| Being heavily involved in setting up standard developer workstations, I consider this to be the only practical approach.
It's way beyond any specific config item (including telemetry). This is a sure way to get to a stable and consistent configuration. A few comments: - It is better to split such a mega-script into a set of named scripts, so admins can mix-and-match their own configuration set.
- The configuration set scripts should be re-entrant, that is, one can run it few times in a row, achieving the same stable result. This is an important principle because those scripts evolve over time until they are are stable, so the re-entrancy enabled the re-configuration game. - Some configuration items are system-based while other are user-account-based. This means that the latter should be invoked automatically once a new user account is created. - VM is your friend. Wash, rinse, repeat. - It is not always wise to replace automation (PowerShell) invocations with direct registry modifications. Tradeoffs should be obvious. - MDT setups should avoid direct system configuration wherever possible, and rely on configuration scripts instead. - One of the features still not possible to script is setting the policy startup/shutdown/login/logout scripts. One can provide this manually in a base workstation image. - Esp. on Windows systems prior to Windows 10: make sure PowerShell is stable - version and module-wise. |