leozack

I'm not doing things manually, I'm making an image and imaging it rather than making an isntallation then copying it and reinstalling it everywhere WIM style with WDS. I've trawled around and hopefully the examples on the following links should be enough to get everyone modifying their default user profile witht he registry at setupcomplete time I think rather than firstruntime though maybe it doesn't matter much. I certainly can't afford to try the copyprofile true option for sysprep as this seemed to destroy by build :| Not that I know why of course - but pretty sure that was the only line I changed when my sysprep started failing http://www.windows-noob.com/forums/index.php?/topic/3379-configure-default-user-profile-while-deploying-windows-7/ http://mockbox.net/windows-7/227-customise-windows-7-default-profile.html

Well if you do what I've done above with that batch file and vbs file and answerfile then I'm happy to report that the machine WILL join the domain using the name you give it when it reboots after sysprep and it will all be done in 1 boot and you can even specify the OU to put it in as part of the answerfile as shown above. I did forget to show the vbs though which is very simple and just replaces the OOBE call in the registry before sysprep restarts and then runs the OOBE call at the end (only downside is it leaves a console window floating throughout and I've LOVE someone to tell me how to ditch that but it's the least of my worries for a system that works so well like previous XP sysprepping!). But I'm now BEGGING someone to tell me how I can use the copyprofile true line without breaking sysprep! What needs to be done to make it work? I'm also begging to know where the pages are I was reading the other day that had people listing all these registry customisations they apply to the default user by mounting the default ntuser.dat and then running the customisations and then dismounting it - seems I could use that instead of the copyprofile to make sure default/new users get the tweaks. So here's the vbs Option Explicit Dim answer, answer2, computerName, domainAdminPass, unattendFile, WshShell, fso, unattendFileObject, strContents unattendFile = "C:\Windows\Panther\unattend.xml" Set WshShell = WScript.CreateObject("WScript.Shell") Set fso = CreateObject("Scripting.FileSystemObject") Do While answer <> vbYes computerName = InputBox("Enter the desired Computer Name:", "Computer Name") answer = MsgBox("Is this correct?" & vbCrLf & "Computer Name: " & computerName, vbYesNo, "Verify Name") Loop 'Do While answer2 <> vbYes ' domainAdminPass = InputBox("Enter the Domain Admin Password :", "Domain Admin Password") ' answer2 = MsgBox("Is this correct?" & vbCrLf & "Domain Admin Password: " & domainAdminPass, vbYesNo, "Verify Password") 'Loop If fso.FileExists(unattendFile) = False Then wscript.echo "ERROR: Could not find the unattend file" Else 'Read the unattend file in and replace apprpriate variables Set unattendFileObject = fso.OpenTextFile(unattendFile, 1) strContents = unattendFileObject.ReadAll strContents = Replace(strContents, "Win7SP1Computer", computerName) 'strContents = Replace(strContents, "ReplaceMe2", domainAdminPass) unattendFileObject.Close 'Write the updated contents back to the unattend file Set unattendFileObject = fso.OpenTextFile(unattendFile, 2) unattendFileObject.Write(strContents) unattendFileObject.Close End If ' Launch setup (will use the modified unattend.xml) WScript.Sleep 5000 WshShell.Run "%WINDIR%\System32\oobe\windeploy.exe", 0, True

