none
MDT Deployment Share Best Practices Help! RRS feed

  • Question

  • All,

    I have started a new role where I'll be responsible in creating the Windows 10 'Image' for the company to replace Windows 7 (Upgrade is not an option).  I am a young padawan and my master has advised that MDT 2013 is best practice to build, deploy capture your gold image where as I have previously used SCCM to capture, same method, different tool.

    Now, as there are preset templates in MDT 2013 to "Sysprep and Capture", I am assuming once a VM has an Operating System installed you can use the LiteTouch.vbs to select the 'Sysprep and Capture' task sequence to capture the reference image.

    My question is, can you install software, patches, custom look and feel configurations to the image to capture to then use that .WIM in a deployment task sequence? I hope I'm not getting confused but I have been told to use a vanilla Image.WIM (out of the box OS) to then install applications and patches via task sequence during 'build' time. Is that correct?

    As a n00b, I would assume you install all your Javas, Adobe products, MS Office Suit on to your VM Image, Sysprep and capture it and then use to deploy THAT image out to 1000+ device? But the reason why I am questioning it is there is an Applications' Node in MDT and have seen that populated with Apps and packages.

    Any help is grateful on how you use it, how you Should use it and just general best practices.

    Thanks

    Tuesday, April 18, 2017 11:07 AM

Answers

  • You can install applications in the image before you capture it and install applications in the task sequence deploying the captured WIM file.  It is more personal preference what applications you include in the WIM and which apps you install when deploying the WIM.

    My rules of thumb:

    Apps I do not "baked into" the WIM

    1) anything that changes frequently (Ex. Adobe Reader & Flash)
    2) apps with specific license restrictions
    3) model specific apps (Ex. Bluetooth)
    4) apps which generate unique GUIDS during install (some client apps which talk to a specific server)

    Apps I consider "baking into" the WIM

    1) "Foundation" pieces that do not change often (Ex. .NET, Silverlight)
    2) Apps with long install times that are licensed for all (Ex. Office 20xx)

    Tuesday, April 18, 2017 12:37 PM

All replies

  • You can install applications in the image before you capture it and install applications in the task sequence deploying the captured WIM file.  It is more personal preference what applications you include in the WIM and which apps you install when deploying the WIM.

    My rules of thumb:

    Apps I do not "baked into" the WIM

    1) anything that changes frequently (Ex. Adobe Reader & Flash)
    2) apps with specific license restrictions
    3) model specific apps (Ex. Bluetooth)
    4) apps which generate unique GUIDS during install (some client apps which talk to a specific server)

    Apps I consider "baking into" the WIM

    1) "Foundation" pieces that do not change often (Ex. .NET, Silverlight)
    2) Apps with long install times that are licensed for all (Ex. Office 20xx)

    Tuesday, April 18, 2017 12:37 PM
  • Here is a great book to get started!

    https://www.amazon.com/Deployment-Fundamentals-Vol-Deploying-Microsoft/dp/9187445212/ref=sr_1_3?ie=UTF8&qid=1492519038&sr=8-3&keywords=mdt+2013

    Ultimately, you want to download Windows 10 ADK 1607 and MDT 8443. 

    Use a virtual machine such as vmware, virtualbox, or hyper-v to build your golden or reference image. Your reference image should be clean with only updates and maybe some legacy apps that rarely get updated.

    Applications-->Need to package your applications such as Java, flash, antivirus, and import them into your deployment share. There are tons of forums on how to package and deploy silently...

    Once you capture you wim from your virtual machine you can then import into MDT. 

    This is all a water down answers but if you need any specific answers just reach out!

    Good luck. MDT is a GREAT tool and it has served me well for Windows 7, 8, and 10 deployments....

    Tuesday, April 18, 2017 12:40 PM
  • Good man, Thank you for your fast and detailed response. Really appropriate it.

    Expanding on that, Why use MDT 2013 over SCCM 2012? Similar functionality with Sysprep and capture etc.

    I have installed Windows 10 on Hyper-V and run system updates, (I will tackle provisioned apps and the look and feel of it shortly). So once captured  , I can use that .WIM in another task sequence to deploy and have the TS other applications that change regularly as advised above like Java and Adobe. 

    With that being said, if Adobe changes regularly, why not just create a new "gold image" with that new version on? Is that just a sloppy way of doing it? I've read a lot of articles around this and no one seems to do it that way and I am wondering why. If you have to package the new version up anyway, why not just revert the VM, install the latest version and Sysprep and capture the reference image again....

    Thanks again.

    Tuesday, April 18, 2017 12:56 PM
  • So there are some toolsets and scripts in MDT that DO NOT exist in SCCM and vice versa. You can certainly integrate MDT with SCCM. It also depends on your network and infrastructure. I use MDT offline with a USB deployment because of speed. We deploy with a USB stick in under 30 minutes. I have the SAME TS in SCCM and it takes around 45-50 minutes. Now, there are advantages in both scenarios but it all depends on your environment and your needs.  SCCM is a great tool and we use it for application deployments, patching, inventory, and eventually OS deployment once we finalize our bandwidth in our remote sites. 

    Yes, your captured wim can be used in MDT and/or SCCM. If you have SCCM you can manage applications thru that. Re-creating your reference image all the time is very time consuming. The thought process is to have a fully patched wim that can be deployed and then have SCCM to MANAGE your endpoints after that. I update our golden image roughly 3-4 times a year and SCCM does the rest! SCCM can patch Java, adobe, etc quite easily. But to your point you most certainly can re-create your golden image every time there is an update but flash and java update quite frequently...

    Again, every environment is unique and you need to tailor to your needs.. What I do here may not work for you..

    Tuesday, April 18, 2017 1:10 PM
  • That's good enough for me! It was more of case of Why rather than How as I didn't understand the reasons behind doing it this way.

    I'm happy with that answer, thank you!

    Tuesday, April 18, 2017 2:10 PM
  • These resources/people, besides asking for help on TechNet, are worth checking out and bookmarking.

    http://deploymentresearch.com/Research

    https://deploymentbunny.com/

    https://blogs.technet.microsoft.com/mniehaus/


    If this post is helpful please vote it as Helpful or click Mark for answer.

    Tuesday, April 18, 2017 8:14 PM