SPREAD THE WORD, TOGETHER WE HAVE CONQUERED SYSPREP 
This is version 2 of a step by step guide on Sysprepping a Windows 7 machine from start to finish. I cannot take full credit on this because my first article had so many helpful comments and discussions that this is simply a combination of all the good advice written into a working guide. (I would especially like to thank George for his input on Cscript for auto activation and Nathan for input on Sysprep Audit Mode). This will guide you through the following:
- Audit Mode
- Building the unattend.xml file in WSIM
- copyprofile=true command to copy the default profile (no manual copy)
- Prompt for a computer name
- Enable Administrator account
- Administrator account logs in first time automatically
- Activate windows automatically with Cscript;
- Successfully copy over taskbar icons;
- Delete unattend.xml file automatically upon completion of re-image.
Here is a list of what you will need:
- Latest version of WAIK : KB3AIK_EN.iso Version 1.0
- Windows Vista or Windows 7 Machine to build the XML file on
- ISO or DVD of Windows 7 Installation (x32 or x64)
- WinPE Boot Environment : BrianLeeJackson WinPE 3.0 BootLoader
First we are going to walk through building the unattend.xml file (answer file) and then we will walk through the actual Windows 7 imaging process.
PART 1 – XML FILE CREATION
Step #1
If you have a Windows 7 installation DVD, insert it now. Or if you have an ISO of 7, go ahead and extract it to a folder on your desktop. (I recommend 7-zip).
Step #2
Launch Windows System Image Manager. Your start menu should look like the image below:
Windows 7 WAIK Version 1
Step #3
Under the “Windows Image” header, right click and select new image.
Windows System Image Manager
Step #4
You will now want to browse to the .CLG file in your Windows 7 installation (I am using Windows 7 Enterprise x64 in my example). It is located in the sources folder. See Image below. You can select either the .clg file or the install.wim. Both will have the same result.
Selecting CLG File - WSIM
Step #5
Now we need to create a new answer file. Go to the file menu and select “Create New Answer File.” Right after creating one, go ahead and simply go to file menu and select “Save Answer File.” This will give your XML file a name and save location. I chose to name mine unattend.xml. Now you see we have two category folders, Components and Packages. Under the Components folder you see that we have 7 options:
-1 windowsPE
-2 offlineServicing
-3 generalize
-4 specialize
-5 auditSystem
-6 auditUser
-7 oobeSystem
Step #6
These are very important as these are the steps in which the unattend.xml file is sequenced.
The next part is a little confusing. You are going to add components, from under the “Windows Image” section on the bottom left hand side to the passes on your Answer File. To add a component, you can right click on them and select “add to # pass”. There are many different options you can add, but they have to be done in a certain order and pass otherwise your sysprep might fail. I am simply going to use the one I created as the example.
Answer File - Unattend.xml
Here is more information about adding options under the passes:
1 windowsPE
Nothing required in my example.
2 offlineServicing
Nothing required in my example.
3 generalize
amd64_Microsoft-Windows-Security-SPP_6.1.7600.16385_neutral
Set 1 for SkipRearm to allow up to 8 rearms
4 specialize
amd64_Microsoft-Windows-Deployment_6.1.7600.16385_neutral
Order: 1
path: net user administrator /active:yes
WillReboot: NeverRunSynchronousCommand[Order="1"]
RunSynchronous
amd64_Microsoft-Windows-Security-SPP-UX_6.1.7600.16385_neutral
SkipAutoActivation: true
amd64_Microsoft-Windows-Shell-Setup_6.1.7600.16385_neutral
Computer Name: Leave blank (we will deal with this at the end)
CopyProfile: true
Registered Organization: Microsoft (you must leave this in this section)
Registered Owner: AutoBVT (you must leave this in this section)
ShowWindowsLive: false
TimeZone: Pacific Standard Time(Please view TimeZone settings here -> http://technet.microsoft.com/en-us/library/cc749073%28WS.10%29.aspx)
You can delete other sub-header components if you don’t need them.
5 auditSystem
Nothing required in my example.
6 auditUser
Nothing required in my example.
