Windows 10 Deployment–Deep Dive

  • Article

In my previous article, I have discussed the must know concepts for IT professionals in Windows 10 – Deployment, Management and Security. In this post, let us deep dive into Windows 10 deployment – tools, techniques and process.

To deploy Windows 10 in your organization, it is important to understand the different ways it can be deployed with new scenarios and the mix of devices with with multiple versions of Windows OS.

Deployment techniques:

To deploy Windows 10 and applications, it is important to know and understand the techniques or scenarios along with their applicability and limitations.

  • In-place upgrade

This option is meant for systems running in Windows 7, Windows 8 and Windows 8.1. It is used for hassle free upgrade option without a complex deployment plan or process. An IT friendly upgrade process to be precise. It automatically preserves all data, settings, applications, and drivers from the existing operating system version.

  • Dynamic provisioning

There are 2 dynamic provisioning scenarios namely – Azure AD Join with automatic MDM enrolment and Provisioning package configuration without MDM. This is mainly used in CYOD (choose your own device) scenarios where in there is no restriction to choose the available and certified devices within the organization.

  • Traditional deployment (wipe and load)

As the name suggests this is the traditional deployment method where in the device OS is wiped off and fully installed fresh. Again this is mainly used in three scenarios – New computer, computer refresh and computer replace.

Deployment tools:

Now that we have a fair idea about the deployment techniques/scenarios, the next step is to understand about the toolsets which are useful in deployment scenarios. These are the tools majorly used for deployment.

Windows Assessment and Deployment Kit

Windows ADK contains core assessment and deployment tools and technologies, including

    • Deployment Image Servicing and Management (DISM),
    • Windows Imaging and Configuration Designer (Windows ICD),
    • Windows System Image Manager (Windows SIM),
    • User State Migration Tool (USMT),
    • Volume Activation Management Tool (VAMT),
    • Windows Preinstallation Environment (Windows PE),
    • Windows Assessment Services,
    • Windows Performance Toolkit (WPT),
    • Application Compatibility Toolkit (ACT)

While there are tips for ITPros to use the tools and techniques, there are guidance as well when to use the techniques.

When you should go for in-place upgrade?

    • The existing computer OS is Windows 7, 8, 8.1
    • When application compatibility tests are passed
    • Upgrade to standard Windows 10 image
    • Where you need automatic roll back to previous OS.

When not to go for In-place upgrade?

    • Changing from Windows x86 to x64
    • Systems using Windows To Go, boot from VHD
    • Changing from legacy BIOS to UEFI
    • Dual boot and multi-boot systems
    • Where there is Image creation processes involved (can’t sysprep after upgrade)
    • Using certain third-party disk encryption products

The dynamic provisioning and traditional deployment use cases are very well known and am not going in depth in the same.

One important feature that can’t be missed in Windows 10 is Windows as a Service – as the name suggests, now you can get Windows updates like software updates.

There are different ways you treat your normal users, business users and critical users. You may not want to treat your business users the same way as critical or normal users. Like the term says – one size doesn’t fit all – one update process may not be fitting all. All these times, it was either full update or no update (though there were policies to control the number of updates and when to update), it was not that fully implemented even with WSUS.

There are some widely used terms while defining the windows update. Those are

  • Current Branch
    • Features are released to broad market
    • Customers are up to date with features as they are released after broad preview validation
    • Opportunity for enterprises to test and validate new features
    • WSUS, SCCM, and WU for Business can be used for managing delivery of updates
    • Security updates and fixes are delivered regularly
  • Current Branch for business
    • Business customers can start testing as soon as preview features are released via Windows Insider Program
    • Business customers can wait to receive feature updates for an additional period of time, testing and validating in their environment before broad deployment
    • Within the deferral period, you can flight these features and updates in your organization and provide feedback
    • WSUS, SCCM, and WU for Business can be used for managing delivery of updates
    • Security updates and fixes are delivered regularly
  • Long term servicing branch
    • Security updates and fixes are delivered regularly
    • Customers on Long Term Servicing Branch receive security and critical fixes only for ten years
    • Customers can move from one LTSB to the next one via in-place upgrade and can skip one LTSB as well
    • Customers manage updates via WSUS

There is something newly introduced called Windows update for business. The capabilities are

  • Time to test and validate the feature updates
  • Create internal deployment groups
  • Maintenance window aligned with business rhythm
  • Peer to peer delivery to optimize bandwidth
  • Integrating with the existing tools such as system center
  • Access to current branch and current branch for business

Finally, I would like to finish the deployment story with the tip of thinking through deployment strategy.

clip_image002

For more details on Windows 10 deployment, please check here.

See you all in my next post on Windows 10 Security.