Blog Posts tagged with Imaging Process

Ask a question

Microsoft Management Summit (MMS) 2003 Notes

Notes From The Microsoft Management Summit 2003

SMS Workstation Image Deployment

During the keynote presentation at the Microsoft Management Summit (Mar 18-21, 2003) in Las Vegas an upcoming feature pack was announced that will allow for the deployment of images, similar to how packages are deployed today. The SMS Feature Pack, "OS Provisioning" will provide support for the DABS (or Drizzle) distribution of images, which are then applied by rebooting into the Windows PE operating system to actually apply the image to the workstation. PowerQuest DeployCenter (Drive Image) and Symantec Ghost support is already confirmed and other vendors may be included before its release. In an effort to establish a standard for providing image configuration information (product ID, computer name, etc.), Microsoft is developing a new Image Definition File format is being worked on with other key vendors. The process will also allow for the migration of user data and settings by leveraging Microsoft's User State Migration tools. Integrated as a new folder in the SMS Management Console, the "Images" area will allow for targeted distribution and package definition file (PDF) support. Like any other package, the deployment may be configured to copy itself to client systems where the action of imaging may be triggered through its full Add/Remove Program (ARP) support. This is a very impressive capability that is sure to make a lot of people happy. 


Bob Kelly

Be the first to comment

How to Sysprep Windows 7 for K2000 Deployment

What is Sysprep? 

Sysprep is a Microsoft System Preparation Tool to prepare Windows Operating System for imaging with other OS Deployment tools (Dell KACE K2000 Appliance) to configure New Installations of Windows onto new hardware. 


When you run Sysprep, it will prepare the machine for Disk Imaging by creating a New Computer Security Identifier (SID), delete all previous User-Specific and Computer-Specific settings, domain account and other data during the next boot up. 


Sysprep.exe is located at %WINDIR%\system32\Sysprep directory and only the Administrator can run sysprep.exe command line. Use Sysprep for a Clean OS Install and not for Upgrade Installation of Windows that has already been deployed. 


When a Sysprep-ed Windows boots up for the first time, Windows Product Activation Clock will begin its countdown and you can only use sysprep /generalize for a Maximum of 3-times to reset the clock. 



How to use K2000 to deploy new OS to nodes:  


By using Dell KACE K2000 Appliance, we can capture & customized Windows Image as "System Images" (K2000>Deployments>System Images). 



Deployment to Nodes with the SAME Hardware: 

1. Install Windows Reference OS Image - install on same Hardware, with Drivers & Apps.  

2. Boot and install Device Drivers / Apps. 
3. Update Windows 
4. Sysprep /oobe /generalize - remove system-specific data from Windows Installation - Event Logs, Unique SIDs & other unique info.  - 
5. /oobe - instucts Windows  to run Windows Welcome at the next boot up. 
6. Shutdown - you can specify c:\Windows\System32\sysprep>sysprep.exe /generalize /oobe /shutdown
7. Boot to KBE (K2000 BOOT ENVIRONMENT) > Imaging> Capture image of this machine
8. Capture the Windows installation with K2000 
9. Create a Reference image to install with the same hardware. 



Deployment to Nodes with DIFFERENT Hardware:
1. Start with Windows Reference OS Image.  
2. Install Image to the Computer with 'Different Hardware'. 
3. After installation, run c:\Windows\System32\sysprep>sysprep.exe /audit  /generalize /shutdown

4. Boot the computer to Audit Mode - enable you to install 3rd-party apps, device drivers and to test the functionality of the computer
5. Capture Image by using K2000 KBE (K2000 BOOT ENVIRONMENT) > Imaging> Capture image of this machine
6. Save this Reference Image (K-image) to install on Computers with the same Configuration.

7. If you have Computers with different hardware, boot to Audit Mode
8. Install Additional Apps & Updates based on customer's orders. 
9. Run  c:\Windows\System32\sysprep>sysprep.exe /oobe /shutdown

When you deploy Images by using sysprep /generalize, use either /oobe or /audit which is part of the requirements because you can not run /generalize as the only option. 


User's Experience will not be ideal if you use /audit for their next reboot, Windows will run specialize Config pass, PNP and other setup tasks before WINDOWS WELCOME screen and will delay their First Logon. 


View comments (3)

Creating a Windows 7 sysprep image without having to install any drivers with post install tasks

With a windows 7 syspreped image I can found a method that has not failed yet.  I have only 2 admin images, one 32bit and one 64bit and one base 32bit academic image.  I discovered by placing any missing drivers I have to install post sysprep back on my master machine in the windows\inf structure that model computer will then find the driver by itself next time.

