Microsoft Publishes Best Practices for Windows Deployments
Microsoft this week published a guideline for IT pros on how to deploy Windows in computing environments large and small.
The guideline, "Automate and Manage Windows Operating System Deployments," is described as a "single source of Microsoft best practices recommendations" on Windows OS deployments. Authored by Jeff Gilbert, a Microsoft senior solutions content developer, the 14-page guideline assumes the use of the free Microsoft Deployment Toolkit 2013 (MDT) and/or the use of Microsoft System Center 2012 R2 Configuration Manager (SCCM).
Gilbert said that the deployment guideline was vetted by the Microsoft product team with feedback from the Microsoft Most Valuable Professional community. One of the guideline's aims is to help IT pros automate their Windows OS deployments as too many IT pros have instead relied on manual OS deployment methods using scattered resources. And that's potentially a bad practice, especially as computing environments grow, according to the guideline (p. 2):
Without following Microsoft best practices and using the recommended tools and technologies, operating system deployment projects do not scale well, and are inefficient and expensive. Even if great care is taken to manually document the steps necessary for each step in the deployment, things can and will eventually go wrong when deploying operating systems in this manner.
MDT for Image Creation
One idea that might seem surprising is that MDT takes on a heavy role for automating the creation of OS images, rather than SCCM, according to the guideline. Microsoft typically recommends using MDT for "lite touch installations," test environment deployments and small organization deployments. MDT is best used for creating "thin" images that just contain OS updates and runtimes, whereas SCCM is best used for creating "thick" images containing line-of-business applications, according to the guideline.
Microsoft favors the use of MDT for image creation even when an organization has the more sophisticated SCCM solution on hand. SCCM can be used to create Windows OS images, but the guideline prefers the use of MDT as "the fastest way to create a reference image."
MDT confers local admin rights, while SCCM deploys to the LocalSystem. Running MDT with local admin rights helps ease the OS deployment process, according to the guideline (p. 5):
MDT runs in the context of the Local Administrator, which means you can configure the look and feel of the configuration and then use the CopyProfile functionality to copy these changes to the default user during deployment.
MDT also allows IT pros to use a "Suspend action that allows for reboots." That capability helps when a manual installation is required, according to the guide.
SCCM for Large OS Deployments
Even when an organization has SCCM, Microsoft recommends using MDT for "building and testing operating system images" (p. 5). The SCCM plus MDT combination is preferred for "zero touch installations" and "user driven installation deployments," according to the guideline.
Microsoft mostly conceives of deploying the MDT-created OS images using SCCM in the case large-scale OS deployments. It gives IT pros access to various management features:
You should use MDT operating system images with Configuration Manager for large-scale operating system deployments to take advantage of enterprise-level management features such as: replication, multicast DPs, bandwidth management, reporting, poor network connections to remote sites, and stronger security through encryption and password protection.
The guideline outlines MDT installation tips (for instance, it requires the installation of the Windows Assessment and Deployment Kit). It also includes details about using Windows Deployment Services with a preboot execution environment (PXE) to distribute OS images across client machines.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.