XP-like sysprep with win7

[leozack]

With the XP sysprep I could make an answer file with all the info in except computername, I could put in the domainname to join for a site and name/password to join it, and then I could reseal the PC and image it out. When they bootup they only ask you for the PCname and then join the domain and reboot leaving you at a login screen to login to the domain and all is ready.

However with win7 I'm crying at the obstructions with just doing the same thing. I've reading lots everywhere that you need multiple reboots to rename a machine then reboot, then join to a domain and reboot, etc - be and that's using powershell scripts.

Using unattend.xml with the unattendedjoin component joins it BEFORE it asks for a pcname - so that's useless. I've tried a trick where as you sysprep you make a regentry to run a vbscript before OOBE which asks you for the pcname and writes it into the unattend.xml before the oobe uses the xml to join the domain using that pcname. But for some reason while the pcname part works the domainjoin doesn't.

So why is it XP is capable of a miniswetupwizard that asks just for a pcname and then joins a domain and then reboots and it all works - yet I can't find a way to do it with win7? I managed to write off my whole master image yesterday into a reboot cycle after a sysprep attempt failed in shell-setup during specialise pass -__-

I'm really sick of this contrived nonsense when I had everything working just fine with xp and a simple sysprep.inf and I only want to do the same for win7 Clearly the result I'm after should be the minimal amount of work to do AFTER imaging - hence minisetup should only ask for pcname (to be unique but not random) and take the rest from an answerfile and that's that. Right now I can't get it to enter the key or activate itself or join the domain or anything

Does ANYONE know how to run a simple sysprep that will generalise the system then bootup and only ask for a pcname and then join the domain with that name and reboot? D:

Edited November 22, 2011 by leozack

[Tripredacus]

It sounds like you are building installations for a company right? You can use MDT to give a computer name and then join a domain. This works because it asks these questions BEFORE the installation actually takes place, so it has the computer name already when it goes to join the domain. Alternatively, another user mentions the use of a Powershell script to join the domain.

[leozack]

They're for school sites so 10-30 are the same usually so I've always just had ghost images for each type sysprep'd ready to be imaged out and just the pcname put in and the rest is done for you.

I've avoided WDS and other "installation" deployments like RIS was because I don't want to "install and configure a workstation" I want to quickly iamge it out and have it boot up through a quick minisetup. It all works so easily in XP, I don't want to be installing win7 pcs then lettings apps configure and whatever - imaging should be faster (as far as I'm aware).

As I mentioned there is the possibility of using powershell to join the domain (never used PS before) but the way I see it I've no idea how to get win7 sysprep to generalise the machine but then after being imaged, to ask you for a machine name and then join a domain with that name without multiple reboots which I want to avoid unless it really is all automated/scripted so that it makes no difference.

And since this has to be one of the most common things to want to do with sysprep (setup a pc to bootup and only ask for a pcname) I figured someone somewhere must be able to clue me in? I'm sick of not getting any training and having to burn my midnight oil trying to figure it out myself only to have hours wasted as another image gets screwed up be a bad sysprep >_<

PS kudos on your Ravage

Edited November 22, 2011 by leozack

[Tripredacus]

MDT isn't wholly dependent on WDS. You can use MDT to build USB key installation too. Anyways, you can build a Task Sequence specific to what you want the deployment to do.

[leozack]

I want it to not be a deployment though - I want it to be an image I just image out without installation, then the rest of sysprep minisetup runs and does the work. It's how I've always done it with XP and it's fine - why can't I just get a working sysprep or tools to do it? :\ I struggle to beleive that everyone has gone WDS/MDT and noone is just imaging systems and sysprep'ing etc e.e

[cluberti]

If you don't want to do this pre-build in WinPE (which is how Windows 7 is imaged and deployed, unlike XP), then yes, you have those limitations. Even Microsoft no longer recommends building and deploying images manually, the recommendation is to use MDT or SCCM.

[Tripredacus]

The only thing I can think of is that you'd have to install Windows 7 to Audit Mode. Then get your unattend.xml to use with sysprep /generalize and then capture the image. Then you'd have to deploy the image with Imagex. After that part is done, you'd need to write a program that asks for a computer name, changes the computer name node in the XML on the deployed OS and reboot. It is already known that you can change the XML for an OS that is deployed but before it boots the first time.

[leozack]

If you don't want to do this pre-build in WinPE (which is how Windows 7 is imaged and deployed, unlike XP), then yes, you have those limitations. Even Microsoft no longer recommends building and deploying images manually, the recommendation is to use MDT or SCCM.

Indeed they want you to use this installation deployment method same as they anted you to use RIS before vista days - but many people would rather use imaging deployment for simplicity and speed and multicasting deployment etc. I know there are ways to get MDT or whateer to multicast but it still takes longer to deploy an installation than to deploy an image as far as I'm aware, plus more configuration happens afterwards since installation often involve task lists of onfig to run/install afterwards whereas imaging it all in your original image usually.

