Windows Configuration Designer / MDT for Windows 10 Deployments

Copper Contributor

I see that WCD has undergone some changes recently to move away from image/disc creation for installation, and instead to be a configuration package generator. 

When deploying Windows 10, what is the recommended method? Should we be using VLSC media with WCD to customize the OS, or use MDT to handle the customization (or does it not matter?) Just looking for the best/most supported way going forward. I'm assuming MDT isn't going anywhere, but I'm also unsure if it's going to see any love in the near-term.

 

I'm very curious to know the future-roadmap items for MDT, if there's anything that you can share. Thanks!

3 Replies

There are modern deployment techniques such as Windows AutoPilot and Windows Configuration Designer that don't use images - instead, they use and transform the preinstalled OS on the box.  That's the future.

 

MDT, ADK, ConfigMgr OSD, etc. are traditional deployment tools that use images - still available, but we hope that customers will move over time to modern techniques.

I've been working on a "best" approach to deploy laptops for our customer. I've looked at intune, mdt and now WCD. What I can say is that you simply can't change the laws of physics. It takes 'n' amount of time to do the necessary configuration no matter what you use.

 

WCD is just a glorified batch file with some extra twiddly bits. 90% of the package I've had to write myself in terms of powershell scripts and so on and even then I'm having to do work arounds because some things like the WCD VPN configuration just don't work or throw an error and crash the application.

 

I'll give a for example;

Question, how do you get an on premise machine to store it's bitlocker recovery key in Azure ? Since Microsoft have removed the ability to store the key in the on premise AD I have either output to a TXT file or print options available - (sorry remind me again what this is? Oh it's a security unlocking key that you don't want to fall in the wrong hands so my options are print or save as a txt file?? Really??) Anyway... so many issues here I'm in danger of going off topic... the answer to the question is you create a WCD package to join the machine to Azure first (hybrid joins don't work) then you leave Azure once the key is safely stored... but where's the Bitlocker option in WCD? 

 

So I am fully on board with using configuration rather than imaging (incidentally an image wouldn't solve this issue either) but I'm having to cobble together a solution due to the limitations of the software, really not impressed.. It's still quicker for me to work manually from a check list than it is to deploy applications that (guess what Microsoft) don't all have an MSI installer, setup file history, enable bitlocker and store the key in azure and so on and so on... I'm hoping this is just the start of the journey coz where it is now is no where near good enough.

 

 

Sorry just a quick comment on AutoPilot... err it does absolutely nothing... Basically I have to harvest information from a machine before I can use it. To do that I have to boot the machine and get it to at least OOBE, run the powershell script to harvest the info and then reset it and then it hands 99% of the work off to Intune which won't work if you don't have MSI installers for your software and what about the other config? 

 

Nice idea, again let down by the details, hoping for improvements....