Insights

Adaptiva 12 Days of Windows 10 Deployments

The Twelve Days of Windows 10 Deployment Tips

by

It’s the holidays again! At Adaptiva, we wanted to send each and every one of you a delicious holiday fruitcake. Fruitcakes don’t last very long though, and they don’t really help you migrate enterprises to Windows 10. That’s why we decided to give you a gift that will keep on giving far beyond the holidays: Twelve Days of Windows 10 Deployment Tips.

We’ve collected twelve Windows 10 OSD tips from MVPs around the world, and we’re releasing one a day. Follow our twitter at @adaptiva, or check back on this blog every day to see each new tip.

Wishing you and your loved ones the merriest of holiday seasons, and happy Windows 10 deployments in the new year!

The ConfigMgr Carolers Sing

Download Song

Day #12 Leverage ConfigMgr Reporting to Share Deployment Success

Garth Jones @GarthMJ

You may be underestimating just how much valuable deployment information already exists—in your ConfigMgr database. It’s pretty easy to create reports that show deployment status such as: not started, waiting, running, success, failed, and retrying. If you want to save time, plan more efficiently, and impress your bosses, you may want to display the results in a dashboard.

You can create your own OS Deployment Dashboard, or consider using a free one. This blog explains more.

Day #11 Train Your End-Users to Use Windows 10

Harjit Dhaliwal @Hoorge

Windows 10 is a powerful Operating System with lots of great features. If you want the migration to go smoothly and quickly, training is critical. You can help end users succeed by familiarizing them with the basic and advanced features of Windows 10.

Training resources can be found on various sites such as Microsoft Virtual Academy, Lynda.com, YouTube, and directly from Microsoft. Microsoft provides handy reference page for popular Windows 10 training solutions.

https://www.microsoft.com/en-us/learning/windows-training.aspx

Day #10 Test BitLocker without a TPM

Cliff Hobbs @CliffHobbs 

Do I need a physical machine with a TPM chip to test BitLocker? No!

One of the coolest features in Windows 10 is BitLocker, which a lot of organizations are looking at deploying. However, what if the physical machine on which you do all your testing does not have a Trusted Platform Module (TPM)? How can you “play” with testing/deploying Windows 10 with BitLocker?

The answer is actually simpler than you think. It has nothing to do with hardware, as explained in this blog FAQshop article.

https://faqshop.com/windows/windows-client/windows-10/do-i-need-a-physical-machine-with-a-tpm-chip-to-test-bitlocker/

Day #9 Try the ConfigMgr Driver Management Holy Grail

Kim Oppalfens @TheWMIGuy

The new way of doing driver management, as introduced by Kim Oppalfens & Tom Degreef, in ConfigMgr is more dynamic than it used to be. It offers the following advantages:

  • Get full control over the drivers that get installed
  • Dynamically select these drivers based on the detected hardware model
  • Install drivers during OSD without importing them into Configuration Manager
  • Add a new hardware model without modifying your task sequence in any way
  • Remove static content references from the task sequence

You can get all the details in this blog post.

http://www.oscc.be/sccm/osd/The-holy-grail-of-ConfigMgr-diver-management,-or-whatever-you-want-to-call-it/

Day #8 Add Internet Explorer to the Start Menu

Jörgen Nilsson @ccmexec

The documentation on how to modify the Start menu is pretty good. However, it does not cover how we add a link for Internet Explorer, which is a very common request. This post describes how the Internet Explorer Icon is added to t he Start menu during OS deployment. The same .XML file can be used in a group policy as well but the .lnk file needs to be copied to the client using a Group Policy Preference.

http://ccmexec.com/2015/09/customizing-the-windows-10-start-menu-and-add-ie-shortcut-during-osd/

Day #7 Perfect Images with Security Compliance Manager 4.0

Duncan McAlynn @infosecwar

Prior to rubber stamping your approval of a Windows 10 “gold” image/task sequence, first download the Security Compliance Manager 4.0 (has EOL, but still has years of use ahead). Also get the most recent Security Compliance Toolkit templates.

