RE: [ActiveDir] OT (kinda): Standard Desktop Build
I'd suggest that the base build be just that. i.e. the OS, a SP and
perhaps some hotfixes but nothing else.
All other settings should be deployed via a separate layer(s) - e.g.
GPO.
All apps should be deployed via a separate layer(s) - e.g. SMS
You may need additional layers, depending upon your org and
requirements.
The above approach means that 'the build' can be managed separately to
the other layers and hence will rarely need to be altered or maintained
(the odd h/w driver may need to be added, SP and/or hotfix).
The 'layers' to which I refer can then also be managed independently,
without having to touch 'the build'. This leaves more time to focus on
the ways to actually deploy the build rather than the contents of the
build itself.
My 2 penneth.
neil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AdamT
Sent: 15 June 2006 18:30
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT (kinda): Standard Desktop Build
Dear all,
What's in your standard desktop build?
We're looking at getting another 1,000 machines or so and coming up with
a new standard build for XP.
Apart from some of the obvious 'lockdown' changes, what else do you add
or modify in your standard desktop images?
Do you allow anyone access to the 'Power Users' group, and if so - do
you change the ACLs on any of the processes that run as LocalSystem?
Any funky utilities from technet or research.microsoft.com that are
worth playing with?
Any ideas appreciated,
--
AdamT
A casual stroll through the lunatic asylum shows that faith does not
prove anything. - Nietzsche
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments. NIplc
does not provide investment services to private customers. Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies.
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] OT (kinda): Standard Desktop Build
Neil,
That's a great idea - the same one we use here.
Instead then of the 'SOE' thought that is usual, we call it our 'SAL' -
standard application load. The machine is built as an OS, patches and
SP's (out of the box), and WSUS looks after all that after the fact, our
SAL is (in our case) GPO loaded, plus additional settings by GPO.
I think this is a great way to approach building your machines, as it
certainly layers it, you can spread the responsibility pretty easily if
that's what you want to do, and troubleshooting issues/rebuilding
becomes a breeze!
themolk.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, 16 June 2006 5:35 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT (kinda): Standard Desktop Build
I'd suggest that the base build be just that. i.e. the OS, a SP and
perhaps some hotfixes but nothing else.
All other settings should be deployed via a separate layer(s) - e.g.
GPO.
All apps should be deployed via a separate layer(s) - e.g. SMS
You may need additional layers, depending upon your org and
requirements.
The above approach means that 'the build' can be managed separately to
the other layers and hence will rarely need to be altered or
maintained
(the odd h/w driver may need to be added, SP and/or hotfix).
The 'layers' to which I refer can then also be managed independently,
without having to touch 'the build'. This leaves more time to focus on
the ways to actually deploy the build rather than the contents of the
build itself.
My 2 penneth.
neil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AdamT
Sent: 15 June 2006 18:30
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT (kinda): Standard Desktop Build
Dear all,
What's in your standard desktop build?
We're looking at getting another 1,000 machines or so and
coming up with
a new standard build for XP.
Apart from some of the obvious 'lockdown' changes, what else
do you add
or modify in your standard desktop images?
Do you allow anyone access to the 'Power Users' group, and if so - do
you change the ACLs on any of the processes that run as LocalSystem?
Any funky utilities from technet or research.microsoft.com that are
worth playing with?
Any ideas appreciated,
--
AdamT
A casual stroll through the lunatic asylum shows that faith does not
prove anything. - Nietzsche
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
PLEASE READ: The information contained in this email is
confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately
and delete your
copy from your system. You must not copy, distribute or take
any further
action in reliance on it. Email is not a secure method of
communication and
Nomura International plc ('NIplc') will not, to the extent
permitted by law,
accept responsibility or liability for (a) the accuracy or
completeness of,
or (b) the presence of any virus, worm or similar malicious
or disabling
code in, this message or any attachment(s) to it. If
verification of this
email is sought then please request a hard copy. Unless
otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are
solely those of
the author and do not necessarily represent those of NIplc;
(3) is intended
for informational purposes only and is not a recommendation,
solicitation or
offer to buy or sell securities or related financial
instruments. NIplc
does not provide investment services to private customers.
Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St
Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies.
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] OT (kinda): Standard Desktop Build
Dear all, What's in your standard desktop build? We're looking at getting another 1,000 machines or so and coming up with a new standard build for XP. Apart from some of the obvious 'lockdown' changes, what else do you add or modify in your standard desktop images? Do you allow anyone access to the 'Power Users' group, and if so - do you change the ACLs on any of the processes that run as LocalSystem? Any funky utilities from technet or research.microsoft.com that are worth playing with? Any ideas appreciated, -- AdamT A casual stroll through the lunatic asylum shows that faith does not prove anything. - Nietzsche List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] OT (kinda): Standard Desktop Build
On Thu, 15 Jun 2006 18:30:22 +0100, AdamT [EMAIL PROTECTED] said: What's in your standard desktop build? The lowest common denominator software that everyone needs. There seems to be two schools of thought for desktop deployment: Image-based deployment and script-based deployment. Lately, I've taken a hybrid approach -- Using an image with about 60% of the standard software load plus a large install script kicked-off via GuiRunOnce. This script detects the PC model and branches accordingly (touchpad drivers/VPN/iPass for laptops and etc). The nice thing about the script approach is that I can update a software version by simply replacing the setup files rather than having to roll-up a new image. OTOH, the image-based approach makes for faster deployment. RM List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
