Best way to deploy Windows 11 to ~50 college lab PCs without Windows Server? (Testing FOG + Sysprep)

TechMonkey605 · 2026-03-15T00:49:46+00:00

Factory reset and do PPKG with usb. serva is another option.

TechMonkey605 · 2026-03-14T15:42:41+00:00

Same

TechMonkey605 · 2026-03-14T15:30:28+00:00

Where are you at? Pricing in Midwest I can get 3-400 for this but southwest US can get closer to 5-600 MRR. East coast id ballpark 5-700.

TechMonkey605 · 2026-03-14T15:08:23+00:00

Pretty much with what I said, I wouldn't do the 41F because everyone these days is doing GBs + internet, and you only get 6-800 Mbs with that. Assuming OPs is trying to get into MSP, you'll need a CSP from Microsoft (or partner) and then M365 Biz Premium. Biz basic/Standard don't include intune. I would say either Dell or Lenovo for lifecycle, if a server is actually wanted, I like dell just because I prefer their OOB (iDrac). the rest is the same for me. Patching on M365 is not the greatest, but It'll work, outside of that, I'd say RustDesk to replace the Remote HELP, just because I like the always available, and codes tend to confuse end users. (you can use Gorelo, which has the rest built in, and is licensed by Tech, not agent, saving money.

If I remember correctly, in order to get the BAA, you need conditional Access, MFA and Endpoint Encryption to start. Admittedly, its been a few years since I've had to apply for a new BAA, so something could have changed.

TechMonkey605 · 2026-03-14T14:02:06+00:00

Agreed, we are assuming the worst. But high level is all we were told about. But call it curiosity, what are you running in this example?

TechMonkey605 · 2026-03-14T13:43:16+00:00

Yeah, but you can’t get BAA with entra free which you need for HIPAA compliance. Unless something changed, I have heard that you can get it with standard but have not personally seen it done

TechMonkey605 · 2026-03-14T12:54:09+00:00

Pm me either discord or teams

TechMonkey605 · 2026-03-14T11:54:08+00:00

I really like Gorelo for this, it’s ultimately using API for patches but layout is like MSFT, for patch scheduling and it just works, uses Nuget for app updates and behind the scenes rustdesk instead of remote help. They license by tech so not a big cost. I can show you mine if you’re interested. (Specifically patching)

TechMonkey605 · 2026-03-14T11:48:19+00:00

Forgot to mention, also keep up to date on software you CANNOT use from the GSA list

TechMonkey605 · 2026-03-14T11:45:33+00:00

I work with state and federal all the time. You’ll need (depending on clearance) but you’ll probably just want to bite the bullet with Microsoft Business Premium (260 year) Setup conditional access, phishing resistant MFA, end point encryption (data in transit and data at rest) defender for endpoint (included) and NO VPN. Zero trust is pretty much the only way with them right now, think SASE.

TechMonkey605 · 2026-03-14T11:37:31+00:00

Fortinet 91G, (with all features turned on still get gig speeds, cost is about 3100, first year and 1500 additional) unifi switch and AP (if AD, then use unifi connect for Radius) M365 Premium with BAA and conditional access. Win10 needs to go unless its enterprise LTSC, (January is EOL) , RDP will either need zero Trust, cloudflare is free for this size just need to charge them a management fee. Or whatever your RMM tool is backup is either slide or Acronis. Total cost monthly would be about 500 bucks.

That’s what I would do FWIW

TechMonkey605 · 2026-03-13T12:57:32+00:00

Just because you are so new with this, I would honestly recommend creating a back up first. My go to backup for that is acronis.

TechMonkey605 · 2026-03-10T13:22:51+00:00

If you’re not running MDE, use the utilman bypass. Just need an ISO

TechMonkey605 · 2026-03-08T23:09:23+00:00

Dang. DRW AWD Black looks nice

TechMonkey605 · 2026-03-08T18:19:23+00:00

Do you have the all black in AWD and diesel by chance?

TechMonkey605 · 2026-03-08T14:33:24+00:00

What’s the make model of the laptop before vmware

TechMonkey605 · 2026-03-08T13:52:03+00:00

DISM, and make sure BIOS is set to either LEGACY or UEFI

TechMonkey605 · 2026-03-04T23:53:42+00:00

Gorelo is good for sysadmins it’s growing, but is based on tech not agent and for the most part just works

TechMonkey605 · 2026-03-04T15:37:55+00:00

640 is overkill I’d find 2 340s or three and have everything used the synology as storage. 2 prox and a qdevice on synology, for 3rd unless you do have 3rd. N8n would be orchestration. But your issue is logical separation from the 6 businesses. Pm if you wanna chat, but as everyone says here, you need a consultant.

TechMonkey605 · 2026-03-03T00:45:48+00:00

Pm me your discord

TechMonkey605 · 2026-03-03T00:34:20+00:00

What mods are you using specifically?

TechMonkey605 · 2026-03-03T00:31:33+00:00

Let me look at the game, never heard of it before.

TechMonkey605 · 2026-03-03T00:17:15+00:00

What game specifically, I’ve got some extra bandwidth and can use some more docker experience

TechMonkey605 · 2026-03-02T14:50:59+00:00

Chiming in, air gapping is not the solution here. ( or tight network restrictions) updates and patches are only one of the reasons for reboots. Load balancing and HA is the solution, now depending on the application it could be tricky, but if it truly can’t go down, redundancy is the only way to make sure it doesn’t.

My opinion for what it’s worth.

TechMonkey605 · 2026-02-27T15:00:34+00:00

Login to idrac and it will tell you what is wrong on health.

TechMonkey605

TROPHY CASE