7 oobeSystem
amd64_Microsoft-Windows-International-Core_6.1.7600.16385_neutral
InputLocale: en-us
SystemLocale: en-us
UILanguage: en-us
UserLocale: en-usamd64_Microsoft-Windows-Shell-Setup_6.1.7600.16385_neutral
RegisteredOrganization: Your Company Name
RegisteredOwner: Your NameAutoLogon
Password: Administrator Password
Enabled: true
LogonCount: 5
Username: administratorFirstLogonCommands
CommandLine: cscript //b c:\windows\system32\slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX (windows 7 license key)
Order 1
RequiresUserInput: falseCommandLine: cscript //b c:\windows\system32\slmgr.vbs /ato
Order 2
RequiresUserInput: falseSynchronousCommand[Order="1"]
SynchronousCommand[Order="2"]
OOBE HideEULAPage: true
NetworkLocation: Home
ProtectYourPC: 1UserAccounts
Password: Administrator Password
Action: AddListItem
Description: Local Administrator
DisplayName: Administrator
Group: Administrators
Name: AdministratorLocalAccount[Name="Administrator"]
AdministratorPassword: Administrator Password
LocalAccounts
If you have questions, look at my image above to see full layout of components, it should help.
Step #7
K, now go ahead and save your answer file as unattend.xml.
Step #8
If you want the sysprep to prompt for a computer name you need to remove a line from your XML file. Open up your XML file you saved with notepad and remove the following line:
Unattend.xml Computer Name
PART 2 – IMAGING PROCESS / RUNNING SYSPREP
Step #9
Install Windows 7 (Enterprise) from CD or USB flash drive, when you arrive at the welcome screen and it asks you to create a username, hit ctrl+shift+f3.
This will reboot your machine and put your windows build in ‘audit’ mode.
Step #10
On reboot, you’ll automatically be logged in under the built-in Administrator account. A sysprep GUI box will appear, but you can close it and NOW begin to customize your profile.
Step #11
Install any software/drivers, make any profile customizations, etc.
If you need to reboot, the computer will boot you back into the Administrator account. You will be stuck in this audit mode until you run sysprep with the /oobe parameter. After doing so, sysprep will delete/clean up the Administrator account, but if you have copyprofile=true in your unattended answer file, it will copy the customized Admin account to the default profile before deleting it.
Step #12
On the PC you are going to be running sysprep on, you need to create a folder called scripts in this directory: %WINDIR%Setup. Now you are going to create a CMD file within the %WINDIR%\Setup\Scripts directory. Right click and make a new text file called SetupComplete.txt. Remove the .txt extension and replace that with .cmd. You now have a SetupComplete.cmd file which windows will read the first time it boots up from the sysprep. We need to place a script inside the CMD file. Edit the cmd file with notepad and insert this line: del /Q /F c:\windows\system32\sysprep\unattend.xml. This script will delete your unattend.xml file after it has been used. The unattend.xml file is also copied to the C:\Windows\Panther directory, so you will want to add a second line to the CMD file, del /Q /F c:\windows\panther\unattend.xml. If you have passwords or cd keys stored in that xml file you don’t have to worry about it being left on the computer.
UPDATE AS OF JUNE 16TH: Read my Taskbar Icons Tutorial before continuing.
Step #13
Once you have everything configured correctly, Copy or move your unattend.xml file to : C:windowssystem32sysprep. Now to run sysprep, navigate to that sysprep folder, hold SHIFT and right click and select “Open New Command Windows Here”. Next, input the following commands:
sysprep /generalize /oobe /shutdown /unattend:unattend.xml
Step #14
Turn the computer back on and boot to WinPE 3.0 environment (USB stick or CD/DVD). You can use my BrianLeeJackson WinPE3.0 BootLoader to boot up from USB or CD and capture your image. Capture image and save image to network location.
A Dell 960 or GX755 is a good standard for capturing when you want a generic image for use with multiple systems. Might require injecting additional drivers for 3rd party brands, HP, etc. Most should work though right out of the box.
