Image deployment was something I saw that I could improve right away by implementing MDT. I have used MDT since 2008 and have learned many different best practices and got this opportunity to start clean.
I've written over 100 pages of documentation on how I setup MDT and the best practices implemented (lots of pictures). After having customized and deployed to our 70ish remote locations our company finally made the decision to eliminate out-of-support Operating Systems from the environment about 2 months ago. The company looked at multiple outside contractors to do the work but I was able to sell my Director on using MDT with User State Migration Tools (USMT) to help upgrade our remaining clients (previously we were not using USMT).
MDT was the simple part the tricky part was writing the logic and tools to get our software deployment tools to reinstall the users software automatically after the upgrade process completed. We have been using Altiris DS for doing most software installations but this Windows XP migration to Windows 7 has really driven us to move our software deployments to IBM Endpoint Manager (aka Tiviloi Endpoint Manager and inside our company as BigFix).
High-Overview of process
Windows XP is live and running:
• Zero-Touch process is started
• Information about the machine is gathered
• Programs are cataloged and relics are made to indicate programs for reinstall.
• Office, Credant, Our In House Sales tool, and Lotus Notes detection takes place
• (If detected) Credant Encryption Data is gathered
• Windows Pre-installation Environment (WinPE) is applied to the machine
• Computer reboots to WinPE
Windows PE is live and running (total elapsed time so far: 10 minutes)
• Reconnects with Division Deployment Server
• Captures User State with Hard Link Migration
• Cleans excess data from the Hard drive
• Applies Windows 7 32-bit
• Customizes image - Applies patches, configures Unattend.xml
Windows 7 is booting (total elapsed time so far: 25 minutes)
• First boot drivers are installed and configured
• Windows auto logs into Administrator account with disabled shell.
• Joined to domain
• Applications installed (Sep, Altiris Dagent, HP/Lenovo utilities, etc.)
• If needed Lotus Notes reinstalled
• If needed Office 2007 reinstalled
• User State Restored – Profiles recreated, data put back, etc.
• If Credant Encryption Needed
• StateStore Backup of Hard-Links is removed
• Encryption Indexes are scanned and repaired
• Credant Encryption is reinstalled to recognize files already encrypted.
• BigFix Agent reinstalled
• Corporate Customizations reapplied
Windows 7 Reboots and stays at Ctrl+Alt+Del (total elapsed time so far: 45 minutes)
• Users can logon most base build applications are already there
• BigFix starts installing patches, chrome, remote controller
• BigFix installs programs required for upgrade based on the existence of relics.
• BigFix completes upgrade installs and prompts the user to Reboot.
So I had the opportunity to write a script to parse the system find programs we wanted to reinstall, create a file on the system that would be migrated by USMT. One of the last steps in our Upgrade MDT Task Sequences was to create a final relic file that tells BigFix the upgrade has completed - this triggered BigFix to scan for relics and install software based on the existence of the relics.
The Script determines how to create relics based on Application Definition XML file. The script parses the XML and compares against Sysinternals PSInfo (with /s) output as well as any custom definitions, like the existence of files or folders, to create the application relics.