It’s the holidays again! At Adaptiva, we wanted to send each and every one of you a delicious holiday fruitcake. Fruitcakes don’t last very long though, and they don’t really help you migrate enterprises to Windows 10. That’s why we decided to give you a gift that will keep on giving far beyond the holidays: Twelve Days of Windows 10 Deployment Tips.
We’ve collected twelve Windows 10 OSD tips from MVPs around the world, and we’re releasing one a day. Follow our twitter at @adaptiva, or check back on this blog every day to see each new tip.
Wishing you and your loved ones the merriest of holiday seasons, and happy Windows 10 deployments in the new year!
The ConfigMgr Carolers Sing
Day #12 Leverage ConfigMgr Reporting to Share Deployment Success
Garth Jones @GarthMJ
Day 12 of the 12 Days of Windows 10 Deployment Tips is upon us! So soon? This one is from @GarthMJ, "Leverage ConfigMgr Reporting to Share Deployment Success." Find out more here! https://t.co/T6gspLp0PH #configmgr #sccm pic.twitter.com/rNLML1etqs
— Adaptiva (@adaptiva) December 21, 2017
You may be underestimating just how much valuable deployment information already exists—in your ConfigMgr database. It’s pretty easy to create reports that show deployment status such as: not started, waiting, running, success, failed, and retrying. If you want to save time, plan more efficiently, and impress your bosses, you may want to display the results in a dashboard.
You can create your own OS Deployment Dashboard, or consider using a free one. This blog explains more.
Day #11 Train Your End-Users to Use Windows 10
Harjit Dhaliwal @Hoorge
Day 11 of the 12 Days of #Windows10 Deployment Tips nears an end with “Train Your End Users.” Get advice and resources from @Hoorge https://t.co/T6gspLp0PH #configmgr #sccm pic.twitter.com/fBFsEeQ9Rr
— Adaptiva (@adaptiva) December 20, 2017
Windows 10 is a powerful Operating System with lots of great features. If you want the migration to go smoothly and quickly, training is critical. You can help end users succeed by familiarizing them with the basic and advanced features of Windows 10.
Training resources can be found on various sites such as Microsoft Virtual Academy, Lynda.com, YouTube, and directly from Microsoft. Microsoft provides handy reference page for popular Windows 10 training solutions.
https://www.microsoft.com/en-us/learning/windows-training.aspx
Day #10 Test BitLocker without a TPM
Cliff Hobbs @CliffHobbs
The 12 Days of Windows10 Deployment Tips get secure today with @CliffHobbs : Test BitLocker without a TPM! https://t.co/T6gspLp0PH #configmgr #sccm pic.twitter.com/PQyIiFjFFy
— Adaptiva (@adaptiva) December 19, 2017
Do I need a physical machine with a TPM chip to test BitLocker? No!
One of the coolest features in Windows 10 is BitLocker, which a lot of organizations are looking at deploying. However, what if the physical machine on which you do all your testing does not have a Trusted Platform Module (TPM)? How can you “play” with testing/deploying Windows 10 with BitLocker?
The answer is actually simpler than you think. It has nothing to do with hardware, as explained in this blog FAQshop article.
Day #9 Try the ConfigMgr Driver Management Holy Grail
Kim Oppalfens @TheWMIGuy
Try the New #ConfigMgr Driver Management Holy Grail! The 12 Days of #Windows10 Deployment Tips keep rolling on Day #9 with @TheWMIGuy https://t.co/I4rsKrMsnT #sccm pic.twitter.com/t17r8dBiKf
— Adaptiva (@adaptiva) December 18, 2017
The new way of doing driver management, as introduced by Kim Oppalfens & Tom Degreef, in ConfigMgr is more dynamic than it used to be. It offers the following advantages:
- Get full control over the drivers that get installed
- Dynamically select these drivers based on the detected hardware model
- Install drivers during OSD without importing them into Configuration Manager
- Add a new hardware model without modifying your task sequence in any way
- Remove static content references from the task sequence
You can get all the details in this blog post.
