Windows 10 As a Service Imaging (WaaS) with Specops Deploy

Windows 10 Operating Systems have changed and so have the strategic options available to deploy and maintain the operating system in the Enterprise. Imaging has traditionally been used to apply an operating system with a consistent look and feel. Now with Windows 10 this can still be utilized but would have to be updated for every major release to ensure the latest build. These steps will enhance the OS version and consistency when deploying updates and Windows 10 operating system settings for all OS deployment scenarios.

Implement WSUS Windows as a service for your organization.

Windows Feature updates are now semi-annual, which means a more controlled frequency of OS releases and you don’t have to launch a major initiative to re-deploy the operating systems in your organization. The updates that are going through this servicing channel can be deferred up to 18 months, if you are not ready for major release.  The updates can also be pre-staged using release rings, which would allow you to create priority waves in your organization.

Read More and get started:

https://docs.microsoft.com/en-us/windows/deployment/update/waas-wufb-group-policy

https://docs.microsoft.com/en-us/windows/deployment/update/waas-deployment-rings-windows-10-updates

When Windows 10 updates for business are implemented, you can use your imaging server to create a new build by pointing to your WSUS Server in the Specops Policy.

Note: Specops Software does support Wipe-and Load for Deployment and Re-install with User Settings captured, however we do not offer direct integration with WSUS to manage the device targeting from the Specops Deploy console.

Additional guidance to ensure a consistent build:

Add task sequence customizations

Remove Windows Store Applications – This is the most common culprit when running into imaging or capturing an operating system due to the requirement to update the applications once online, but organizations are looking to over simplify the amount of bloatware or Windows Store applications that ship with Windows Enterprise software.

Download the Script:

https://blogs.technet.microsoft.com/mniehaus/2015/11/11/removing-windows-10-in-box-apps-during-a-task-sequence/

Script is located on bottom of Technet Blog.

Applying the Script:

1. Copy script to the deployment repository .\Scripts folder
2. Create a Command line for the script in MDT
3. Add Command line Powershell.exe -File “%SCRIPTROOT%\RemoveApps.ps1”

Important: This script is designed to pull out all the Windows Store Managed Applications, including Calculator or other useful things. There is a log file generated that gives you a list of applications. If you create the list and then remove the applications you wish to keep in the build, it will make a great manifest to run at script execution

Pause Task Sequence

This option can work for you if you have any custom settings or registry requirements to apply to the build. This is the best alternative to add finishing touches, validation to the build or just would like to install software, the legacy way.

1. Create a Command line:
2. Name: ‘Pause Task Sequence’
3. Command: Cmd /c start “Paused Task Sequence, Close window to resume” /wait cmd

Using Security Baselines and Importing GPO Settings Offline

This option would allow you to apply computer policies to harden your operating system and various other policies from a domain joined system to apply them locally to a Workgroup system or to prepopulate settings before domain join.

Note: Reboot Required to apply the GPO’s

1. Download the LGPO utility from Microsoft https://www.microsoft.com/en-us/download/details.aspx?id=55319
2. Add the utility to .\Scripts
3. Add the Export command line: LGPO.exe /b path
4. Once exported it will create a GUID that can be laced in the .\Scripts folder that can be re-imported in a later step.
5. Create Command Line: Cmd.exe /c %SCRIPTROOT%\LGPO.exe /g [GUID]

Apply a Windows image And Configuration Package – Windows image and configuration Designer is a native tool to ADK and is already available on your imaging server. It can be used to apply a custom startlayout, Wifi Settings and more additional settings that would normally have a manual or GPO method to apply.

1. Open Windows Configuration Designer
2. Choose settings form available options
3. After you create the .ppkg file add it to .\Scripts folder in deployment repository
4. Create a Command Line:
5. Name: ‘ApplyProvisioning Package’
6. DISM /Image=C\ /Add-ProvisioningPackage /PackagePath:%SCRIPTROOT%\ProvisioningPackage.ppkg

A future blog post on how to use this package for your imaging strategy is in development.

Summary:

Windows updates for Business and Task Sequence customizations are environmental settings that can create a simplified approach when deploying operating systems using Specops Deploy. Specops Software would recommend thorough testing when implementing a Windows 10 update strategy.

The setting, commands and strategic approach are subjective to your environment and Specops Software updates will re-apply the default settings when re-installed, so please back up the Task Sequence before environmental changes are applied.

The settings are meant as recommendations to further extend your environmental support for Windows 10 Updates for business and imaging. Specops Software does not support these configurations within the root of the product and no guarantees or support is expressed or implied.