Step #15
On reboot, Windows will run out of the box, as the /oobe is intended. As long as you put your cd key into the unattend.xml file, windows will be activated automatically in the background, you will be automatically logged into the administrator account, and the unattend.xml file is deleted. You are now ready to use the computer or join it to the domain. Enjoy!
Tags: Software, sysprep, unattend, unattend.xml, Windows 7, WinPE 3.0
@LouisG sounds like it worked, but CopyProfile doesn’t copy everything. A good test is to change the theme in the source account.
Using audit mode is a MYTH. As long as only one account is in the ProfileList registry entry, you can be sure that account will be used for CopyProfile.
Great work, thanks for this guide and also thanks to Erik Sundin for the extra scripts to join domain and clean up the files. I now have a working sysprep that only asks for a computer name. Perfect for our company.
Regards,
Garry
I followed the instructions for creating a base clean image. I have the image at the point of kicking off sysprep. I made an image using gimagex using the BLJ 3.0 bootable USB key. It seemed to work great. I restored the image to another same type computer to make sure I could reuse the image, and noticed it loaded ok. I did not clean off the old hard disk on a target computer. It kept all of the extra junk that was on the desktop on the target computer. Well, I decided to run the diskpart batch file that went through the formatting process. I loaded the WIM file on the target machine (recently formated disk) and after the image is loaded, the files are there but I get bootimg is missing.
If I wanted it to prompt for the Windows License Key, would I simply omit the scripts under “FirstLogonCommands?”
Thanks in advance.
Rafi if you omit the script windows wil not prompt during install, only later.
Thx Brian, your tutorial is great! I have a working image now, only without copyprofile, it seems it does not work with w7 enterprise, even when fully updated. But the old trick of creating a user and copying it’s files, renaming users/default to something else and renaming the copied user to default works.
[...] do is completely remove the line below from the specialize pass in your unattend.xml file (as shown here). [...]
This is really indepth, I will apply this to the images and see how it turns out if it works I will repost back with my resulting success…
I have been able to create an image which looked perfect. Once my test clients began to use applications in the image we discovered that the client does not ‘own’ the applications. The clients cannot, for example, put information into a pre-existing pdf form. Acrobat Reader crashes. What I’ve found is that the client’s profile does not have all the privs necessary to perform basic application functions. The administrator profile (copied to default user) still owns all the files and apps.
Therefore it looks to me as though during the copy profile function, someone at Microsoft forgot to change ownership to ‘Everyone’, like we were able to do during copy profile in XP. Frustrating. I’m having to start from scratch as I’ve uninstalled and reinstalled and nothing changes the problem.
Has anybody seen this? Got a fix?
I followed your steps but I had to enter the product key on the first reboot. Do you know what may have caused this?
Brian, We’re using a MAK license here and can’t seem to get it to auto activate, any thoughts? I mean, are you using a MAK license? thanks
This is great stuff, but I can’t get my answer file to work. Can you just post the basic answer file for download that you describe in the steps above? It would be nice to have the 32 and 64-bit. I am only looking to do what you have described above. It would be a big help. Or if you could post the content of the answer file less the activation code.
Thanks a ton!
Hello! I’m looking for a good sysprep. This one is rather complicated. Maybe using MDT 2010 makes it easier?
Things I want to have is:
In the domain i want to.
User I input will be in group Administrators on this computer (not domain).
My documents redirected to homefolder on serverlocation.
Is these things possible?
I have noticed that a few settings are not copied when sysprep copy’s the profile to the default user profile. For example: Each time a user logs in to the computer and creates a profile they have to answer the questions of Internet Explorer 8, Windows Media Player, and when they click on Office 2010 applications they have to go through the activatation online. All of these things I do when I create the image, but it doesn’t keep them. We have labs on campus that the students will be logging into with their user name/password. These computers have deepfreeze installed and the students will have to answers these questions over and over again. Does anyone know of a solution for this?
Has anyone got the pc to join domain correctly after the computer name has been entered?
[...] http://blog.brianleejackson.com/sysprep-a-windows-7-machine-%E2%80%93-start-to-finish-v2 [...]
