SYSPREP or NOT SYSPREP

If I create a master image for Windows 7 ENT.....never add that laptop to a domain...can I clone that image to other laptops with identical hardware without running sysprep?

I'm seeing conflicting messages when I research this.

Thanks!
ejcristAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Technically it should work but it is always recommended to Sysprep your master image properly. This is so that you abide by the EULA for Windows.

Will.
JohnBusiness Consultant (Owner)Commented:
If you have a bunch of the same machines, one image will work on other machines. People will say this is not legal with OEM Windows, but I have done it, kept all the licensing and withstood a Microsoft Audit. Big yawn.

If the machines are different, Sysprep is a better way to go.
ejcristAuthor Commented:
We're a volume license school so no OEM.
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

JohnBusiness Consultant (Owner)Commented:
Then you likely have different machines as should use Sysprep as Will suggested .
Adam LeinssServer SpecialistCommented:
Sure, go ahead and skip SYSPREP...as long as you don't plan to use KMS for OS activations, SCCM or WSUS in your environment or anything requiring unique computer GUIDs.
Lee W, MVPTechnology and Business Process AdvisorCommented:
Sysprep is NOT OPTIONAL.  It is a requirement.  It is NOT just to ensure a unique SID.  Various teams at MS include code to ensure the machine can be imaged and deployed properly.  Even if Adam Leinss is correct AND you are certain you will never use the features/services he mentions, can he guarantee MS won't release a critical update or another service/feature of Server that requires some aspect of Sysprep to have been run?  Those may be the generally known issues TODAY but there could be more tomorrow.  Microsoft REQUIRES you sysprep for a supported image.  That means if you follow the requirements, you are essentially protected from stupid issues that could cause you dozens or hundreds of hours of work at a later date.

For a simple question, WHY do you want to skip sysprep?
ejcristAuthor Commented:
Lee....thanks and I share some of your specific concerns.  We're a 1-1 laptop high school with about 650 laptops.  twice a year, my student team collect the laptops and we do re-imaging with a fresh master image.  We use 2 multi connect hard drive duplicators that can duplicate 25 drives in about 20 minutes.  My team will then line up and turn on all laptops wait for sysprep to run the unattend file, confirm addition to our domain and then login as the student assigned to the laptop so the profile is created before handing the laptop back to the students. Each grade level has about 150 of the exact same Dell model with the exact same hardware config.  We have the process down to a science, but not having to wait for the unattend to finish would dramatically reduce time per unit.
Adam LeinssServer SpecialistCommented:
Surprised no one started parroting Mark Russinovich's "unique SIDs are needed anymore" article.  Clearly, I have to assume the questioner knows that using SYSPREP is a Microsoft best practice and I've used SYSPREP for the past 12 years within my own corporate environments.  However, we did support a non-profit school organization within the building and I did not SYSPREP those because: they were unmanaged devices, not on a domain and the students had the option to purchase the unit at the end of the school year.

So to rephrase the original question in my own words: "I know SYSPREP is a Microsoft best practice, but do I really need to do it?" and the answer is if you don't require support from Microsoft tech support and you don't use the technologies above, then yes, Windows will work fine using disk cloning.
Lee W, MVPTechnology and Business Process AdvisorCommented:
Adam, Mark's article addresses his utility NewSID - not the need to sysprep - he says it should still be done.  And I'll reiterate, are you personally guaranteeing Microsoft will never release anything else that can be affected by inappropriately imaged machines?  If so, before we trust your capability to support them, I'd like to know what resources you have to back that assurance up.  And then, of course, I need contact information...

ejcrist, it's not clear when you're running sysprep - BEFORE or AFTER you deploy the image?  Sysprep should be run BEFORE.

If you mean the OOBE (out of box experience), I would suggest you look into other automation tools.  At one client where we use WDS to deploy systems, we sysprep a new image once per year or so (building that image takes a little time, but the end result is a system you can turn on and runs a slightly interactive script (Answer 3-4 questions at the start of the post imaging process - which could have the interaction reduced or eliminated if we didn't have a significant number of "types" of systems (development, standard, loaner, etc) and didn't provide a local admin account custom to each user).  That script runs through the installation of software such as MS Office, third party apps such as Java, Acrobat, Firefox, etc (using NiNite), and various other configuration and settings, as well as kicking off a Windows update.  WITH the interaction, most machines are ready in about an hour and are fully up to date.

An alternative would be to use MDT to deploy software and more customized images.