I'm willing to say ok lets go back to vanilla win7sp1 and just integrate some updates including ie9 and shove dotnet4 on at setupcomplete.cmd time - but for sysprep'ing I'm failing to find a way to have the machien reboot generalised and let you chose it's name and watch it join the domain and job done. So now I'm thinking ok what is the answerfile to just generalise it and then bootup and ask you the name and then reboot and then join the domain and then reboot - if that is the least user-interaction you can have nowadays?

[submix8c]

?

I had thought that WIM's could be made via SysPrep on a reference machine that "generalize". Using that and the script (as proposed) should work for imaging (and NOT just by RIS/PXE but also a secondary HDD/USB-HDD or even a DVD).

Have a look at these (search the WWW for them - I don't remember the links directly from MS) -

creating_a_windows_7_hard_disk_recovery_solution.pdf

OEMTechnicalGuideForWindows7ForSystemBuilders.pdf

edited for above - I remember now... I signed up as an MS Partner/System Builder.

HTH (haven't yet tried them - planning on Win7/2k8 soon...)

Edited November 27, 2011 by submix8c

[iamtheky]

I agree, the only issue here should be joining it to the domain. The following are questions and have not been attempted by myself, if anyone tries this I would like to know the results.

1) Load RSAT (KB958830) into the PE that drives your unattended install.

2) Run NetDom commands from setupcomplete.cmd to join the machine to the domain.

[leozack]

Ok so assuming I'm using sysprep to generalise and shutdown and then taking a ghost image I will deploy, they need to boot up with the minimal amoutn of work - with XP this meant just benig asked for the PCname and the answerfile handlnig the domainjoin - all done in the first minisetup boot - then it reboots and you're good to go.

So currently I haev the sysprep answerfile filled with the autodomainjoin information so the only issue is the machinename. I tell sysprep to run but /quit not /shutdown and set the regpath to hklm\system\setup\cmdline to point to a vbs which asks me what the machinename is and writes it into the answerfile - then runs the oobe setup which will hopefully join the domain etc.

Haven't had a successful domanijoin yet (I downloaded netdom for win7 from rsat tools incase I need to try some firstlogoncommands method to join the domain?) but currently what annoys me is the cmdline I have to use to run the vba to edit the machinename is done with cscript eg "cscript %windir%\system32\setup\scripts\askpcname.vbs" but the annoyance is that in the minisetup I now have a commandprompt wnidow floating in the background not just while the vbs runs but also while the oobe setup runs (called at the end of the vbs). If I tell the cmdilne to not wait for the vbs to finish then it closes but that kills the machine into a reboot and breaks the whole build. So I'm wondering if there is a way to add the cmdline to call the vbs withouth a cmd window benig visible the whole time? It's just tempting someone to close it is all ...

Sidenote - surely setupcomlpete.cmd doesn't run as part of sysprep oobe - only when installing the first time? If it runs during sysprep oobe what time does it run?

Edited November 28, 2011 by leozack

[leozack]

Ok so I thought I had things sort - I have a working batchfile and sysprep file (below) which work in combination to let me sysprep -> reboot -> name pc -> join domain -> reboot. Job done, same as XP.

However I noticed that my profile stuff was being wiped during sysprep. So I made the local administrator account how I want the default profile and added the <copyprofile>true</copyprofile> under specialise pass in windows setup.

This somehow broke sysprep which then failed the minisetup saying something in specialise windows setup is wrong. I tried editing the unattend.xml offline to remove it and rebooting but it then says there was an unexpected stutdown or something and the end result is I've borked that whole image again.

So ... without using the copyprofile option - how can I get the HKCU info I need into the default user account ready for new users logging on? (though I normally make roaming profiles but it would help if they already had this info in them too)

Batchfile - RUN AS ADMINISTRATOR

@echo off

REM ----------- WARN USER BEFORE CONTINUING

echo.
echo.
echo.
echo.
echo                 Last chance to abort!!!!!!
echo.
echo          Else press any key to continue SysPrep ...
echo.
echo.
echo.
echo.
pause
echo.
echo.

