What to avoid when deploying Windows 10

Posted  8th April 2021
Posted by  Steve Trimmer

When deploying Windows 10 computers into a WSUS environment, there can be an issue with the deployment of device drivers for some of the hardware.

The Issue

When deploying Windows 10 computers into a WSUS environment, there can be an issue with the deployment of device drivers for some of the hardware. This will happen if the WSUS environment is not configured for the deployment of drivers, and will look something like this in Device Manager:

Why does this happen?

Windows deploys a set of generic drivers at install time, then uses the Windows Update service to find and deploy specific drivers for the hardware detected. It does this in the background after the first run. This speeds up deployment/reduces install time, but means drivers and apps are loaded after first sign-in and sometimes at first use.
Most WSUS environments are configured not to deploy drivers due to another issue whereby generic Microsoft signed drivers for devices can replace manufacturer drivers and in some cases cause device malfunctions. This can be avoided by including “Servicing and Upgrade” drivers in the WSUS products and categories selections for the version(s) of Windows being deployed.

How do I resolve this?

  • For each piece of hardware, identify the manufacturer and device of the hardware using the Hardware ID property in Device Manager, which looks something like this: PCI\VEN_10EC&DEV_525A. The number following VEN_ identifies the vendor (manufacturer) of the hardware, and the number following DEV_ identifies the device. In this example the vendor is Realtek and the device 525A is a card reader model RTS5227S.
  • Obtain a driver from the manufacturer for the device for the correct OS and architecture. E.g., Windows 10 64-bit.
  • Install the device driver using an account with Admin privileges.

How do I avoid this - Planning & Testing?

  • For mass deployments on identical hardware, include the system hardware drivers in the base image. NOTE: Some OEM drivers are removed/deprovisioned by the sysprep process – a pre-deployment test will identify this or can be resolved post-deployment – see below.
  • Enable deployment driver delivery for your target OS and version(s) via WSUS. NOTE: Drivers provided by OEMs or 3rd party manufacturers should NOT be replaced with Microsoft-provided ones UNLESS NEEDED TO RESOLVE A SPECIFIC ISSUE. The general rule here is best encapsulated with a “Zen” approach – “If it ain’t broke, don’t ‘fix’ it!”

How do I mitigate this - during deployment?

  • Create a Deployment Staging OU on your target Active Directory environment. Remove WSUS GPOs from this OU.
  • Deploy new computers to the Deployment Staging OU, performing initial post-deployment driver update check from Device Manager (including Video hardware if “Standard Video Adapter” is displayed in device manager).
  • Once initial hardware drivers are installed, the computers can then be moved to their intended target OUs for normal WSUS registration.

Get in touch today

Please contact the ICT Service Desk on 0345 222 1551 • Option 1 or email ICTservicedesk@schoolbusinessservices.co.uk

Finance icon
See our full ICT support