1

We are managing a pool of Windows 11 machines that essentially run as autonomously bookable servers used to analyze microscopy images. The computers are accessible physically or through Windows RDP (once connected to our institutional VPN) and they have identical hardware, two local Windows users ("Admin" and "User"), and 3 physical drives (C, D and E). As commonly, the C drive is where the OS and all our applications are installed.

For ease of maintenance, we would like to perform all kinds of updates and new software installations always to the same computer ("Master"), and be able to periodically create an image of the C drive and a handful of folders selected from the D and E drives, store this image on a shared network storage, and automatically deploy the same image to the other computers. Ideally, we would like the images to be incremental to limit update time and storage space, and we would like to smartly keep any kind of critical computer specific information such as the computer name and Windows license.

What would be the safest and simplest solution to perform this operation?

Sebastien
  • 23
  • 3
  • 2
    Does this answer your question? [How to create an unattended Windows installation medium/iso/usb supporting Secure Boot and resulting in a UEFI-Windows installation?](https://superuser.com/questions/1624231/how-to-create-an-unattended-windows-installation-medium-iso-usb-supporting-secur) – JW0914 Aug 04 '23 at 11:40
  • 1
    Unless the pool of machines is exorbitant, MDT [**M**icrosoft **D**eployment **T**olkit] would be used - please see [this](https://superuser.com/a/1721319/529800) answer. If there are a significant number of machines, an [MEM](https://learn.microsoft.com/en-us/mem/) [**M**icrosoft **E**ndpoint **M**anager] license may make financial sense _(MDT is free)_. All of this is done via a ZTI [**Z**ero **T**ouch **I**nstall] Task Sequence ([example](https://i.stack.imgur.com/r9l5c.png)), and while it's a bit time consuming to initially set up, once done, it requires minimal time to update and redeploy – JW0914 Aug 04 '23 at 11:49
  • _(Cont'd...)_ Since I don't address it in the aforementioned answer link due to the 30K character limit, WinPE [**Win**dows **P**reinstallation **E**nvironment] and MDT/MEM support PXE deployments of Windows from a network share, so all machines can be remote booted to PXE with no user interaction and have the ZTI Task Sequence deployed with no user interaction. _(it's vitally important once a Task Sequence is finalized, it's tested start to finish to verify there are no hiccups in the Task Sequence)_. – JW0914 Aug 04 '23 at 11:56
  • What about low level disk cloning, would you avoid this solution in this situation (3 different computers)? I'm saying it because we will install a lot of heavy software so reinstalling OS + software from scratch each time might be a bit heavy. What about commercial solutions, is there any software that you would especially recommend to simplify the process (I heard that MDT is not straightforward to configure)? – Sebastien Aug 04 '23 at 14:24
  • If you just want to manage/deploy a centralized image, there are quite a few commercial products like deepfreeze, often aimed at schools - search around for "computer lab image management software". Superuser isn't a good place for software recommendations – Cpt.Whale Aug 04 '23 at 15:13
  • Thanks! If I'm not wrong deepfreze works on a per computer basis to restore a previous state. Here we'd like to create a new image on the fly and propagate it from a "master" computer to other computers on the same network. – Sebastien Aug 04 '23 at 16:31
  • @Sebastien MDT is straightforward to configure - there is a minor learning curve, but it's something anyone can overcome within a few hours of using the program and referencing Microsoft Docs for MDT. Task Sequences don't reinstall the OS every time updates are pushed out to machines enmasse - they can be configured to do that, but normally either the OS install task is disabled in the Task Sequence, or a separate TS is used for updating. In the example screenshot link, each green icon is an individual task within the TS and each can be enabled [green] or disabled [grayed out]. – JW0914 Aug 04 '23 at 20:27
  • @Sebastien You can't low level disk clone for Windows, as Windows isn't intended to be shared between machines - [`SysPrep /Generalize`](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/sysprep--generalize--a-windows-installation) must be run against the master image prior to deploying it, which auto-boots to the Generalize pass of Windows setup upon the next boot. The only way cloning works software-wise is if the other machines have the exact same hardware, but then you have licensing issues and Microsoft does audit businesses for license usage. – JW0914 Aug 04 '23 at 20:38
  • Here the computers have exactly the same hardware but I understand the limitations you mentioned. We will look into MDT but do you have any experience with Backupper, Snapdeploy, Smartdeploy or Veaam. I wonder if they are worth considering in this situation and might simplify the process. – Sebastien Aug 05 '23 at 07:57
  • @Sebastien I don't have any experience w/ any of those - I only know about MDT in-depth because I set it up on my personal laptop when Windows 8 was released & fully read through all the man pages for MDT _(this will go much smoothly for anyone today than it did for me simply because Microsoft combined all man pages/info into Microsoft Docs within the last 6yrs or so - everything is extremely easy to find today compared to when I did all this a decade ago)_. The most time-consuming part is importing software & configuring it's CLI install parameters - you'll want `.msi` installers over `.exe` – JW0914 Aug 05 '23 at 13:21
  • @Sebastien When it comes to third-party image management software for Windows, they all use the exact same underlying tools natively included within Windows, and generally speaking, there's a reason why businesses, universities, governments, the military, etc. choose to spend thousands of dollars on MEM licenses _(or it's predecessor SCCM)_, as there is no third-party software that rivals the natively included software Windows/Microsoft provides for image management and deployment. MDT is simply the bare bones image deployment software SCCM/MEM built upon. – JW0914 Aug 05 '23 at 13:30

0 Answers0