Tactical Advice

Which Apps Should Stay and Which Apps Should Go?

Try these guidelines when considering which applications to include in your company’s master image.
Which Apps Should Stay and Which Apps Should Go?

If deploying Windows 7 is necessary for your environment, don’t overlook the usefulness of the Microsoft Deployment Toolkit. MDT 2010 can be used to create a fully customized Windows installation that includes drivers, software updates and applications, in addition to sysprep and capture of that installation to create a "golden image" suitable for mass deployment to all the PCs in the organization.

But if your organization uses dozens or even hundreds of applications, which ones should you burn into the master image and which ones should you leave out? The following is some guidance to help answer that question.

Antivirus Software

Antivirus software is one type of application that definitely should be included in a master image. The reason is simple: Every PC in an organization should be protected from malware infection, and the easiest way to ensure each PC has antivirus software installed is to include such software right within the master image.

Must-Have Applications

By extension, if there are any other pieces of software that every single user in your organization either needs for doing their work or must have on their PC for technical or policy reasons, then be sure to include such software in the master image. For example, if Microsoft Office 2010 is needed by every user in your company, then burn it into the master image. Or, if all PCs in an organization need to be managed by an enterprise auditing platform, then burn the agent for that auditing platform into the master image so the PCs can be managed by the platform from the user’s first logon.

The Licensing Issue

If most but not all users need some particular line-of-business application, then consider including that application in the master image even though a few users will end up getting something they don’t need on their machines. But there’s a caveat associated with this approach — namely, licensing. Say you have 300 PCs in your organization but only 250 users need a particular application installed on their systems. It might be easier to include the application in the master image so that the application is installed on all 300 PCs. But if doing this means you'll have to pay for an additional 50 licenses, then rethink your strategy.

User Confusion

Sometimes users get confused if they're given too much software on their computers. Questions such as “What happens if I run this?” can result in unnecessary calls to the help desk that can affect your bottom line. That's one reason to avoid including too many applications in a master image.

Rapid Deployment

If being able to quickly deploy or redeploy fully customized desktop environments to users is a priority for your organization, then include as many applications as possible in the master image. That way, should a user's PC become corrupted and need to be reinstalled, it’s easy to get their machine up and working again quickly to avoid lost productivity. Call centers sometimes use this approach, although a more modern option is to use thin clients or a Virtual Desktop Infrastructure (VDI).

Bandwidth Availability

Be realistic about the amount of network bandwidth your organization has available for deployment purposes. Transferring a large master image over the network can consume a lot of bandwidth, and this may be another consideration for limiting how much stuff is included in an image. On the other hand, if your infrastructure is Windows Server–based, you may be able to use Windows Deployment Services to deliver your master image to PCs using the IP multicasting approach, which uses much less bandwidth than unicast IP traffic. Technet offers guidance on how to implement this approach.

Stable Environments

If your environment is fairly stable and rarely needs an update of its master image, consider including more applications in the image than you might have were the environment constantly evolving, requiring frequent updating of the master image.

Media Deployments

MDT 2010 also allows deployments from media such as a DVD or USB flash drive. This approach can be useful for performing stand-alone deployments in remote offices where no IT expertise is available. If you're going to perform media-based deployments from DVDs, consider limiting the number of applications included in the master image so it doesn’t get so big it won't fit on a single DVD. Using a USB flash drive will provide some wiggle room.

Problem Applications

Some applications can be difficult to automatically deploy using MDT. And because MDT should be used to build the master image, make sure to automate this process as much as possible. If the application is installed using a Windows Installer (.MSI) package, MDT should be able to automate its installation without problems. But if the application is non-MSI, then you can only automate its installation using MDT if the application's setup program has an unattended installation mode, doesn't exit until setup is finished and doesn't reboot your machine. For more discussion on this matter, see this blog post by Keith Garner of the Xtreme Consulting Group.

Alternative Approaches

If it’s not feasible to include certain applications in the master image, all is not lost. There are several ways to provide users with the additional applications they need to perform their work. Consider using Group Policy Software Installation to deploy specific applications to PCs where they are needed. System Center Configuration Manager is another option. Also consider delivering the applications to users as RemoteApp programs using Remote Desktop Services. Or virtualize the applications using Microsoft Application Virtualization (App-V). The bottom line is, think through your master image building process carefully to ensure you include what you need and leave out what you don't.

Sign up for our e-newsletter

About the Author

Mitch Tulloch

Mitch Tulloch

Mitch Tulloch is a Microsoft Most Valuable Professional and lead author of the Windows 7 Resource Kit from Microsoft Press. You can follow him on Twitter at @MitchTulloch or friend him on Facebook at http://www.facebook.com/mitchtulloch.


Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....


The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...


Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.