Today, deploying Windows 8 (and other Microsoft OSes) is easier than ever with the help of Microsoft’s deployment tools. Better yet, most of them are still free, and they have matured a lot over the past few years. But there are so many different tools available, you may need to use two or maybe even three together to meet your deployment needs; in fact, this leads to the question I get asked most often at conferences: “Which deployment tool should I use?” I understand why: Some tools have little documentation and others have too much. For example, the Windows Assessment and Deployment Kit (Windows ADK) has 10 pages of instruction covering installation alone!
In this article, I’ll provide a brief overview of the capabilities of some of my favorite Windows 8 deployment tools — specifically Windows Assessment and Deployment Kit (Windows ADK), Microsoft Deployment Toolkit 2012 with Update 1, System Center Configuration Manager 2012 (CM), and Windows Deployment Service (WDS). I’ll introduce the new features of each tool, and help you decide which tool/tools will meet your deployment needs. I’ll address specific business scenarios where each tool (or combination of tools) will provide the most robust deployment solution.
Thanks to my work over the last year providing Desktop Deployment Product Services (DDPS) engagements to Federal/State Government agencies and Fortune 100 companies, and I’ve reconsidered my answer to the deployment tool question. In the past I would have told you the best tool to use for Operating System Deployments (OSD) was Microsoft System Center Configuration Manager (SCCM) 2007 or 2012. What I’ve found is that it’s not always that simple. Most large organizations are broken down into many autonomous departments, each with their own IT staff and unique deployment requirements. While the organization as a whole may own SCCM, not all departments are allowed to administer it. Even if they could, the learning curve for someone who has never seen SCCM to provide consistent and reliable OSDs was not feasible in the allotted time. More than once the Microsoft Deployment Toolkit 2012 (MDT 2012) met all needs and was much simpler to install and maintain.
Business scenario: Small (25 – 50 client PC) organization.
The Windows ADK is new, but most of the tools it contains are familiar old friends to deployments. From testing application compatibility, migrating user’s data and settings to creating, managing and deploying a complete image optimized for peak performance – the Windows ADK can do it all. It can be used as a stand-alone product to perform your entire deployment needs in a small environment. The Windows ADK contains a variety of tools each with their own interfaces and command line syntax. For a more user-friendly wizard-driven experience, the Windows ADK is utilized by other deployment tools which will be covered later in this article. Here are the tools included in the Windows ADK.
Business scenario: Small to medium size companies (50 – 5,000 desktop computers) in a single site or a corporate site with a few satellite sites with reliable WAN connectivity.
The Microsoft Deployment Toolkit 2012 is a cinch to install and managing images has never been easier whether you need to add new drivers or change versions of existing software like Adobe Reader, Silverlight, or Flash. MDT 2012 requires the Windows ADK to be installed before it can function. Okay, it doesn’t require a complete installation of the Windows ADK but you might as well install it completely just in case you decide to use one of the other tools like ACT or the Windows Assessment Toolkit.
Microsoft Deployment Toolkit 2012 provides network deployments, stand-alone deployments from DVD or a UFD, and you can copy your entire MDT deployment share to multiple sites or just the items you need at the destination site and keep them linked up so when changes are made on the master image they are replicated to the destination sites. The database feature adds a whole new level of automation and flexibility. But this functionality has existed in MDT for a few versions.
The new features in MDT 2012 include: PowerShell 3.0 scripts are supported as tasks in a task sequence and the Microsoft Diagnostic and Recovery Toolkit (DaRT) version 8 is supported, providing remote control of target machines during the WinPE phase of deployment. The Zero Touch Installation and User Driven Interface task sequences have been combined, and one of my favorite additions is the ability to integrate Orchestrator runtime books as a task in a task sequence just in case you want to move computer objects during deployment or create a service request if a deployment failed. The User Driven Interface (UDI) feature has been added to help you quickly and easily customize your deployment wizard.
Business scenario: Medium to large companies (500-100,000 computers) widely dispersed across multiple states or even continents where not all sites have local IT staff.
This is where Configuration Manager really shines. Normally companies this large already own CM and a certain number of Client Access Licenses (if you’re not sure what you may already own, contact your Microsoft representative). CM is the only tool that natively offers Zero Touch Installations (ZTI) of Windows Operating System Deployments (OSD). CM offers a wide array of tools where OSDs are just one of the features. When it comes to OSDs in CM there are many options for implementing them: You can create a corporate-approved image at the main office and allow that image and all necessary components like drivers, applications, and task sequences to be replicated to downlevel sites and offered or pushed to specific clients.
