2. Edit the Deployment Task Sequence
The one-size-fits-all policy might apply to your
reference image, but it most likely will not be the best approach when
it comes to deployment task sequences. Your reference image is like a
common denominator between all desktop and laptop computers in the
organization. A task sequence that deploys that reference image can be
varied depending on who or what it will be used to target. Some examples
are as follows:
Kiosk-Like PCs
Some PCs, such as in a call center, might not
have any user state or data on them. It is a waste of time to attempt to
capture or restore a user state.
Executives
Rebuilding the PC of an executive or director
using zero touch installation (or even manual) is a scary time. What
happens if the build goes wrong? Have you anything you can quickly
restore the machine to?
Specialization
You will find that some teams, departments,
sites, or divisions have specific software that is licensed and used on
all machines. It would be a requirement to quickly get that software
onto the PC.
Having multiple task sequences allows you to do all
of this and much more. You can then target each task sequence at the
appropriate collection using an advertisement. You will edit the
deployment task sequence (Deploy Windows 7 Pro x64 Standard Image) and
make some changes.
By default, before an operating system is installed
using the Client Task Sequence template, a backup is made of the
existing installation. This backup would be very useful if you are
performing an installation for users who are sensitive to downtime, such
as executives. You can quickly recover the backup should something go
wrong with the ZTI deployment. Would you really want to do this for
every computer on the network? It would be time consuming and require a
lot of storage space. Click the Options tab and check the Disable This
Step check box (Figure 4) to prevent this task from running. The task will be grayed out when it is disabled.
One of the most powerful security features of Windows
7 Ultimate and Enterprise editions is BitLocker. There is a task to
enable and configure BitLocker (Figure 5) but it is disabled by default. Enable the Enable BitLocker step and configure it to match your organization's policies.
It is possible to force software to be installed onto
the computer as a part of the task sequence. Normally, ConfigMgr will
wait until the computer is built and the ConfigMgr client can evaluate
policy to determine what software distribution advertisements apply to
it.
The Install Software task, shown in Figure 6,
allows you to pick a package and a program within that package to run.
Doing so forces the software to install. Note that only programs with
the "Allow this program to be installed from the Install Software task
sequence without being advertised" setting will be able to run. Programs
that do not allow execution without a user being logged in will not be
visible in the Program selection box. This is because no one is logged
into the PC when this task runs.
The easiest way to force more than one software
distribution package to install is to add from Install Software tasks
from the Add menu. Alternatively you can use the Base Variable Name in
combination with Collection settings. You can learn more about this
advanced technique at http://b1og.coretech.dk/confmgr07/software-distribution/insta11ing-mu1tip1e-applications-using-variables/.
|
You can copy an existing task sequence to create a
new one. Right-click on the source task sequence and select Duplicate.
You can then customize the new copy.
|
You can add, configure, and disable tasks until you
have a task sequence that meets the requirements for distributing the
operating system reference image to the desired collection of PCs. You
can then create more task sequences with different settings while still
using the same reference image for other collections. When this is
complete, it will be time to deploy the operating system.