Ok so I thought I had things sort - I have a working batchfile and sysprep file (below) which work in combination to let me sysprep -> reboot -> name pc -> join domain -> reboot. Job done, same as XP. However I noticed that my profile stuff was being wiped during sysprep. So I made the local administrator account how I want the default profile and added the <copyprofile>true</copyprofile> under specialise pass in windows setup. This somehow broke sysprep which then failed the minisetup saying something in specialise windows setup is wrong. I tried editing the unattend.xml offline to remove it and rebooting but it then says there was an unexpected stutdown or something and the end result is I've borked that whole image again. So ... without using the copyprofile option - how can I get the HKCU info I need into the default user account ready for new users logging on? (though I normally make roaming profiles but it would help if they already had this info in them too) Batchfile - RUN AS ADMINISTRATOR @echo off REM ----------- WARN USER BEFORE CONTINUING echo. echo. echo. echo. echo Last chance to abort!!!!!! echo. echo Else press any key to continue SysPrep ... echo. echo. echo. echo. pause echo. echo. REM ----------- COPY FILES TO C DRIVE echo Copying sysprep files ... echo. copy /Y "%~dp0Sysprep.xml" "%SystemRoot%\system32\sysprep\unattend.xml" > nul copy /Y "%~dp0EditUnattend.vbs" "%SystemRoot%\system32\sysprep\EditUnattend.vbs" > nul REM ----------- STOP STUFF THAT MIGHT BREAK SYSPREP echo Stopping services ... echo. sc stop WMPNetworkSvc > nul 2>&1 Taskkill /IM wmpnscfg.exe /F > nul 2>&1 REM ----------- KILL SIDESHOW ENTRY THAT BREAKS SYSPREP reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize /v {fac80c8b-8a93-0a48-6a6f-2fe2739a2b89} /f >nul REM ----------- CALC SYSTEM PERFORMANCE NOW INSTEAD OF LATER echo Measuring system performance to save time later ... (please wait 5m) echo. rem winsat prepop REM ----------- DEL TEMP FILES echo Deleting temporary files ... echo. del %temp%\*.* /f /s /q > nul REM ----------- RUN SYSPREP echo Running Sysyprep ... echo. %SystemRoot%\system32\sysprep\sysprep.exe /generalize /oobe /quit /unattend:%Systemroot%\system32\sysprep\unattend.xml REM ----------- PREPARE INSERTED PROMPT FOR PCNAME AFTER REBOOT BEFORE OOBE echo Adding RenamePC script for OOBE setup ... echo. reg add HKLM\System\Setup /v CmdLine /t REG_SZ /d "cscript //nologo C:\Windows\System32\Sysprep\EditUnattend.vbs" /f REM ----------- SHUTDOWN echo Shutting down ... echo. Shutdown /p /d p:2:4 <?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="generalize"> <component name="Microsoft-Windows-Security-SPP" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <SkipRearm>1</SkipRearm> </component> <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> </component> </settings> <settings pass="oobeSystem"> <component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <InputLocale>en-GB</InputLocale> <SystemLocale>en-GB</SystemLocale> <UILanguage>en-US</UILanguage> <UILanguageFallback>en-GB</UILanguageFallback> <UserLocale>en-GB</UserLocale> </component> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <OOBE> <HideEULAPage>true</HideEULAPage> <NetworkLocation>Work</NetworkLocation> <ProtectYourPC>3</ProtectYourPC> </OOBE> <UserAccounts> <LocalAccounts> <LocalAccount wcm:action="add"> <Password> <Value>password</Value> <PlainText>true</PlainText> </Password> <Description>Local Admin</Description> <DisplayName>LocalAdmin</DisplayName> <Group>Administrators</Group> <Name>localadmin</Name> </LocalAccount> </LocalAccounts> </UserAccounts> <TimeZone>GMT Standard Time</TimeZone> <RegisteredOrganization>Schools IT</RegisteredOrganization> <RegisteredOwner>St Martins</RegisteredOwner> <ShowWindowsLive>false</ShowWindowsLive> <FirstLogonCommands> <SynchronousCommand wcm:action="add"> <CommandLine>cscript //b c:\windows\system32\slmgr.vbs /ato</CommandLine> <Order>1</Order> <RequiresUserInput>false</RequiresUserInput> </SynchronousCommand> </FirstLogonCommands> </component> </settings> <settings pass="specialize"> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ProductKey></ProductKey> <ComputerName>Win7SP1Sysprep</ComputerName> <RegisteredOrganization>Schools IT</RegisteredOrganization> <RegisteredOwner>St Martins</RegisteredOwner> <ShowWindowsLive>false</ShowWindowsLive> <TimeZone>GMT Standard Time</TimeZone> </component> <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Identification> <Credentials> <Domain>stmartins-cur.local</Domain> <Username>domainadmin</Username> <Password>password</Password> </Credentials> <JoinDomain>stmartins-cur.local</JoinDomain> <MachineObjectOU>OU=Workstations,OU=Curric,DC=stmartins-cur,DC=local</MachineObjectOU> </Identification> </component> </settings> <cpi:offlineImage cpi:source="catalog:c:/windows/system32/sysprep/install_windows 7 professional.clg" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> </unattend>

