<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Windows 8 and 8.1 Sysprep Guide

Published on
58,903 Points
49,203 Views
17 Endorsements
Last Modified:
Approved
Sysprep Guide

A lot has changed since the Introduction of Windows 7 and when I wrote my original article on Windows 7 Sysprep in 2010. http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_7/A_3095-Windows-7-Sysprep.html

I’ve redefined my process a little and would like to share what I’ve learnt to help others get on the right track. I’ve reverted to using Windows sysprep instead of MySysprep as in Windows 7. I’ve implemented a process for renaming the computer after it has been added to the domain with a random name, thus not needing to name the computer during the sysprep process. In this guide I will refer to Windows 8.1, but most, if not all settings will work on Windows 8.

Files you will need...

- Windows Assessment and Deployment Kit (Windows ADK) for Windows 8.1
From the kit you need to install the Deployment Tools which contains Windows System Image Manager (SIM) used for creating unattend .xml files. This should be install on a computer not being used for imaging.   http://www.microsoft.com/en-us/download/details.aspx?id=39982

To create an unattend.xml file to be used for sysprep, you will also need the image.wim file located on the Windows 8.1 installation disk you used to Install Windows on your image computer.

Install Windows 8.1 on your image computer. Here are initial settings I use.

Initial OS Load

During Install (leave defaults unless stated)
- Choose the Custom (advanced) option
  Setup your partition/s as needed. Format your partition/s.
- Personalize: Keep Default
- PC name: Enter a name
- Get Online: Next
- Settings: Customize
Update your PC and Apps
- All off
Check online for solutions
- Use compatibility list for Internet Explorer…: Off
Check online for solutions
- All off
Sign in to your Microsoft account
- Create a new account
- Sign in without a Microsoft account
- Username: Operator (no password)
- Finish

Immediately After Install

I advise against using the Administrator account for configuring as your image profile.  This account gets deleted during the sysprep process. I use a local account named Operator. The account will be included in the image and can be used again when needing to make changes to the image.

- Logon using the Operator account you created above.
- I recommend that you uninstall the included Windows non-essential apps. If you install any new apps or update any existing apps in your image computer, your sysprep will fail. The reason for this is that apps are user specific. Apps and settings cannot be transferred to other users. More information about this can be found here:
http://4sysops.com/archives/how-to-remove-windows-8-apps-before-you-run-sysprep/

Uninstall all non-essential apps using the following commands at an elevated PowerShell prompt.

Get-AppxPackage | % {if (!($_.IsFramework -or $_.PublisherId -eq "cw5n1h2txyewy")) {$_}} | Remove-AppxPackage

Get-AppXProvisionedPackage -online | Remove-AppxProvisionedPackage –online

Open in new window


- Enable the local Administrator account. Set a password for the account. Password never expires (optional).
- Update the local Operator account.  Set a password for the account. Password never expires (optional).

Now install all necessary programs, run windows updates, configure the start screen, create local user accounts and configure the profile and OS the way you would like it to be. Find below some tips and tricks to add to your image. When completed, the computer should almost be ready to be sysprepped.

Additions – Image Tips and Tricks

Boot To Desktop
You are now able to boot right to the desktop, bypassing the Start Screen.
Right-click the Taskbar and select properties. Select the Navigation tab.

Corner Navigation
- When I point to the upper-right corner, show the charms: T
- When I click the upper-left corner, switch between my recent apps: T
- Replace command prompt with Windows PowerShell in the menu…: F
Start Screen
- When I sign-in or close all apps on a screen, go to the desktop instead of Start: T
- Show my desktop background on Start: F
- Show Start on the display I’m using when I press the Windows logo key: T
- Show the Apps view automatically when I go to start: F
- List desktop apps first in the Apps view when it’s sorted by category: T

WinSAT prepop (Windows System Assessment Tests Scores)
You may lose the aero theme after sysprep. Run the following command at an elevated command prompt:

WinSAT prepop

Open in new window


This will generate the WinSAT prepop .xml results files to the Datastore directory, located at: %WINDIR%\performance\winsat\datastore. This enables you to keep the configured aero theme after running sysprep (otherwise it will be reset back to basic).  
For more information about WinSAT: http://technet.microsoft.com/en-us/library/dd744241%28WS.10%29.aspx

Restart the computer then log back in as Operator. Make sure the theme is still set to your default theme. If needed, set it back to your default theme.

