What is the best windows deployment solution - currently

IAmForum

Weaksauce
Joined
Jan 17, 2020
Messages
94
i am looking to learn how to use and implement a windows deployment strategy.

what is a software solution that is not overly complicated and yet gets everything done well ?

i was, of course, looking at mdt / sccm

any ideas ?

Thank you...
 
I'm working on getting SCCM up and running just to deploy applications for now. If I said it was a complicated, royal pain in the ass, it would be an understatement.
 
MDT itself is pretty easy to set up, you can do it in one sitting.

Add your Windows image, add your applications, set some defaults like time-zone and whatnot, build boot image. Throw the boot image on a flash drive or PXE boot it.

I generally don't bother capturing my Windows images. They're deployed as is, with MDT adding the apps and GPO taking care of everything else customization wise.

SCCM is a behemoth.
 
MDT is pretty easy to setup and gives you a lot of good flexibility of tying in applications you want to choose from or force install.

SCCM works great for existing computers where say you want to reimage an entire group of computers at once.

Just make sure you setup USMT.
 
Is this trying to do as cheaply / free as possible? Are we talking 10 computers, 10,000 computers? Do you have a need to pushing software to remote workforces?

It would almost be hard to suggest putting all of the effort into SCCM at this point in time. Chances are if you set it up you'll just end up needing to do co-management with Intune anyway, because half of your workforce will never be on site and then you'll struggle getting them updated, reporting in etc. If you're deploying clients you probably want to make sure they are tied back into VPN from day 1, otherwise you'll have issues managing them with SCCM only. That said I don't know of a great mdm / cloud solution to suggest that can deliver the entire package, but do so over the internet in a secure fashion. I've looked at a few vendors recently and their "cloud" solution is just their IaaS solution but opened up to the web. They don't really seem well suited for being ran that way, so you're better off just keeping it as a local install and running it on top of VPN.
 
all my small business customers use WDS, but they are ~25 computers at most.
Simple to setup, I add a WinPE option in case I need to check for malware on a PC..no need to carry a boot flash drive, then just replace the Win10 install file when a new W10 version comes out.
Edit: add in some GPO tied to computer OU's and after the build, move to the OU to apply those PC settings, almost nothing to configure except the users Outlook and a few one off things
 
Last edited:
It would almost be hard to suggest putting all of the effort into SCCM at this point in time. Chances are if you set it up you'll just end up needing to do co-management with Intune anyway, because half of your workforce will never be on site and then you'll struggle getting them updated, reporting in etc.
Damn, so I have roughly 250 clients, many would be the corporate network most days, but about 100-125 would be remote and VPN in most of the time.
 
SCCM is the biggest one.

ManageEngine can also do what you are looking for.
 
all my small business customers use WDS, but they are ~25 computers at most.
Simple to setup, I add a WinPE option in case I need to check for malware on a PC..no need to carry a boot flash drive, then just replace the Win10 install file when a new W10 version comes out.
I do this. I have a WDS instance on a Windows Server, which I can PXE boot from and just install Windows. I use the stock install.wim, and MS's own documented methods for manipulating the installation afterwards. I have some small scripts to do some per-user customization. Setting up WDS is very easy and took like what.. five minutes?
 
Damn, so I have roughly 250 clients, many would be the corporate network most days, but about 100-125 would be remote and VPN in most of the time.

If you can get them to VPN in, or you set them up so it forces them to VPN in, then SCCM is definitely a workable solution. The issue is that if a bunch of those remote users who are mostly cloud based (Email, web portals, Box/drive/onedrive) then they have no reason to fire up the VPN. When that happens their machines aren't going to check in, so then it's a battle of getting them to check in so you can push / deploy updates. That's where SCCM tends to be a bit more difficult and why there are other products to help extend what it was designed for. If like 80% of your userbase is going to be reliably connecting into the corporate network, then you can handle the rest on a case by case and I'd say SCCM would certainly be an option. It really comes down to what percentage are remote and what percentage will never phone home to a traditional set up.
 
If all you want to do is Deploy Windows then use a server and serve Azure Virtual Desktops on it.
And allow only select IPs to access the Virtual Server.
The best thing is you do not have to create or delete users.
All you have to create and delete instances.

I am sure it is not this easy but you gotta try it.
 
Back
Top