locked
MDT tips. Local admin account, Drivers and Office. RRS feed

  • Question

  • I plan to setup an OSD at a school with ~100 students. This is the first time I setup MDT/WDS in a production environment and I'm very excited. :-) Now I want some tips.

    - The school have two different computers, same brand but with different specs. I have no idea if the computer needs drivers or if they are build-in or downloaded from Windows update. Can I make a "out of box drivers" and put drivers for both computers in the same package, and it will choose the best suiting driver? I really don't want to use variables and such at this stage.

    - They want to have Office in their image. Is the best way to "hardinstall" it, or automate the process via the build in office deployment feature-thingie? 

    - What is the best way to handle Local Admin accounts? I'm aware of LAPS and have implementet it a few times, and it works fine, but I don't want to mess with it in this environment. Does it even need to have a Local Admin account? I really don't want students to get hold of the Local admin password. :-)


    Tuesday, May 31, 2016 1:45 PM

All replies

  • Drivers: you can just dump all the drivers into Out-Of-Box drivers and Plug and Play will install the most recent driver for that hardware.  It is better to use the Total Control method.  This web site shows the 3 most common approaches for driver management:  http://deploymentresearch.com/Research/Post/325/MDT-2013-Lite-Touch-Driver-Management

    Office:  It is preferred you use the included Office Customization tool but if you want manually install it in the image, have at it.

    Local admin account:  I would NOT delete this account.  There are situations where this will come back to bite you later.  I suggest renaming the account.  That way it still exists and IT can access it if necessary but it will not be the default name.

    Tuesday, May 31, 2016 8:40 PM
  • For the admin account, just rename it. You'll need it to get back in from time to time. Don't disable it.

    Use WMIC to change it. Just add a step at the very end to change it.

    wmic useraccount where name='Administrator' call rename name='SysAdmin'

    SEE: https://mdtguy.wordpress.com/2014/07/07/ask-mdt-guy-how-do-i-rename-the-default-administrator-account-in-mdt-2013/

    Wednesday, June 1, 2016 3:52 PM