Windows 10 Deployment Solutions and Tools
Windows AutoPilot automates the process of setting up and configuring Windows 10 on new devices. It can also be used to reset, repurpose and recover devices. Windows AutoPilot joins devices to Azure Active Directory (Azure AD), optionally enrolls into MDM services, configures security policies, and sets a custom out-of-box-experience (OOBE) for the end user.
You can use Windows AutoPilot to configure the Out of Box Experience (OOBE), which includes automatic enrollment that enrolls devices in Intune.
Login URL: https://portal.azure.com/
First, create a new Windows AutoPilot Deployment Program profile in intune:
Then, find the devices you want the profile enabled for and assign the profile to those devices.
Windows Analytics is a set of solutions that run on Operations Management Suite (OMS):
- Device Health
- Update Compliance
- Update Readiness
Devices report telemetry data and this data can be accessed and analyzed by one of these solutions. Generically, Telemetry is an automated communications process by which measurements and other data are collected at remote or inaccessible points and transmitted to receiving equipment for monitoring.
Windows Analytics: Upgrade Readiness
The Upgrade Readiness is a free tool for Azure subscribers that helps you confirm applications and drivers are ready for a Windows 10 upgrade. The tool provides application and driver inventory, information about known issues, troubleshooting guidance, and per-device readiness. Upgrade Readiness was previously called Upgrade Analytics. Further, the Application Compatibility Toolkit (ACT) was replaced with Upgrade Analytics.
Upgrade Readiness works by forming a connection between your computers and Microsoft. Upgrade Readiness collects computer, application, and driver data for analysis.
Upgrade Readiness is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing your on-premises and cloud environments.
Login URL: https://www.microsoft.com/en-us/WindowsForBusiness/windows-analytics
To launch the upgrade readiness process, run the Upgrade Readiness script on each computer that you would like to run the readiness for. There is a pilot and deployment. Run the pilot on a couple machines to verify things are working, then run the deployment in your environment.
Once the script is run, you can identify and resolve issues in the Upgrade Readiness dashboard. By connecting Upgrade Readiness to Configuration Manager, you can directly access the data in the Monitoring node of the Configuration Manager console.
Windows Analytics: Update Compliance
Update Compliance helps keep Windows 10 devices secure and up-to-date using Microsoft Operations Management Suite (OMS) Logs and Analytics to provide information about the status of monthly quality and feature updates.
Windows Analytics: Device Health
Device Health complements Upgrade Readiness and Update Compliance by helping to identify devices crashes and the cause. Device drivers that are causing crashes are identified along with alternative drivers that might reduce crashes. Windows Information Protection misconfigurations are also identified.
MBR2GPT (MBR -> GPT)
MBR2GPT.EXE, introduced in the Windows 10 1703 (Creator’s Update), converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying data on the disk. Previously, it was necessary to image, then wipe and reload a disk to change from MBR format to GPT.
The tool is designed to be run from a Windows PE command prompt, but can also be run from the full Windows 10 operating system (OS) by using the /allowFullOS option.
GPT enables the use of larger disk partitions, added data reliability, and faster boot and shutdown speeds
GPT also enables the use of the Unified Extensible Firmware Interface (UEFI) which replaces the BIOS. Security features of Windows 10 that require UEFI mode include: Secure Boot, Early Launch Anti-malware (ELAM) driver, Windows Trusted Boot, Measured Boot, Device Guard, Credential Guard, and BitLocker Network Unlock.
MBR2GPT.EXE is located in the Windows\System32
Windows ADK for Windows 10
The Windows Assessment and Deployment Kit (Windows ADK) is a suite of tools to asses and deploy Windows. A version is released for each version of Windows with the current version being Windows ADK for Windows 10, version 1709. It used to be called the Windows Automated Installation Kit (AIK) (for Windows 7).
DISM is used to mount and service Windows images.
- Mount an offline image
- Add drivers to an offline image
- Enable or disable Windows features
- Add or remove packages
- Add language packs
- Add Universal Windows apps
- Upgrade the Windows edition
Sysprep prepares a Windows for imaging and allows you to capture a customized installation.
- Generalize a Windows installation
- Customize the default user profile
- Use answer files
Windows PE (WinPE) is a small operating system used to boot a computer that does not have an operating system. You can boot to Windows PE and then install a new operating system, recover data, or repair an existing operating system.
- Create a bootable USB drive
- Create a Boot CD, DVD, ISO, or VHD
Windows Recovery Environment (Windows RE) is a recovery environment that can repair common problems.
Windows System Image Manager (Windows SIM) creates “answer files” that change Windows settings and run scripts during installation.
- Create answer file
- Add a driver path to an answer file
- Add a package to an answer file
- Add a custom command to an answer file
Windows Imaging and Configuration Designer (ICD) customizes and provisions Windows 10. It’s a similar concept to using imagex, by importing applications, updating drivers, etc.
- Build and apply a provisioning package
- Export a provisioning package
- Build and deploy an image for Windows 10 for desktop editions
When using it to provision Windows 10:
Volume Activation Management Tool (VAMT)
The Volume Activation Management Tool (VAMT) allows you to automate and centrally manage the Windows, Office, and other Microsoft products volume and retail-activation process. VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS).
User State Migration Tool (USMT)
The User State Migration Tool (USMT) is a user-profile migration tool. USMT includes three command-line tools: ScanState.exe, LoadState.exe, and UsmtUtils.exe. USMT also includes a set of three modifiable .xml files: MigApp.xml, MigDocs.xml, and MigUser.xml. You can create custom migration .xml files and you can also create a Config.xml file to specify files or settings to exclude from the migration.
The USMT broadly works in these three steps:
Configure USMT: Make copies and modify the three migration XML files
MigApp.xml, MigDocs.xml, and MigUser.xml
Scan Source Computer
scanstate \\server\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:scan.log
Load results on Destination Computer
loadstate \\server\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:load.log
Windows To Go
Windows To Go allows you to boot a fully manageable Windows environment on a USB jump drive. You insert the USB drive (known as a Windows To Go workspace) into a computer to boot and run a managed Windows 10 system.
You can easily start the wizard by opening Windows To Go in the Control Panel.