I'd suggest that the base build be just that. i.e. the OS, a SP and perhaps some hotfixes but nothing else.
All other settings should be deployed via a separate layer(s) - e.g. GPO. All apps should be deployed via a separate layer(s) - e.g. SMS You may need additional layers, depending upon your org and requirements. The above approach means that 'the build' can be managed separately to the other layers and hence will rarely need to be altered or maintained (the odd h/w driver may need to be added, SP and/or hotfix). The 'layers' to which I refer can then also be managed independently, without having to touch 'the build'. This leaves more time to focus on the ways to actually deploy the build rather than the contents of the build itself. My 2 penneth. neil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AdamT Sent: 15 June 2006 18:30 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT (kinda): Standard Desktop Build Dear all, What's in your standard desktop build? We're looking at getting another 1,000 machines or so and coming up with a new standard build for XP. Apart from some of the obvious 'lockdown' changes, what else do you add or modify in your standard desktop images? Do you allow anyone access to the 'Power Users' group, and if so - do you change the ACLs on any of the processes that run as LocalSystem? Any funky utilities from technet or research.microsoft.com that are worth playing with? Any ideas appreciated, -- AdamT "A casual stroll through the lunatic asylum shows that faith does not prove anything." - Nietzsche List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx