Solved

Windows 7 - sysprep

Posted on 2016-08-17
5
121 Views
Last Modified: 2016-10-27
Hello experts,
I've just been introduced to one of my clients who has an onsite local engineer supporting the 50 of users/machines at this particular site
The site has been having all sorts of issues relating to roaming profiles for thier Windows 7 users, as well as machines not registering in wsus console
Found out the the way this tech is deploying machines, his essentially cloning machine without any Sys prep, and his admament this won't cause any issues, can you advise if this would be correct, what are the disadvantages of not Sys prepping a machine before capture, what sort of issues can it introduce further down the line
0
Comment
Question by:craigleenz
5 Comments
 
LVL 12

Assisted Solution

by:Sandeep
Sandeep earned 100 total points
ID: 41759168
If sysprep is not used all the system will have similar SID which will trouble you to add in WSUS. When such cloned machines are added in WSUS they face issues. To fix WSUS issues on such Cloned machine you can try this script on those Machines.

This script you can run on all those machine or simply configure it through GPO as Start Up script until the issue is fixed.


Create a batch file named ResetSUSClientID.bat using the text below:

Rem – Batch script to delete duplicate SusClientIDs
Rem – Implement this script as a “Startup” or “Logon”  script
Rem – Script creates an output file called %Systemdrive%\SUSClientID.log
Rem – If the %Systemdrive%\SUSClientID.log is already present, then the script simply exits


@Echo off
if exist %systemdrive%\SUSClientID.log goto end
net stop wuauserv
net stop bits
reg delete “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate” /v PingID /f  > %systemdrive%\SUSClientID.log 2>&1
reg delete “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate” /v AccountDomainSid /f  >> %systemdrive%\SUSClientID.log 2>&1
reg delete “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate” /v SusClientId /f  >> %systemdrive%\SUSClientID.log 2>&1
net start wuauserv
wuauclt.exe /resetauthorization /detectnow          
:end
exit
0
 
LVL 12

Expert Comment

by:Sandeep
ID: 41759169
If you wish to run SysPrep on all those machine, you can use such Answer file and run it with SysPrep when those systems are getting built.

https://technet.microsoft.com/en-gb/library/hh824849.aspx

Hope this Helps
0
 
LVL 12

Assisted Solution

by:Benjamin Voglar
Benjamin Voglar earned 100 total points
ID: 41759171
An experienced administrator will say "absolutely!" and describe all sorts of scenarios in which the existence of two systems with the same SID could create a black hole that swallows up the planet. They've taken on faith what we all have accepted for years: Duplicate SIDs are the highest form of evil.

Even Mark Russinovich, a software engineer and author who works for Microsoft as a technical fellow, believed that multiple machines with the same SID on the same network would pose a security risk.

http://www.infoworld.com/article/2628004/microsoft-windows/the-sid-debate--to-sysprep-or-not-to-sysprep.html
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 200 total points
ID: 41759483
It's very simple:

Sysprep is the only supported method of cloning.  The only thing I've heard of actually being an issue is WSUS.  HOWEVER, because non-sysprep'd systems are NOT SUPPORTED by Microsoft, you never know when a patch changes something and something else is affected.  Microsoft would only TEST against sysprep'd systems, so there could be issues at any time.  Bottom line, ALWAYS SYSPREP.  Redeploy those machines properly.  You should never put your network in an unsupported state unless you absolutely have to and then you should be looking for ways back to supported ASAP.
0
 
LVL 16

Accepted Solution

by:
Mike T earned 100 total points
ID: 41761743
Hi,

The question I always have is simple: why would you NOT ever run sysprep? It's not like it's some horribly complicated act that forces you to wait until there's a blue moon on a Tuesday, and you have to sacirfice a goat.

You just double-click Or run a command line and wait 5 whole minutes.

As mentioned above:
a) the outcome of NOT running sysprep is not predictable; no-one can say it definitely breaks XYZ, but it might
b) the one and only method of imaging a system that Microsoft supports is running sysprep. They don't care what imaging tool you use (ghost, imagex, Acronis etc.) - they just mandate you run sysprep to "avoid issues".

The bottom line is you run sysprep in case it might cause unpredictable behaviour,
If you don't the risk of seeing behaviour you cannot explain is that much greater and yes, you have NO support from MS.

Given that, just run it and get on with life.
Note, when cloning you won't get "similar" SIDs you will get identical ones, which is what you want to avoid.

Finally, one thing I would add is if you forget about the SID altogether, sysprep does a lot more on top of changing the SID than you would have to do manually, which I'm guessing your admin might not do either.

Resets Windows Product Activation
clears out MRU entries e.g. so the system doesn't have your username in
Strips the computer name;
Puts the machine in a workgroup if it's not already
Uninstalls plug and play device drivers, which reduces the risk of hardware compatibility problems
Clears the eventlog (with the reseal option)
Deletes restore points
Removes the local administrator’s profile/disables the account; so you don’t accidentally copy your admin files to every PC in the company!
Boots to Audit mode so you can install third-party applications and device drivers
Runs mini-setup at first boot afterwards, so NOW you name the machine

For me, those are the real reasons to run sysprep. The duplicate SID is more of a "safer to do it than not and risk your boss standing at your desk to explain why you didn't do it" thing.

Mike
1

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now