Latest posts by Kyle Beckman (see all)
- Managing shared mailboxes in Office 365 with PowerShell - Thu, May 5 2016
- Managing shared mailboxes in Office 365 with the GUI - Wed, May 4 2016
- Installing and configuring the Enhanced Mitigation Experience Toolkit (EMET) - Wed, Mar 16 2016
With Windows 10, Microsoft has released a new tool to allow organizations to rapidly provision or configure both corporate and personally owned Windows 10 devices. The release of Windows 10 on July 29, 2015, also requires updates to the tools that organizations use to deploy the OS, such as the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. In addition to the updates to these products, a new tool—Imaging and Configuration Designer (ICD)—is now available to customize Windows 10 installs without the need to reimage the device.
Imaging and Configuration Designer allows an IT admin to create provisioning packages that can customize both the mobile and computer versions of Windows 10. These provisioning packages (that have the PPKG file extension) can be used during the OS first run experience or after the OS has been set up to perform tasks such as connecting to WiFi networks, adding certificates, connecting to Active Directory, enrolling a device in MDM, and even upgrading editions—all without the need to format the drive and reinstall Windows. I can think of two scenarios where ICD will be useful: configuration of BYOD devices and automated configuration of OEM images.
Configuration of personally owned BYOD devices ^
If your organization supports BYOD, how do you handle setting up your users’ personally owned devices? User devices need to be set up with WiFi, VPN profiles, certificates, applications, etc. At my organization, we publish online FAQs, but many end users still need extra help with some of the more complex configurations. If your organization allows users to bring their devices to a Help Desk or to their IT person, a lot of manual configuration still has to be performed on the devices. What if you could automate all this work?
With ICD, you can build a PPKG file that contains your company’s root certificate, WiFi settings, VPN settings, line of business applications, enrollment in MDM (Mobile Device Management), etc. This PPKG file can then be distributed via USB thumb drive, URL, or even email attachment to any users needing to configure their devices. The user double-clicks the file, accepts a UAC prompt, and then is asked to allow the provisioning package installation. Their device reboots if necessary and configuration is complete with very little manual effort.
Automated configuration of OEM OS loads ^
Most large organizations tend to wipe new computers when they are received so IT can install their own custom image and software with MDT, Configuration Manager, or some other OS deployment solution. The primary reason for needing to reload the device is that the Enterprise Edition of Windows doesn’t come preinstalled by OEMs. New devices typically come with the Professional SKU preinstalled unless your organization has an agreement with the OEM to have a custom image installed.
Setting up and maintaining an OS deployment solution can be a lot work for a small (or even a one-person) IT shop that only images a handful of machines on a regular basis, so this is something for small- and medium-sized organizations to consider.
ICD allows you to build a PPKG file that, like the BYOD scenario, can configure certificates, WiFi, VPN, etc. It can also add the computer to Active Directory, set the computer name, and even upgrade the edition of Windows 10 from Professional to Enterprise with only a reboot or two as a requirement.
The PPKG file can also be used to remove preinstalled universal applications or Win32 applications via a script if you know which applications are preinstalled on the system. The PPKG file can either be installed after the computer is set up or during the first run experience by pressing the Windows key five times. This allows you to completely configure a new device without having to perform the steps manually as soon as you pull the computer out of the box.
What can be configured with a PPKG? ^
You can use ICD to create PPKG provisioning files that can perform the initial setup of a device, upgrade the Windows 10 edition, add a device to MDM/Active Directory/Azure Active Directory, configure WiFi, configure VPN, install certificates, install Universal Windows apps, install Win32 apps, run scripts, copy offline content to the device, configure browser settings, customize the Start Menu, configure Assigned Access, and configure a number of other Enterprise policies such as power and security settings.
Do I need Windows Imaging and Configuration Designer?
If you support BYOD, want to use factory OEM images, or want to automate configurations that you’re currently performing manually, I would definitely check out ICD. ICD only works with Windows 10 and won’t completely replace tools such as your MDM solution, System Center Configuration Manager, or Group Policy; however, it does give you a great way to automate manual work with very little time investment and no infrastructure investment.