PowerCFG Command (GUID for Default power plan)
Specify the default power plan in your unattend.xml file. Run the following at an elevated command prompt:

Powercfg –list

Open in new window


Look for your default power plan. Write down the guid for the plan. We will add this to your unattend.xml file later.

Slipstream Drivers
To slipstream drivers into your Windows image you can use the command line utility “pnputil.exe”.
If you need a certain driver installed in the image, like an adapter, scanner or printer driver, and do not want your users to be prompted for the driver, then add it to the DriverStore in your Windows image. The command to add a driver using this utility is (HP001.inf is an example driver):

pnputil.exe -a HP0001.inf

Open in new window


The command needs to be run at an elevated command prompt. All the information regarding this command can be found here:
http://technet.microsoft.com/en-us/library/dd919234%28WS.10%29.aspx

Disable “Set backup” Action Center Notification
To disable the Action Center “Set backup” notification, create a registry file named DisableBackupMonitoring.reg using notepad and paste the following code. Run the registry file under the configured profile. You can also apply the registry file via group policy.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsBackup]
"DisableMonitoring"=dword:00000001

Open in new window


Create SetupComplete.cmd File
On your image computer browse to the C:\Windows\setup directory.  In there, create a new directory named Scripts. Inside of Scripts, create a file named SetupComplete.cmd. Commands placed in this file will run just before you are presented with the Windows logon screen. We’ll add some commands to this file shortly.

Create Unattend.xml File

When the laptop is ready you'll need to create a unattend.xml answer file using Windows System Image Manager (Windows SIM). You should already have Windows SIM installed on another computer. If not, the download link is listed above.
 
1. Insert the media you used to install Windows 8.1 on your image computer into your CD-DVD drive.
2. Start Windows SIM. From the menu select “Tools – Create Catalog”. You’ll be prompted for the “install.wim” file located on your media. Browse to the install.wim file in the sources directory on your disk. When the catalog is complete you’ll be ready to configure your answer file.
3. I've attached a sample unattend.xml file for reference. Open the file with Windows SIM and take a look at some of the settings I’ve configured.

In my unattend.xml file you’ll see:

<ComputerName>*</ComputerName>

Open in new window


This will allow sysprep to provide a random name for the computer after sysprep.

<CopyProfile>true</CopyProfile>

Open in new window


This tells sysprep to copy the configured profile you’ve created to the default profile.

<SkipRearm>0</SkipRearm>

Open in new window


Set SkipRearm to 1 while customizing your computer.
Before running the Sysprep command the final time before deploying an image, rearm the computer by setting the SkipRearm setting to 0. This resets the Activation grace-period timer.

<PreferredPlan>YOUR GUID</PreferredPlan>

Open in new window


This specifies the default power plan for your image. Update the unattend.xml file with the guid of the power plan you retrieved earlier.  

<DisableAntiSpyware>true</DisableAntiSpyware>

Open in new window


Setting this to True will disable Windows Defender. Set this to False if you are not deploying your own antivirus program.

<MachineObjectOU>OU=YourOU,DC=Name,DC=Your,DC=Domain</MachineObjectOU>

Open in new window


You must specify an OU to add the computers to otherwise they will not be added to the domain.

<DoNotCleanUpNonPresentDevices>true</DoNotCleanUpNonPresentDevices>
<PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>

Open in new window


When set to True, this tells sysprep not to remove installed hardware from the image during sysprep. This should be the case when distributing the image to the same model computer. If you would like to create a clean sysprep image, meaning you are able to install the image on any computer, no matter the hardware, the above should be set to False.  