Ok so assuming I'm using sysprep to generalise and shutdown and then taking a ghost image I will deploy, they need to boot up with the minimal amoutn of work - with XP this meant just benig asked for the PCname and the answerfile handlnig the domainjoin - all done in the first minisetup boot - then it reboots and you're good to go. So currently I haev the sysprep answerfile filled with the autodomainjoin information so the only issue is the machinename. I tell sysprep to run but /quit not /shutdown and set the regpath to hklm\system\setup\cmdline to point to a vbs which asks me what the machinename is and writes it into the answerfile - then runs the oobe setup which will hopefully join the domain etc. Haven't had a successful domanijoin yet (I downloaded netdom for win7 from rsat tools incase I need to try some firstlogoncommands method to join the domain?) but currently what annoys me is the cmdline I have to use to run the vba to edit the machinename is done with cscript eg "cscript %windir%\system32\setup\scripts\askpcname.vbs" but the annoyance is that in the minisetup I now have a commandprompt wnidow floating in the background not just while the vbs runs but also while the oobe setup runs (called at the end of the vbs). If I tell the cmdilne to not wait for the vbs to finish then it closes but that kills the machine into a reboot and breaks the whole build. So I'm wondering if there is a way to add the cmdline to call the vbs withouth a cmd window benig visible the whole time? It's just tempting someone to close it is all ... Sidenote - surely setupcomlpete.cmd doesn't run as part of sysprep oobe - only when installing the first time? If it runs during sysprep oobe what time does it run?

Indeed they want you to use this installation deployment method same as they anted you to use RIS before vista days - but many people would rather use imaging deployment for simplicity and speed and multicasting deployment etc. I know there are ways to get MDT or whateer to multicast but it still takes longer to deploy an installation than to deploy an image as far as I'm aware, plus more configuration happens afterwards since installation often involve task lists of onfig to run/install afterwards whereas imaging it all in your original image usually. I'm willing to say ok lets go back to vanilla win7sp1 and just integrate some updates including ie9 and shove dotnet4 on at setupcomplete.cmd time - but for sysprep'ing I'm failing to find a way to have the machien reboot generalised and let you chose it's name and watch it join the domain and job done. So now I'm thinking ok what is the answerfile to just generalise it and then bootup and ask you the name and then reboot and then join the domain and then reboot - if that is the least user-interaction you can have nowadays?

I want it to not be a deployment though - I want it to be an image I just image out without installation, then the rest of sysprep minisetup runs and does the work. It's how I've always done it with XP and it's fine - why can't I just get a working sysprep or tools to do it? :\ I struggle to beleive that everyone has gone WDS/MDT and noone is just imaging systems and sysprep'ing etc e.e

They're for school sites so 10-30 are the same usually so I've always just had ghost images for each type sysprep'd ready to be imaged out and just the pcname put in and the rest is done for you. I've avoided WDS and other "installation" deployments like RIS was because I don't want to "install and configure a workstation" I want to quickly iamge it out and have it boot up through a quick minisetup. It all works so easily in XP, I don't want to be installing win7 pcs then lettings apps configure and whatever - imaging should be faster (as far as I'm aware). As I mentioned there is the possibility of using powershell to join the domain (never used PS before) but the way I see it I've no idea how to get win7 sysprep to generalise the machine but then after being imaged, to ask you for a machine name and then join a domain with that name without multiple reboots which I want to avoid unless it really is all automated/scripted so that it makes no difference. And since this has to be one of the most common things to want to do with sysprep (setup a pc to bootup and only ask for a pcname) I figured someone somewhere must be able to clue me in? I'm sick of not getting any training and having to burn my midnight oil trying to figure it out myself only to have hours wasted as another image gets screwed up be a bad sysprep >_< PS kudos on your Ravage

