Simplifying the deployment of your workstations

Many companies and administrations include software and configurations in the OS images they deploy on their fleets of hosts.

But from now on this is no longer the recommended method for several reasons:

  • Each time you make a new image, you waste a lot of time installing software and configuring it. You are very limited in the user configurations that you will be able to include in your image.

  • Each time you make a new image, you will have to keep track of the changes in a text document, a spreadsheet, or a change management tool.

  • OS editors (notably Microsoft) advise the use of raw ISO images and their parameterization in post-install.

  • Finally, if you introduce in your image security configurations, network configurations, or configurations to limit the intrusion of telemetry, these configurations can disrupt the normal functioning of WAPT, it will complicate future diagnostics.

With WAPT this is no longer necessary

Recommendations

Tranquil IT recommends:

  • To make only one raw image per OS type with MDT, Fog (win10, win2016, etc) or WAPT WADS without any configuration or software. Put only the system drivers you need for your image deployment in the MDT or Fog directories provided for this purpose;

  • To create as many Organizational Units as you have host types in the CN=Computers OU (ex: standard_laptop, hardened_laptop, workstations, servers, etc) in your Active Directory;

  • To configure your Active Directory to distribute the WAPT Agent by GPO to the different Host Organizational Units; this way, you can opt for fine grained configurations of your waptagent.ini for the hosts attached to each OU.

Hint

To save you time, you can base your security configuration strategy on security WAPT packages already available in the WAPT Store, you will only need to complete them according to your Organization’s specific security requirements.

  • To create in the CN=Computers OU as many Organizational Units as there are types of computer usage in your organization (accounting, point_of_sale, engineering, sedentary_sales, etc).

  • To create generic WAPT packages of your software applications with their associated configurations.

Deployment scenario

  • You receive or the IT manager at the remote site receives a new computer in its box.

  • You configure the host’s MAC address in DHCP so that it gets the right system image and is positioned in the right Organizational Unit at the end of the deployment process.

  • The expected system image is downloaded on the host in masked time, the host is placed in the right Organizational Unit.

  • The WAPT Agent registers the host with the WAPT Server, it appears in the WAPT Console.

  • The WAPT Agent detects that it is in an Organizational Unit that requires a particular software set and a particular security configuration.

  • The WAPT Agent downloads and executes software packages and security configuration packages in hidden time; the WAPT Agent automatically removes delegated rights that are rendered useless after joining the domain to prevent them from being subsequently exploited in an unauthorized manner.

  • Either by group of hosts or host by host, you finalize the configuration of the hosts by assigning specific WAPT packets to them.

Hint

If you want, you can even leave the final configuration step to your users by configuring WAPT self-service for them (printer configurations, special software needs, etc).