Under windows\inf I created on subdirectory called tmccdrivers and then created subdirectories for each model.  I put only the drivers I had post install in here to keep it's size down.  Under most of the models I have audio, video.  then some I need mei heci tpm.  I even have 10 models of laptops this works for.   currently my images suppport 18 pc/laptop models from gateway, dell, hp and lenovo.

When we get a new model staff deploy's a image to it.  They find the missing drivers and place them on a share named imagedrivers by model\type directories.  I have a midlevel task that copies this directory structure to c:\windows\inf\tmccdrivers.  They deploy the image again to that model and the drivers are found without me having to create a new master immediatly.  When I update the master (usually monthly) I move the drivers from the share to the master to save copy time during imaging.

Once I did have to copy the drivers for a video card from the temp folder vs the install folder, something to do with compressed files if I remember.

Because our master is hardware independant I now base all my images on software/licensing and they work in any classroom even if all the machines are not the same model.

View comments (7)

Windows 7 Master Image process for college classrooms start to finish

At TMCC we maintain one master set (32 and 64bit) for admin and one set for academics.  I will cover our process for the academic side.  We maintain one master computer for admin and acad in the image lab that have two HDD's.  the first drive is a 120gig and is the main OS drive, the second is a 2TB drive used to backup the main drive.  All our images come from these 2 systems.  I update or install all software to these, use windows image backup to create a copy on the second HDD prior to sysprep so my masters are only sysprep'd once.  I restore the master from the windows image so the master has never been sysprep'd.  To backup this way (control panel, backup and restore, create a system image).  Windows always creates a directory named windowsimagebackup.  I maintain different versions on this drive by renaming this directory to something like windowsimagebackup-060612allsites.  When needed you just rename the one you need back to windowsimagebackup and the restore process finds it automatically.  To restore I boot to a windows disk, do a repair and restore from backup.  The master will restore and reboot, be back in the domain ready to do the next updates.

I have a local user name installer and a domain account named installer, will make sense later.  I use the domain account to make all my changes to, we have all 3 browsers installed set to certain home pages and lots of software (50 programs for standard Fall 2012).  I configure everything I want all users to get with the domain installer account then during sysprep this get copied to default.  Place my drivers for all models on the master http://www.itninja.com/blog/view/creating-a-windows-7-sysprep-image-without-having-to-install-any-drivers-at-post-install-tasks.  Turn off any updaters and make other tweaks in the programs as requested by teaching staff.

Prior to sysprep I clean up the installers profile to get it a small a possible. make a backup.  delete all unecessary profiles and profile directories.  With the profile directories I copy default to default.old and create a new folder named default, and delete all other profile folders execpt for the user you are using, all users and public.

I already have the kace1000 client installed and the machine has a SUS id so I clear those in a batch file that calls sysprep after running some registry merges.   I also create a unique software entry that will show in the kace1000 under software inventory so we can easily track what version of the image is on a machine.

I delete these keys prior to sysprep





Create these keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TMCC IMAGE INFO] "Comments"="Installed office and updated"


"DisplayVersion"="Acad32F12 All Sites 061812"


"Publisher"="WIM file acf12allst"

"DisplayName"="TMCC Acad Image"

"Readme"="The Display Version is the K2000 image name"

It nexts runs "sysprep /generalize /oobe /shutdown /unattend:acadfall12cpnname.xml" and then I capture.

Use WAIK to create and validate your xml, less problems.

The system will login as local installer the first time (in sysprep, then post I join the domain, delete local installer, reboot and login as domain installer 2 more times to allow me to get printers and gpo's up to date prior to installing Faronics deepfreeze.

 does not to show correctly, but you can email me and I will send you a copy of my xml file had to replace the <> with {}

{?xml version="1.0" encoding="utf-8"?}

{unattend xmlns="urn:schemas-microsoft-com:unattend"}

    {settings pass="specialize"}

          {component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"}



            {TimeZone}Pacific Standard Time{/TimeZone}



                {Link0}%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk{/Link0}

                {Link1}%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk{/Link1}








        {component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"}




        {component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"}






    {settings pass="oobeSystem"}

        {component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"}






        {component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"}








                    {LocalAccount wcm:action="add"}




























    {settings pass="generalize"}

        {component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"}



                {Manufacturer}TMCC Helpdesk{/Manufacturer}

                {SupportHours}8 - 5{/SupportHours}



                {Model}Compuiter Support{/Model}




    {cpi:offlineImage cpi:source="catalog:c:/w7image/install_windows 7 enterprise.clg" xmlns:cpi="urn:schemas-microsoft-com:cpi" /}



I have two deployments.  one keeps the computer name the other prompts for a name post sysprep prior to joining the domain.

the only difference is the two extra tasks pre and mid to collect and apply computer name.


