence
  • Works with updated System Center Configuration Manager (coming soon)

Additional Enhancements

  • Split WIM support with media, useful for UEFI systems (FAT32 boot)
  • Bug fixes

WinRE

  • No extra disk space required
  • Leverages the existing OS files (WINDOWS\SYSTEM32\SXS) to reconstruct the OS
  • No separate partition needed
  • Recovery preserves updates
  • All but the last 28 days of Windows updates are kept
    • New ones discarded just in case those are the reason for the reset
    • Recent driver updates will also be discarded
  • Language packs are preserved
  • Customizations are preserved
  • Apps and drivers can be captured into provisioning packages using USMT
  • Provisioning packages installed by OEMs and enterprises will be restored automatically
  • Provisioned Windows apps are restored to their original state (version)
  • Customizations that are NOT preserved
    • All Win32 (desktop) apps are discarded
    • All user-installed Windows apps (from the Windows Store) are discarded
    • Newer versions of provisioned apps need to be reinstalled
  • New remote wipe capability
  • IT administrator can trigger a full reset using mobile device management

Compact OS

Simple deployment option

  • Compresses all Windows files to save disk space
  • Transparent to the user
  • Successor to WIMBoot, with fewer limitations
  • Windows updates automatically get compressed as well

Easy to deploy

  • Uses standard partition structure
    • Hides compressed files on the same volume
  • DISM /Apply-Image /Compact:ON command line option is all you need
  • Can be implemented after the fact as well
  • Disk Space Savings
    • Around 3GB saved on an x64 systems
    • Ideal for Windows systems with 32GB drives or smaller

Updated Tools

USMT in ADK

  • Supports Windows Vista and above as a source OS
  • Supports Windows 7 and above as a target OS
  • New capabilities for creating provisioning packages containing drivers and apps

DISM

  • New commands to add provisioning packages
  • Ability to apply an image as a “Compact OS”

Still have questions?

Learn more about Compact OS

Learn more about WinRE

Learn more about DISM (Deployment Image Servicing and Management)

Learn more about USMT (User State Migration Tool)

Learn more about Windows ADK (Assessment and Deployment Kit)

Original content created by Anthony Clenendon