Taskbar pins:
copy this registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband
put shortcut .lnk files here:
%userprofile%\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\
What is the best course of action for making sure display drivers I install in audit mode are carried over after the sysprep process?
I seem to be “losing” them after I run sysprep and lose Windows Aero with a very small screen resolution.
Does anyone have a script to make the quicklunch toolbar stay after the computer is imaged and comes out of sysprep?
Ignore my last comment, I figured out what I needed in sysprep:
true
true
Amy I think brian’s other article will help you out: http://blog.brianleejackson.com/copy-taskbar-icons-windows-7-sysprep
Anyway, next question…
I having one of my images I rebuilt from scratching using the same sysprep.xml file throwing an error on [specialize] at [Microsoft-Windows-Shell-Setup]. I only have the following under that context:
*
true
false
Central Standard Time
Could it be having problems copying my profile? If so, what could most likely be causing the hangup?
Oops, didn’t know xml tags got stripped. I meant to post:
ComputerName * ComputerName
CopyProfile true CopyProfile
ShowWindowsLive false ShowWindowsLive
TimeZone Central Standard Time TimeZone
Hi kyle…
what you find about the AERO probleme you had?
What fixed it in the SYSPREP xml?
i have the same problem….
Great post, this has been by far the most helpful information we have found for creating our unattended file. However, we have run into an activation-related issue.
Now that the image was built over 30 days ago, we are being prompted with an “evaluation period has expired” error. This is occuring before any of the slmgr commands even run.
Has anyone else seen this? Any ideas?
This has to be one of the best guide’s I’ve found for Windows 7 Sysprep, Great Work !!!!!
I do have a few issue though;
I have built a Windows 7 Enterprise installation with all my applications and drivers installed ready to be deployed to our staff. I have created an unattended.xml file through the WAIK tools and defined all of my preferences and fully automated the installation however, when I seal the installation by running sysprep.exe /unattend:unattend.xml, the PC re-seals and restarts and fully automates the install but when I log in, the display driver has been uninstalled and has defaulted to the windows default one :S, Is there anyway I can stop this from happening and keeping the driver I installed before the sysprep?
Also I would like the PC to recognize the LAN network it finds an address from first to be a “Work” network by default, What is the procedure to do this?
Thanks in advance and keep up the good work
Zaccy D
Hi
Gary can you expand on the quote below
Great work, thanks for this guide and also thanks to Erik Sundin for the extra scripts to join domain and clean up the files. I now have a working sysprep that only asks for a computer name. Perfect for our company.
I cant get this to work at all.
In my Unattend.xml i have cscript //b c:\windows\system32\sysprep\domain-join.vbs
I have copied the domian-join.vbs to c:\windows\system32\sysprep but the computer never joins the domain
Cheers
Stewart
I had a similar problem and after looking thru the log file I was able to figure out what was causing the error. The log file I used was located here:
%Windir%\Panther\UnattendGC\Setupact.log
This page had been a huge help to me and my company. I just have a couple of issues that I can’t resolve.
1. It is not prompting me for a computer name or a registered owners name when doing this.
2. How can I auto activate Windows during the setup?
Here is my xml file…
Please Please help.