I have my post down to one task for acad and one for admin. I need a second for admin laptops that sets the KMS w7 and of2012 keys from kms to mak so they can go off campus.

Here is the acad post task script.

(added set time because out of box machines were always off, and they would not join domain due to time difference)

net start w32time

%SystemRoot%\system32\w32tm /config /update /manualpeerlist:ntp.tmcc.edu /syncfromflags:manual

start /wait net user administrator /active:yes

start /wait net localgroup administrators f12master /add

Start /wait net user administrator XXXXXX

start /wait cscript.exe -b c:\windows\w2d\join_domain.vbs tmccacad.tmcc.edu installer XXXXXX

start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoAdminLogon /d 1  /f

start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoLogonCount /t REG_DWORD /d 2  /f

start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultDomainName /d tmccacad  /f

start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName /d installer  /f

start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultPassWord /d XXXXXX /f

start /wait reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Enviroment" /v LSFORCEHOST /d ms-vdf.tmccacad.tmcc.edu  /f

start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v Userinit /d "C:\Windows\system32\KUsrInit.exe," /f

del C:\Users\Default\AppData\Local\Microsoft\Windows\*.log1 /f /q /a:hs

del C:\Users\Default\AppData\Local\Microsoft\Windows\*.log2 /f /q /a:hs

del C:\Users\Default\AppData\Local\Microsoft\Windows\*.blf /f /q /a:hs

del C:\Users\Default\AppData\Local\Microsoft\Windows\*.regtrans-ms /f /q /a:hs

del C:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\*.* /f /q

del c:\users\default\downloads\*.* /f /q /s

start /wait cscript %SystemRoot%\System32\slmgr.vbs -ATO

start /wait cscript "c:\program files\microsoft office\office14\ospp.vbs" /act

"c:\program files\dell\cctk\x86\cctk.exe" bootorder --sequence=hdd.1,hdd.2,embnic,usbdev,cdrom --valsetuppwd=XXXXXX

start /wait reg.exe add "HKLM\SYSTEM\CurrentControlSet\services\Tcpip6\Parameters" /v DisabledComponents /t REG_DWORD /d 4294967295 /f

net user installer /delete

cmd /c md "%allusersprofile%\Dell\KACE" & cmd /c move /y "%systemdrive%\KACE\k2000_deployment_info.conf" "%allusersprofile%\Dell\KACE\k2000_deployment_info.conf"

start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v kclean /d "c:\kcleanup.exe"


View comments (3)

WIM Imaging with multiple RSAs using a single share

Just wanted to share this in case anyone else could benefit.  In our environment we use multiple RSAs, which allows technicians at each site to save their own images.  However, we want them all to use the same gold master WIM image as their starting point.  Since the K2 doesn't auto-sync WIMs yet, we had to copy this image file out to each RSA manually.  This image gets updated sometimes monthly, and it was getting very cumbersome to continue copying out.

We recently implemented this: http://www.itninja.com/blog/view/wim-storage-freeing-up-space-on-your-k2000-if-you-are-using-wim-s which I HIGHLY recommend.  It also gave me the idea that if we could set up offboard storage on a network share, then why couldn't we just store the gold master WIM image on a single share instead of copying it out everywhere?

The answer was very simple.  Create a preinstall task for that system image that deletes the T: mapping and redirects it to the share.  The blog post above shows you how to set up the entire KBE to do that with the KBE Manipulator, but we still wanted technicians to be mapped to their own RSA and network share for the other images they use.  So adding the redirect preinstall task to the gold master system image was the perfect solution.

You can see above that this is a BAT Script using simple "net use" commands.  There are just the two lines (the second line has a break due to length) that delete the T: mapping and then redirect it to the share.

I placed it first in my preinstall task list, however you could place it elsewhere in this section so long as it runs before the "applywim.vbs" script needs the T: mapping.

Now I only have to upload my WIM image to a single location, and everyone else is redirected to that location when they need it but not when they don't.  Even if the next K2 update syncs out WIM images, I may just continue to use this method.

View comments (3)
Showing 1 - 5 of 9 results

Top Contributors

Talk About batch scripting