With the XP sysprep I could make an answer file with all the info in except computername, I could put in the domainname to join for a site and name/password to join it, and then I could reseal the PC and image it out. When they bootup they only ask you for the PCname and then join the domain and reboot leaving you at a login screen to login to the domain and all is ready. However with win7 I'm crying at the obstructions with just doing the same thing. I've reading lots everywhere that you need multiple reboots to rename a machine then reboot, then join to a domain and reboot, etc - be and that's using powershell scripts. Using unattend.xml with the unattendedjoin component joins it BEFORE it asks for a pcname - so that's useless. I've tried a trick where as you sysprep you make a regentry to run a vbscript before OOBE which asks you for the pcname and writes it into the unattend.xml before the oobe uses the xml to join the domain using that pcname. But for some reason while the pcname part works the domainjoin doesn't. So why is it XP is capable of a miniswetupwizard that asks just for a pcname and then joins a domain and then reboots and it all works - yet I can't find a way to do it with win7? I managed to write off my whole master image yesterday into a reboot cycle after a sysprep attempt failed in shell-setup during specialise pass -__- I'm really sick of this contrived nonsense when I had everything working just fine with xp and a simple sysprep.inf and I only want to do the same for win7 Clearly the result I'm after should be the minimal amount of work to do AFTER imaging - hence minisetup should only ask for pcname (to be unique but not random) and take the rest from an answerfile and that's that. Right now I can't get it to enter the key or activate itself or join the domain or anything Does ANYONE know how to run a simple sysprep that will generalise the system then bootup and only ask for a pcname and then join the domain with that name and reboot? D:

Like I said I'm not trying to be pedantic here but I'm not seeing WHY you use winaudit (or what you script in winaudit). I haven't tried winaudit yet because from everything I've read (yes I do read your links and the guides etc) it just says it's for OEM's to configure a PC ready for repackaging for an end user. Ok so technically after this build installs I configure it and then image it out for a certain PC model at a certain site, but I'm used to just doing that in normal windows then sysprepping so I haven't used audit mode and audit mode still requires sysprepp'ing afterwards with /oobe, and I see nothing about audit mode that will eid me scripting installs which run as firstlogoncommands anyway? so if you have a secret reason to use audit mode then tell me - otherwise I just don't see the difference. I'm currently ignoring the build problems and trying to work out what I need in a new unattend.xml made JUST for sysprepp'ing a machine to /generalise then reboot and join itself to a domain automatically ready for a user. Because that is the sysprep I run before taking the image so when the imaged PCs bootup they just ask for a pcname then autojoin the domain and everything is ready for a user

I know I'm being a right id*** here but I'm just not seeing any reason why I need it to do any audit system/user mode I have here a build where I used the vanilla win7sp1 media and then installed the 3 dotnet 351 updates and then installed dotnet4. No warnings in applog! Then 20m later or something without diong anything - 1 shows up. Now days later none since! Should I just get on and deploy a build and ignore these 1130 errors? I can't find any good information online to fix them and they're only warnings not errors. It just annoys me as I'd like a clean build with clean event logs not generating spam. I don't mind doing dotnet 4 at setupcomplete.cmd time in passive mode and I don't mind running my script of updates to dotnet351 or other stuff at firstlogoncommands time - I don't see why I should go into audit mode - especially when it may be rebooted many times when being configured before it will be sysprep'd (and I've recently been confused as to what the /generalize command on sysprep does - I read somewhere it just deletes the admin account or something? O_o

