As usual the windows networking site posts..are “the best”.. this time for advance deployment
I am trying to summarise here..
Few points to consider…
- You should ALWAYS use MDT (not SCCM!) for building, capturing and testing your reference images.
- You should PROBABLY NOT use MDT ALONE if you have more than a couple of sites you need to deploy Windows to (that is, you should ALSO use SCCM in this scenario).
- You should ALSO use WDS if you have more than a few hundred computers to deploy Windows to (that is, you could use MDT and WDS together in this scenario).
- While you COULD use MDT WITH WDS to deploy Windows to thousands or more computers, you PROBABLY want to consider using SCCM instead for such scenarios especially when your organization spans multiple geographical locations (that is, you should use MDT, WDS and SCCM in this scenario).
OSD Comparison Matrix
Area/Feature | ADS 1.1 | WDS | Microsoft Deployment (Lite-Touch) | ConfigMgr 2007 | ConfigMgr 2007 with Microsoft Deployment | |
OS Deployment | ||||||
Architectures | x86, x64 | x86, x64, IA-64 | x86, x64 | x86, x64 | x86, x64 | |
Operating systems | Windows 2000 Server and Windows Server 2003 | Windows 2000 and later | Windows XP and later | Windows 2000 and later; WePOS & WinFLP | Windows 2000 and later; WePOS & WinFLP | |
Client and/or server | Server only | Client and server | Client and server | Client and server | Client and server | |
Image-based vs. setup.exe | Image only | Image only, except setup.exe in RIS mode | Image and setup.exe | Image and setup.exe | Image and setup.exe | |
HAL agnostic | No | Yes, for Vista/WS2008 and later | Yes, for Vista/WS2008 and later | Yes, for Vista/WS2008 and later | Yes, for Vista/WS2008 and later | |
Source of Configuration Data | ADS database (SQL) | Active Directory | .INI files or SQL database | ConfigMgr database (SQL) | ConfigMgr database (SQL) | |
Automatic generation of unattend files | No | No | Yes | Yes | Yes | |
Image Management | ||||||
Format of images | IMG | WIM. Also RISETUP and RIPREP in RIS mode | WIM | WIM | WIM | |
Image are interchangeable across products | No | Yes | Yes | Yes | Yes | |
Replicate images to multiple locations | No | Manage externally via DFSR | Manage externally via DFSR | Yes | Yes | |
Binary delta replication | No | Manage externally via DFSR | Manage externally via DFSR | Yes | Yes | |
Pre-stage to target computer before starting deployment | No | No | No | Yes | Yes | |
Multicast image to target computers | Yes | Yes | Yes, using WDS | Yes | Yes | |
Bandwidth management of image xfer | No | Yes when multicasting | No | Yes when pre-staging | Yes when pre-staging | |
Reference computer build & capture | Manual | Manual | Automated via task sequence | Automated via task sequence | Automated via task sequence | |
Device Driver Management | ||||||
Insert drivers into OS image | No | Install fixed set of drivers via unattend.xml commands | Automatic at deployment time based on PnP ID | Automatic at deployment time based on PnP ID | Automatic at deployment time based on PnP ID | |
Insert drivers into WinPE | No | No | Admin initiated | Admin initiated | Admin initiated | |
Reporting on driver availability for devices across an organization | No | No | No | Yes | Yes | |
Disk Management | ||||||
Complex repartitioning & formatting | Yes | Yes | Via custom diskpart scripting | Yes | Yes | |
Deploy multiple partitions and data images | Yes | No | Yes for multiple partitions; no for data images | Yes | Yes | |
Deploy and enable BitLocker configurations | No | Yes, as a start-up script in the OS image | Yes | Yes | Yes | |
Automate setup of RAID/SAN/iSCSI | Yes, with vendor tools | No | Yes, with vendor tools | Yes, with vendor tools | Yes, with vendor tools | |
Virtual floppy for pre-OS hardware setup | Yes | No | No | No | No | |
Network Management | ||||||
Migrate network settings | No | No | No | Yes | Yes | |
Network connectivity assumptions | Well-connected only | Well-connected only | Well-connected only | Well-connected or poor/intermittent connection | Well-connected or poor/intermittent connection | |
Works for static IPs with no DHCP | No | Yes with bootable media | Yes, except PXE | Yes, except PXE | Yes, except PXE | |
IPv4 and IPv6 | IPv4 only | IPv4 only | Works only in IPv4 environments; can configure some IPv6 settings | IPv4 and IPv6 (except PXE) | IPv4 and IPv6 (except PXE) | |
Deployment Models | ||||||
