0

Since everyone and their kinfolk are working from home these days, our IT department is looking for a solution for imaging new computers away from the office.

We're using MDT to push out the images over the internal LAN currently. This would be assigning computer names, joining the machines to the AD Domain, installing applications, etc..

Is there an accepted way to do this with no initial connection to the LAN?

Dave M
  • 4,514
  • 22
  • 31
  • 30
SamDu
  • 1

1 Answers1

1

There is no out of the box solution that can match the power out of the box that MDT offers. As a workaround, our IT department has made it so that the deployment share is downloaded locally over an https tunnel and then a USB/reimage happens locally.

Now this requires that the deployment share is self sufficient and that it doesn't need network connectivity initially.

The architecture/process looks like this:

  1. Download the custom exe: unauthenticated. (public endpoint, e.g. download from external IT site)
  2. Custom exe throws up a login screen to access the Azure Storage account/internal endpoint.
  3. Download the deployment share over the secure and authenticated https tunnel.
  4. Execute LiteTouch.wsf locally or have the custom exe build a bootable USB from the downloaded Deployment share.

Thanks!

Elliot Huffman
  • 1,229
  • 1
  • 12
  • 25
  • I say *match* as `AutoPilot` is a thing but it can't wipe and repartition disks. It is just automation of the `OOBE` screen. I have found that a combination of `AutoPilot` and `MDT` is very powerful for `Azure AD` joining machines. – Elliot Huffman Apr 09 '20 at 12:43