Blog Posts tagged with Unattended OS Deployment

Ask a question

Enable Administrator Deploying Windows 7 via Scripted Install

In order to enable the use of the local administrator via a K2000 scripted install you must modify the answer file to include the below statement.

<RunSynchronousCommand wcm:action="add">
<Description>Enable Administrator</Description>
<Path>net user administrator /active:yes</Path>

Note: Only the info in bold will need to be added the rest of the statement will already exsist.

Be the first to comment

HOW TO: Change Rename Set Computer Name WITHOUT wsname or MAC address


the idea is simple:
name the computer using a text file containing a list of all desired computer names.  we do not want to rely on wsname and we do not want to keep track of any MAC addresses.  also, we want the computer to be named properly before joining the domain.  finally, we want the name to be changed before postinstallation (Windows boot).

what you need:
1.  Kace K2000
2.  a computer
3.  folders created under the Kace network share
4.  ssr.exe, findstr.exe and findstr.exe.mui
5.  a text file containing a list of computer names
6.  the following line present in the Kace Setup Configuration (unattend.xml):  <ComputerName>*</ComputerName>
7.  K2000 scripted install for Windows 7
8.  the below script

batch script:
net use z: \\k2000\restore\computers /user:admin password
set /p name=<list.txt
bin\ssr -f C:\Windows\Panther\unattend.xml -o C:\Windows\Panther\unattend2.xml -s * -r %name%
move /y C:\Windows\Panther\unattend2.xml unattend.xml
bin\findstr /v %name% list.txt>list2.txt
move /y list2.txt list.txt
echo %name%>>done.txt
net use z: /delete /y

how it works:
1.  the above script is created as a K2000 Boot Environment postinstallation task
2.  the script reads list.txt and captures the first computer name from the top of the list
3.  the captured name is inserted into the unattend.xml file and replaces the * character
4.  the captured name is automatically removed from list.txt and added to done.txt
5.  when mini-setup runs, it uses the modified unattend.xml file which contains the new computer name

1.  create folder called "computers" under \\k2000\restore\
2.  create folder called "bin" under \\k2000\restore\computers\
3.  create folder called "en-US" under \\k2000\restore\computers\bin\
4.  download ssr.exe tool from website in the Credits section below
5.  copy ssr.exe into \\k2000\restore\computers\bin\
6.  copy C:\Windows\System32\findstr.exe into \\k2000\restore\computers\bin\
7.  copy C:\Windows\System32\en-US\findstr.exe.mui into \\k2000\restore\computers\bin\en-US\
8.  create a file called list.txt that contains all computer names (1 name per line) and save under \\k2000\restore\computers\
9.  create the above K2000 Boot Environment task and add as the last KBE task in the scripted install

1.  if you want certain computers to pickup certain computer names, you need to initiate the scripted install for each computer in the same order as the desired names appear in list.txt.  the first computer to reach mini-setup will get the first name on the list, the second computer will get the second name on the list, etc.  for this reason, you also want to wait at least 30 seconds in-between the launching of each scripted install.
2.  in line 1 of the script, make sure to adjust the admin username and password according to your setup
3.  if you prefer not to use the Kace share, you can use any network share you want, just make sure to adjust line 1 of the script
4.  always make sure list.txt is populated during deployments otherwise the script will error out
5.  i'm sure my script can be cleaned up and made more efficient, but i'll leave that task up to you guys :)

credit goes to Ross MacGregor for his SSR utility.  Thank you Ross!

It took me a couple days to come up with this method so please let me know what you guys think.  Thank you!

View comments (6)

KCleanup after deployment of Sysprep Image

Hi there,


I noticed after deployment of a sysprep image and using the official Kace post install task for rename & join ( http://www.kace.com/support/resources/kb/article/How-to-rename-a-computer-and-join-it-to-a-Windows-domain-Image-Deployment?action=artikel&cat=54&id=763&artlang=en ) that the Kace folder is left behind and the Kcleanup process never happens.

Kace support team confirmed to me that this is a known issue that they are working on and plan to fix in the next software release.


