2. Who am I?
• Windows (and a bit of Linux) sysadmin
• First Win7 deployment at UTK: ~1500
machines
• Win98,WinXP, Vista, Win7, ~15+
deployments, 20-1k+ each
Wednesday, August 8, 12
3. What is a ‘Managed
Desktop Environment’?
• Automated
• Controlled
• As lean as the business needs, and no
leaner.
Wednesday, August 8, 12
I. Define
A. What do I mean when I say a 'Managed desktop environment'?
B. Those of you working in large scale systems know that it's easier and more efficient to rebuild a system than to repair it. The same principle applies in a desktop environment as well.
C. The goal of a managed desktop environment is very similar to that of a well-managed server environment: automate everything, know *exactly* what is on your systems, who needs
what, where the systems reside, etc.
4. Why does it matter?
• The lens through which users view IT.
• Do this right, and perceptions of IT will
swing to positive.
Wednesday, August 8, 12
II. Why does it matter?
A. You may have the most beautifully-designed and managed server infrastructure, but if the computers your customers use are slow, then in their minds, your network sucks.
B. If a new user arrives and their computer and all accounts are not waiting for them by the time they get to their desk, the reputation of IT is immediately tarnished in their minds--no
matter what the reason is.
C. There really is no excuse for a desktop to be down longer than an hour.
C. What I'm getting at is that your desktop environment is the lens through which your customers view IT. Do this right and you make great bounds in building user faith in IT.
5. How do I start?
• Do an inventory
• Decide on methodology
• HTI vs LTI vs ZTI
• Thin,Thick, Hybrid
Wednesday, August 8, 12
6. Inventory
• Workstations, printers, software, file
shares, usage patterns
• Microsoft Assessment & Planning Toolkit
(MAP)
• Script it:VBS or PowerShell
Wednesday, August 8, 12
IV. The Approach
A. Inventory
1. Software
2. Hardware
3. Printers
4. Users
5. Shared folders/mapped drives
6. Usage patterns (eg, groups of users)
7. MAP can be a huge help here
7. Methodology
• Install Types
• HTI: High Touch Install
• LTI: Lite Touch Install
• ZTI: Zero Touch Install
Wednesday, August 8, 12
III. Terms
A. ZTI - Zero Touch Installation
1. Fully automated deployment. You don't touch the system at all. In fact, you could sit at your desk and never get up.
2. Requires SCCM in order to do, which costs a good sum of money. It's worth it, but some of your companies may not have the budget or scale for it.
B. LTI - Lite Touch Installation
1. Just short of ZTI: your interaction is minimal, such as entering a computer name, or initiating the imaging process manually
2. All the functionality needed for LTI is built-in on Server 2008, or comes free from Microsoft.
8. Methodology
• Image types
• Thin Image
• Thick Image
• Hybrid Image
Wednesday, August 8, 12
C. Thick Image
1. Also called a flat image. Many of you are familiar with this already. This is where you build a system as your reference machine, then clone it as-is. Anyone who has ever used Ghost
for deployment has done this.
D. Thin Image
1. Way cooler stuff. The image isn't really an image. An example can explain it better: in my latest project, I have the Windows 7 vanilla WIM in WDS. I used WAIK to build an unattend
file, which I applied to it through MDT. MDT has a driver database stored on a network share. When I launch MDT and tell it to install this image, it goes through a standard Win7 install,
applies the unattend file, installs drivers and updates from the local network. Part of the unattend is joining the domain. By the time the system does the first boot, it gets group policy, which
then applies a ton of custom settings, and installs a bunch of software. As you can see, it's not really an image, as the system is built piece by piece through the process. One of the neat
things about this method is that you can change things at any point in the process, unlike with a thick image, which would have to be snapshotted again. Changing anything on a thin image
requires no deployment of it first. It's way more flexible.
2. This is the method I advocate for most implementations.
9. The Tools
• MDT
• WAIK
• WDS
• SCCM - $$$
Wednesday, August 8, 12
IV. OS Deployment
A. Windows 7
1. MDT as thin or thick image
2. SCCM - We won't be covering this, as awesome as it is.
3. WAIK for building the unattend file
B. Windows XP
1. MDT can deploy as a thick image
10. Customization
• Group Policy!
• Printers
• Software
• Settings
• File shares
Wednesday, August 8, 12
V. Group Policy
A. System customization
1. Group policy is your best friend. There is way too much to list here.
B. Printer Deployment
a. Printer deployment sucks, but it's better than it used to be.
b. On printers, there's a lot of nitty gritty technical. Here's the overview: Use a print server, then pick one of the following methods:
(1). Group Policy Preferences - An excellent choice and should be your first choice.
(2). Print Management MMC through the Print Server role on 2k8 - Really easy to deploy, however, it has the limitation of not being able to use security groups to apply selectively
(3). VBS script - Really easy, simple, and stable. I tend to use built-in functionality instead of scripting things, but this method works just fine.
c. I mentioned security groups, so let me touch on that. Create a security group for each printer you have. Put computers or users in it, depending on where you're applying this in
group policy. When you set up a printer for deployment, use the security group as the condition. The result is that only people or computers in that group will get the printers installed. Person
needs a new printer added? Simply add them to the group and tell them to reboot.
C. Software Deployment
1. Most major software packages have MSIs with transforms available. Add them to the Software Installation bit in group policy. If the package lacks an MSI, there is software available
to repackage as an MSI, though I don't have any experience with them. Another option is to set a batch script to perform a silent install against the EXE. MDT can also perform software
installation itself.
D. File shares
1. Couple different options: Use Group Policy Preferences, or a script (batch/VBS). I prefer GPP.
11. Licensing
• Three licensing types
• OEM
• Retail
• Volume Licensing
• OnlyVL has imaging rights
Wednesday, August 8, 12
VI. Licensing Concerns
A. There are three types of licensing
1. OEM - This what you get when you purchase a new computer. It's the sticker on the side of the box. Individual keys.
2. Retail - This is when you buy from a retailer, such as Best Buy. Individual keys.
3. Volume Licensed - Purchased from resellers. Multiple different licensing models available; ask your reseller for more information on those, as it can get confusing quickly.
B. Only VL has reimaging rights.
1. One of the more important bits to know here is that a VL license for Win7 is an upgrade license, not a full license. You need an OEM or retail license on the computer already.
12. Resources
• Windows 7 Resource Kit by Mitch Tulloch
• Microsoft TechNet
• MSVolume Licensing Service Center:
microsoft.com/licensing
Wednesday, August 8, 12