The other thing regarding the unattend.xml, you need to create a local user during the sysprep process.  When you install Windows 8.1 (using the disks) you’re prompted to create a local user. This process still occurs when using an attend.xml file and sysprep. In the answer file I create a local user named TempUser. TempUser gets deleted when the laptop first boots up to Windows logon screen. The sole purpose of TempUser is to hide the prompt to create a local user after sysprep runs.

Customize the answer file to meet your image needs. After you’ve completed the unattend.xml file, copy the file to C:\Windows\System32\Sysprep.

Customize SetupComplete.cmd

On your image laptop, browse to the C:\Windows\setup\Scripts directory your created earlier.  Open SetupComplete.cmd for editing. As I said earlier, commands placed in this file will run just before you are presented with the Windows logon screen.

To delete the previously created TempUser account, add the following command to SetupComplete.cmd:

net user TempUser /delete

Open in new window


To enable the local Administrator account, add the following command to SetupComplete.cmd:  

net user Administrator /active:yes

Open in new window


Even though you may have enabled the administrator account on the imaged laptop before running sysprep, it will be disabled again.

Delete the Domain Users group from the local Administrators and Users groups using the above commands.

net localgroup Administrators "Domain\Domain Users" /delete
net localgroup Users "DomainDomain Users" /delete

Open in new window


To delete the unattend.xml file, add the following command to SetupComplete.cmd:

del C:\Windows\System32\Sysprep\unattend.xml

Open in new window


Even though the passwords you enter in the xml file are encrypted, you’ll feel better knowing the file is not there.

I've attached a sample SetupComplete.cmd file for reference. You may add whatever commands you need to run here in this file. Save the file when finished

ConfigureSystem.hta (optional)

At this point your image computer is ready to be sysprepped. If you were to leave things as is, during the sysprep process the computer will be added to the domain under a randomly generated name. If that’s fine with you then you can skip this part and go to “Run Sysprep”.

I’ve created a HTA script that provides an interface to rename the computer, add users to the local users and administrators groups, and select the OU to add the computer to. It also gives you current system information. The script runs on first logon as a scheduled task. The scheduled task will be deleted once the script opens. The HTA file also deletes the "C:\Windows\Setup\Scripts\SetupComplete.cmd" once the script opens.

This is what the screen looks like. It's showing current information for my desktop. The scripts opens at full-screen:
ConfigureSystem GUI
In theory the process will be:

1. Image restored to computer.
2. Sysprep completes its tasks and you are presented with the logon screen.
3. You log in with an account with AD read/write credentials.
4. The HTA script is called (task scheduler). You provide a new computer name, add user/groups to the local Users and Administrators groups. Select an OU for the computer from the drop-down. View current hardware information for the computer.
5. The computer reboots and you can log in as the user.
6. Process completed.

Firstly, let me say that if you would like to use this HTA script, it will take a little modification from you to make it suit your needs. I will try and give clear instructions on what needs to be changed.

This script launches when the first user logs into the computer. The user must have the correct permissions to read and write to Active Directory. There is a 25 second delay before the script opens, allowing for other tasks to complete. Once the script loads, all the information is entered, and the Apply Changes button is pressed, a prompt asking you to reboot will appear

 The HTA provides an interface that enables you to do the following:
1. Rename the computer.
2. Add users and groups to the local Administrators and Users groups.
3. Add the computer to a specific OU.
4. Provides current system information.

If the new computer name already exists in AD (name you are renaming to), the existing computer account in AD will be deleted. The old computer name (current name of computer) will be renamed to the new computer name, and the computer account will then be moved to the selected OU. The script will also validate any user or group accounts entered against AD.

The HTA file needs to be placed in an accessible share on the network. Import the attached scheduled task into task scheduler on your image computer. Once you import the task, you will need to change the location of the HTA file (and author if needed).

I use HTAEdit to edit and compile my script to an exe. Compiling it to exe includes all the source files needed for script inside the exe.
http://www.htaedit.com/

You can use notepad to edit the script but you will not be able to compile it to exe. If you point to the HTA script itself (.hta and not .exe), the file will need to reside in the folder that contains all the corresponding source files (images, etc.)

