Best Windows 8 Deployment Tools

Today, deploying Windows 8 (and other Microsoft OSes) is easier than ever with the help of Microsoft’s deployment tools. Better yet, most of them are still free, and they have matured a lot over the past few years. But there are so many different tools available, you may need to use two or maybe even three together to meet your deployment needs; in fact, this leads to the question I get asked most often at conferences: “Which deployment tool should I use?” I understand why: Some tools have little documentation and others have too much. For example, the Windows Assessment and Deployment Kit (Windows ADK) has 10 pages of instruction covering installation alone!

In this article, I’ll provide a brief overview of the capabilities of some of my favorite Windows 8 deployment tools — specifically Windows Assessment and Deployment Kit (Windows ADK), Microsoft Deployment Toolkit 2012 with Update 1, System Center Configuration Manager 2012 (CM), and Windows Deployment Service (WDS). I’ll introduce the new features of each tool, and help you decide which tool/tools will meet your deployment needs. I’ll address specific business scenarios where each tool (or combination of tools) will provide the most robust deployment solution.

Top Windows 8 Deployment Tools

Thanks to my work over the last year providing Desktop Deployment Product Services (DDPS) engagements to Federal/State Government agencies and Fortune 100 companies, and I’ve reconsidered my answer to the deployment tool question. In the past I would have told you the best tool to use for Operating System Deployments (OSD) was Microsoft System Center Configuration Manager (SCCM) 2007 or 2012. What I’ve found is that it’s not always that simple. Most large organizations are broken down into many autonomous departments, each with their own IT staff and unique deployment requirements. While the organization as a whole may own SCCM, not all departments are allowed to administer it. Even if they could, the learning curve for someone who has never seen SCCM to provide consistent and reliable OSDs was not feasible in the allotted time. More than once the Microsoft Deployment Toolkit 2012 (MDT 2012) met all needs and was much simpler to install and maintain.

Windows Assessment and Deployment Kit (Windows ADK)

Business scenario: Small (25 – 50 client PC) organization.

The Windows ADK is new, but most of the tools it contains are familiar old friends to deployments.  From testing application compatibility, migrating user’s data and settings to creating, managing and deploying a complete image optimized for peak performance – the Windows ADK can do it all.  It can be used as a stand-alone product to perform your entire deployment needs in a small environment. The Windows ADK contains a variety of tools each with their own interfaces and command line syntax. For a more user-friendly wizard-driven experience, the Windows ADK is utilized by other deployment tools which will be covered later in this article. Here are the tools included in the Windows ADK.

    • Application Compatibility Toolkit (ACT) – Gathers data about your existing applications (including web-based apps) and helps you track which of your applications will run on Windows 8, which can be mitigated (to partially run) and set priorities and categories on each. A new feature for ACT is inventory collection works for x64 clients.
    • Deployment Tools – These tools were previously in the Windows Automated Installation Kit (Windows AIK). Some of the tools have been improved such as the Deployment Image Servicing Management (DISM) utility which can now capture, apply, mount, service and unmount images (ImageX no longer being needed has been deprecated).
    • Windows System Image Manager (WSIM) – Creates and edits unattend.xml answer files used to automate your deployments for maintaining consistency of deployments.
    • Command line tools (OSCDIMG and BCDBOOT) — OSCDIMG can convert folders (and their contents) to ISO files which can be burnt to DVD. BCDBOOT can turn an existing empty partition into a system partition and repair the boot environment from the system partition. There are also a couple of accompanying APIs (DISMAPI & WimGAPI).
    • Help and Support – Allows you to fully customize the Help and Support, Home and Escalation pages.
    • Windows Pre Installation Environment 4.0 (WinPE 4.0) – This is a heavily scaled-down version of Windows 8 with a purpose to boot a computer and connect it to a network to either apply or create an image.  The new MakeWinPEMedia.cmd utility creates a bootable WinPE and formats it for either a UFD or an .ISO you can burn to DVD. WinPE 4.0 also supports .Net 4.0 Framework.
    • Windows Assessment Toolkit – Assess performance of one or many computers, measures the performance of system startup and shutdown, streaming media, energy efficiency, idle time of the system, OOBE experience and provides a Results Database tool.
    • Windows Performance Toolkit – Replaces a few older tools like XPerf, Windows Performance Analyzer, and Windows Performance Recorder. The UI has a new window called the Issues Windows that shows more detailed information than before and it provides full text search capabilities.
    • User State Migration Toolkit (USMT) – Previously in Windows AIK tools USMT allows you to migrate user’s data, settings and application settings. There are two new switches: /Verify and /Extract. /Verify checks the status of each file in a migration store. /Extract allows you to extract files from a compressed migration store. The two command line tools used to gather and apply the data and settings are ScanState and LoadState. The log files for both (ScanState and LoadState) provide more detailed summary information.
    • Volume Activation Management Tool (VAMT) – If you are an Enterprise client whose using the Key Management Service (KMS) for internal activations of Microsoft OSs and Office products you really should check this tool it out. It gives you some fantastic management information complete with a new UI. The activation information per computer is now stored in a SQL database and there are new Volume License reports to help you keep track of your activations.

