Windows Server 2008 (R2) blog by Kurt Roggen [BE]

Recently, I completed a desktop deployment project of about +/- 1500 clients. I was responsible for creating the teams, guiding them technically and assist as overall architect in each of these teams and I wanted to share some information which might be interesting for your future desktop deployment projects, certainly with Windows 7 coming at you!

The overall approach of the project was to create internal workgroups (read: teams) responsible for specific areas of the project. We ended up creating 4 teams due to the limited resources on the project.

1. Hardware
2. Application Compatibility & Package Delivery
3. Deployment
4. Configuration & Feature Set
   

Hardware workgroup

This team is responsible for the evaluation of the future hardware platform (both desktop, laptop, tablet, screens, …), maintenance contracts, SLAs, hardware roadmap.
The objective of the workgroup is to propose a number of “hardware profiles” (read: hardware configuration), which represent hardware standards for the new platform.
We ended up with the following hardware profiles:

• Power Desktop (+2 GB RAM)
• Normal/Standard Desktop
• Normal/Standard Laptop
• Power Laptop (+2 GB RAM, HDD 7200 RPM)
• Normal/Standard Tablet PC
  

Application Compatibility & Package Delivery workgroup

This team is responsible of inventorising all applications used within the organization and validating its application compatibility towards the new platform.
The objectives of the workgroup is to assure application compatibility for list of applications (both core and supplemental), deliver these applications in a packaged installation form and validate the overall compatibility/stability of all applications together (as a whole) on the new client platform.

Applications are split up into several groups and categories.

Core applications are considered base applications and are common to all users/computers and will be included by default inside the image.  Supplemental applications are task- or role-specific and are added afterwards in a manual, semi-automatic or automatic way.
Each application receives a weight to identify the importance in the organization.

Below you will find a list of most of the core applications:

• Office 2007 MUI (EN/NL/FR) SP1 + hotfixes
• Office 2007 addons (such as XPS/PDF, Calendar Print Assistant)
• Adobe Acrobat 9 MUI (EN/NL/FR)
• Mobile Device Center
• Core OS: Powershell, Group Policy Preferences
• Base platform components (providing user and helpdesk with “shortcuts” to crucial system related information)
• Terminal Emulation Client (IBM)
• Core business applications
• Anti-virus (McAfee VirusScan & Anti-Spyware)

Another task of this team is to deliver installation packages (read: automated installations) for each of the core applications (mandatory) and for the supplemental applications (not-mandatory - depending in the population). 

Configuration & Feature Set workgroup

This team is responsible for the configuration of the overall image and especially with the featureset used for the OS.  The operating system used is Windows Vista Enterprise with SP1. 
The objectives of this team is to deliver guidelines about the technologies to use and create design documents for these technologies and/or features and provide automation (scripts, procedures, …) necessary to configure those.

Below you find a list of some of the topics and/or features that were tackled:

• Folder Redirection
• Offline Files and Folders
• MUI Language packs (EN/FR/NL)
• Bitlocker
• Remote Assistance/Remote Desktop
• Power Management
• Internet Explorer
• Network Access Protection (NAP)
• Powershell
• Printing
• UI branding & restriction
• Security Hardening
• Driver injection (offline and online: local, network)
• Windows Recovery Environment

An important focus for this workgroup/team is on

• Group Policies
• Group Policy Preferences
• Automation through scripting
  

Deployment workgroup

This team is responsible for designing the approach for desktop deployment and building an management infrastructure.
The objective of this team is to deliver guidelines about the deployment process, deliver the final image and provide automation for a simple and smooth deployment process.

The pre-staging of the image was done in the factory by the OEM.  When delivering the machines and attaching them to the network the “post-installation configuration” proceeds.
This process changes the randomly-generated computername to a custom-provided computername (following the naming conventions) and sets some defaults (MUI language, OU location, printers, …) based on the physical location of the client computer (using Active Directory Sites and Services).

When a minor problem prevents the system/OS from starting, the installed Windows RE will kick in and attempt an automated system repair.

When a major problem prevents the system from starting or the system/applications are not behaving as required, a recovery-solution was developed based on Windows PE and Windows Imaging (.wim) which allows a complete system restore to be done within 20 minutes, bringing the system back to its initial installation state.

When required, a technician can initiate a local reinstallation (using USB disk) or network-based reinstallation (using WDS – Windows Deployment Services).  The approach depends on the local network connectivity of course.

When a serious hardware problem arises, a clean (read: pre-staged) client machine is delivered within the respected hardware SLA and the user continue to work once the “post-installation configuration” process completes.

I hope this has given you some idea about the overall approach and technologies used in a typical desktop deployment project.

Windows 7 introduces a new feature for Offline Files & Folders called “Transparent Caching”.

Prior to Windows 7, to open a file across a slow network, client computers always retrieved the file from the server, even if the client computer had recently read the file. With Windows 7 transparent caching, client computers cache remote files more aggressively, reducing the number of times a client computer might have to retrieve the same data from a server.

