If you have more than a handful of desktop computers in your organisation, I highly recommend setting up either a Desktop Image, or a centrally managed software deployment process. A standard desktop environment for all users makes it much easier to support end-users, and provides for a much more consistent experience.
Tools such as Windows Deployment Services makes image rollout very easy.
The question is – what software and settings do you include in your standard image that gets deployed out to all users?
Unless you have a very specific long term support requirement, I recommend starting with the latest Windows 10 Enterprise build.
Unless you have licensed Office 365 E3 or E5, I suggest rolling out Microsoft Office 2019 Standard. Why not Professional or ProPlus? Standard contains the usual suite of applications, including Outlook and Publisher, but excludes Access and Skype for Business.
If you have users who need to run but not edit Access databases, then you can include the Access Runtime.
Maybe you need the Skype for Business client – in which case, the Skype for Business Basic client may be appropriate. If you don’t already use Skype for Business, you may wish to try Microsoft Teams instead (the roadmap is for Teams to replace Skype for Business).
After this, we start to think about various utilities your users may require. I suggest considering the following:
- Adobe Reader
- Google Chrome (managed via the ADMX templates)
- Mozilla Firefox (managed via the ADMX templates)
- VLC
- Filezilla FTP
- Paint.NET
- 7Zip
- Audacity
- .NET Framework 3.5
- Windows Defender (or a centrally managed AV product)
These tools provide utilities for a variety of common tasks, such as media playback (VLC), image editing (Paint.NET), audio editing (Audacity), file transfer (Filezilla), and archive extraction (7Zip).
Providing these utilities saves your users from finding ‘workarounds’, many of which may actually be harmful (how many people do you know who’ve downloaded malware when trying to install a video codec?).
In previous years, I’ve bundled Adobe Flash and Java – but these runtimes are now mostly unnecessary. Although it’s a bloated application, Adobe Reader is still necessary for filling out PDF forms and other advanced PDF features.
Should I bundle Line of Business applications in the image?
More and more line-of-business (LOB) applications are web-based, but there’s still plenty of Win32 software kicking around that needs to be deployed. Whether you bundle this software in your standard image really comes down to three questions:
- Which proportion of users need each LOB application?
- What is your licensing agreement?
- Are there alternative delivery methods? (e.g. VDS, Citrix, RDS, etc.)
I prefer to delivery LOB applications through some sort of remote access method, as it makes updates much easier. However, if you have an enterprise-wide ERP, for example, you may wish to bundle this. Just make sure you consider how to update it once the image has been deployed to each PC.
Windows 10 Cleanup
The Enterprise releases of Windows 10 are far less bloated than the consumer editions, but there is still a bit of undesirable software. You may wish to run the following (with elevated privileges) upon system startup or user login.
Group Policy
All of these choices should be backed by strong group policy settings – but this is the topic of another article.