Rollout with Runtime Provisioning

Windows 10 Deployment Using Runtime Provisioning

Windows 10 is quickly becoming a standard throughout the industry and its Runtime Provisioning Packages provide a solution for implementing a mass deployment and/or a slower, controlled rollout. The tool for creating these packages is Windows Configuration Designer and can be installed from the Windows ADK located here or through the Microsoft Store.

Why Runtime Provisioning

Other solutions may be cost-prohibitive to your organization or so complex that it becomes difficult to implement and maintain. You may even have bandwidth constraints that make it time-consuming to download and install applications on a per-machine basis. Bandwidth can also be a concern as it has adverse effects on other users in the organization if the network is being clogged up with numerous machines downloading software and updates simultaneously.

Runtime Provisioning can alleviate these concerns and help get your organization’s infrastructure up to date with Windows 10. Some organizations have chosen to use a third party to receive machines and image them to their liking, which can be expensive and sometimes create issues by going through a “middle man.” Windows Configuration Designer (WICD) is FREE! It doesn’t get better than that. Provisioning Packages created through WICD can also be used on off-the-shelf devices from the manufacturer, eliminating the need for any third party imaging.

As with any IT project, the goal is to minimize the impact on your userbase. Provisioning Packages do not require network connectivity and can help mitigate the impact during a new machine rollout by installing a set of applications using offline installers and silent installation switches. For example, if your users are licensed for Office Pro Plus, it is possible to obtain offline installation files and install them using a Provisioning Package. As each download of this software is ~2GB in size, not only does this significantly reduce network traffic, it saves time provisioning machines for users by circumventing the normal steps of having to browse to the Office 365 portal with their account and downloading/installing Office from there.

Though the initial build can be as simple or complex as you would like, the implementation of Provisioning Packages to provision a new machine is simple enough to be done by anyone. After a Provisioning Package is built and put on a USB drive it’s ready for use. All it takes to implement the package is to have it in the top-level of your drive so Windows can query it and insert it during boot. Using this method, to avoid any user interaction except for inserting the USB, there is an option to skip the Out of Box Experience (OOBE). By activating this there will be no interaction, the package will run by itself and it will tell you when you are able to remove the USB drive. You can also have this package on as many USB drives as you would like and provision how many machines you want at one time.

What Can Be Provisioned

One of the largest time-savers with a Provisioning Package is the ability to skip the initial configuration of the machine (OOBE). Without using Provisioning Packages, a normal machine setup starts upon bootup and consists of a series of setup screens to apply desired settings. The user will see the following prompts to set up:

- Language selection

- Cortana welcome screen

- Region selection

- Keyboard selection

- Connection to a network

- Download of updates

- End User License Agreement

- Set up of a local or Microsoft account and security questions

- Windows Hello setup

- Privacy settings setup and acceptance

Using the function to skip the OOBE resolves any need for navigating this manually. Please note that when using this function, it is required to insert local administrator credentials into the package.

Another large time-saving function of Provisioning Packages is software installations. Your organization may have a network share set up for software distribution or it may be required to go online to download and install necessary software. Both requirements may lead to high network utilization which can impact other users and lead to an interruption in workflow. Using a Provisioning Package, you can bundle software to distribute to users in the same package as the one used for the initial configuration. You can also create subsequent packages to add after the machine has been set up if you choose. For example, if you have a set of applications that you only want your Finance users to have access to, you can create a separate package to install those and use the first package to install a Universal set of applications such as Java, Reader and Chrome.

Provisioning Package Security

You may be concerned with the security of Provisioning Packages being stored on USB drives and the portability and ease of losing these tiny devices. If you have sensitive information or applications stored within a Provisioning Package, the entire package can be encrypted with a password. While the content stored in the Provisioning Package will be extracted, the commands to carry out the functions will not execute without the password. If the password is input incorrectly, the extraction rolls back, the installation fails, the extracted data is deleted and the interface rolls back to the OOBE for manual setup.

Is Runtime Provisioning For You?

It’s up to you to decide if using Provisioning Packages is what you are looking for but there are many benefits to going this route. Cost, ease of use, and user impact can all be mitigating factors in your organization’s decision to deploy Windows 10 company-wide. Runtime Provisioning aims to alleviate these concerns no matter what your environment consists of. Whether you are still in an on-premises domain environment or Azure Active Directory, Runtime Provisioning can be tailored to provision machines automatically as a low-touch solution to save time and money getting your infrastructure up to date.

By: Sam Rice