Jamf Nation Community

This is gonna get long but ... I've spent a bit of time on this recently, so first up here's our setup.

JSS for managing OSX and iOS. SCCM 2012 SP1 for managing Windows.

OSX Deployment in usual way, base image with packages installed via Configurations and Policies.

We had been deploying a monolithic Window 7 image via Winclone capture, and JSS deployment. This was painful and time consuming when updating the Windows 7 image.

Recently my thoughts turned to updating our Windows image on the Macs and I started thinking about whether I could get SCCM to do it for me. I found that I could deploy a new Windows 7 image and install applications etc in the normal way with SCCM via Task Sequence either through the SCCM client using available/required deployments, or through bootable media.

I spent a little time trying to deploy the Bootcamp tools and drivers via SCCM but gave it up in the end. Instead I made a capture task sequence in SCCM and made bootable media for that TS. Then I did a Windows 7 install on my latest model iMac including the drivers and Windows Support (latest version of course) and while I was at it made the basic settings we require in our environment. No other applications were installed. This image needs to NOT be joined to the domain for capture.

Next boot from the Capture TS media and capture the image.

From here it is a simple matter to create a task sequence to deploy your newly captured Windows 7 image. One gotcha I ran into was needing to remove the partition and format from my task sequence (I copied from another TS which already had most of what I wanted in it). You need to make sure you are targeting the right partition (in my case Disk 0 partition 3). Also make sure you don't apply drivers, I found that even when I told SCCM to only consider the driver package I made from the drivers in Windows Support they would not load properly, hence installing the drivers in the image for capture.

So all this works very nicely for imaging machines which are already in SCCM. I tried tested it all out fairly extensively before trying it on a couple of labs of machines over a weekend. Here's what I did.

In the JSS:

1. All my lab machines get a scheduled start up in the morning each day. This allows me to apply policies run updates, re-image etc without needing to physically touch the machines. They all boot to OSX by default. I set a policy which makes the machines boot to Windows rather than OSX.
2. I have a couple of policies which shut lab machines down, one at the end of each weekday, a second in the mornings of the weekend. I disabled the shutdown policies so they wouldn't interfere with the imaging.

In SCCM:

1. I set up a device collection for the machines I wanted to reimage.
2. I made a scheduled required deployment of the TS to the device collection, scheduled to become available after hours on Friday and unavailable late Sunday night.

What happened:

At the end of Friday the machines in question checked in with the JSS, and rebooted to Windows. The machines then checked in with SCCM and got the required TS deployment. This causes them to boot to Windows PE and begin the imaging process.

When I came in on Monday morning there were two machines which had failed to get the deployment for some reason. The rest (48) had successfully imaged, joined the domain, installed all the required applications and were ready to be used by students. Much, much easier than the old way where after imaging with Casper I would then have had to login to each one and join to the domain.

So for re-imaging I am sorted, and this works just as well for Windows 8 by the way. But for initial imaging of new machines I don't yet have a workflow I am happy with. I spent some (OK a lot of) time working on getting a bootable WinPe image onto the Bootcamp partition so that I could capture it via Winclone and deploy it with Casper. While I could get a bootable image onto the hard drive, I was not successful at getting a bootable image that would actually talk to our SCCM server. So at this point the best I have been able to come up with is to image new machines with OSX and a blank Bootcamp partition. Then boot from my bootable TS media, choose the TS from those deployed to all unknown machines, name the machine, and then let it image as above. Still better than the monolithic image via Casper but not ideal, I'd like to do away with the media and boot WinPE from the HDD.

The wins:

Imaging of Macs with Windows much more granular.
Post OSD deployment management of the machines works exactly as for our PCs meaning the Windows installation stays up to date.
Re-imaging the Windows partition no longer means re-imaging the OSX partition as well.
Re-imaging Windows can no be done completely hands off.

That's my two cents.

Lincoln

Casper for OS X
SCCM for Windows

@Lincoln,
We have managed to capture a bootable WinPE (SCCM) partition by using Winclone.
https://jamfnation.jamfsoftware.com/discussion.html?id=7707#responseChild40900

This method works with Winclone 3.x and did not work with Winclone 4.2 as it was replacing the BCD.
I have contacted Winclone support about this and they identified the issue and fixed it on a test release. Official update will follow later down the track I guess.

At a previous gig we used a WinPE boot disk (CD or USB) to deploy our standard Win 7 deployment (typically) into a VM on the Mac or (more rarely) into BootCamp. I believe the WinPE environment used Microsoft Deployment Toolkit. The Windows side of things were managed with SCCM.