Microsoft Deployment Toolkit 2012 With Update 1

Business scenario: Small to medium size companies (50 – 5,000 desktop computers) in a single site or a corporate site with a few satellite sites with reliable WAN connectivity.

The Microsoft Deployment Toolkit 2012 is a cinch to install and managing images has never been easier whether you need to add new drivers or change versions of existing software like Adobe Reader, Silverlight, or Flash. MDT 2012 requires the Windows ADK to be installed before it can function. Okay, it doesn’t require a complete installation of the Windows ADK but you might as well install it completely just in case you decide to use one of the other tools like ACT or the Windows Assessment Toolkit.

Microsoft Deployment Toolkit 2012 provides network deployments, stand-alone deployments from DVD or a UFD, and you can copy your entire MDT deployment share to multiple sites or just the items you need at the destination site and keep them linked up so when changes are made on the master image they are replicated to the destination sites.  The database feature adds a whole new level of automation and flexibility. But this functionality has existed in MDT for a few versions.

The new features in MDT 2012 include: PowerShell 3.0 scripts are supported as tasks in a task sequence and the Microsoft Diagnostic and Recovery Toolkit (DaRT) version 8 is supported, providing remote control of target machines during the WinPE phase of deployment. The Zero Touch Installation and User Driven Interface task sequences have been combined, and one of my favorite additions is the ability to integrate Orchestrator runtime books as a task in a task sequence just in case you want to move computer objects during deployment or create a service request if a deployment failed. The User Driven Interface (UDI) feature has been added to help you quickly and easily customize your deployment wizard.

System Center Configuration Manager 2012 (CM)

Business scenario: Medium to large companies (500-100,000 computers) widely dispersed across multiple states or even continents where not all sites have local IT staff.

This is where Configuration Manager really shines. Normally companies this large already own CM and a certain number of Client Access Licenses (if you’re not sure what you may already own, contact your Microsoft representative). CM is the only tool that natively offers Zero Touch Installations (ZTI) of Windows Operating System Deployments (OSD). CM offers a wide array of tools where OSDs are just one of the features. When it comes to OSDs in CM there are many options for implementing them: You can create a corporate-approved image at the main office and allow that image and all necessary components like drivers, applications, and task sequences to be replicated to downlevel sites and offered or pushed to specific clients.

One of the most powerful benefits of CM is its flexibility. Almost every question asked about OSDs in CM get the typical consultant “Well, that depends” response. And it does depend – it depends on how you configured it. CM 2007 also provided OSD functionality; while there are some major changes to CM 2012, the OSD feature remains pretty much the same. However, there are some major changes in the User Interface, Site Types, Hierarchy and Terminology.

