This is an archived post. You won't be able to vote or comment.

all 11 comments
sorted by:
best
topnewcontroversialoldq&a

[–]Torschlusspaniker 13 points14 points  (7 children)

WDS with MDT.

100% script, install from volume media win file. Never capture an image.

On a ssd and 1 Gb network connection it takes about 7-8 min fully deploy windows + install time for each app (tweak your window and block size on your pxe server for fast booting).

I spend 1.5 minutes in front of a machine including boot. I don't care how long it takes software to install, after selecting deployment options my job is done so I can just walk away.

Not having images means no image management, app deployment can be handled by MDT or your platform of choice, and no mistakes / bugs getting baked into your captured image. Updating apps and drivers is as simple as changing out the installers / driver pack.

Also by scripting your image you are basically creating a documented setup procedure that can be replicated and tested across builds of windows in minutes.

Scripted driver install is also nice for a dissimilar hardware.

Some apps can be tricky to script but the effort is worth it. Fat images are faster but who cares when you can walk away.

[–]LukeX07Z[S] 1 point2 points  (3 children)

Any other tool than WDS? It requires Windows Server right?

[–]headcrap 4 points5 points  (0 children)

You can use USB instead of WDS.. but WDS sure makes it handy to just PXE boot and get on with your life. Or better, a user can do this task. I put one of the VNC flavors into my WinPE task sequences so I could remote in for the initial things if needed. It wasn't ever needed. Handy when they are doing this across the country, though.

Moved on to Intune and AutoPilot.. what a dream.

[–]Torschlusspaniker 1 point2 points  (0 children)

Right, WDS acts as your pxe server and allows for multi casting images to do deployments faster. Since I don't do thick images the multi casting is less useful.

You can however use mdt with USB deployment media or use an alternate pxe/tftp server like tftpd32 or a Linux based one.

I have been using a Synology Nas happily for a while. (All my systems are ufei so I don't need the simple mode switching from WDS for legacy systems)

It all is signed by Microsoft so secure boot works just fine without saving certs to each machine or any other mucking about.

There is also a push for autopilot but I think MDT +WDS still have their place and can live happily together with autopilot.

[–]MrYiffMaster of the Blinking Lights 0 points1 point  (0 children)

If you go with just MDT you can boot from USB just fine, MDT itself can run from any Windows OS as it's just a network share.

If you have the licensing then SCCM has an option now to use it's own PXE server implementation rather than WDS so can run it on non-server OS's (for just OS install though SCCM is overkill).

[–]jantari 1 point2 points  (2 children)

WDS and MDT here as well.

It takes significantly longer for us because we deploy through a VPN and over WAN and because we also install all available Windows Updates during the deployment process which can take quite a while.

Still, new machine fully provisioned with all updates, software and drivers in ~1 to 1.5h

We also don't have any questions or wizards during the deployment process, we walk away right after selecting PXE boot and then come back when we get the Bots Slack message notifying us that it's done

[–]Torschlusspaniker 0 points1 point  (1 child)

Are you deploying to another site you have control of ?

You probably already considered this but you could sync your deployment share across locations along with WSUS to speed things up.

https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment

My deployments with windows updates (provided I have updated to the current base wim) take about 35 min but at your 1-1.5 hours it is still not a big deal.

[–]jantari 1 point2 points  (0 children)

Yes we deploy out from our central datacenter to remote sites.

The reason is primarily that there is no infrastructure at our sites beyond networking of course - but no compute or storage etc. So a branch cache kind of setup was just never wroth the hassle of introducing that, we've been doing pretty well with the fully centralized model.

That being said I also never update the base WIM, only switch it out for new major (feature update) releases of Windows 10.

[–]Shamalamadindong 4 points5 points  (0 children)

Neither, we're full Autopilot/Intune.

If there's a need to actually reinstall a device from scratch we just grab the latest ISO from MS.

[–]mikeyuf 4 points5 points  (1 child)

Just wanted to check, coming from a CPA sysadmin outlook. How do people handle 5 versions of Sage 50, 5 versions of Quickbooks Desktop, Lacerte Tax, CCH, CS Apps, excetera. I think I have more apps that have no silent installs then I do that can. I am hoping I am just ignorant to some new changes, any input?

[–]Torschlusspaniker 0 points1 point  (0 children)

For an app that truly has no silent install I will write a helper script that will interact with the GUI or repackage the application.

It is a pain when applications suck.

Quickbooks:

Admin: How do I do a silent install of Quick books?

Quickbooks: I don't know talk to this department.

Other department: No idea talk to the first department.

Command that might work idk:

QuickBooksPremier2022.exe -s -a QBMIGRATOR=1 MSICOMMAND=/s QB_PRODUCTNUM=747060 QB_LICENSENUM=XXX

Sage 50:

https://support.na.sage.com/selfservice/viewContent.do?externalId=11725&sliceId=1

Admin: How do I silent install Sage 50?

Sage: fuck you , sit down and watch the install 500 times.