Use Security Compliance Manager to view/edit the Microsoft security hardening recommendations. Then export as a .cab file to import inside of ConfigMgr. From there you can use the Compliance Baselines to identify the delta between Microsoft’s security recommendations for the OS and what you’re planning to deploy.
Bonus Tip:
Use the following as a guide for creating auto-remediation baselines in ConfigMgr to ensure that systems that drift out of compliance are brought back into standard configuration.
alexpooleyblog.wordpress.com

Day #6 Plan Security Configuration Management Early

Anoop C Nair @anoopmannur 

One of the key benefits of Windows 10 is the new security enhancements. It’s critical to secure Windows 10 from the start, and then maintain the security with good security configuration management. The security risk landscape has changed. Attackers are more sophisticated with easier access to malware and advanced tools. You can learn more about Windows 10 security configuration management in this blog post.

What is Endpoint Security Configuration Management for Windows 10 Devices

Day #5 Update Your Firmware

Maurice Daly @modaly_it

For a Windows 10 deployment to be successful, whether on bare metal or as part of an upgrade deployment, you need to get the system running the latest BIOS (firmware) release. Previously, updating firmware hasn’t been seen as a critical step. However with the movement to UEFI and the new features contained within, it is imperative that the system is as up to date as possible to help prevent issues occurring during your Windows 10 rollout.

Nickolaj Andersen and I have come up with a dynamic solution that takes some of the pain away from the install/update process for both the system BIOS and drivers. Information on this solution can be found at http://www.scconfigmgr.com/modern-bios-management/ and http://www.scconfigmgr.com/modern-driver-management/.

Day #4: Embrace Upgrade Readiness

Ami Casto @AdaptivaAmi

Most of you know about Upgrade Readiness by now, but are you really using it? If not, you may not realize just how powerful it is.

It’s a free service that collects analytics data from endpoints, and provides detailed insights in an online dashboard. You enable a telemetry engine that sends anonymous information about each system to the cloud. It turns the telemetry data you send to Microsoft into actionable planning information. It provides hardware, driver, and application compatibility assessments. This makes it easy to know which machines are ready for Windows 10, and which ones will need help.

A migration workflow can guide you as you move everything to Windows 10. All this can be integrated into Configuration Manager for unified reporting. For more information, why not jump straight ito the Microsoft Get Started guide?

 

Day #3: Smart-Target In-Place Upgrades

Wally Mead @Wally_Mead

I’m a firm believer in doing the Windows 10 in-place upgrade. However, you need to be strategic.
I think that it is important to have a good target of systems that can be upgraded. If you start with a set of systems that you expect the upgrade to work on, then you’ll get better compliance results in the console status as well as reports.

To do this, enable the “Perform Windows Setup compatibility scan without starting upgrade” option in your in-place upgrade task sequence. It will scan potential upgrade targets, and build a collection of those that returned a success status. Then  you should be able to easily track the upgrade process without being bothered by systems with incompatibilities that prevent the upgrade from completing.

 

Day #2: Customize the Default In-place Upgrade Task Sequence

Johan Arwidmark @jarwidmark

As you probably know, ConfigMgr Current Branch has a built-in task sequence template for Windows 10 in-place upgrades. This template is used for Windows 7/8/8.1 to Windows 10 upgrades. It is also used for Windows 10 to Windows 10 upgrades when a new feature update is available.

However, the default task sequence template for in-place upgrades is missing some useful features. This post explains what they are, and shows you how to add them.

Deployment Research Blog: Improving the ConfigMgr In-place Upgrade Task Sequence

Day #1: Choose Your Deployment Methods Wisely

By Paul Winstanley @SCCMentor

Survey the landscape carefully. Map out your specific needs. Look at your deployment scenarios and all the options for Windows 10 deployments. Then apply the best fit to your situation. Ask yourself:

  • Will you be dealing with bare-metal, refresh, or replace?
  • Will in-place upgrades get you migrated to Windows 10 faster and more cost effectively?
  • Are you going to use on-premises SCCM, MDT, or the modern device management (MDM) method AutoPilot?

AutoPilot provides you with an out of the box Windows 10 build where you can layer on applications, compliance, and configuration via the Cloud. This blog post gives you the basics of AutoPilot, and a whole lot more.

There’s plenty of choice in this brave new world. Take time to look at all your options,  then choose carefully. Making the right choice could save you weeks or months of lost time heading down the wrong path.

Bill Bernat
Director of Product and Content Marketing, Adaptiva

Get free education resources and more at the Adaptiva Academy

Get Free Stuff