Problem summary
Deploying a Windows 7 SOE via SCCM has the requirement on the network being available to build or install of the operating system and applications, but in the event of a critical outage (such as a network worm or major virus outbreak) the network may be down or compromised. This situation is normal for traditional organisations but in the case of a critical infrastructure service provider a solution is needed to enable end-users to rebuild their own machine (with IT direction).
Options
There are several technologies that are available for all or parts of this solution:
1. System protection (build into Windows 7)
2. Recovery console (build into Windows 7)
3. Safe Mode (build into Windows 7)
4. Windows backup (build into Windows 7)
5. Previous versions (build into Windows 7)
6. VHD, Running on (bespoke effort)
7. Self-image MOE (bespoke effort)
8. SCCM Offline Installation Media.
Possible solutions
Previous versions
Previous versions are copies of files and folders created automatically and saved as part of a restore point. You can use previous versions to restore files and folders that you accidentally modified or deleted, or that were damaged. Previous versions cannot be used on system files and does not offer protection for the types of errors this document is discussing.
System protection
System protection regularly creates and saves information about your computers system files and settings. It saves these files in restore points, which are created just before significant system events, such as the installation of a program, device driver or scheduled once every few days. To restore these files the user opens the control panel and restores the state via an applet.
Windows backup
The internal backup software can create a system image (exact copy of a drive). This image includes the files required for Windows to run. You can use a system image to restore the contents of your computer when your hard disk or computer fails. When you restore your computer from a system image, it’s a complete restoration – you cannot choose individual items to restore, and all of your current programs, system settings, and files are replaced with the contents of the system image.
Recovery console (aka Windows Recovery Environment)
The recovery console is a partial version of Windows 7 with a set of tools that you can use, with a backup created earlier, to recover your system. This can be used to recover drives, partitions and operating systems. This software can be made available on the local computer or restarting the computer, via pressing F8 or on a boot of a Windows 7 Setup disc.
Safe Mode
Safe mode is a troubleshooting option for the Windows 7 that starts the computer in a limited state. Only the basic files and drivers necessary to run Windows are started. This service is used by IT technicians and is complicated, not user friendly and is in general a last chance option for OS repair.
VHD Running
Windows 7 has the technology built in to run the operating system in a virtual hard drive (VHD) – as compared to a traditional disk partition. This allows the flexibility of several copies of this virtual hard disk and therefor several copies of the operating system to be available at boot time. This is flexible in some ways but does have limitations (page file etc.).
Self-image
The traditional way a Windows 7 image is deployed to a workstation is via the network from a SCCM distribution point. This gives the flexibility of the most current OS image being available at any point in time, but does limit the deployment to when the network is available. A self-image MOE would have the MOE image deployed to the local computer as a file/image and would allow the user to re-install this OS as needed with a reboot.
SCCM Offline Media
Using stand-alone media doesn’t require access to SCCM during imaging because all components needed during the imaging process are copied to the stand-alone media and available locally.
Way forward
Looking at the technologies that are available some are simply not for end users and these can be ruled out for several reasons:
1. System protection – requires the user to run the restore process, and is not a simple solution for end users.
2. Recovery console – designed for IT processional and is not suitable for end users.
3. Safe Mode – designed for IT professional and is not suitable for end users.
4. Windows backup – designed for IT professional and is not suitable for end users.
5. Previous versions – not a solution for this problem.
This leave three possible solutions that are available to address this problem. These solutions will require your evaluation, testing and prototyping to see which is the best fit for for you and can be made user friendly enough so that this can be activated by the end user as needed:
1. VHD Running
This solution would require capturing the image or deploying the image as a VHD, setting up a backup process, automate the steps and creating a boot menu for users to rollback/forward as needed on reboot.
2. Self-image MOE
This solution would possibly require repartitioning the local drive, the update of the local SOE to support the self-image, the updates to the MOE image to support self-image, automate the steps and creating a boot menu for users to rollout MOS as needed on reboot.
3. SCCM Offline Installation
This is the solution is supported by Microsoft for offline deployment and it is a more simple solution leveraging existing system management platform.
Effort
Looking at these solutions an SCCM, Windows 7 expert can build a series of lab servers, clients and tests these solutions, this will allow a prototype to be created, pros and cons identified, a gap analysis identified and plan for the production rollout.
So do you think you need this technology? If so give me a call and I can organise someone to help.