The following code in the HTA needs to be customized:

dc=your,dc=lan,dc=org

Open in new window


Search for all instances of the above text and replace with your domain name.

Set objNewOU = GetObject("LDAP://ou=" & strNewOU & strDomain & "")

Open in new window


Line 427 – You may need to change the above to add an OU name if the OU you’re adding the computer to is nested in a parent OU. Something like:

GetObject("LDAP://ou=" & strNewOU & ",ou=CityCampus," & strDomain & "")

Open in new window


strNewOU will take the value of the OU selected in the HTA.

<select name="txt_ou" size="1" onChange="vbs:CheckOU">
    <option value="" name=""></option>
    <option value="Desktops">Desktops</option>
    <option value="Laptops">Laptops</option>
    <option value="Re-Imaged">Re-Imaged</option>
    <option value="">-----------------</option>
    <option value="Workgroup">Workgroup</option>
</select>

Open in new window


These are your OU options. You need to change these options to suit your needs. The value="" must match the OU name in AD. So if I select Desktops, the value "Desktops" is the OU name.

Now…the way I have the HTA setup, any users or groups added to the fields will be added to both the local Administrators and Users groups. I know this may not suit everyone so a little knowledge of vbscript can help you customize the HTA file to meet your needs. This can be changed in the subroutines located on line 259 and 336.

If you need help I will do my best to provide assistance.

Run Sysprep

You should now be ready to run sysprep on the computer.

NOTE: I highly recommend that you take an image of your image computer before you run sysprep. Things DO go wrong and being able to get back to pre-sysprep will save you a lot of time and heart-ache.

From within the configured profile you’ve created, open a command prompt. Navigate to C:\Windows\System32\Sysprep. Type the following command to start the sysprep process:
sysprep.exe \generalize \oobe \shutdown \unattend:unattend.xml
                                   
The computer will shut down after sysprep has finished.

Take An Image

Now it’s time to take an image of the hard drive.  Everyone has their own way of doing this. I use Symantec Ghost as it takes an image of the whole drive.  I’ve tested ImageX and found it to have it drawbacks. The main reason I choose not to use it is because we use two partitions in our image. The C: partition for the OS and the D: partition for the users’ data. You cannot take a disk image with ImageX. You have to do each partition individually. The same goes for when applying the image. I ghost the hard drive and have our completed image.

I've attached a zip with all files for the guide. For the HTA script, please read the !READ ME FIRST.txt file in the folder.

I hope this puts you in the right direction for a successful sysprep image. If you have any questions I will be glad to help. Good luck!

Ivano
GuideFiles.zip
17
Author:Ivano Viola
  • 5
  • 4
  • 2
  • +4
15 Comments

Expert Comment

by:danielwood1
Hi Ivanoviola,

Thanks for your article its very helpful.

I have a few questions.
Will this all work for windows server 2012?
Will it work with VMs? (I use VirtualBox)
I cannot find the steup folder in the windows directory did you misspell this and meant setup?
Is it possible to prompt for a computer name with this method still?

Some context.
I am trying to set up a VM clone so that I can clone multiple Server 2012 VMs with prompted computer names and automatically joined to my domain using sysprep with powershell scripts.

Cheers.
0
LVL 22

Author Comment

by:Ivano Viola
danielwood1,

1. Yes, this should work with Server 2012. I have not tried it but I can't see a reason why it wouldn't.
2. Yes, VMs shouldn't be a problem.
3. Sorry, I have typo which I'll fix. It should read "setup".
4. At what point do you want it to prompt for a computer name? If during the sysprep process then you will need to use something like MySysprep which I used with Windows 7. I have not tested MySysprep with Windows 8.1 so I'm not sure if works.

You should be able to use the info above to create your VM clone. Let me know if you have any questions or run into any problems.

IV
0

Expert Comment

by:danielwood1
Great thanks,
I am in the process and have gotten to the point now that I can get it automaticly joining the domain which is a great start!
Just working on getting it to prompt for computer name. I need it to prompt for the computer name before I add it to the domain as it uses that computer name to add it.