REM ----------- COPY FILES TO C DRIVE

echo Copying sysprep files ...
echo.

copy /Y "%~dp0Sysprep.xml" "%SystemRoot%\system32\sysprep\unattend.xml" > nul
copy /Y "%~dp0EditUnattend.vbs" "%SystemRoot%\system32\sysprep\EditUnattend.vbs" > nul

REM ----------- STOP STUFF THAT MIGHT BREAK SYSPREP

echo Stopping services ...
echo.

sc stop WMPNetworkSvc > nul 2>&1 
Taskkill /IM wmpnscfg.exe /F > nul 2>&1

REM ----------- KILL SIDESHOW ENTRY THAT BREAKS SYSPREP

reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize /v {fac80c8b-8a93-0a48-6a6f-2fe2739a2b89} /f >nul

REM ----------- CALC SYSTEM PERFORMANCE NOW INSTEAD OF LATER

echo Measuring system performance to save time later ... (please wait 5m)
echo.

rem winsat prepop

REM ----------- DEL TEMP FILES

echo Deleting temporary files ...
echo.

del %temp%\*.* /f /s /q > nul

REM ----------- RUN SYSPREP

echo Running Sysyprep ...
echo.

%SystemRoot%\system32\sysprep\sysprep.exe /generalize /oobe /quit /unattend:%Systemroot%\system32\sysprep\unattend.xml

REM ----------- PREPARE INSERTED PROMPT FOR PCNAME AFTER REBOOT BEFORE OOBE

echo Adding RenamePC script for OOBE setup ...
echo.

reg add HKLM\System\Setup /v CmdLine /t REG_SZ /d "cscript //nologo C:\Windows\System32\Sysprep\EditUnattend.vbs" /f

REM ----------- SHUTDOWN

echo Shutting down ...
echo.

Shutdown /p /d p:2:4

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="generalize">
        <component name="Microsoft-Windows-Security-SPP" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <SkipRearm>1</SkipRearm>
        </component>
        <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>
        </component>
    </settings>
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <InputLocale>en-GB</InputLocale>
            <SystemLocale>en-GB</SystemLocale>
            <UILanguage>en-US</UILanguage>
            <UILanguageFallback>en-GB</UILanguageFallback>
            <UserLocale>en-GB</UserLocale>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <OOBE>
                <HideEULAPage>true</HideEULAPage>
                <NetworkLocation>Work</NetworkLocation>
                <ProtectYourPC>3</ProtectYourPC>
            </OOBE>
            <UserAccounts>
                <LocalAccounts>
                    <LocalAccount wcm:action="add">
                        <Password>
                            <Value>password</Value>
                            <PlainText>true</PlainText>
                        </Password>
                        <Description>Local Admin</Description>
                        <DisplayName>LocalAdmin</DisplayName>
                        <Group>Administrators</Group>
                        <Name>localadmin</Name>
                    </LocalAccount>
                </LocalAccounts>
            </UserAccounts>
            <TimeZone>GMT Standard Time</TimeZone>
            <RegisteredOrganization>Schools IT</RegisteredOrganization>
            <RegisteredOwner>St Martins</RegisteredOwner>
            <ShowWindowsLive>false</ShowWindowsLive>
            <FirstLogonCommands>
                <SynchronousCommand wcm:action="add">
                    <CommandLine>cscript //b c:\windows\system32\slmgr.vbs /ato</CommandLine>
                    <Order>1</Order>
                    <RequiresUserInput>false</RequiresUserInput>
                </SynchronousCommand>
            </FirstLogonCommands>
        </component>
    </settings>
    <settings pass="specialize">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ProductKey></ProductKey>
            <ComputerName>Win7SP1Sysprep</ComputerName>
            <RegisteredOrganization>Schools IT</RegisteredOrganization>
            <RegisteredOwner>St Martins</RegisteredOwner>
            <ShowWindowsLive>false</ShowWindowsLive>
            <TimeZone>GMT Standard Time</TimeZone>
        </component>
        <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <Identification>
                <Credentials>
                    <Domain>stmartins-cur.local</Domain>
                    <Username>domainadmin</Username>
                    <Password>password</Password>
                </Credentials>
                <JoinDomain>stmartins-cur.local</JoinDomain>
	<MachineObjectOU>OU=Workstations,OU=Curric,DC=stmartins-cur,DC=local</MachineObjectOU>
            </Identification>
        </component>
    </settings>
    <cpi:offlineImage cpi:source="catalog:c:/windows/system32/sysprep/install_windows 7 professional.clg" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

[Tripredacus]

creating_a_windows_7_hard_disk_recovery_solution.pdf

In order to get WinRE to deploy using an answer file, you need to do some things that are not in that document.

[Cyker]

Dude, I totally feel your pain. Everything I knew about windows networking and deployment has been thrown out with Win7 and 2k8; I may as well be deploying Linux considering how much prior knowledge is now transferable.

My next fun task is how Microsoft aren't even supporting Group Policy software deployment with their own products anymore; The amount of crap we've had to go through to deploy Office 2010 compared to Office 2003 is just ridiculous.

It's like Microsoft have designed their stuff to be used by huge enterprise corporations with no thought given to low resource small businesses and schools.

[cluberti]

Have you looked into MDT?