Deploying & managing Windows 10 devices for a small business (1/3)

For this Q4 18′, the business I am working for had decided to shift and move away from carrying multiple devices to a main one, powerful enough but lite enough, something with a good balance, something built around Windows 10 which our IT Department can safely update and maintain.

After a few trials and tests, the Dell 5290 2in1 was selected.

The first part for me was to gather all the piece of the puzzle (Server, Software and processes and end users). In ITIL you would talk about the 4Ps (People, Partner, Product and Process).

For me, the people were our sales team which will be using these devices. I wanted to deal closely with our Partner and Dell vendor so I could get the most out of the 5290 2in1, brand it and make it user-friendly at the same time. Product was based on Windows 10 build 1809, we identified very new features that can benefits the business and create the “Waouh” effect. After a few weeks I had organised my calendar to drive the project in the right direction . Shall we start?

1. Preparation

Providing a custom base for all our team member was a challenge that need to meet the requirements. After a couple of quick tests we decided to stick with the easiest solution which is using Fog server to image a base made of Windows 10 system and use Microsoft Intune to deploy and customize more on the top.

1.1 Boot via PXE Boot

We had to get some of the Official Dell usb type c adaptor to RJ45 interface so the device could pick the network configuration we have in our lab network.

I have also used DellOS software to provide a fresh install of Windows 10 with Dell drivers.

1.2 Setup Dell device

I had to change a couple of BIOS setting for the boot to happen.

  • Secure boot was turned off
  • iPv6 was turned off
  • Bitlocker was turned off (command line to use is manage-bde -off c:)

1.3 Install Ubuntu 18.04 LTS on Server

Installing Ubuntu was more a way to reduce the risk. I knew Fog had plenty of documentation for Ubuntu/Debian but I reckon this to work just fine with any linux distros.

1.4 Configuring network for the server

I had configured the server and checked with
ifconfig & ip route show

Because we are using Ubuntu 18.04, we will have to use netplan to configure this.
Config files are located at /etc/netplan and because we are using a server version we will use networkd as a render.

Network Config

version: 2
dhcp4: no
dhcp6: no
addresses: [10.x.x.x/24]
gateway4: 10.x.x.x
addresses: [DC1, DC2]

I have run following commands

sudo netplan apply
sudo netplan try
ifconfig -a

1.5 Partition requirements

Ubuntu would have automatically created swap, boot and home however Fog need a specific /images partition to work in an optimized way.

Total HDD 500 GB
/swap 4 GB
/boot 1 GB
/ 30 GB
/home 20 GB
/images 415 GB

1.6 Enable SSH for root (for testing only)

nano /etc/ssh/sshd_config change PermitRootLogin yes

And restart services
service sshd restart

1.7 Update system & disable firewall

sudo apt-get update
sudo apt-get upgrade sudo apt-get install git
systemctl stop firewalld
systemctl disable firewalld
cd ~

1.8 Setup Time

cp /usr/share/zoneinfo/Australia/Brisbane /etc/localtime

2. Design the automation

2.1 Install Fog

sudo -i
git clone /root/fogproject
cd /root/fogproject
git checkout dev-branch
cd bin

At the end of the installation there is a URL displayed.

Use it to navigate to the fog website (The Server IP)
Click on execute the script (as below)

mysqldump –allow-keywords -x -v fog > fogbackup.sql

Go back to your SSH shell and hit enter to proceed to end configuration

2.2 Configure Apache2

Run command below to locate your php.ini file
php -i | grep “Loaded Configuration File”

  1. Sudo nano /etc/php/7.1/cli/php.ini
  2. Change
    1. memory_limit = 1900M
    1. post_max_size=1900M
    1. upload_max_filesize=1900M
  3. Save Changes
  4. sudo /etc/init.d/apache2 restart

2.3 Upgrade to trunk (fog server)

At the moment, current & latest fog version is 1.5.4 but if you need you can upgrade as per link below

2.4 Configure DHCP Server to use Fog Server to boot PXE

We now need to access our DHCP server to help for Boot PXE on the client device.

Log on your DHCP server (In my case it is a Windows Server). Open the DHCP Server and go to the scope options
Options 66 & 67 need to be changed as below
Option 66: Your FOG Server IP
Option 67: The driver used by your network card to boot with (in our case it is undionly.kpxe)

2.5 Microsoft Surface Pro device case (Optional)

For Microsoft Device there is a bit of complexity for the driver but you can manage that as an exception

Right click on IPv4 and click on Define Vendor Classes

The ASCII code should be PXEClient:Arch:00007:UNDI:003016 (This is specific of the Microsoft Surface Pro 4)

When this is done, you can create a Policies to trigger the right driver.
Type a name for your policy and go to the conditions tab to include a condition. See below

Option 67 – Bootfile: ipxe.efi

What is next?

Next article will talk about how we did customised Windows 10, capture & deployed the image. Finally last article should deal with the MDM (Intune)

3. Customize Windows 10

4. Capture/Deploy the image

5. Managing Devices via Intune

Leave a Reply

Your email address will not be published. Required fields are marked *