-
-
1
-
-
false
Central Standard Time
false
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-
-
-
oww
xxxxxxxxxx
xxxxxxxxxx
xxx.xxx.xxx
false
-
false
-
-
en-us
en-us
en-us
en-us
-
-
-
SwBlAG4AcwBpAG4AZwB0ADAAbgBQAGEAcwBzAHcAbwByAGQA
false
localsysop
1
true
-
true
true
Work
3
true
XXXXXXXXXX
oops… sorry.. here is my xml file
- settings pass=”generalize”
- component name=”Microsoft-Windows-Security-SPP” processorArchitecture=”x86″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”
SkipRearm1/SkipRearm
/component
/settings
- settings pass=”specialize”
- component name=”Microsoft-Windows-Shell-Setup” processorArchitecture=”x86″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”
CopyProfilefalse/CopyProfile
TimeZoneCentral Standard Time/TimeZone
ShowWindowsLivefalse/ShowWindowsLive
ProductKeyXXXXXXXXXXXXXXXXXXX/ProductKey
/component
- component name=”Microsoft-Windows-UnattendedJoin” processorArchitecture=”x86″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”
- Identification
- Credentials
Domainxxx/Domain
PasswordXXXXXXXXX/Password
UsernameXxxxxxxxx/Username
/Credentials
JoinDomainxxx.xxxx.xxx/JoinDomain
DebugJoinfalse/DebugJoin
/Identification
/component
- component name=”Microsoft-Windows-Security-SPP-UX” processorArchitecture=”x86″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”
SkipAutoActivationfalse/SkipAutoActivation
/component
/settings
- settings pass=”oobeSystem”
- component name=”Microsoft-Windows-International-Core” processorArchitecture=”x86″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”
InputLocaleen-us/InputLocale
SystemLocaleen-us/SystemLocale
UILanguageen-us/UILanguage
UserLocaleen-us/UserLocale
/component
- component name=”Microsoft-Windows-Shell-Setup” processorArchitecture=”x86″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”
- AutoLogon
- Password
ValueSwBlAG4AcwBpAG4AZwB0ADAAbgBQAGEAcwBzAHcAbwByAGQA/Value
PlainTextfalse/PlainText
/Password
Username xxxxxxx/Username
LogonCount1/LogonCount
Enabledtrue/Enabled
/AutoLogon
- OOBE
HideEULAPagetrue/HideEULAPage
HideWirelessSetupInOOBEtrue/HideWirelessSetupInOOBE
NetworkLocationWork/NetworkLocation
ProtectYourPC3/ProtectYourPC
SkipMachineOOBEtrue/SkipMachineOOBE
/OOBE
RegisteredOrganizationxxxxxx xxxxxxx/RegisteredOrganization
RegisteredOwner /
/component
/settings
I’m having trouble with the vbscript from Erik Sundin to join the computer to the domain. Just copied the script to notepad and saved as domain-join.vbs
Set objShell = CreateObject “Wscript.Shell”
objShell.Run(“powershell.exe -executionpolicy remotesigned -file c:\windows\system32\sysprep\domain-join.ps1″)
When executing it, I get this:
Line 1
Char: 29
Error: Invalid Character
Code: 800A0408
What gives, any ideas?
It would be nice if all the choices that could be used in a sysprep were in a spread sheet with choices and what they mean to manage this process. Do you know of any such documentation
Hi
Christian i was having the same problem with Eric’s script.
Use the vbs below, it worked for me
Edit to suit your environment.
Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
strDomain = “yourDomain”
strPassword = “Password”
strUser = “Username”
Set objNetwork = CreateObject(“WScript.Network”)
strComputer = objNetwork.ComputerName
Set objComputer = GetObject(“winmgmts:{impersonationLevel=Impersonate}!\\” & _
strComputer & “\root\cimv2:Win32_ComputerSystem.Name=’” & _
strComputer & “‘”)
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
strPassword, strDomain & “\” & strUser, NULL, _
JOIN_DOMAIN + ACCT_CREATE)
Cheers
Stewart
Does the unattend.xml file require a CD-key? I have a bunch of computers that came with windows but the school can’t afford a volume a licence. I need to use the individual keys on the computers. Has anyone attempted this?
[...] Here’s another from Brian Lee Jackson on building a reference computer. Possibly related posts: (automatically generated)Module organizationRenaming Win XP Start Menu ButtonSome Working Tips For Microsoft Windows XP/VistaDropbox Shell Tools lets you copy files quickly to your Dropbox 0.000000 0.000000 [...]
I have followed the whole instruction, and it works perfectly. The only thing I don’t understand is the domain-join.vbs (i have made a domain-join.vbs as Stewart gave earlier), where do i need to place it and where in the script I have to tell that he has to use that script?
Thanks in advance
After restoring i get the following error:
File: \Boot\BCD
Status: 0xc000000f
Info: “an error occurred while attempting to read the boot configuration data”
Any tips?
Hi!
Thank you for posting this great article ! It’s been extremely helpful.
