The following post recaps on the questions we covered off during last weeks webcast on desktop deployment, because there was so many, and we couldn’t answer them all, we thought we’d blog up our thoughts with some additional bits and bobs.

Q. Can Windows Vista BitLocker be managed from a central console for administrative purposes?

A. The short answer to this is no. However we provide a script with Windows Vista and Windows Server 2008 that can be used to manage BitLocker, this can easily be called from your build process or your software distribution tool to automate the process. The script is called manage-bde.wsf and can be found under c:\Windows\System32\manage-bde.wsf. For usage information just run manage-bde.wsf /?

Further to this, if you’re backing up your BitLocker recovery information to Active Directory we also have the BitLocker Recovery Password Viewer for Active Directory to help you locate your recovery information:

Q. Are there any "best practices" to getting device drivers in an "automated" way?  When you have a multitude of drivers to maintain, it is hard to verify if they are up to date.

A. There’s no automated way that we’re aware of to get device drivers. If you use a tool like Configuration Manager 2007 or Microsoft Deployment Toolkit, both of these display the driver versions that are currently being used which can help. Also Configuration Manager allows you to group drivers to help with the management process but neither will automatically go and get the latest drivers, this for the time being is a manual process.

It’s stating the obvious, but the more rationalised your hardware estate is, the easier management of the drivers will be.

Q. Do you need to become a SHIM expert?

A. This question was asked when we were discussing the various options for providing a fix for an application that would not work on your new operating system. The answer to this question really depends on how you’re managing your entire application compatibility project stream.  Many customers we work with now look to offload the cost and complexity of application compatibility and remediation through a 3rd party who have experience and expertise in doing this kind of work.  If your company is looking at handling this process entirely in house, then yes being a SHIM expert, or learning how to create and leverage SHIM’s will be a really great asset to the project. 

With that said, we would still recommend patching or upgrading to a supported version by contacting the application vendor as the preferred solution to help ensure your application estate remains supported wherever possible.

For some further reading, Microsoft has an Application Compatibility TechNet website here: and Chris Jackson has a great blog on the topic here:

Q. How does Configuration Manager allow for dynamic driver injection for an image as it is being deployed?

A. When Configuration Manager deploys and operating system one of the steps, just after the OS image has been applied, is to perform a plug and play enumeration of the target workstation. The information gathered is then compared with the Configuration Manager driver database, if any matching drivers are found and available in a package they are copied to the target workstation to be used during the Windows installation, including the injection of mass storage device drivers for both Windows XP and Windows Vista. This process can also be configured to have Configuration Manager identify the closest matching driver and copy just the one driver to the target workstation, or copy all matching drivers and allow the OS installation process to select the best.

Ben Hunter from ‘Deployment Guys’ wrote a great post on how you can handle this earlier in the year:

Q. Do user profiles have problems as user switch from XP to Vista?

A. There is a different profile structure for Windows Vista and Windows XP so it’s not possible to take a Windows XP profile and use it on Windows Vista. You will see this in operation if you use roaming profiles, the Windows XP profile will appear as normal but the Windows Vista profile will have a .v2 extension, here is a good article on working with both Windows XP and Windows Vista profiles:

Also worth a read is this support article on migrating roaming user profiles data to Windows Vista or to Windows Server 2008:

Q. Can you provide some specific rules of thumb - or at least an approach to determining how fast you can deploy in your own environment?

A. We understand that it’s good to have some specific rules but this one is really down to each individual environment. We would definitely recommend deploying as fast as is possible to remove the need to support two operating systems side by side for any extended period of time but the point we were trying to get across is that how fast you can rollout your desktops is going to be based on a number of factors and should not be based solely on how many machines your infrastructure is capable of deploying.

Consider that if you are replacing hardware you’ll be limited by how quickly you can physically get that hardware out, if you’re migrating user data across the network, deployment times can significantly increase and one of the most fundamental considerations relates to how you will handle end user training, and if that will be done as users are upgraded to a new OS…if you a training users as you migrate them to a new OS, how many users you can train simultaneously.  In a very similar way, you need to plan for what volume of help desk calls you can support for users who are getting to grips with their new OS and application sets.  As you can see there’s no simple answer here!

There are many other factors involved which is why we recommend you gradually ramp up your rollout until you get to the point where you can’t comfortably go any faster and be prepared to stop if you hit any issues. It’s normally a lot easier to fix a problem as you go rather than waiting until you’ve rolled out all your workstations and try to fix the problem retrospectively.

Q. With MDT 2008 / Configuration Manager or SMS2003, we will have same functionality if we deploy XP instead of Vista? Or are there some functional restriction?

A. When considering any of the deployment tools we provide individually, there is no difference to the deployment process whether deploying Windows XP or Windows Vista. There are some minor differences such as the answer file format used and other subtleties due to improvements in Windows Vista but the underlying process remains the same whichever OS you’re deploying. This isn’t the case when comparing the tools with each other though, while there are similarities between SMS 2003, Configuration Manger 2007 and MDT there are some significant and well documented differences.

Q. I know that Configuration Manager 2007 supports USB pens, but does it also support external media (USB harddrive) like MDT?

A. No, while this is will most likely be technically possible, media based deployment via USB hard drives aren’t supported.  Consider however, that USB Flash Based hard drives are gaining in size, you can 32GB flash drives now, which will most likely be sufficient and will perform faster than a traditional hard disk. 

For more details on media based deployments, view the the official Configuration Manager documentation (