One of the most powerful benefits of CM is its flexibility. Almost every question asked about OSDs in CM get the typical consultant “Well, that depends” response. And it does depend – it depends on how you configured it. CM 2007 also provided OSD functionality; while there are some major changes to CM 2012, the OSD feature remains pretty much the same. However, there are some major changes in the User Interface, Site Types, Hierarchy and Terminology.
The new interface take a little getting used to, but it’s put together really well, and after a couple of days it’ll be intuitive — in fact, I like the new interface even better. There is a new site type called a Central Administrative Site (CAS). A CAS is a highly limited site, as it cannot service any clients or contain user-facing site servers other than a Software Update Point. So how do you know when you need a CAS? If you have over 100,000 clients or the need for multiple Primary Sites you need a CAS, so most organizations will never require a CAS. It is important to plan properly for your site hierarchy because you cannot change the existence or non-existence of a CAS later.
With CM 2007, a Primary Site could have another Primary Site as a child site. Secondary Sites could be child sites to a Primary Site. Secondary Sites were usually smaller sites that had little or no local IT staff and therefore had to be administered from the parent Primary Site. A large distinction between Primary and Secondary Sites was that a Secondary Site did not contain it’s own SQL database. A basic CM 2007 site hierarchy could look like figure 1 below.
With CM 2012 you can longer connect Primary Sites to each other. If there is a need for more than one Primary Site, a CAS is created and the Primary Sites are connected directly to the CAS. Then, if needed, a Secondary Site can be connected to a Primary Site, but Secondary Sites now must have their own SQL database. All data gathered from clients flows up to the parent site. As you can see in figure 2, the CAS would have client data (like hardware and software inventory among other data) from all sites beneath it. For reporting capabilities this could be helpful in a widely dispersed environment.
The terminology changes are relatively small but worth noting. With CM 2007 you would have advertised a task sequence to a collection, with CM 2012 you deploy a task sequence to a collection. Also with CM 2007 a mandatory OSD could be created, but with CM 2012 it is a required OSD. When creating an OSD there are multiple packages that have to be created, once all packages are created you can more easily distribute those packages now by highlighting the OSD task sequence and selecting “Distribute Content.” All packages associated with the task sequence are updated on your Distribution Points. Lastly, configuring the monitoring of clients in a WinPE phase during deployment has been streamlined.
To fully utilize all the bells and whistles in CM 2012, integrate MDT to get much more flexibility. The Windows ADK is a requirement for CM 2012 OSDs.
Business Scenario: Small organizations with images that do not need to be modified often can use the Windows Deployment Services (WDS) that ships as role in Server 2012.
Windows Deployment Services has some new features, but they may not be enough to make up for how difficult it is to modify an existing image. WDS can only deploy fat images that contain all applications. This usually forces organizations to maintain multiple images. While WDS is not my first choice from among Microsoft’s deployment tools, it does have its place. I like to use it for lab environments and classroom setups. The real power in WDS is the functionality it provides when integrated with other tools like MDT 2012 and CM 2012. WDS allows clients to PXE boot and multicast images during deployment.
The enhancements include a new auto detection of duplicate drivers to prevent importing the same drivers to more than one driver group. Filters have been improved and can now be based on a “model” of the machine. Prestaging a device can be done within the WDS snap-in (no need to go into Active Directory Users and Computers). Boot and Install images have priorities you can assign to determine the order in which the images are presented during deployment.
Small companies that do not have Active Directory implemented can use the stand-alone WDS server. In the past this was very difficult to set up properly. The new Expected Deployment Results Wizard can identify which driver groups would be applied to a prestaged device if a deployment were performed without actually performing the migration. TFTP traffic and multicasting of images over IPV 6 is now supported. Deploying ARM clients is supported and actual deployments are faster. Now images are applied as they are downloaded, not in two separate steps where we downloaded the image and then applied it. WDS 2012 applies the image as it is downloaded.
If you haven’t already migrated your XP workstations to Windows 7 or 8 (or Server 2003, 2008 to 2012), these tools are well worth a good look. As stated earlier, most of these tools are free. You can download MDT 2012 and Windows ADK for free, and WDS ships with Windows Server 2012 as a role. It’s important that you think the tools and your deployment through — after all, you’ll live with this deployment solution for the next few years — every time you have to re-image a machine! So be sure you have the right tool for all your deployment needs.