I’ve created W7 WIM image, but when I try to deploy it – I get following error right on the begining when it boots and shows message “Starting Services”:
“windows could not finish configuring the system ….”
Then you can only reboot and the error comes back. I tried to fix bootmanager by running this command from WinPE Drive:
bcdboot c:\windows /s c:
I only have one partition when I try to deploy Win7. I’ve read somewhere that I really need to have 2 of them. Is it possible that my problem happens because the drive is not partitioned correctly?
Can someone help me please ? Thank you !
@Rob
Mine doesnt have a key in, it just gives me 3 days to activate.
Rob it does not require a key, you can enter it manually afterwards.
Bruce if you right click an item in the WSIM you can select help and get that information.
Nas read the howto again, your two questions are answered there.
Zaccy you can have hardware information and drivers persist with the setting persistalldiviceinstalls = true under generalize, but this is not recommended by MS. Better run the driver installation afterwards or integrate the driver. The network setting is under 7 oobesystem/windows-shell-setup_neutral/oobe/networklocation.
Thanks for the responses. My life would be so much easier if they had just bought a VL. Also thanks Brian for the WinPE 3.0 BootLoader. I was able to mod it and it will save me hours.
Hi Peter D
In your Unattend.xml you have to enter a Synchronous Command as below.
cscript //b c:\windows\system32\slmgr.vbs /ipk xxxxx-xxxxx-xxxxx-xxxxx (windows 7 license key)
1
false
cscript //b c:\windows\system32\slmgr.vbs /ato
2
false
cscript //b c:\windows\system32\sysprep\JoinDomain.vbs
3
false
Then copy your JoinDomain.vbs file to C:\windows\system32\sysprep.
Hope this helps
Stewart
peled, our Aero issue was related to Novell Zenworks 10 remote management breaking the Mirror/Mirage (or whatever its called) driver.
We are working on updating our clients to a version that will fix this.
Can I use sysprep to sync to a NTP server?
I see that I can set the time zone so I’m wondering how much more detailed I can get.
Hi Stewart,
I have got the “join domain” vbs script running but I keep encountering one problem with it.
Whenever sysprep has finished and the system has rebooted the pc has joined a workgroup instead of our domain. The workgroup does have the name of our domain.
Thanks,
Peter D
Anyone figure out why my custom toolbar keeps going away after syspreping? and i get the pinned icons everytime
Finally figured out my problem with the quick launch toolbar.
I had to be out of audit mode for it to stay after syspreping. Not sure why this is but it now works. Only problem now is that it is on the right side and not staying on the left. I really don’t care that is minor. Everything is finally working. Thanks so much for all the help and tips.
To Christian, you missed the parantheses around (“Wscript.Shell”), the vbs script should look like:
Set objShell = CreateObject (“Wscript.Shell”)
objShell.Run(“powershell.exe -executionpolicy remotesigned -file c:\windows\system32\sysprep\domain-join.ps1″)
Hope that helps
/Erik
Hi,
I have tested everything and it works flawlessly ! Thank You for the great tutorial.
The only problem I have is with the CopyProfile: true option
I want to copy as a default user profile, not the built-in administrator account, but a new admin account.
According to the Microsoft KB article here, http://support.microsoft.com/kb/973289/en-us
this can be done executing sysprep from the profile you want to make as default, but it’s not working.
How to make a new profile the default with the CopyProfile option ?
Thank You
I found a forum post about using a program called dpinst.exe to install drivers during sysprep, the dpinst.exe can be found in a free package from microsoft called Windows driver kits (WDK). After a bit of tinkering i got it to work, here is my sollution:
In the specialize phase of sysprep i run a synchronous command calling a file called dpinst.cmd (for simplicity when creating images i copy all files into the sysprep folder, so the path is c:\windows\system32\sysprep\dpinst.cmd).
dpinst.cmd:
net use r: \\server\drivers /user:User password /persistent:no
start /wait c:\windows\system32\sysprep\dpinst.exe /path r:\ /c
Basically mapping a drive and having dpinst check it for drivers. Note the wait command, and the /c. The /c parameter makes it so that dpinst dumps a log to the console while installing drivers (so that you see some kind of progress while it is running).
dpinst.xml
x?xml version=”1.0″ ?x
xdpinstx
xsearchx
xsubDirectoryx*x/subDirectoryx
x/searchx
xdeleteBinaries/x
xquietInstall/x
xsuppressEulaPage/x
xsuppressWizard/x
xscanHardware/x
xsuppressAddRemovePrograms/x
x/dpinstx
Replace all “x” with “lesser than”, “greater than” keys.