Meanwhile I found this way of dealing with the situation:

In the 2_JoinDomain_x64.bat file inside the Souce folder add the following line before the shutdown command:

  C:\KACE\bin\cmdhide.exe hide && cd C:\ && rd /s /q C:\KACE && C:\kcleanup.exe && del /f /q C:\kcleanup.exe

You can add any optional REM lines...

The updated 2_JoinDomain_x64 would then look like this:


If you do not use any post install tasks, then you could just create a manual one with a batch file with only the cleanup line mentioned above.

This only applies to sysprep image deployments, non-sysprep works fine as Kace handels differently the kcleanup process there.


Good luck!


View comments (3)

Sysprep Creator Wizard

Scripting Ninjas is happy to announce Sysprep Creator

Download Link: https://support.quest.com/download-install-detail/6087406

Note: KACE Support Credentials are required.

Sysprep Creator is designed to assist with the creation of unattend.xml answer files to be leveraged by Windows 7, Windows 8, Windows 8.1, and Windows 10.


      1. Launch Sysprep Creator
      2. You will be prompted with a UI, choose the OS and Architecture to build an unattend.xml.
      3. Another UI with a total of 8 tabs appears with settings, which will need to be populated.
      4. Choose where to save the unattend.xml and if selected in step 2 the sysprep executor.
      5. Copy the unattend.xml (and sysprep_executor.exe if selected) to the machine in which you wish to sysprep.

      Release Notes:
      Due to Windows permissions, if the unattend.xml file is located at the root of the “System Drive”,
      sysprep_executor.exe will not be able to cleanup/delete it. [02/13/2018]
      -Automatically disable Windows Defender
      -added a few more provisioned apps (BubbleSaga, DisneyMagicKingdoms)
      -fixed issue with upgrade version
      -removed MiracastView from provisioned apps as it could not be removed [01/03/2018]
      -Add additional provisioned apps to be removed prior to sysprep (ESMCS-360)
      -tiledatamodelsvc setting has changed in Windows 10 1709 update (ESMCS-259)
      -beginning with Windows 10, version 1607, sysprep can be used to prepare an image that has been upgraded (ESMCS-358)
      -cancelling dialog on saving unattend quits the application (ESMCS-356) [03/22/2017]

      -sysprep creator no longer uses templates, each XML file is built from scratch
      -added Czech Republic to Location and language choices (ESMCS-229)
      -added countless Time Zones
      -added the ability to set taskbar links based on https://technet.microsoft.com/en-us/library/ff715544.aspx
      -added the ability to set OEM Information based on https://technet.microsoft.com/en-us/library/ff716332.aspx
      -added some OOBE options
      -added IE options, based on https://technet.microsoft.com/en-us/library/ff715726.aspx
      -added the ability to set a predetermined KMS key based on https://technet.microsoft.com/en-us/library/jj612867.aspx
      -added checking or Candy Crush, Twitter, AdobePhotoshopExpress, EclipseManager, ActiproSoftwareLLC, PandoraMediaInc, MicrosoftPowerBIForWindows, Microsoft.NetworkSpeedTest, Microsoft.Office.Sway, RoyalRevolt2, Minecraft, Facebook, ParadiseBay
       with the ability to remove them with executor prior to sysprepping (ESMCS-246)
      -fixed an issue with Spanish locale not being put in correctly (ESMCS-257)
      -moved installer to service.kace.com to avoid third paty site (ESMCS-261)
      -added check for Executor to check if tiledatamodelsvc running, if so, we set the service to disabled, and require a reboot. Upon running executor again, the service will be set to automatic, but not started
      -added ability to change Control Panel View and Icon Size
      -removed Network setting when building Windows 10 unattend as it is depricated
      -added ability to disable consumer feature from Windows 10 Enterprise
      -updated to check for KACE 7.0 agent
      -rebranded to Quest [02/03/2016]
      ****This update will need to be downloaded manually from http://www.scriptingninjas.com/scripts/sysprep_creator/sysprep_creator_installer.exe
      or click download and when it is completed, select 'No' for installing, this will copy the new installer to the desktop
      -fixed issue with update mechanism
      -fixed an issue in which a Windows 8 unattend was being produced instead of Windows 7 unattend. [01/16/2016]