We use altiris to manage our Win7 VMs on Macs. Not exactly what you're asking but let me know if you have questions.

Is Altiris similar to Casper for Windows? We have several Windows labs I do not manage with anything right now they are all deep frozen with Deep Freeze - what does everyone use to manage their Windows devices? I would love to be able to push software and printers.

I want to thank everyone for reading and responding to this thread.
So it seems that most people will be using either SCCM or Winclone to manage the Windows 7 (and possibly) partitions of the dual boot or Win 7 VMs.

@CasperSally
- Can I ask how you manage your Win7 VMs on the macs? - Is it a monolithic image where all applications, drivers and printers? Or a base image with tasks scheduled for software, drivers and printers?
- How do you manage deployment of images and apps?
- How do you manage windows updates on the VM? Is it automated?
- Would you mind sharing your management and deployment plan for your Win7 VM?

Thanks again in advance CasperSally

@Technicholas
Yes we currently are using Altiris 7.1 to manage out fleet of workstations both computer labs and staff workstations.
Yes it does behave like Casper where you can deploy packaged applications, policies, drivers, printers etc
We also use Deep Freeze in conjunction with it as well. I currently don't manage that side of things as their are 2 workers who do that.

Have one particular Fortune 500 client... manage the Mac side (90+% of usage) through Casper... using Winclone, install a Windows partition with a fairly baseline generic Windows 7 image on it (no Boot Camp drivers even, just a local admin created). Then bind to AD and install SCCM. Policy cycle installs AV, wireless settings, etc. It works... I'm the Mac consultant, their internal IT handles the Windows side of things once we get it bound and SCCM going...

@CasperSally
- Can I ask how you manage your Win7 VMs on the macs? I created a sysprepped win7 sp1 base VM a year ago that comes down as part of the Casper image process for those that will get VM file just as a .dmg file created in composer that dumps the file into HD/Users/Shared. Those users also get the VM Fusion install and VM Fusion settings packages (including our license key).

- Is it a monolithic image where all applications, drivers and printers? Or a base image with tasks scheduled for software, drivers and printers?
It's a base win7 image with office. With win7 you don't need to add much in the way of drivers, and they have access to printers from OSX through VMware. There is a post image Altiris job that installs a few pieces of software and adds VM to domain into proper OU.

- How do you manage deployment of images and apps?
Apps for windows can be pushed through Altiris (we're 7.1) via managed software policy or quick delivery task.

- How do you manage windows updates on the VM? Is it automated?
Yes, the best thing Altiris has going for it is patch management of windows and 3rd party apps. Each month I select which updates to approve (Windows/Flash/Shockwave/Java/iTunes, etc) and after testing send to all production machines. Because the VM has the Altiris patch management plugin, they're treated like any other of our machines and get updates automatically.

- Would you mind sharing your management and deployment plan for your Win7 VM?

The Casper image comes down with VM Fusion, VM settings file, & the VM located in HD/Users/Shared. Technician has following post image steps
- Tech logs in and logs out with local admin acct, and casper policy runs/prompts them to enable filevault. Our policy is FV is fully enabled for staff members before they get their laptops so they get this started ASAP.
- Machine reboots, they login again locally, open Fusion, open our VM from Users - Shared, this starts windows going through it's set up routine (b/c the VM was sysprepped).
- Eventually recommends you install antivirus, click “don’t show me this again” - leaves you logged in as local admin
- locally rename to match our VM naming convention (don't reboot yet)
- I have a script they double click on to install altiris agent at this point that auto downloads all needed plugins (patch, etc) - if filevault is still running, they run win updates. They don't have to, patch mgmt will take care of this, but if the machine is sitting/waiting anyway, they might as well get it patched up. - reboot when updates done installing, now computer is named properly
- in Altiris console find VM and send "deploy VM software" job I have set up that installs a few pieces of software not on the image (such as antivirus) & adds VM to our domain
- When VM reboots to CTRL ALT DEL screen, it's on domain and tech knows it's done.
- Tech shuts down VM, allocates more RAM if machine has it available, shuts down machine and it's ready to be delivered to user.
- If user isn't familiar with VM, we show them how to open it, etc.

Let me know if you have other questions.

I can provide a lot more details later on if you'd like but I was scrolling through, saw this thread and thought I'd throw my hat into the ring. We actually use DeployStudio to image both our OS X and Windows partitions and then use Munki/Profile Manager to manage OS X and Altiris to manage Windows. We've been doing this for a few years with great success. We could easily do the same with Casper (we only use Casper for iOS) if we needed to. I will try to answer any questions you have regarding the Altiris dual-boot management that I can.