Presentation is loading. Please wait.

Presentation is loading. Please wait.

Simplify OS deployments with Windows Provisioning

Published byAubrie Craig Modified over 6 years ago

Similar presentations

Presentation on theme: "Simplify OS deployments with Windows Provisioning"— Presentation transcript:

1 Simplify OS deployments with Windows Provisioning
Microsoft Ignite 2016 6/30/2018 9:06 PM Simplify OS deployments with Windows Provisioning Santhosh Panchap Program Manager © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Session Goals Learn how Windows Configuration Designer (WCD- aka WICD) and Windows Provisioning can simplify OS deployments Learn what’s new in Anniversary Update Understand current limitations and product roadmap

3 Agenda Overview Walkthroughs and Tips Advanced Topics Roadmap

4 Imaging is complex and costly
Image management Driver management Network bandwidth Desktop only

5 WCD provisioning: deltas to an OEM image
We are moving to a world where “OEMs image, IT provisions” 1 - IT uses WCD (aka WICD) to create a provisioning package of settings, assets, and enrollment instructions 2 – New devices arrive with a “clean” OS image (Windows + Office + drivers). IT boots devices and applies provisioning pack during first boot 3 – After first boot completes, device is at login screen and ready to hand out Works on Desktop, mobile, and industry devices (the latter two also supports NFC and MTP, in addition to removable media)

6 What can be provisioned?
Microsoft Ignite 2015 6/30/2018 9:06 PM What can be provisioned? Initial Setup Management Enrollment Offline content Rich collection of settings available to provision Best practice: Provision minimal settings to get managed The rest come from management tool Best to avoid conflicts between the two Edition Upgrade Certificates Connectivity Profiles Universal Windows Apps Win32 Applications Scripts Enterprise Policies Quite a few things. As you can see, many can be also provisioned through MDM but several capabilities are exclusive for provisioning. One example would be Browser Settings Start Menu Customization Assigned Access © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Agenda Overview Walkthroughs and Tips Advanced Topics Roadmap

8 Installing WCD Download and install the Windows Assessment and Deployment Kit When prompted for optional components, select the “Configuration Designer”

9 Creating a Provisioning package (ppkg)
Creating a ppkg for bulk enrollment

10 Enrollment options summary
Domain Join – for desktops in AD environment Use creds from a low-rights AD account Recommend; create tmp_admin account, delete via GP MDM enrollment – for mobile and shared/POS devices Bulk enrolled devices get per-device (not per-user) settings MDM-specific ppkg creation (ask your MDM) SCCM or SCCM/Intune hybrid - get ppkg from SCCM admin console Intune standalone support – not yet available Other MDMs – check with them on method (cert or creds) AAD Join Not yet supported; must enroll each device manually

11 App/cert provisioning summary
Only add bootstrap-critical items Provision minimal apps/certs to get managed Rest come from management tool to enable compliance reporting and change management Leverage “ProvisioningCommands” Powerful desktop-specific feature Add files, run a single command line - can be a script file that orchestrates multiple installs/actions Keep it short: 30 minute OOBE timeout Cab multi-file installers, uncab in install script Add logging to the master install script for tshooting

12 Deploying a PPKG Simple example of deploying a ppkg

13 Common Deployment Options
1. Interactively – for testing Double click or add from settings Install new version of the ppkg to update the content 2. OOBE time – smaller deployments Tap times on first screen Install ppkg from USB Embed in an image – for very large deployments DISM.exe /Image:<path_to_offline_image> /Add-ProvisioningPackage /PackagePath:<package_path>

14 Additional Deployment Options for Mobile
3. NFC tap-n-share 4. From bar code - for mobile industry devices w integrated bar-code scanners N F C p r o v is i o n i n g a p p 5. Drag-n-drop from tethered PC

15 Agenda Overview Walkthroughs and Tips Advanced Topics Roadmap

16 Provisioning Execution Timing
When does the provisioning engine run? Before OOBE - for embedded packages During OOBE - for ppkgs installed at OOBE time (30 min timeout, single reboot) At idle time after first login – retries failures in earlier runs Interactively at any time Note: App installs and MDM enrollment are asynchronous(!) How are failures handled? Successive retries at 2 mins, 15 mins, 1hr, 4hrs, then on reboot Only parts of the package that fail are retried Installed packages are copied to: programdata\microsoft\provisioning Embedded packages are placed in: 1. Windows\provisioning\packages 2. Any directory specified in the registry under HKEY_LOCAL_MACHINE\software\microsoft\provisioning\PackageLocations All these paths are specified under HKEY_LOCAL_MACHINE\software\microsoft\provisioning\PackageLocations

17 Device Reset Keep my files: ppkgs are rerun
Remove everything: interactively installed ppkgs are removed (DISM/imaged ppkgs are rerun) Desktop is not yet at parity with mobile for re-provisioning story, we are focusing on this for a future release.