PXE initiated | Yes | Yes | Yes | Yes | Yes | |
Removable media (CD, DVD, USB) initiated | No | Yes | Yes | Yes | Yes | |
Client OS initiated | Yes | No | No | Yes | Yes | |
Push/pull model | Push and pull | Pull only | Pull only | Push and pull | Push and pull | |
End user choice of image to deploy | No | Yes | Yes | Yes | Yes | |
Fully unattended option | Yes | Yes after initial PXE boot | No | Yes | Yes | |
Offline deployment from media | No | No | Yes | Yes, including CD/DVD spanning | Yes, including CD/DVD spanning | |
Deploy to unrecognized computers | Yes | Yes | Yes | Yes | Yes | |
End-to-end process | ||||||
Task sequencing | Yes | No | Yes | Yes | Yes | |
Task sequence conditions & groups | No | No | No | Yes | Yes | |
Task sequence parameterization (with variables) | Per-computer | No | Yes, from rules using LTI database | Per-computer and per-collection with override | Per-computer and per-collection with override | |
Migrate user state & settings | No | No | Yes | Yes | Yes | |
Install patches | No | From a file share for Vista/WS2008 and later only via built-in OS capability | Yes, from file share | Yes, integrated with ConfigMgr Software Update Management | Yes, integrated with ConfigMgr Software Update Management | |
Install applications | Yes | Yes, via unattend.xml or startup scripts, from file share or baked into image | Yes, from file share | Yes, integrated with ConfigMgr software dist | Yes, integrated with ConfigMgr software dist | |
Install Vista/WS2008 and later language packs | No | Yes | Yes | No | Yes | |
Install server roles (AD, File/Print, DHCP, DNS, etc.) | Yes, as custom actions | Yes, as start-up scripts | Yes | Yes | Yes | |
Obeys maintenance windows | No | No | No | Yes | Yes | |
Works in a NAP environment | No | Post-deployment actions could fail if quarantined | No | Yes, task sequences wait for remediation before continuing | Yes, task sequences wait for remediation before continuing | |
Wake-on-LAN integration | No | No | No | Yes | Yes | |
Security | ||||||
Encrypts “secrets” on the network | Yes | No | No | Yes | Yes | |
Encrypts “secrets” on the target computer | Yes | No | No | Yes, except during Vista setup phase | Yes, except during Vista setup phase | |
Strong authorization of target computer | Yes | No | No | Yes, except for PXE | Yes, except for PXE | |
Encrypts user state during migration | No | No | No | Yes | Yes | |
Encrypts images on the network | Yes | No | No | Yes | Yes | |
Password protect deployment media | No | No | No | Yes | Yes | |
Reporting | ||||||
Aggregate status of all deployments | Yes | Via Crimson events | Yes with OpsMgr | Yes | Yes | |
Detailed status of individual computers | Yes | Via Crimson events | Yes with OpsMgr | Yes | Yes | |
Admin UI | ||||||
Central monitoring of deployments | Yes | Only for multicast transmissions | No | Yes | Yes | |
Task sequence editor | Limited | No | Yes | Yes | Yes | |
Sophisticated targeting | No | No | No | Yes | Yes | |
Multiple simultaneous IT admins | Yes | Yes | No | Yes | Yes | |
User access controls | Yes | No | No | Yes | Yes | |
Scriptable | Yes, with WMI | Partial via COM+ | Scriptable .Net data layer | Yes, with WMI | Yes, with WMI | |
Localized | No | Yes, to Windows Server languages | As funded by country subs | Yes, to ConfigMgr server languages | Yes | |
Framework technology | MMC 2.0 | MMC 2.0 | MMC 3.0 | MMC 3.0 | MMC 3.0 |
For the above table summary would be …
- Replication (MDT requires DFSR)
- Multicast deployment (MDT requires WDS)
- Bandwidth management of image transfer (not available with MDT but available with SCCM for pre-staging)
- Reporting on driver availability for devices across an organization (not available with MDT)
- Complex repartitioning and formatting of disks (requires custom diskpart scripting with MDT)
- Network connectivity assumptions (MDT requires well-connected network while SCCM tolerates poor/intermittent connections)
- Client OS initiated deployment and fully unattended option (not available with MDT)
- Push/pull model (MDT supports pull only while SCCM supports both push and pull deployments)
- Offline deployment from media (SCCM also supports CD/DVD spanning)
- Security (SCCM supports encryption and password protection)
To answer the question of WHY you should use MDT and SCCM TOGETHER for your Windows deployments
quick summary:
- Wizard to create all needed packages (USMT, scripts, client, OS, etc.) and task sequences from MDT templates.