Site Types

The new interface take a little getting used to, but it’s put together really well, and after a couple of days it’ll be intuitive — in fact, I like the new interface even better. There is a new site type called a Central Administrative Site (CAS). A CAS is a highly limited site, as it cannot service any clients or contain user-facing site servers other than a Software Update Point. So how do you know when you need a CAS? If you have over 100,000 clients or the need for multiple Primary Sites you need a CAS, so most organizations will never require a CAS. It is important to plan properly for your site hierarchy because you cannot change the existence or non-existence of a CAS later.

Site Hierarchy Changes

With CM 2007, a Primary Site could have another Primary Site as a child site. Secondary Sites could be child sites to a Primary Site. Secondary Sites were usually smaller sites that had little or no local IT staff and therefore had to be administered from the parent Primary Site. A large distinction between Primary and Secondary Sites was that a Secondary Site did not contain it’s own SQL database.  A basic CM 2007 site hierarchy could look like figure 1 below.

fig1 win8 deploy

With CM 2012 you can longer connect Primary Sites to each other. If there is a need for more than one Primary Site, a CAS is created and the Primary Sites are connected directly to the CAS. Then, if needed, a Secondary Site can be connected to a Primary Site, but Secondary Sites now must have their own SQL database. All data gathered from clients flows up to the parent site. As you can see in figure 2, the CAS would have client data (like hardware and software inventory among other data) from all sites beneath it. For reporting capabilities this could be helpful in a widely dispersed environment.


Terminology Changes

The terminology changes are relatively small but worth noting. With CM 2007 you would have advertised a task sequence to a collection, with CM 2012 you deploy a task sequence to a collection. Also with CM 2007 a mandatory OSD could be created, but with CM 2012 it is a required OSD. When creating an OSD there are multiple packages that have to be created, once all packages are created you can more easily distribute those packages now by highlighting the OSD task sequence and selecting “Distribute Content.” All packages associated with the task sequence are updated on your Distribution Points. Lastly, configuring the monitoring of clients in a WinPE phase during deployment has been streamlined.

To fully utilize all the bells and whistles in CM 2012, integrate MDT to get much more flexibility. The Windows ADK is a requirement for CM 2012 OSDs.

Windows Deployment Services (WDS)

Business Scenario: Small organizations with images that do not need to be modified often can use the Windows Deployment Services (WDS) that ships as role in Server 2012.

Windows Deployment Services has some new features, but they may not be enough to make up for how difficult it is to modify an existing image. WDS can only deploy fat images that contain all applications. This usually forces organizations to maintain multiple images. While WDS is not my first choice from among Microsoft’s deployment tools, it does have its place. I like to use it for lab environments and classroom setups. The real power in WDS is the functionality it provides when integrated with other tools like MDT 2012 and CM 2012. WDS allows clients to PXE boot and multicast images during deployment.

The enhancements include a new auto detection of duplicate drivers to prevent importing the same drivers to more than one driver group. Filters have been improved and can now be based on a “model” of the machine. Prestaging a device can be done within the WDS snap-in (no need to go into Active Directory Users and Computers). Boot and Install images have priorities you can assign to determine the order in which the images are presented during deployment.

Small companies that do not have Active Directory implemented can use the stand-alone WDS server. In the past this was very difficult to set up properly. The new Expected Deployment Results Wizard can identify which driver groups would be applied to a prestaged device if a deployment were performed without actually performing the migration. TFTP traffic and multicasting of images over IPV 6 is now supported. Deploying ARM clients is supported and actual deployments are faster. Now images are applied as they are downloaded, not in two separate steps where we downloaded the image and then applied it. WDS 2012 applies the image as it is downloaded.

Choosing Your Windows 8 Deployment Tools

If you haven’t already migrated your XP workstations to Windows 7 or 8 (or Server 2003, 2008 to 2012), these tools are well worth a good look. As stated earlier, most of these tools are free. You can download MDT 2012 and Windows ADK for free, and WDS ships with Windows Server 2012 as a role. It’s important that you think the tools and your deployment through — after all, you’ll live with this deployment solution for the next few years — every time you have to re-image a machine! So be sure you have the right tool for all your deployment needs.