Maxxpsoft looking at your 2nd post there it seems you just have this <settings pass="auditSystem"> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <AutoLogon> <Enabled>true</Enabled> <LogonCount>2</LogonCount> <Username>Admin</Username> </AutoLogon> <Display> <ColorDepth>32</ColorDepth> <HorizontalResolution>1024</HorizontalResolution> <VerticalResolution>768</VerticalResolution> </Display> <UserAccounts> <LocalAccounts> <LocalAccount wcm:action="add"> <Password> <Value></Value> <PlainText>true</PlainText> </Password> <Group>Administrators</Group> <Name>Admin</Name> </LocalAccount> </LocalAccounts> </UserAccounts> </component> </settings> <settings pass="auditUser"> <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <RunSynchronous> <RunSynchronousCommand wcm:action="add"> <Order>400</Order> <Path>cmd /C start /wait %systemdrive%\Install\AuditUser.cmd</Path> </RunSynchronousCommand> </RunSynchronous> </component> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Display> <ColorDepth>32</ColorDepth> <HorizontalResolution>1024</HorizontalResolution> <VerticalResolution>768</VerticalResolution> </Display> </component> </settings> which seems to just make an admin user called admin with no password and set it to logon twice automatically (doing what each time?) and sets it to run audituser.cmd (what does that do?) Just not sure why I'd be using audit mode - what will change/make a difference? As far as I'm aware you can setup windows not in audit mode and then reboot it with sysprep and image it and it should be ok?

Do you have a sample autounattend.xml and setupcomplete.cmd or whatever it is you are using for your vista build then? If autounattend can boot to auditmode and do the dotnet 4 install/updates there and the dotnet351 updates and tweak and then reboot and all is well then I am happy to do it that way. I just tested with a clean win7 build with a few component removals/tweaks but with dotnet4 installed at setupcomplete.cmd time. It had the appwarnings about .net optimisation service! So I tried the same build without dotnet4 going on and now it has no applog warnings! I just installed the first of the 3 dotnet351 updates and bang - applog warnings .net optimization service 1130 everywhere again :/ I can't be the only one! There must be a solution! I need it ASAP I wanted to image on monday! >_< Maybe these applog warnings should be ignored and as expected? Argh - why must I be a perfectionist in this build! D:

OK - so what happens in audit mode? I install stuff manually? The idea here is that I have it all working without installing stuff manually. What does booting to audit mode give me? Also audit mode reboots to normal mode and since I'll probably hve to join domains/reboot etc while configuring a client I wouldn't be staying in audit mode.

Did you have any joy with this? I've made a clean win7sp1 image and integrated a bunch of updates and all was ok But I checked windows udpate and found 3 udpates for dotnet3.5.1 so I also integrated them But now I get these .net runtime optimization service warning 1130's in application event log - I'm going to have to start my win7 source from scratch and not include them and I guess try installing those updates manually to see which causes a problem. But surely even without them they will be picked up by WSUS and installed later anyway so what can be done? I'm really keen to just get this build done - it currently removes a couple of things, adds some tweaks, and when finished should intsall dotnet4 at setupcomplete time (avoids corrupting profile 1st build if done at firstlogoncommadns time) and then run the 7 dotnet4 udpates at firstlogoncommands time.

Audit mode is somethin you do manually though - you also have to interject the right keycombo at the right time ot get to it. That doesn't flow well with an unattended install you can fire off and come back to a pc setup and ready to customise for the site but with as much stuff already done/on it as possible. So I've now integrated all updates since SP1 along with some dotnet 3.5.1 updates and setupcomplete runs dotnet4 install (like you I'm now using /passive, and I found the cancel button is greyed ut (yay) and it even appears over teh "checking video performance" screen so that kinda gets rid of that annoyance) and firstlogoncommands runs dotnet4 updates. Sounds perfect. Except my application event log shows lots of silly warnings (.net runtime optimization service - error 1130 - version or flavor did not match with repository). I removed my dotnet4 updates from the script and tried again but still had them so I guess they're from the dotnet 3.5.1 udates I integrated - doh! Guess I have to go back and start a new setup source and not integrate those and then see if I can find out precisely what causes them (unless there is a fix?) I also found currently installing from my USB to this fizzbook it's 15m win7 install, 15m dotnet4 script install, then 30m installing all 7 dotnet4 updates! Ouch I also just found 2 errors (security-spp - error 8200 - license acquisition failiure details) & (security-spp - error 8208 - aquisition of genuine ticket failed). I also get asp.net warning 1020 cos I don't have IIS installed but that's ok. I also notice a user profile service error 1530 which I think I always seem to see at least 1 of saying registry file in use by other applications or services At least my system log is clean! Attached my files for you rperusal Unattended.zip