With transparent caching, the first time a user opens a file in a shared folder, Windows 7 reads the file from the server and then stores it in a cache on the computer’s hard disk drive. The second and subsequent times a user reads the same file, Windows 7 retrieves the cached file from disk instead of reading it from the server. To provide data integrity, Windows 7 always contacts the server to ensure the cached copy is up-to-date. The cache is never accessed if the server is unavailable and updates to the file are always written directly to the server.

Transparent Caching is done by caching reads to remote files over a slow network in the Offline Files  (CSC) cache. Subsequent reads to the same file are then satisfied from the client (cache) after verifying the integrity of the cached copy, leading to improved end-user response times and decreased bandwidth consumption over the WAN links to the server.

However, the cached files are temporary and are not available to the user when offline. Also, the cached files are not kept in sync with the version on the server and the most current version from the server is always available for subsequent reads.

Transparent Caching is not enabled by default and can be enabled through Group Policy at Computer configuration | Administrative Templates | Network | Offline Files | Enable Transparent Caching

This policy is triggered by the configured round trip network latency value. Microsoft recommends using this policy when the network connection to the server is slow.
For example, you can configure a value of 60 ms as the round trip latency of the network above which files should be transparently cached in the Offline Files cache. If the round trip latency of the network is less than 60ms, reads to remote files will not be cached.

You can configure the amount of disk space the CSC cache uses and prevent specific file types from being synchronized.

Related reading:

• Technet: File Sharing and Offline Files Enhancements

Microsoft Remote Server Administration Tools (RSAT) enables administrators to remotely manage roles and features in Windows Server 2008 R2 from a computer running Windows 7. 
It includes support for remote management of computers running a Server Core or Full Server installation of Windows Server 2008 R2.

Installing RSAT is a 2 step process:

1. Installing RSAT package
2. Enabling/Installing the RSAT snapins/features

Step 1. Installing the RSAT package

wusa Windows6.1-KB958830-x86.msu /quiet  (x86) or
wusa Windows6.1-KB958830-x64.msu /quiet  (x64)

After installing the RSAT update package - containing most feature and role based administration tools - these snapins are accessible through Control Panel/Programs & Features/Windows Features - for installation.

Step 2. Enabling the RSAT features/snapins

After installing the RSAT update package, enable all (required) RSAT features.  Similar like installing features and server roles in (Windows Server 2008 R2) Server Core, you can install the Windows 7 RSAT unattended using the CLI tool DISM (Deployment Image Servicing and Management).

DISM enumerates, installs, uninstalls, configures, and updates features and packages in Windows images. The commands that are available depend on the image being serviced and whether the image is offline or running (online).

To get a list of all available features:

dism /Online /Get-Features

To enable available features:

dism /Online /Enable-Feature /FeatureName:<FeatureName>

dism /Online /Enable-Feature:RemoteServerAdministrationTools
dism /Online /Enable-Feature:RemoteServerAdministrationTools-Roles-DHCP

Below you find a list of available feature names

Feature Names: RemoteServerAdministrationTools RemoteServerAdministrationTools-ServerManager RemoteServerAdministrationTools-Roles RemoteServerAdministrationTools-Roles-CertificateServices RemoteServerAdministrationTools-Roles-CertificateServices-CA RemoteServerAdministrationTools-Roles-CertificateServices-OnlineResponder RemoteServerAdministrationTools-Roles-AD RemoteServerAdministrationTools-Roles-AD-DS RemoteServerAdministrationTools-Roles-AD-DS-SnapIns RemoteServerAdministrationTools-Roles-AD-DS-AdministrativeCenter RemoteServerAdministrationTools-Roles-AD-DS-NIS RemoteServerAdministrationTools-Roles-AD-LDS RemoteServerAdministrationTools-Roles-AD-Powershell RemoteServerAdministrationTools-Roles-DHCP RemoteServerAdministrationTools-Roles-DNS RemoteServerAdministrationTools-Roles-FileServices RemoteServerAdministrationTools-Roles-FileServices-Dfs RemoteServerAdministrationTools-Roles-FileServices-Fsrm RemoteServerAdministrationTools-Roles-FileServices-StorageMgmt RemoteServerAdministrationTools-Roles-HyperV RemoteServerAdministrationTools-Roles-RDS RemoteServerAdministrationTools-Features RemoteServerAdministrationTools-Features-BitLocker RemoteServerAdministrationTools-Features-Clustering RemoteServerAdministrationTools-Features-GP RemoteServerAdministrationTools-Features-LoadBalancing RemoteServerAdministrationTools-Features-SmtpServer RemoteServerAdministrationTools-Features-StorageExplorer RemoteServerAdministrationTools-Features-StorageManager RemoteServerAdministrationTools-Features-Wsrm

With Windows Server 2008 R2 and Windows 7 RSAT, you will also be capable of managing remote servers (running Windows Server 2008 R2) using Server Manager through PowerShell remoting.  Server Roles/Features will be manageable using local and remote PowerShell 2.0 scripts. So, you will now find the Server Manager snapin as part of the Windows 7 RSAT.

Related reading:

• Windows Vista: Installing RSAT (Remote Server Administration Tools) components unattended
• RSAT (Remote Server Administration Tools): what's included and what's NOT!!
• Server Manager in Windows Server 2008 R2
• Sander Berkouwer: Windows 7 RSAT Release Candidate