The dpinst.exe MUST have a file called dpinst.xml in order to run, and that xml file MUST be in the same directory as the exe. A few things worth mentioning about the xml file:
The subdirectory * value get dpinst to scan all subfolders for drivers, without supressAddRemovePrograms/ there will be an option to uninstall all drivers in add/remove programs. Finally, without the scanHardware/ parameter dpinst will install EVERY driver you have in the drivers folder (in my case that would install all drivers for about ten different computer models, a bit less then optimal..). Check technet for a full list of the options available for dpinst.xml.
I also added Remove-Item .\sysprep\dpinst.cmd, Remove-Item .\sysprep\dpinst.xml, Remove-Item .\sysprep\dpinst.exe to my cleanup.ps1 file.
regards
Erik Sundin
/Erik
hey got a question for you. I finally got everything working to a point that we can use the computer. The problem I have now is when someone else besides administrator logs into the computer it acts as if they don’t have certain rights to certain areas. how do we get all users that log into a computer the same rights as the administrator?
first – THANKS to everyone who has had input. I just want to share a few tips i fought..
NEVER join the domain. Leave that till after sysprep. I had joined the domain then unjoined, then went in and deleted the user folder, and that caused sysprep to break. Also if you are on the domain when you go into audit mode or anything sysprep related then you will break your image.
Follow the tutorial about going directly into audit mode. i created an admin2 local account , then sysprep used the admin2 account for the default user instead of the audituser administrator account. Follow the tutorial and you can avoid the headache. If you did create an account you can delete the user in the control panel( just dont delete domain users).
I found an old fashioned batch file fixed many of the issues i faced, not being familiar with scripts. here is my batch. info below…
this is an interactive batch file but it does a lot pretty quick, and paired with autologon and / or auto run command its very painless. Its also nice to see all the SUCCESS responses during the batch run for peace of mind
===========================
rem ADD HWPSAIR WIRELESS NETWORK
c:
cd\
setupsnk.exe
pause
rem JOIN DOMAIN
powershell add-computer -domainname mydomain.domain.net -cred mydomain\domainAdmin
rem FORCE GROUP POLICY
gpupdate /force
rem INSTALL WINDOWS MAK KEY AND ACTIVATE
slmgr.vbs -ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
slmgr.vbs -ato
rem DELETE FILES AND FOLDERS
rmdir smrtntky /s /q
del setupsnk.exe
del fogprep.exe
cd c:\windows\system32\sysprep\
del unattend.xml /f
cd panther
del unattend.xml /f
rem RESTART
pause
shutdown /r /t 5
rem DELETE BATCH FILE
cd\
del RUNasADMIN.bat
—————————
the first part i grabbed the wireless network from the utility in windows to copy setttings to usb. then i took the files and put them on the ROOT of the c drive, they must be on the root of a drive ( local?) to run. It will not work from a folder.
The next section is to join the domain using powershell( seems like there are a lot of good powershell commands). I did not try to add the password because that complicates it a bunch. the batch file will get a pop up gui to enter the password.
Group policy update needed in my environment to trigger correct Desktop Authority scripting at domain logons.
I added my MAK key into the batch since i gave up for now on KMS. Confirmation of activation built in.
Cleanup files, including the unattend.xml ( why MS would you leave an unencrypted domain admin password on a machine?!)
force restart.
I do have to RUN as ADMIN the batch file.
hope this helps some people!
To all who lose their display drivers after sysprep, here is where you need to set that in your xml file. Under generalize pass, Microsoft-Windows-PnpSysprep, the PersistAllDeviceInstalls needs to say true
-
true</PersistAllDeviceInstalls