Friday, January 13, 2012

Deploy Windows Thin PC (WinTPC) with MDT 2010

Last year, on July 1, 2011 actually, Windows Thin PC (WinTPC) is released. WinTPC images are smaller than Windows 7 images, and hence have a lower attack surface.

WinTPC is an Microsoft Software Assurance (SA) benefit that provides a low footprint, locked down version of Windows 7 that enables organizations to repurpose existing PCs as thin clients, thereby reducing the need for new thin client hardware. And since these PCs retain their existing SA coverage, they do not need any additional Windows Virtual Desktop Access (VDA) licensing for VDI. 

WinTPC offers an excellent thin client experience by locking down the PC through write filters, while still providing users with a superior remote desktop experience through RemoteFXTM support. IT can deploy and manage WinTPC images to multiple PCs using System Center Configuration Manager (SCCM), and push updates to these PCs using Windows Update or Windows Server Update Services (WSUS).

Additionally, WinTPC leverages Windows Enterprise features such as BitLocker and AppLocker to further secure the endpoint. With BitLocker and BitLocker To Go technology WinTPC disk drives and flash storage can be encrypted, thereby ensuring that any data stored on disk is secure. With AppLocker, IT can prevent unauthorized applications from running on WinTPC.


WinTPC is a locked down version of Windows 7, and hence, will be able to run on any device capable of running Windows 7. The recommended specifications for running Windows Thin PC are:
  • 1 GHz or faster 32-bit (x86) processor
  • 1 GB RAM
  • 16 GB available hard disk space

WinTPC can be deployed with ConfigMgr 2007 and MDT 2012. With MDT 2010 it's possible also, but then a unattend.xml change is needed. As mentioned in Windows Thin PC: Another flavor of Windows 7 the <UpgradeData> section from the unattend.xml that you use to deploy WinTPC must be removed then. Then it's working in MDT 2010 also. WinTPC can be deployed in just 15 minutes with MDT usage!

For managing WinTPC the normal Windows 7 Group Policies can be used. That way even more functionality can be excluded from the already stripped version of Windows 7. With write filters the disk partition can be keeped clean. WinTPC has both file-based and enhanced write filters. Write filters can be enabled to prevent users and applications from writing to disk, and hence ensure that the OS returns to a pristine image on every reboot.

With WinTPC you can have a fast Windows 7 version on almost all types of hardware which have Windows XP or Vista support. Just install the OS and have a look at yourself. Download 90 days trial

2 comments:

  1. How do you buy WinTPC?

    ReplyDelete
    Replies
    1. WinRPC is a Software Assurance (SA) benefit. You can download a trial version or have a look here: http://www.microsoft.com/licensing/software-assurance/

      Delete