I think you're better off asking how to streamline the process rather than how to get away with doing something that isn't recommended... but then we need a more detailed picture of what's happening.
ejcristAuthor Commented:
When I finish building a master image, I run sysprep with /generalize /oobe /quiet /shutdown /unattend:unattend.xml

Once it shuts down, I use that on the cloner to copy to my hard drives.  When the cloned drive is placed into the laptop and turned on, it runs through my unattend.xml file and comes up (after about 5-6 minutes) to the login screen
Adam LeinssServer SpecialistCommented:
I think my position is pretty clear: no need to re-state it again for the third time.  I checked and the questioner appears to have been in IT for at least 6 years given his question history.  There's the theoretical answer and then there is the practical answer.  When Microsoft removed the "Copy profile" option to other profiles from Vista to 7, some techs got in an uproar and tried to find ways around this restriction.  Example: http://www.irongeek.com/i.php?page=security/windows-7-copy-default-profile

The only Microsoft supported scenario for copying a profile to the default user profile post Vista is using SYSPREP.  However, you can work around it and it appears to work using the Windows Enabler hack.  Would I do that?  No.  The point is you can and it seems to work.

Back in the XP days, I would not run SYSPREP for our "test cell PCs" as it would kill certain services in the image.  I would just Ghost them and then run NEWSID against them coming out the other end.  I deployed them this way for at least 5 years without any problems.  I was willing to accept the risk of not using SYSPREP and it worked just fine.

Sysprep or not to sysprep?  Depends on what your risk tolerance is.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lee W, MVPTechnology and Business Process AdvisorCommented:
Ok... so I'm confused.  From the point at which the hard drive duplication is completed, it takes ~10 minutes to have the first machine completed (accounting for the re-installation of the hard drive in the unit and powering on)... Where is the sysprep appearing to slow you down?  The unattend script runs for 5-6 minutes and leaves you in your final state?  So... what am I missing?

BTW, why use a hard drive duplicator and not use WDS with a multi-cast broadcast to deploy to large batches of systems over a gig switch.  HD duplicators, I imagine, copy every byte on the drive - data occupying or not... with larger drives, it could still take an hour or two to duplicate.  WDS images are file based and don't need to copy every byte, occupied or not, from the image.  You could have, with a quick login and selection on each machine (quicker than removing the hard drives and putting them back later), each machine fully deployed in 30 minutes.
ejcristAuthor Commented:
Lee....good points, all considered.

My cloners don't copy everybyte (kanguru.com)  it does a 'brief' copy that only takes and copies from used hd sectors...much faster copy than a FULL copy setting

As for my process, we are never sure how much battery life is left on any laptop and I can't fathom having power outlets and ac adapters for my laptops...and stringing all those ethernet cables is not something I want to return to (did all that back in the days of using Ghost)

My team of 10 kids do a great job and taking hd's in and out of machines.  Besides, we're a warranty repair center for Dell and Lenovo laptops so on top of re-imaging, my team is also performing repairs on units, too.

My team can put to bed 215 laptops, reimaged and repaired on average in about 1.5 days.  My question about sysprep was mainly to try and whittle down any time I can.
Lee W, MVPTechnology and Business Process AdvisorCommented:
(More for my FYI) but when I've sent laptops off to repair centers, I've never had to include the power supply... the implication being you folks would have them... I guess I would just lineup power supplies and connect them... I agree - you never know how much battery is left so I don't chance it - plug in - besides, the system usually steps down capabilities on battery - if you want to speed things up a little, give it AC power so it runs at full speed).

Am I still missing something - where do you hope on saving the time... not running the OOBE?  But you still have to connect to the domain manually then... At a minimum, which would be an interactive task and potentially take up a good chunk of that unattend script time going through OOBE to get to it.
Mike TLeading EngineerCommented:
Hi,

I agree with Lee. The problem with asking people on the internet (irony mode tingling) is it's hard not to read things born more from bias than fact.

This is a good example:
http://www.silica.com/designers-community/forum/view/topic/is_sysprep_absolutely_necessary.html

Someone asks despite being told, categorically by Microsoft to run sysprep, an MVP answers with a complex answer (which means more fiddling for you than just running sysprep) and the trail ends with "my company won't run it but now we're getting this strange error please help.

I *will* quote the full title and last line of Mr Russinovich's post:
The Machine SID Duplication Myth (and Why Sysprep Matters)
...so Microsoft’s support policy will still require cloned systems to be made unique with Sysprep.

This raises the question that Lee did: you're supporting IT in a school. Are you really never likely to want support from Microsoft? Are you that comfortable that not running sysprep does something that will not cause problems that are arcane enough to need hours troubleshooting?

I get your need to shave time off your process but plugging the laptops into the mains is likely to improve the speed. Try one and time it. Modern processors scale back a surprising amount when on battery.

You could also try trimming the fat from the master image - wallpaper etc. to get the size down. That will also help. Finally, running the disk clean-up tool to remove unwanted patch uninstalls will help a lot too.

Mike
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.