The software installed on the reference machine becomes part of the base layer that you capture. When you deploy the base layer to other endpoints, those software and settings are delivered to those endpoints as well.

Software Considerations

Consider the following items before you decide on the software to include in your base layers:

  • Do not include software that is licensed specifically to individual pieces of hardware, or whose licenses are tied to the hardware.

  • If the reference machine contains OEM software, you can deploy that base layer only to endpoints of the same hardware family. This restriction is because OEM software is tied to specific hardware vendors, makes and models.

  • The following items are examples of core corporate software that is typically the most commonly included software in a base layer:

    • Antivirus

    • VPN client

    • Microsoft Office

    • Corporate applications to be used by all target users

      Departmental applications should generally be distributed through app layers.

    • You can install disk encryption software on the reference machine, but it must not be part of the base layer. Always deploy disk encryption software to the endpoints after.

  • It is recommended that you include in the base layer all .NET Framework versions that might be required by target endpoints. For example, some users might have applications that require .NET Framework 3.5, and some users might have applications that require .NET Framework 4.0. Include both .NET Framework versions in the base layer.

For additional software considerations, see Image Management Planning.

System-Wide Settings

System-wide settings are transferred from the reference machine to all machines that receive the base layer.

  • Check which settings are required and configure them accordingly.

  • In special cases, you can add specific exclusion rules to the Base Layer Rules policy. See Working with Base Layer Rules.

  • For more detailed control outside the base layer configuration, you can use Active Directory Group Policy Objects (GPOs) to configure settings.

  • Disable automatic updates of Windows Store Applications on reference machines. If automatic updates of Windows Store Applications is enabled on reference machines, base layers or app layers might be captured in the middle of an update.

Examples of settings in the reference machine are power management, remote desktop settings, and service startup options.

Domain Membership and Login Settings

If the target endpoints assigned to the base layer are members of a domain, verify that the following conditions are in place:

  • The reference machine used for this base layer is a member of the same domain. Otherwise, users of the target endpoints are prevented from logging in to the domain and only local users can log in.

  • The Net Login service is set to start automatically.

  • To keep the reference machine clear of user-specific information, ensure that you do not log in to the reference machine using a Mircrosoft liveID account.