Windows 7 - sysprep

Posted on 2016-08-17
Medium Priority
Last Modified: 2016-10-27
Hello experts,
I've just been introduced to one of my clients who has an onsite local engineer supporting the 50 of users/machines at this particular site
The site has been having all sorts of issues relating to roaming profiles for thier Windows 7 users, as well as machines not registering in wsus console
Found out the the way this tech is deploying machines, his essentially cloning machine without any Sys prep, and his admament this won't cause any issues, can you advise if this would be correct, what are the disadvantages of not Sys prepping a machine before capture, what sort of issues can it introduce further down the line
Question by:craigleenz
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 12

Assisted Solution

Sandeep earned 400 total points
ID: 41759168
If sysprep is not used all the system will have similar SID which will trouble you to add in WSUS. When such cloned machines are added in WSUS they face issues. To fix WSUS issues on such Cloned machine you can try this script on those Machines.

This script you can run on all those machine or simply configure it through GPO as Start Up script until the issue is fixed.

Create a batch file named ResetSUSClientID.bat using the text below:

Rem – Batch script to delete duplicate SusClientIDs
Rem – Implement this script as a “Startup” or “Logon”  script
Rem – Script creates an output file called %Systemdrive%\SUSClientID.log
Rem – If the %Systemdrive%\SUSClientID.log is already present, then the script simply exits

@Echo off
if exist %systemdrive%\SUSClientID.log goto end
net stop wuauserv
net stop bits
reg delete “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate” /v PingID /f  > %systemdrive%\SUSClientID.log 2>&1
reg delete “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate” /v AccountDomainSid /f  >> %systemdrive%\SUSClientID.log 2>&1
reg delete “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate” /v SusClientId /f  >> %systemdrive%\SUSClientID.log 2>&1
net start wuauserv
wuauclt.exe /resetauthorization /detectnow          
LVL 12

Expert Comment

ID: 41759169
If you wish to run SysPrep on all those machine, you can use such Answer file and run it with SysPrep when those systems are getting built.


Hope this Helps
LVL 12

Assisted Solution

by:Benjamin Voglar
Benjamin Voglar earned 400 total points
ID: 41759171
An experienced administrator will say "absolutely!" and describe all sorts of scenarios in which the existence of two systems with the same SID could create a black hole that swallows up the planet. They've taken on faith what we all have accepted for years: Duplicate SIDs are the highest form of evil.

Even Mark Russinovich, a software engineer and author who works for Microsoft as a technical fellow, believed that multiple machines with the same SID on the same network would pose a security risk.

LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 800 total points
ID: 41759483
It's very simple:

Sysprep is the only supported method of cloning.  The only thing I've heard of actually being an issue is WSUS.  HOWEVER, because non-sysprep'd systems are NOT SUPPORTED by Microsoft, you never know when a patch changes something and something else is affected.  Microsoft would only TEST against sysprep'd systems, so there could be issues at any time.  Bottom line, ALWAYS SYSPREP.  Redeploy those machines properly.  You should never put your network in an unsupported state unless you absolutely have to and then you should be looking for ways back to supported ASAP.
LVL 18

Accepted Solution

Mike T earned 400 total points
ID: 41761743

The question I always have is simple: why would you NOT ever run sysprep? It's not like it's some horribly complicated act that forces you to wait until there's a blue moon on a Tuesday, and you have to sacirfice a goat.

You just double-click Or run a command line and wait 5 whole minutes.

As mentioned above:
a) the outcome of NOT running sysprep is not predictable; no-one can say it definitely breaks XYZ, but it might
b) the one and only method of imaging a system that Microsoft supports is running sysprep. They don't care what imaging tool you use (ghost, imagex, Acronis etc.) - they just mandate you run sysprep to "avoid issues".

The bottom line is you run sysprep in case it might cause unpredictable behaviour,
If you don't the risk of seeing behaviour you cannot explain is that much greater and yes, you have NO support from MS.

Given that, just run it and get on with life.
Note, when cloning you won't get "similar" SIDs you will get identical ones, which is what you want to avoid.

Finally, one thing I would add is if you forget about the SID altogether, sysprep does a lot more on top of changing the SID than you would have to do manually, which I'm guessing your admin might not do either.

Resets Windows Product Activation
clears out MRU entries e.g. so the system doesn't have your username in
Strips the computer name;
Puts the machine in a workgroup if it's not already
Uninstalls plug and play device drivers, which reduces the risk of hardware compatibility problems
Clears the eventlog (with the reseal option)
Deletes restore points
Removes the local administrator’s profile/disables the account; so you don’t accidentally copy your admin files to every PC in the company!
Boots to Audit mode so you can install third-party applications and device drivers
Runs mini-setup at first boot afterwards, so NOW you name the machine

For me, those are the real reasons to run sysprep. The duplicate SID is more of a "safer to do it than not and risk your boss standing at your desk to explain why you didn't do it" thing.


Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article outlines the struggles that Macs encounter in Windows-dominated workplace environments – and what Mac users can do to improve their network connectivity and remain productive.
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question