Intel and McAfee

Intel announced on 19 Aug 2010 that it will buy McAfee for around $8bn. This has caused some surprise. Intel does not sell directly to the end-user, and it does not develop application software. It is not obvious what it achieves by acquiring a software vendor. Here's my guess as to why Intel is doing it. There is a complex pattern of change going on in the architecture of the server computer. As parts get cheaper and more powerful, they can be reconfigured in many ways. The basic model of one box and one chip per business function (e.g. the... Read more →

The problem of enterprise patching

A colleague was talking to me yesterday about his recent experience in implementing Microsoft System Center Configuration Manager (SCCM) for a customer. He is using the System Center Updates Publisher (SCUP) to deliver Dell firmware and software to clients. This got me thinking again about the best tools to use for keeping your non-Microsoft software up to date. Keeping something like Adobe Flash Player up to date, for example, is a small problem that encapsulates a much larger one: how to ensure that the clients in an enterprise that have access to corporate data are adequately secure? Adobe Flash Player... Read more →

Citrix: Off your Trolley Express

Until recently it has been possible to automate the installation of most software on a Windows computer using Group Policy. Group Policy is a standard component of a Windows domain and so there is no additional cost. Starting with version 11.2 Citrix no longer recommend using Group Policy to install the Citrix Online plug-in. Are they off their trolley? Windows Installer Microsoft introduced Windows Installer with Windows 2000 as the preferred method for installing software on Windows computers. Windows Installer is a service in Windows that provides the standard mechanisms for software installations. The vendor creates an installation package with... Read more →

The standard user desktop can be delivered in radically different ways. While this is interesting technically, what difference does it make to your business? Some of the claims are just plain confusing or misleading. The standard user desktop can be delivered in radically different ways: standard PC; netbook; virtualized applications; remote desktop; virtual desktop; virtual disk; the list goes on. It is a big subject, so it is hard to know where to start. There are use cases for different types of desktop that seem obvious, but the more you look into it the less obvious it is. Let's explode... Read more →

If only it were that simple

Microsoft Forefront Client Security (FCS) server components do not run on 64 bit servers. OK, that's no problem, we will have a dedicated 32 bit server. It should be simple enough, shouldn't it? Hang on a sec. We have to install the FCS Distribution component to configure the updates on WSUS. The WSUS server is 64 bit, and the FCS Distribution component will not install on it. OK, let's just install WSUS on the FCS Server. It doesn't matter if we have two WSUS servers bringing down updates, in fact it's quite neat and tidy. We could use the FCS... Read more →

Windows 7 Deployment Part 7

There are several different tools for installing drivers in Windows 7. This blog aims to describe them and show how they differ. Driver installation tools for Windows 7: DISM DPInst DrvInst PnpEnum PnPUnattend PnPUtil DISM Deployment Image Servicing and Management (dism.exe) is the new tool for modifying Windows images. It replaces the individual tools that were introduced for Vista images. There is plenty of documentation about DISM. DISM is a "framework" tool that gives access to different "providers". The DISM host itself controls things like logging and rebooting. The different providers do the work with their own command line options,... Read more →

Importing a block of drivers into an image takes quite a bit of time. This is not important before deployment, but during deployment it can add many minutes to the imaging process. During deployment you really want a process to inspect the target computer and obtain just the drivers required for it. For this we need specialist tools. Microsoft Deployment Toolkit (MDT) 2010 does this. It is interesting to see how it does it. In Microsoft Deployment Toolkit (MDT) 2010, open the Deployment Workbench and import drivers into the Out-of-Box Drivers folder. You can also filter the drivers into Selection... Read more →

If you have only a few standard models of computer in the organisation then you can maintain specific Windows 7 images for each. But if you have many models you may want to be able to add or update drivers without capturing a new image. This piece looks at the different ways you can add drivers, and what happens when you do. You can add or remove drivers in two main ways: Servicing the image as a file Running Windows 7 in Audit mode. You can do either of these at two different places in the deployment workflow: On a... Read more →

Time to deploy Windows 7. You take a look at your desktop and laptop inventory. Is it going to be easier to create an image for each model, or to create one image and to add the different drivers and components required for each model? Adding drivers sounds more efficient, but creating different images is more straightforward. What are the trade-offs? And what tools do you need? The more you think about it the less clear it can seem. If you have a limited range of models, and you decide to create one image for each model, you can use... Read more →

If you want to perform completely unattended imaging, you need to change the computer so that it boots from the network when there is an imaging task. There are two ways you can do this: You can change the boot device order so that a network boot is tried first. This is changed in the BIOS setup. You can leave the boot order as it is but, when required, edit the boot configuration of the hard disk so there is no bootable partition. Then the boot sequence will fail through to the network. Change the BIOS Normally when the computer... Read more →