It's close to the end of the year, so you're probably looking forward to next year, when hardware refreshes come due. How can you make your life easier when you have all of these systems to prepare, deploy and manage?
You can save yourself a lot of time by using some Windows tools and a friendly program from your OEM vendor. Here are some tips on how to standardize client deployment with minimal fuss and effort.
Put everything on the table with a master image. You can use the Windows Preinstallation Toolkit, along with the Windows Preinstallation Environment, to build a master system image, complete with operating system, tweaks, applications and preferences all set up and ready for use.
Most major OEMs have subscription programs in which businesses provide them with master images that they then lay down onto systems as they come off the assembly line. Organizations can specify an exact system layout, ensure that there's no crapware on new systems and save immense amounts of predeployment time when IT departments unbox machines for distribution. Most OEMs will work with you even if you purchase small quantities -- say, 10 at a time -- of their products.
Make all of the hardware ready to use out of the box with driver injection. You can take this a step further than just putting up a master image. Driver injection can save a lot of time if you're purchasing brand-new hardware to run the vintage-2009 Windows 7 operating system. Some new devices -- such as built-in 3G and 4G wireless access, some security devices, and even solid-state drives (SSDs) -- may require or can benefit from specific drivers.
As part of the Windows Preinstallation Toolkit, the Deployment Image Servicing and Management (DISM) tool can take drivers and inject them, either online or offline, into a Windows system image. That way, when the image is laid down on disk, the drivers are already present and ready to be used. This is better than requiring the user to download those drivers or wait for a system to be contacted by a patch management tool, download and install the driver, and then reboot.
You can use DISM to inject driver files using an unattended installation file, or you can manually add these drivers to an image directly from a command prompt. More information on how to use the DISM tool is available on TechNet.
Investigate using offline join to rapidly deploy new machines. New to Windows 7 and Windows Server 2008 R2 is the ability to prejoin a computer to a domain and export that provisioning information so that the actual joining of the machine to the specified domain can be done offline.
In this case, you'd be able to provide your vendor with provisioning information for all client computers in an order. Once they arrive fresh from the factory, they come up joined to the domain and will suck down everything you've specified via Group Policy or your enterprise management tool. No more staging by IT is required, which could be a huge time-saver when vast swaths of machines are being refreshed.
You can use the djoin tool to essentially create the computer account in Active Directory. The following command does the trick:
djoin /provision /domain <target domain to join> /machine <name of the computer to
join to target domain> /savefile provfile.txt
Note that if you don't have a Windows Server 2008 R2 domain controller, you can run djoin.exe with the /downlevel parameter on a Windows 7 machine already joined to a domain.
Then, run djoin on the target computer to join to the domain, and specify a local copy of the provisioning file you produced by running the command below.
djoin /requestODJ /loadfile provfile.txt /windowspath %SystemRoot% /localos
The localos parameter is necessary to run djoin on the machine that is supposed to join the computer.
ABOUT THE AUTHOR:
Jonathan Hassell is an author, consultant and speaker residing in Charlotte, N.C. His books include RADIUS, Hardening Windows and, most recently, Windows Vista: Beyond the Manual.
This was first published in November 2011