18 Don’t use Deployment Assets
They will be removed next released Why? They are duplicative and confusing They are used only at OS build time, and OS build tools already have simpler alternatives They are not processed by provisioning engine, and trying to manually install such a ppkg will fail Scanstate is for imaging scenarios, must be built into media using WICD and cannot be applied using the methods I’m about to demo MDM touches CSPs to do dynamic management, GP uses separate system, Provisioning touches MDM interface and lives as a “local enrollment” Most secure wins and no way to roll back without removing provisioning package manually Domain join, Win32 scripting, MDM enrollment, and a few other things cannot be rolled back  provisioning is one-way operation for these settings

19 Troubleshooting Start in the settings UX Click through for Details
Settings/Accounts/Access work or school/Add or remove a provisioning package Click through for Details Note: Enrollment, app install not rolled back on package removal

20 Agenda Overview Walkthroughs and Tips Advanced Topics Roadmap

21 Release History 1506 1511 1607 Initial release of WICD/Provisioning
Added ProvisioningCommands 1607 Install from ADK without the imaging tools (20 MB vs 1 GB) Simple provisioning wizard for bulk domain join Improved documentation for advanced scenarios Improved diagnostics [Windows 10 – Threshold 1] [Windows 10 – Threshold 2] [Windows 10 – Redstone 1]

22 Beyond 1607 We’ll focus exclusively on runtime provisioning
Requests we’ve heard: Bulk AAD Join Ability to remove OEM pre-installs (but keep drivers) PS cmdlets for scripting (e.g., in an MDT task sequence) WCD as a store app Simplified app installation Media-free provisioning options

23 Microsoft Ignite 2015 6/30/2018 9:06 PM Next Steps Install WCD from the Windows 10 ADK at Build provisioning packages This is a powerful tool but we do realize that this is the first release and we are committed to continue evolving that based on customer feedback Please download the ADK, use it and share your feedback. Become a Windows Insider and get early access to releases! Visit the Insiders at the MSFT Showcase in Expo Hall or see © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 6/30/2018 9:06 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Simplify OS deployments with Windows Provisioning"

Similar presentations

Enterprise Mobility Platform Microsoft Differentiation Managed Mobile Productivity Layered Protection Hybrid Solutions Office 365DynamicsWorkday.

Enterprise Mobility Platform Microsoft Differentiation Managed Mobile Productivity Layered Protection Hybrid Solutions Office 365DynamicsWorkday.
Deployment Deep Dive on Windows 7 Rodney Buike – Technology Evangelist Microsoft Canada

Deployment Deep Dive on Windows 7 Rodney Buike – Technology Evangelist Microsoft Canada
4/17/2017 7:07 AM © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

4/17/2017 7:07 AM © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
But we learned some things we had to do better...

But we learned some things we had to do better...
Advanced Deployment Topics – MSI Enhancements Om Sharma Program Manager, Windows Installer Microsoft Corporation.

Advanced Deployment Topics – MSI Enhancements Om Sharma Program Manager, Windows Installer Microsoft Corporation.
Richard Smith Senior Consultant – Management, Operations and Deployment Microsoft UK Simple Deployments with Windows AIK and Windows DS.

Richard Smith Senior Consultant – Management, Operations and Deployment Microsoft UK Simple Deployments with Windows AIK and Windows DS.
Deploying Windows 7 Lesson 3. Objectives Understand enterprise deployments Capture an image file Modify an image file Deploy an image file.

Deploying Windows 7 Lesson 3. Objectives Understand enterprise deployments Capture an image file Modify an image file Deploy an image file.
WCL303 Business Desktop Deployment (BDD) 2007: Part 2, Deploying the 2007 Office system Michael Niehaus Systems Design Engineer Microsoft

WCL303 Business Desktop Deployment (BDD) 2007: Part 2, Deploying the 2007 Office system Michael Niehaus Systems Design Engineer Microsoft
Service Pack 2 System Center Configuration Manager 2007.

Service Pack 2 System Center Configuration Manager 2007.
Modern Device Management; Myth vs. Reality

Modern Device Management; Myth vs. Reality
Microsoft Virtual Academy

Microsoft Virtual Academy
Phase 4: Manage Deployment

Phase 4: Manage Deployment
System Center 2012 Configuration Manager

System Center 2012 Configuration Manager
Customizing Windows 10: Image Creation Tips and Tricks

Customizing Windows 10: Image Creation Tips and Tricks
5/22/2018 1:39 AM BRK2156 Power BI Report Server: Self-service BI and enterprise reporting on-premises Christopher Finlan Senior Program Manager © Microsoft.

5/22/2018 1:39 AM BRK2156 Power BI Report Server: Self-service BI and enterprise reporting on-premises Christopher Finlan Senior Program Manager © Microsoft.
Deployment Internals: Mastering Windows Deployment Services

Deployment Internals: Mastering Windows Deployment Services
5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.

5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.
Manage Windows devices in the complex hybrid cloud world of today

Manage Windows devices in the complex hybrid cloud world of today
Cloud-First, Modern Windows Management and Security

Cloud-First, Modern Windows Management and Security
Microsoft 2016 6/4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,

Microsoft /4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,

Similar presentations

Ads by Google