Which Apps Should Stay and Which Apps Should Go?
If deploying Windows 7 is necessary for your environment, don’t overlook the usefulness of the Microsoft Deployment Toolkit. MDT 2010 can be used to create a fully customized Windows installation that includes drivers, software updates and applications, in addition to sysprep and capture of that installation to create a "golden image" suitable for mass deployment to all the PCs in the organization.
But if your organization uses dozens or even hundreds of applications, which ones should you burn into the master image and which ones should you leave out? The following is some guidance to help answer that question.
Antivirus software is one type of application that definitely should be included in a master image. The reason is simple: Every PC in an organization should be protected from malware infection, and the easiest way to ensure each PC has antivirus software installed is to include such software right within the master image.
By extension, if there are any other pieces of software that every single user in your organization either needs for doing their work or must have on their PC for technical or policy reasons, then be sure to include such software in the master image. For example, if Microsoft Office 2010 is needed by every user in your company, then burn it into the master image. Or, if all PCs in an organization need to be managed by an enterprise auditing platform, then burn the agent for that auditing platform into the master image so the PCs can be managed by the platform from the user’s first logon.
The Licensing Issue
If most but not all users need some particular line-of-business application, then consider including that application in the master image even though a few users will end up getting something they don’t need on their machines. But there’s a caveat associated with this approach — namely, licensing. Say you have 300 PCs in your organization but only 250 users need a particular application installed on their systems. It might be easier to include the application in the master image so that the application is installed on all 300 PCs. But if doing this means you'll have to pay for an additional 50 licenses, then rethink your strategy.
Sometimes users get confused if they're given too much software on their computers. Questions such as “What happens if I run this?” can result in unnecessary calls to the help desk that can affect your bottom line. That's one reason to avoid including too many applications in a master image.
If being able to quickly deploy or redeploy fully customized desktop environments to users is a priority for your organization, then include as many applications as possible in the master image. That way, should a user's PC become corrupted and need to be reinstalled, it’s easy to get their machine up and working again quickly to avoid lost productivity. Call centers sometimes use this approach, although a more modern option is to use thin clients or a Virtual Desktop Infrastructure (VDI).
Be realistic about the amount of network bandwidth your organization has available for deployment purposes. Transferring a large master image over the network can consume a lot of bandwidth, and this may be another consideration for limiting how much stuff is included in an image. On the other hand, if your infrastructure is Windows Server–based, you may be able to use Windows Deployment Services to deliver your master image to PCs using the IP multicasting approach, which uses much less bandwidth than unicast IP traffic. Technet offers guidance on how to implement this approach.
If your environment is fairly stable and rarely needs an update of its master image, consider including more applications in the image than you might have were the environment constantly evolving, requiring frequent updating of the master image.
MDT 2010 also allows deployments from media such as a DVD or USB flash drive. This approach can be useful for performing stand-alone deployments in remote offices where no IT expertise is available. If you're going to perform media-based deployments from DVDs, consider limiting the number of applications included in the master image so it doesn’t get so big it won't fit on a single DVD. Using a USB flash drive will provide some wiggle room.
Some applications can be difficult to automatically deploy using MDT. And because MDT should be used to build the master image, make sure to automate this process as much as possible. If the application is installed using a Windows Installer (.MSI) package, MDT should be able to automate its installation without problems. But if the application is non-MSI, then you can only automate its installation using MDT if the application's setup program has an unattended installation mode, doesn't exit until setup is finished and doesn't reboot your machine. For more discussion on this matter, see this blog post by Keith Garner of the Xtreme Consulting Group.
If it’s not feasible to include certain applications in the master image, all is not lost. There are several ways to provide users with the additional applications they need to perform their work. Consider using Group Policy Software Installation to deploy specific applications to PCs where they are needed. System Center Configuration Manager is another option. Also consider delivering the applications to users as RemoteApp programs using Remote Desktop Services. Or virtualize the applications using Microsoft Application Virtualization (App-V). The bottom line is, think through your master image building process carefully to ensure you include what you need and leave out what you don't.