Windows 7 - sysprep

Hello experts,
I've just been introduced to one of my clients who has an onsite local engineer supporting the 50 of users/machines at this particular site
The site has been having all sorts of issues relating to roaming profiles for thier Windows 7 users, as well as machines not registering in wsus console
Found out the the way this tech is deploying machines, his essentially cloning machine without any Sys prep, and his admament this won't cause any issues, can you advise if this would be correct, what are the disadvantages of not Sys prepping a machine before capture, what sort of issues can it introduce further down the line
Craig PaulsenSystems EngineerAsked:
Who is Participating?
Mike TConnect With a Mentor Leading EngineerCommented:

The question I always have is simple: why would you NOT ever run sysprep? It's not like it's some horribly complicated act that forces you to wait until there's a blue moon on a Tuesday, and you have to sacirfice a goat.

You just double-click Or run a command line and wait 5 whole minutes.

As mentioned above:
a) the outcome of NOT running sysprep is not predictable; no-one can say it definitely breaks XYZ, but it might
b) the one and only method of imaging a system that Microsoft supports is running sysprep. They don't care what imaging tool you use (ghost, imagex, Acronis etc.) - they just mandate you run sysprep to "avoid issues".

The bottom line is you run sysprep in case it might cause unpredictable behaviour,
If you don't the risk of seeing behaviour you cannot explain is that much greater and yes, you have NO support from MS.

Given that, just run it and get on with life.
Note, when cloning you won't get "similar" SIDs you will get identical ones, which is what you want to avoid.

Finally, one thing I would add is if you forget about the SID altogether, sysprep does a lot more on top of changing the SID than you would have to do manually, which I'm guessing your admin might not do either.

Resets Windows Product Activation
clears out MRU entries e.g. so the system doesn't have your username in
Strips the computer name;
Puts the machine in a workgroup if it's not already
Uninstalls plug and play device drivers, which reduces the risk of hardware compatibility problems
Clears the eventlog (with the reseal option)
Deletes restore points
Removes the local administrator’s profile/disables the account; so you don’t accidentally copy your admin files to every PC in the company!
Boots to Audit mode so you can install third-party applications and device drivers
Runs mini-setup at first boot afterwards, so NOW you name the machine

For me, those are the real reasons to run sysprep. The duplicate SID is more of a "safer to do it than not and risk your boss standing at your desk to explain why you didn't do it" thing.

SandeepConnect With a Mentor Sr System AdministratorCommented:
If sysprep is not used all the system will have similar SID which will trouble you to add in WSUS. When such cloned machines are added in WSUS they face issues. To fix WSUS issues on such Cloned machine you can try this script on those Machines.

This script you can run on all those machine or simply configure it through GPO as Start Up script until the issue is fixed.

Create a batch file named ResetSUSClientID.bat using the text below:

Rem – Batch script to delete duplicate SusClientIDs
Rem – Implement this script as a “Startup” or “Logon”  script
Rem – Script creates an output file called %Systemdrive%\SUSClientID.log
Rem – If the %Systemdrive%\SUSClientID.log is already present, then the script simply exits

@Echo off
if exist %systemdrive%\SUSClientID.log goto end
net stop wuauserv
net stop bits
reg delete “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate” /v PingID /f  > %systemdrive%\SUSClientID.log 2>&1
reg delete “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate” /v AccountDomainSid /f  >> %systemdrive%\SUSClientID.log 2>&1
reg delete “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate” /v SusClientId /f  >> %systemdrive%\SUSClientID.log 2>&1
net start wuauserv
wuauclt.exe /resetauthorization /detectnow          
SandeepSr System AdministratorCommented:
If you wish to run SysPrep on all those machine, you can use such Answer file and run it with SysPrep when those systems are getting built.

Hope this Helps
Benjamin VoglarConnect With a Mentor IT ProCommented:
An experienced administrator will say "absolutely!" and describe all sorts of scenarios in which the existence of two systems with the same SID could create a black hole that swallows up the planet. They've taken on faith what we all have accepted for years: Duplicate SIDs are the highest form of evil.

Even Mark Russinovich, a software engineer and author who works for Microsoft as a technical fellow, believed that multiple machines with the same SID on the same network would pose a security risk.
Lee W, MVPConnect With a Mentor Technology and Business Process AdvisorCommented:
It's very simple:

Sysprep is the only supported method of cloning.  The only thing I've heard of actually being an issue is WSUS.  HOWEVER, because non-sysprep'd systems are NOT SUPPORTED by Microsoft, you never know when a patch changes something and something else is affected.  Microsoft would only TEST against sysprep'd systems, so there could be issues at any time.  Bottom line, ALWAYS SYSPREP.  Redeploy those machines properly.  You should never put your network in an unsupported state unless you absolutely have to and then you should be looking for ways back to supported ASAP.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.