Cheers
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

LVL 22

Author Comment

by:Ivano Viola
So if you're looking to name the computer before adding to the domain then you can try MySysprep as in the Windows 7 sysprep guide (link is above).

Le me know how you make out.

IV
0

Expert Comment

by:danielwood1
Mmm MySysprep doesnt work with server 2012 :(
What options do I have for renaming the computer name after the domain join?
0
LVL 22

Author Comment

by:Ivano Viola
danielwood1,

Then you can follow the guide above and setup the HTA to run on first log on.

Let me know if you have any questions. I'll do my best to help you get it up and running.

IV
0
LVL 19

Expert Comment

by:*** Hopeleonie ***
Thanks Ivanoviola :-)
0

Expert Comment

by:danielwood1
Had a look at HTA and because I am doing sign in stuff with the powershell scripts it doesnt work.

Its ok ill write a little C# app to change the name :) thanks!
0

Expert Comment

by:Moriv78
With Windows 8.1 it doesnt work for me. I made every step exept the HTA step. When i play the SysPrep Image on a new machine i got and Boot Error Loop with an error message.

"The configuration of the System could not be finished. Please restart the computer to finish configuration"

And this error loops every time i restart.

Any suggestions would be helpfull!

Thx alot for your stepbystep guide!
0
LVL 2

Expert Comment

by:Christopher Reed
Excellent Guide!  Very helpful and informative.  Definitely added this one to my Personal Knowledgebase.
0
LVL 4

Expert Comment

by:Dash Amr
I am trying to use the guide to deploy windows 8 on w510 Acer iconia UEFI device x86 am I able to use the unattend.xml file in the guide
0
LVL 22

Author Comment

by:Ivano Viola
Dash,

Most problems occur because of the unattend file. I highly recommend that you create your own and use the one I've provided as a guide for the settings. Download and install the Windows Assessment and Deployment Kit (Windows ADK) for Windows 8.1. http://www.microsoft.com/en-us/download/details.aspx?id=39982

Note: The install.wim used for creating the unattend file MUST match the version you are going to deploy, it's no good pointing to a Windows 8 Pro image if you are going to deploy Windows 8 Enterprise.

Here is some useful information to help you do this:
http://technet.microsoft.com/en-us/library/hh824845.aspx

IV
0

Expert Comment

by:Andy Wong
Thanks ivanoviola great guide.

Can you help me on customizing HTA script?

I need to specify which sub OU according to type of PC.

For example in contoso.com domain, we have Computers OU, but withing the computers OU we have sub OU. How can I setup the script so we can select which sub OU the PC will fall under? Also, I would also like to specify which users will be in local administrators group vs users group.

contoso.com
              Computers
                           Laptops
                           Workstations
                           MarketData Workstations
0
LVL 22

Author Comment

by:Ivano Viola
Thanks Andy.

First you will need to update the drop-down field in the HTML code to something like this:
<select name="txt_ou" size="1" onChange="vbs:CheckOU">
    <option value="" name=""></option>
    <option value="Laptops">Laptops</option>
    <option value="Workstations">Workstations</option>
    <option value="MarketDataWorkstations">MarketData Workstations</option>
    <option value="">-----------------</option>
    <option value="Workgroup">Workgroup</option>
</select>

Open in new window


I don't think you need to change anything in the MoveComputers vbs sub as it should still work.
 Set objNewOU = GetObject("LDAP://ou=" & strNewOU & ",ou=Computers," & strDomain & "")

strNewOU will equal the value of what you select in the drop-down. So if you select Workstations then the path will equal: OU=Workstations,OU=Computers,DC=Your,DC=Domain,DC=Com

Let me know if you have any questions or need help.

IV
0

Expert Comment

by:Andy Wong
Thank you Ivan. I will test this out.
0

Featured Post

HTML5 and CSS3 Fundamentals

Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.

Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Other articles by this author

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month