Day #8 Add Internet Explorer to the Start Menu
Jörgen Nilsson @ccmexec
“Add IE to the Start menu” –Undocumented, practical goodness from @ccmexec in #8 of the 12 Days of #Windows10 Deployment Tips! https://t.co/T6gspLp0PH #configmgr #sccm pic.twitter.com/LAMnlng8hp
— Adaptiva (@adaptiva) December 15, 2017
The documentation on how to modify the Start menu is pretty good. However, it does not cover how we add a link for Internet Explorer, which is a very common request. This post describes how the Internet Explorer Icon is added to t he Start menu during OS deployment. The same .XML file can be used in a group policy as well but the .lnk file needs to be copied to the client using a Group Policy Preference.
http://ccmexec.com/2015/09/customizing-the-windows-10-start-menu-and-add-ie-shortcut-during-osd/
Day #7 Perfect Images with Security Compliance Manager 4.0
Duncan McAlynn @infosecwar
The holiday #windows10 deployment festivities continue with @infosecwar ‘s “Perfect Images with Security Compliance Manager 4.0” #configmgr #sccm Get the full tip here! Only 5 left to come:)https://t.co/T6gspLp0PH pic.twitter.com/R6AyyAaEep
— Adaptiva (@adaptiva) December 14, 2017
Prior to rubber stamping your approval of a Windows 10 “gold” image/task sequence, first download the Security Compliance Manager 4.0 (has EOL, but still has years of use ahead). Also get the most recent Security Compliance Toolkit templates.
Use Security Compliance Manager to view/edit the Microsoft security hardening recommendations. Then export as a .cab file to import inside of ConfigMgr. From there you can use the Compliance Baselines to identify the delta between Microsoft’s security recommendations for the OS and what you’re planning to deploy.
Bonus Tip:
Use the following as a guide for creating auto-remediation baselines in ConfigMgr to ensure that systems that drift out of compliance are brought back into standard configuration.
alexpooleyblog.wordpress.com
Day #6 Plan Security Configuration Management Early
Anoop C Nair @anoopmannur
Today’s Windows 10 Deployment Tip (#6 of #12 days of tips!) comes from @anoopmannur! Plan Security Configuration Management Early! Get details and links at https://t.co/T6gspLp0PH #configmgr #sccm pic.twitter.com/foQUqMXxhD
— Adaptiva (@adaptiva) December 13, 2017
One of the key benefits of Windows 10 is the new security enhancements. It’s critical to secure Windows 10 from the start, and then maintain the security with good security configuration management. The security risk landscape has changed. Attackers are more sophisticated with easier access to malware and advanced tools. You can learn more about Windows 10 security configuration management in this blog post.
https://www.anoopcnair.com/what-is-endpoint-security-configuration-management-for-windows-10-devices/
Day #5 Update Your Firmware
Maurice Daly @modaly_it
Firming up the 12 Days of #Windows10 Deployment Tips with Tip #5 from @modaly_it : Update Your Firmware! https://t.co/T6gspLp0PH #configmgr #sccm pic.twitter.com/BkHcuMo69x
— Adaptiva (@adaptiva) December 12, 2017
For a Windows 10 deployment to be successful, whether on bare metal or as part of an upgrade deployment, you need to get the system running the latest BIOS (firmware) release. Previously, updating firmware hasn’t been seen as a critical step. However with the movement to UEFI and the new features contained within, it is imperative that the system is as up to date as possible to help prevent issues occurring during your Windows 10 rollout.
Nickolaj Andersen and I have come up with a dynamic solution that takes some of the pain away from the install/update process for both the system BIOS and drivers. Information on this solution can be found at http://www.scconfigmgr.com/modern-bios-management/ and http://www.scconfigmgr.com/modern-driver-management/.
