Building School Networks for the Future – Deployment of Microsoft Windows 7

Following on from Stuart Wilkie’  installment of Building School Networks for the Future with System Centre and Hyper-V, this is the third piece in the jigsaw from Marine Academy, Plymouth  looking at how Stuart and his team went about deploying Windows 7 across the site and the decisions that had to be made along the way.

As mentioned in the first article in this series Stuart had explained that he had a ‘’chasm of difference between the best and the worst machines’’ and as it would later turn out, not all machines were in the right place. There were some high end dual core recent purchases in 3 of the 6 ICT Suites (and these could also be found in administration and one tech room), the others having some older (but still dual core) custom build machines  ‘’which were a bit temperamental”  and the rest of the suites (and majority of the rest of the site) having Celeron 1.6 or 1.9 from IBM or RM. “So, a significant part of the estate could present us with a problem then” worried Stuart, at the start.

Add to this, a wide variety in specification and condition of laptops (which were used by teaching staff)  the sheer amount of equipment that needed upgrading to ensure that the consistency goal would be met.

The number of ICT suites was going to remain the same for this year and with at least 18 months before the new build was going to be ready, somehow, explained Stuart  “we had to maintain student access”.

A pivotal decision was to be the classroom workstations. By replacing the entire laptop fleet, and ensuring that all teaching staff had a laptop  it would be possible to remove the workstations, therefore saving the expense. Furthermore, building on an existing relationship with Microsoft, and also via the professional group, Stuart and his team were lucky enough to be able to start trialling Windows Thin PC which at the time, Stuart had no idea how important that trial would be.


Having been involved in the roll out of 160 encrypted new laptops in his role prior to joining Marine Academy, Stuart felt there was only one choice. One of the joys of the Windows 7 Operating System, the Enterprise Version, available to schools and colleges under the Microsoft Enrolment for Education Solutions (EES)  and Schools/Campus Licencing Agreements, is that it contains the “Bitlocker” functionality.

“Encryption, right out of the box – every IT Managers dream”

Having completed a number of Windows 7 deployments before the settings side of things was relatively simple.

‘’Particularly as Microsoft now give you to tools to backup and transfer Group Policy Objects (GPOs)”.

There are lots of warnings about transferring GPOs between domains however there are supported ways of doing it - the links appear at the end of the article. The principal is to use the management console, take a backup and then remove the Default Domain and Default Domain Controller Objects. Importing these over the top on your target domain “will horribly break things” warns Stuart. There are tools then to edit the GPOs to change the domain referenced and also change the security groups or paths which may appear throughout (if you used security groups for filtering or applying various settings – eg folder redirection).

Settings all done and dusted (well, actually these were tested before the summer break on some of those high end ICT Suite machines) it was time to work out how to deploy over 400 machines. Stuart is known on EduGeek as one of the “System Centre Gods” for playing around and deploying Operating Systems and Applications, so this shouldn’t present much of an issue.

“This was now the 4th time round for setting up System Centre Configuration Manager (SCCM)”.

A complete rundown on how to set this up as well as reference “Task Sequences” are all on his blog over on

“Software is where SCCM gets interesting”, and the deployment goes to a whole new level at Marine Academy. For those not familiar with SCCM, not only does it deploy MSI’s (like a lot of IT teams in Schools do with Group Policies) but it also can deal with normal Setup executable’ or just groups of files (which usually need some scripting to sort out). “Cue less cursing of software houses” jokes Stuart!

Virtualising the servers was one step, but you can also use SCCM and a lesser known piece of kit called MDOP (Microsoft Desktop Optimisation Toolkit) to take even more control of the application management process. MDOP contains a feature called AppV – which allows you to separate the application from the Operating System. The application is “installed” on the machine but it doesn’t interact with the Operating System and doesn’t have a Program Files folder. 

“It exists in its own bubble. This is ideal if you want two versions of the same application on the same machine such as Adobe CS4 and CS5.5 on the same machine”

The ICT curriculum had already been designed for this year around CS4 and so it needed to be there, but Marine Academy wanted the new version and  the ICT team wanted to get to know the new version too.

“It also allows us to get older software which is not compatible with Windows 7 to run on it - great for educational software too where there tend to be a lot of older version lurking about.’’

Creating AppV applications is pretty similar to creating MSIs through packaging. Anyone who has used Wininstall will recognise the process of snapshot, install, snapshot, package made. SCCM recognises these packages as special  and allows you to do something called “streaming”.

So that’s really about it on SCCM. The great thing is under Microsoft EES  you can get all you need to run this for very little in terms of cost. You need to buy the System Centre pack, which covers your server level products. All your CALS are covered under your Desktop Standard or Desktop Enterprise.  In Stuart’ opinion, ‘’go enterprise if you can, as you may not want all the extra goodies in there now, but at least you can at a later date if you want.’’

Stuart is currently working on the final part of this blog series looking at the Remote Desktop to cover the Windows Thin PC machines and the purchase of the Wyse Terminals for the administration and support offices.

Backing up, Restoring, Migrating and Copying GPO's

Migrating GPO's Across Domians with GPMC


Migrate GPO's between Domains blog

Comments (0)

Skip to main content