I’ve redefined my process a little and would like to share what I’ve learnt to help others get on the right track. I’ve reverted to using Windows sysprep instead of MySysprep as in Windows 7. I’ve implemented a process for renaming the computer after it has been added to the domain with a random name, thus not needing to name the computer during the sysprep process. In this guide I will refer to Windows 8.1, but most, if not all settings will work on Windows 8.
Files you will need...
- Windows Assessment and Deployment Kit (Windows ADK) for Windows 8.1
From the kit you need to install the Deployment Tools which contains Windows System Image Manager (SIM) used for creating unattend .xml files. This should be install on a computer not being used for imaging. http://www.microsoft.com/en-us/download/details.aspx?id=39982
To create an unattend.xml file to be used for sysprep, you will also need the image.wim file located on the Windows 8.1 installation disk you used to Install Windows on your image computer.
Install Windows 8.1 on your image computer. Here are initial settings I use.
Initial OS Load
During Install (leave defaults unless stated)
- Choose the Custom (advanced) option
Setup your partition/s as needed. Format your partition/s.
- Personalize: Keep Default
- PC name: Enter a name
- Get Online: Next
- Settings: Customize Update your PC and Apps
- All off Check online for solutions
- Use compatibility list for Internet Explorer…: Off Check online for solutions
- All off Sign in to your Microsoft account
- Create a new account
- Sign in without a Microsoft account
- Username: Operator (no password)
Immediately After Install
I advise against using the Administrator account for configuring as your image profile. This account gets deleted during the sysprep process. I use a local account named Operator. The account will be included in the image and can be used again when needing to make changes to the image.
- Logon using the Operator account you created above.
- I recommend that you uninstall the included Windows non-essential apps. If you install any new apps or update any existing apps in your image computer, your sysprep will fail. The reason for this is that apps are user specific. Apps and settings cannot be transferred to other users. More information about this can be found here: http://4sysops.com/archives/how-to-remove-windows-8-apps-before-you-run-sysprep/
Uninstall all non-essential apps using the following commands at an elevated PowerShell prompt.
- Enable the local Administrator account. Set a password for the account. Password never expires (optional).
- Update the local Operator account. Set a password for the account. Password never expires (optional).
Now install all necessary programs, run windows updates, configure the start screen, create local user accounts and configure the profile and OS the way you would like it to be. Find below some tips and tricks to add to your image. When completed, the computer should almost be ready to be sysprepped.
Additions – Image Tips and Tricks
Boot To Desktop
You are now able to boot right to the desktop, bypassing the Start Screen.
Right-click the Taskbar and select properties. Select the Navigation tab.
- When I point to the upper-right corner, show the charms: T
- When I click the upper-left corner, switch between my recent apps: T
- Replace command prompt with Windows PowerShell in the menu…: F
- When I sign-in or close all apps on a screen, go to the desktop instead of Start: T
- Show my desktop background on Start: F
- Show Start on the display I’m using when I press the Windows logo key: T
- Show the Apps view automatically when I go to start: F
- List desktop apps first in the Apps view when it’s sorted by category: T
WinSAT prepop (Windows System Assessment Tests Scores)
You may lose the aero theme after sysprep. Run the following command at an elevated command prompt:
This will generate the WinSAT prepop .xml results files to the Datastore directory, located at: %WINDIR%\performance\winsat\datastore. This enables you to keep the configured aero theme after running sysprep (otherwise it will be reset back to basic).
For more information about WinSAT: http://technet.microsoft.com/en-us/library/dd744241%28WS.10%29.aspx
Restart the computer then log back in as Operator. Make sure the theme is still set to your default theme. If needed, set it back to your default theme.
PowerCFG Command (GUID for Default power plan)
Specify the default power plan in your unattend.xml file. Run the following at an elevated command prompt:
Look for your default power plan. Write down the guid for the plan. We will add this to your unattend.xml file later.
To slipstream drivers into your Windows image you can use the command line utility “pnputil.exe”.
If you need a certain driver installed in the image, like an adapter, scanner or printer driver, and do not want your users to be prompted for the driver, then add it to the DriverStore in your Windows image. The command to add a driver using this utility is (HP001.inf is an example driver):
Disable “Set backup” Action Center Notification
To disable the Action Center “Set backup” notification, create a registry file named DisableBackupMonitoring.reg using notepad and paste the following code. Run the registry file under the configured profile. You can also apply the registry file via group policy.
Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsBackup]"DisableMonitoring"=dword:00000001
Create SetupComplete.cmd File
On your image computer browse to the C:\Windows\setup directory. In there, create a new directory named Scripts. Inside of Scripts, create a file named SetupComplete.cmd. Commands placed in this file will run just before you are presented with the Windows logon screen. We’ll add some commands to this file shortly.
Create Unattend.xml File
When the laptop is ready you'll need to create a unattend.xml answer file using Windows System Image Manager (Windows SIM). You should already have Windows SIM installed on another computer. If not, the download link is listed above.
1. Insert the media you used to install Windows 8.1 on your image computer into your CD-DVD drive.
2. Start Windows SIM. From the menu select “Tools – Create Catalog”. You’ll be prompted for the “install.wim” file located on your media. Browse to the install.wim file in the sources directory on your disk. When the catalog is complete you’ll be ready to configure your answer file.
3. I've attached a sample unattend.xml file for reference. Open the file with Windows SIM and take a look at some of the settings I’ve configured.
Set SkipRearm to 1 while customizing your computer.
