Is Snap Deploy right for us?
Hi all, this is going to be a long one, and I really appreciate if anyone actually reads this and helps me out! I have read up on forums/KB articles but could not exactly find some specific information I’m after.
I work for a Business IT Support company / MSP (Helpdesk, Services, New Hardware, Repairs targeted towards SMB and some larger corporations) that have a variety of clients, some of these clients are “Break-Fix” and some have Service Level Agreements (SLA).
We currently use a WDS server, but no MDT or SCCM, the WDS just holds Windows 10, and some tech tools). Never got around to utilising MDT or SCCM mainly due to time constraints and the company constantly growing quite quickly, other priorities took over such as general helpdesk servicing times and at that point we didn’t move too much hardware for it to matter that much.
I was mainly the person involved in setting up the WDS, and I originally had a golden/master image created in VM Workstation just so I could load up a snapshot if I made mistakes and would recapture/resysprep. The goal here was when Microsoft released new builds of windows 10 I thought I could load a snapshot of the VM back to before I captured it, and load up the latest build but I found that this was not the case, and had issues here. After some research (unsure if correct!) Microsoft recommended rebuilding a new master image every time they released a new build and I didn’t really have time for that and because I wasn’t using MDT it became difficult. (From memory I think once sys prepped you couldn’t install updates, main thing is I had issues getting updates installing to capture again)
Ended up opting to just use the WDS to install windows 10 as provided from Microsoft, and then have staff follow an SoE/SoP (Standard Operating System as Acronis calls it). We essentially had an internal SoE/SoP that we would use as the standard for any endpoint machine going out for any client unless that client had their own SoE/SoP that needed to be followed instead. (So no re-imaging ever actually took place here, we just used the WDS to boot an official windows 10 image, rather than make bootable media)
Our SoE/SoP has things like default local details, default applications and windows settings, as well as stress testing and documentation of that endpoint (which can’t really be done as part of a deployment tool, so we would still utilise SoE/SoP’s except they could be a lot shorter). This isn’t efficient exactly, but still helped to ensure we setup machines exactly as we needed, or to the client’s requirements, every time, and it is somewhat of a manual process besides the use of certain scripts.
All system prep is done in our workshop, and then taken onsite to either be joined to a domain and have group policies applied for final configuration, or to small companies only on a workgroup and then further manual configuration takes place.
So here I am, wondering if Snap Deploy would be right for our use, as I still don’t have the time to learn MDT/SCCM. I have been using the trial lately and even purchased 15 deployment licenses recently but I just even more questions since using it, the KB articles don’t go into a lot of detail really, so any advice/help would be really appreciated!
To be able deploy machines ready for onsite installation in a timely fashion that;
- If possible – to literally have 1 windows 10 pro Image that has the basics setup to how we like it. Which means standard applications/settings always part of a master image, and then based on certain clients we could have a different deployment profile for each client that needs further specific settings, such as specific local users, or password requirements, and applications specific to that client only.
- We could end up having hundreds of profiles really, which is better than hundreds of different images of course! Would still have Some “Default” profiles for when the client only needs our standards applied instead.
1. According to the KB articles from Acronis, if you use their capture tool you really do not need to sys prep windows 10 anymore, is there any more to this, or is it really not required now? (If sys prep is not really required, this Is handy because I hated having to muck around with an unattended.xml file when I tried using WDS to configure certain windows settings that would not stay after syspreps.)
2. How should a Master/Golden image be made exactly? – during my trial use, I literally made one from a Lenovo M70S Small Form Factor physical machine and deployed it to 6 other Lenovo M70s PC’s, I was worried about SID issues with domain joining, or software issues detecting it as a cloned machine (such as Webroot endpoint licensing only detecting them all as 1 PC) however during tests I had no issues with domain joining and logging in, or with Webroot license portal. KB articles mention and some forum posts mention this isn’t an issue with Windows 10 Now.
3. We mainly sell HP & Lenovo devices lately, as well as build our own custom machines, would 1 master image still be recommended, or should we have one per “brand”? from my testing it seemed this would not matter too much if we utilised Universal restore and driver packages. We could also then utilise the application section of the deployment profile to perhaps install HP specific software such as HP Support Assistant or Lenovo software such as Lenovo Commercial Vantage. My concern with this part though is we would then have to have even more deployment profiles – based on Brands & client requirements. So 1 client could end up having several profiles needed depending on what brand we can get stock of at the time etc.
4. Microsoft licensing questions, which I can’t seem to find info on from Acronis – I have read some other forums where it’s stated that you MUST use Volume Licensing to reimage/deploy an image to multiple machines. But how does this work if you have OEM machines? During my tests, the master image taken from 1 Lenovo OEM machine still stayed activated on the several other Lenovo machines. (I didn’t use the Universal Restore Option during deployment)
5. Regarding Volume Licensing, from my reading it is expected as an MSP that each client of ours has at least 1 Windows 10 Pro Volume key for us to be able to deploy a machine for them…which seems odd. We do have our own volume keys for internal use, and it was advised to NOT use these for the “right” to clone machines for various clients. Am I going to have to sell every customer at least 1 volume key and have it documented so that we know we can deploy machines to them next time?
6. Can SnapDeploy 6 work over WAN/Internet? Could I have the Deployment server at our HQ, and have images stored at the client sites to re-deploy? (Port forwarding and locking it down of course), or would we be better off installing Snapdeploy servers at our clients’ sites, and say if we initially configured their machines at our HQ and then delivered the machines, could we export the Snap deploy profile settings and save that profile on the clients Snapdeploy server for ready for future use?
7. In the Master/Golden image, can I install any program I want or is it recommended to only install programs using the profile section during deployment, as I guess certain applications could become end of life, and then they would essentially pollute that Master image?