Day #4: Embrace Upgrade Readiness
Ami Casto @AdaptivaAmi
The 12 Days of #Windows10 Deployment Tips, Day 4 with @AdaptivaAmi Embrace Upgrade Readiness! https://t.co/T6gspLp0PH #configmgr #mdt pic.twitter.com/S19RCGoSe8
— Adaptiva (@adaptiva) December 11, 2017
Most of you know about Upgrade Readiness by now, but are you really using it? If not, you may not realize just how powerful it is.
It’s a free service that collects analytics data from endpoints, and provides detailed insights in an online dashboard. You enable a telemetry engine that sends anonymous information about each system to the cloud. It turns the telemetry data you send to Microsoft into actionable planning information. It provides hardware, driver, and application compatibility assessments. This makes it easy to know which machines are ready for Windows 10, and which ones will need help.
A migration workflow can guide you as you move everything to Windows 10. All this can be integrated into Configuration Manager for unified reporting. For more information, why not jump straight ito the Microsoft Get Started guide?
Day #3: Smart-Target In-Place Upgrades
Wally Mead @Wally_Mead
The 12 Days of #Windows10 Deployment Tips bring holiday greetings from @Wally_Mead : Smart-target In-place Upgrades https://t.co/2Tq3rQK5ax #configmgr #mdt pic.twitter.com/CcIUifw8MK
— Adaptiva (@adaptiva) December 8, 2017
I’m a firm believer in doing the Windows 10 in-place upgrade. However, you need to be strategic.
I think that it is important to have a good target of systems that can be upgraded. If you start with a set of systems that you expect the upgrade to work on, then you’ll get better compliance results in the console status as well as reports.
To do this, enable the “Perform Windows Setup compatibility scan without starting upgrade” option in your in-place upgrade task sequence. It will scan potential upgrade targets, and build a collection of those that returned a success status. Then you should be able to easily track the upgrade process without being bothered by systems with incompatibilities that prevent the upgrade from completing.
Day #2: Customize the Default In-place Upgrade Task Sequence
Johan Arwidmark @jarwidmark
The 12 Days of #Windows10 Deployment Tips keep rolling with tip #2 from @jarwidmark : Customize the Default In-place Upgrade Task Sequence! https://t.co/j69L76STZl #configmgr #mdt pic.twitter.com/c4m9EaUiqZ
— Adaptiva (@adaptiva) December 7, 2017
As you probably know, ConfigMgr Current Branch has a built-in task sequence template for Windows 10 in-place upgrades. This template is used for Windows 7/8/8.1 to Windows 10 upgrades. It is also used for Windows 10 to Windows 10 upgrades when a new feature update is available.
However, the default task sequence template for in-place upgrades is missing some useful features. This post explains what they are, and shows you how to add them.
Deployment Research Blog: Improving the ConfigMgr In-place Upgrade Task Sequence
Day #1: Choose Your Deployment Methods Wisely
By Paul Winstanley @SCCMentor
The 12 Days of #Windows10 Deployment Tips kicks off with tip #1 from @SCCMentor! Read Paul’s tips for choosing the best deployment method for your environment. https://t.co/j69L76STZl #configmgr #mdt pic.twitter.com/smjHlrAqwc
— Adaptiva (@adaptiva) December 6, 2017
Survey the landscape carefully. Map out your specific needs. Look at your deployment scenarios and all the options for Windows 10 deployments. Then apply the best fit to your situation. Ask yourself:
- Will you be dealing with bare-metal, refresh, or replace?
- Will in-place upgrades get you migrated to Windows 10 faster and more cost effectively?
- Are you going to use on-premises SCCM, MDT, or the modern device management (MDM) method AutoPilot?
AutoPilot provides you with an out of the box Windows 10 build where you can layer on applications, compliance, and configuration via the Cloud. This blog post gives you the basics of AutoPilot, and a whole lot more.
There’s plenty of choice in this brave new world. Take time to look at all your options, then choose carefully. Making the right choice could save you weeks or months of lost time heading down the wrong path.