Before running the Sysprep command the final time before deploying an image, rearm the computer by setting the SkipRearm setting to 0. This resets the Activation grace-period timer.
When set to True, this tells sysprep not to remove installed hardware from the image during sysprep. This should be the case when distributing the image to the same model computer. If you would like to create a clean sysprep image, meaning you are able to install the image on any computer, no matter the hardware, the above should be set to False.
The other thing regarding the unattend.xml, you need to create a local user during the sysprep process. When you install Windows 8.1 (using the disks) you’re prompted to create a local user. This process still occurs when using an attend.xml file and sysprep. In the answer file I create a local user named TempUser. TempUser gets deleted when the laptop first boots up to Windows logon screen. The sole purpose of TempUser is to hide the prompt to create a local user after sysprep runs.
Customize the answer file to meet your image needs. After you’ve completed the unattend.xml file, copy the file to C:\Windows\System32\Sysprep.
On your image laptop, browse to the C:\Windows\setup\Scripts directory your created earlier. Open SetupComplete.cmd for editing. As I said earlier, commands placed in this file will run just before you are presented with the Windows logon screen.
To delete the previously created TempUser account, add the following command to SetupComplete.cmd:
Even though the passwords you enter in the xml file are encrypted, you’ll feel better knowing the file is not there.
I've attached a sample SetupComplete.cmd file for reference. You may add whatever commands you need to run here in this file. Save the file when finished
At this point your image computer is ready to be sysprepped. If you were to leave things as is, during the sysprep process the computer will be added to the domain under a randomly generated name. If that’s fine with you then you can skip this part and go to “Run Sysprep”.
I’ve created a HTA script that provides an interface to rename the computer, add users to the local users and administrators groups, and select the OU to add the computer to. It also gives you current system information. The script runs on first logon as a scheduled task. The scheduled task will be deleted once the script opens. The HTA file also deletes the "C:\Windows\Setup\Scripts\SetupComplete.cmd" once the script opens.
This is what the screen looks like. It's showing current information for my desktop. The scripts opens at full-screen:
In theory the process will be:
1. Image restored to computer.
2. Sysprep completes its tasks and you are presented with the logon screen.
3. You log in with an account with AD read/write credentials.
4. The HTA script is called (task scheduler). You provide a new computer name, add user/groups to the local Users and Administrators groups. Select an OU for the computer from the drop-down. View current hardware information for the computer.
5. The computer reboots and you can log in as the user.
6. Process completed.
Firstly, let me say that if you would like to use this HTA script, it will take a little modification from you to make it suit your needs. I will try and give clear instructions on what needs to be changed.
This script launches when the first user logs into the computer. The user must have the correct permissions to read and write to Active Directory. There is a 25 second delay before the script opens, allowing for other tasks to complete. Once the script loads, all the information is entered, and the Apply Changes button is pressed, a prompt asking you to reboot will appear
The HTA provides an interface that enables you to do the following:
1. Rename the computer.
2. Add users and groups to the local Administrators and Users groups.
3. Add the computer to a specific OU.
4. Provides current system information.
If the new computer name already exists in AD (name you are renaming to), the existing computer account in AD will be deleted. The old computer name (current name of computer) will be renamed to the new computer name, and the computer account will then be moved to the selected OU. The script will also validate any user or group accounts entered against AD.
The HTA file needs to be placed in an accessible share on the network. Import the attached scheduled task into task scheduler on your image computer. Once you import the task, you will need to change the location of the HTA file (and author if needed).
I use HTAEdit to edit and compile my script to an exe. Compiling it to exe includes all the source files needed for script inside the exe. http://www.htaedit.com/
You can use notepad to edit the script but you will not be able to compile it to exe. If you point to the HTA script itself (.hta and not .exe), the file will need to reside in the folder that contains all the corresponding source files (images, etc.)
The following code in the HTA needs to be customized:
These are your OU options. You need to change these options to suit your needs. The value="" must match the OU name in AD. So if I select Desktops, the value "Desktops" is the OU name.
Now…the way I have the HTA setup, any users or groups added to the fields will be added to both the local Administrators and Users groups. I know this may not suit everyone so a little knowledge of vbscript can help you customize the HTA file to meet your needs. This can be changed in the subroutines located on line 259 and 336.
If you need help I will do my best to provide assistance.
You should now be ready to run sysprep on the computer.
NOTE: I highly recommend that you take an image of your image computer before you run sysprep. Things DO go wrong and being able to get back to pre-sysprep will save you a lot of time and heart-ache.
From within the configured profile you’ve created, open a command prompt. Navigate to C:\Windows\System32\Sysprep. Type the following command to start the sysprep process:
sysprep.exe \generalize \oobe \shutdown \unattend:unattend.xml
The computer will shut down after sysprep has finished.
Take An Image
Now it’s time to take an image of the hard drive. Everyone has their own way of doing this. I use Symantec Ghost as it takes an image of the whole drive. I’ve tested ImageX and found it to have it drawbacks. The main reason I choose not to use it is because we use two partitions in our image. The C: partition for the OS and the D: partition for the users’ data. You cannot take a disk image with ImageX. You have to do each partition individually. The same goes for when applying the image. I ghost the hard drive and have our completed image.
I've attached a zip with all files for the guide. For the HTA script, please read the !READ ME FIRST.txt file in the folder.
I hope this puts you in the right direction for a successful sysprep image. If you have any questions I will be glad to help. Good luck!