- Wizard to create new boot images (adding optional components, fonts, fixes, etc.).
- Ability to dynamically determine user state location (local or network) based on estimate of USMT capture size.
- Ability to modify any unattend.xml/sysprep.inf/unattend.txt value using task sequence variable values.
- Task sequence templates that cover all scenarios from a single template: new computers, refreshes, replacements, with any OSes.
- Ability to back up the computer as a WIM during backup (local or network based on available disk space).
- Additional validation, prerequisite, and BIOS compatibility checks (e.g. don’t deploy Vista to a domain controller; make sure machines have more than 512MB RAM; etc.).
- Capture and restore local group memberships.
- Tattoo task sequence details into the registry and capture via ConfigMgr inventory for reporting purposes.
- Move state store to a safe location before the task sequence ends.
- Copy logs to a network location.
- Scripting framework to make it easier to add additional scripts into a task sequence (“toolkit package”).
- Action to install software updates offline for Vista and Server 2008.
- Action to install language packs offline or online for Vista and Server 2008.
- Action to install OS roles and features on Server 2003 and Server 2008.
- Action to configure ADDS (DCPROMO) on Server 2003 and Server 2008.
- Action to configure DHCP on Server 2003 and Server 2008.
- Action to configure DNS on Server 2003 and Server 2008.
- Unknown computer support for pre-ConfigMgr R2 installations.
- Gathering process to set various variables based on information about the machine, retrieved from WMI and other sources.
- Rules engine to set variables from databases, web services, etc.
- A database for configuring location, make/model, role, and computer-based settings.
- Stored procedure for reinstalling software packages that were installed in the old OS, based on ConfigMgr inventory details.
- Script to merge disconnected lists (ZTICoalesce) to solve some issues with using collection and computer variables.
- Script to enable all programs for dynamic installation via “install software” task sequence step.
Few More points on…ZTI
ZTI…(Zero Touch Installation) is a high-volume deployment strategy for midsize to large organizations that combines the use of MDT with System Center Configuration Manager (SCCM), which is part of the System Center family of products from Microsoft. Compared to the LTI approach that uses MDT with Windows Deployment Services, the ZTI approach to deployment using SCCM provides the following additional benefits:
- Support for replication. (MDT requires using Distributed File System Replication.)
- Support for performing multicast deployment. (MDT requires using Windows Deployment Services.)
- Support for the bandwidth management of image transfers.
- Support for reporting on driver availability for devices across your organization.
- Support for complex repartitioning schemes and the formatting of disks. (This can also be done using MDT, but it requires custom scripting using Diskpart.)
- Tolerance of poor or intermittent network connectivity.
- Support for client operating system–initiated deployment.
- Support for fully unattended deployment.
- Support for offline deployment from media and CD/DVD spanning.
- Support for encryption and password protection.
The biggest value of all of using SCCM together with MDT is that not only can you easily deploy Windows across your organization with no user interaction needed but you can also manage your computers using SCCM once you’ve deployed Windows onto them.
Of course, the downside is that the initial setup and configuration of your SCCM infrastructure takes some time, planning and expertise (plus licensing costs). But once you’ve got this up-front investment finished, deploying and managing Windows-based computers is straightforward.