Microsoft Publishes Best Practices for Windows Deployments

Microsoft this week published a guideline for IT pros on how to deploy Windows in computing environments large and small.

The guideline, "Automate and Manage Windows Operating System Deployments," is described as a "single source of Microsoft best practices recommendations" on Windows OS deployments. Authored by Jeff Gilbert, a Microsoft senior solutions content developer, the 14-page guideline assumes the use of the free Microsoft Deployment Toolkit 2013 (MDT) and/or the use of Microsoft System Center 2012 R2 Configuration Manager (SCCM).

Gilbert said that the deployment guideline was vetted by the Microsoft product team with feedback from the Microsoft Most Valuable Professional community. One of the guideline's aims is to help IT pros automate their Windows OS deployments as too many IT pros have instead relied on manual OS deployment methods using scattered resources. And that's potentially a bad practice, especially as computing environments grow, according to the guideline (p. 2):

Without following Microsoft best practices and using the recommended tools and technologies, operating system deployment projects do not scale well, and are inefficient and expensive. Even if great care is taken to manually document the steps necessary for each step in the deployment, things can and will eventually go wrong when deploying operating systems in this manner.

MDT for Image Creation
One idea that might seem surprising is that MDT takes on a heavy role for automating the creation of OS images, rather than SCCM, according to the guideline. Microsoft typically recommends using MDT for "lite touch installations," test environment deployments and small organization deployments. MDT is best used for creating "thin" images that just contain OS updates and runtimes, whereas SCCM is best used for creating "thick" images containing line-of-business applications, according to the guideline.

Microsoft favors the use of MDT for image creation even when an organization has the more sophisticated SCCM solution on hand. SCCM can be used to create Windows OS images, but the guideline prefers the use of MDT as "the fastest way to create a reference image."

MDT confers local admin rights, while SCCM deploys to the LocalSystem. Running MDT with local admin rights helps ease the OS deployment process, according to the guideline (p. 5):

MDT runs in the context of the Local Administrator, which means you can configure the look and feel of the configuration and then use the CopyProfile functionality to copy these changes to the default user during deployment.

MDT also allows IT pros to use a "Suspend action that allows for reboots." That capability helps when a manual installation is required, according to the guide.

SCCM for Large OS Deployments
Even when an organization has SCCM, Microsoft recommends using MDT for "building and testing operating system images" (p. 5). The SCCM plus MDT combination is preferred for "zero touch installations" and "user driven installation deployments," according to the guideline.

Microsoft mostly conceives of deploying the MDT-created OS images using SCCM in the case large-scale OS deployments. It gives IT pros access to various management features:

You should use MDT operating system images with Configuration Manager for large-scale operating system deployments to take advantage of enterprise-level management features such as: replication, multicast DPs, bandwidth management, reporting, poor network connections to remote sites, and stronger security through encryption and password protection.

The guideline outlines MDT installation tips (for instance, it requires the installation of the Windows Assessment and Deployment Kit). It also includes details about using Windows Deployment Services with a preboot execution environment (PXE) to distribute OS images across client machines.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • OneDrive Users To Get Storage Options, Plus New Personal Vault

    Microsoft announced a few OneDrive enhancements, including storage-option additions, plus a new "Personal Vault" feature for added security assurance.

  • Cloud Services Starting To Overtake On-Prem Database Management Systems

    Database management system (DBMS) growth is happening more on the cloud services side than on the traditional "on-premises" side, according to a report by Gartner Inc.

  • How To Replace an Aging Domain Controller

    If the hardware behind your domain controllers has become outdated, here's a step-by-step guide to performing a hardware refresh.

  • Azure Backup for SQL Server 2008 Available at Preview Stage

    Microsoft added the option of using the Azure Backup service to provide recovery support for SQL Server 2008 and SQL Server 2008 R2 when those workloads are hosted on Azure virtual machines.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.