As part of establishing a standardized configuration, determine which operating system components to include and the settings for these components. This determination includes optional components in all operating systems, server roles in Windows Server operating systems, and components to include in Windows Preinstallation Environment (Windows PE). For example, you may decide to remove unnecessary Windows operating system components from desktop and portable computer deployments to reduce the security footprint of those computers.

For each operating system image, determine the:

·     Operating system components. Select the components required for the applications and user roles performed on the target computers. Install only the components that are required to help reduce the attack surface of the target computer and the image size.

·     Server roles. Select the server roles required for the server computers. Install only the server roles that are required to help reduce the attack surface of the target computer and the image size.

·     Windows PE components. These components include Microsoft ActiveX® Data Objects (ADO) support, fonts, and the necessary drivers and packages. You can select the components for 32-bit and 64-bit versions of Windows PE.

·     Configuration settings. Identify the configuration settings for components included in the images. Select configuration settings that meet the business and security requirements of the organization. For more information about target computer security, see Planning Target Computer Security.

Related Topics

Planning MDT Deployments