      Windows 10 support
      Enlarged the UI
      Made UI look more like the K2000
      Added a warning if an unattend.xml file already exists in the location chosen to save
      Added a log file to %systemdrive%\ProgramData\Dell\KACE\Logs
      Sysprep Executor empties the recyle bin and cleans up previous logs/files and archives them in %systemdrive%\ProgramData\Dell\KACE\Logs
      Sysprep Executor Checklist - A checklist designed to make sure that System Imaging Best Practices are being followed according to
                      -The device should not be joined to a domain
                      -WMP Service should be disabled (query of WMPNetworkSvc Service)
                      -The Dell | KACE agent should not be installed
                      -No drive emulation application should exit on the device (Virtual Clonedrive, DAEMON Tools, Magic ISO)
                      -No antivirus can be detected
                              Checked via WMI
                      -VMWare Tools should not be installed
                      -Bitlocker can not be enabled
                              Checked via WMI, if protection status is set to 0 on they %systemdrive%
                      -No reboots can be pending
                              HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations
                      -Rearm count has to be higher than 1
                              -See https://social.technet.microsoft.com/Forums/windows/en-US/f8c7833b-58f0-43b4-a93a-b1a1689ecaf5/created-windows-7-image-with-expired-sysprep-rearm-count?forum=w7itproinstall and http://blogs.technet.com/b/askcore/archive/2011/05/11/sysprep-skiprearm-and-image-build-best-practices.aspx for more information
                      -Valid source media must be detected (Not OEM or Retail)
                      -Machine should not be upgraded from a previous version of Windows
      If the machine has been upgraded, sysprep executor can only quit, it will not sysprep
      If the device has bitlocker is enabled, or antivirus is installed, the user must quit Executor and fix these issues manually
      If none of the above are an issue, but WMP Service is running, VMWare Tools is installed, or drive emulation software is installed, a fix it button will be active.
      If the Fix it button is used, the uninstaller will launch, but will require some interaction from the user to complete the uninstall. [03/06/2015]
      -Changed installer so that it only installs where the script is run.
      -Changed sysprep_executor shutdown/reboot options to radio buttons
      -Changed sysprep_executor so the the unattend file is moved to \windows\system32\sysprep directory.
      -Changed sysprep_executor to have the sysprep commandline run the shutdown or reboot command.
      -Changed sysprep_executor so that the GUI goes away when sysprep run.
      -fixed issue where sysprep_executor was not deleting itself.
      -fixed issue where autologon would not set correctly if anything other than 0-9 was selected.
      -added the option to delete sysprep_creator after completion so that it didn't have to remain on image.
      -New Installer with Check for Updates Feature
      -New Sysprep Executor Option
      -Windows 8 Support
      -Field Checking
      -Persistent Plug and Play Device Option
      -Windows Activation Option
      -Activation Rearm Option
      -Sysprep Unattend Cleanup Option
      Bug Fixes:
      Fixed Join Domain double quote issue
      Fixed International Time Zone issue

      Please report bugs/feature request to corey@scriptingninjas.com and kent@scriptingninjas.com

      View comments (40)

      TechEd 2013: Tuning Windows 8 (Management and Deployment)

      Speaker: Olav Tvedt - Microsoft MVP
      www.microsoft.com/springboard - videos and whitepapers on deploying Win8
      Desktop Optimization pack for Software Assurance 2013 (MDOP)
      Devices that need to be managed but not in domain or mobile need to use Intune via SCCM2012. More Windows 8.1 BYOD solutions will be integrated.

      The Mission of configuration and tuning: happiness! Happy users, happy IT staff.

      The Challenges:

         * Change of Responsibility

            * Traditional clients, tablets, and mobile devices

      Deployment Phase
      Serious discussion needs to happen before deployment. Three main points:

        1. Master Image - never should be the DVD/ISO. Deploy, update, capture. CopyProfile=true mechanism for custom start menu will change in 8.1. This will now be configurable via XML and deployed via Powershell to push custom shortcuts for "start menu" across the enterprise

        2. WinRE - Recovery environment. Configurable to boot to specific DART (Diagnostic and Recovery Toolkit) environment image instead of local WinRE. reagentc.exe /info
        3. Refresh Image - Best practice is to update and recapture master every 3 months due to updates. recimg /createimage C:\Refresh

      How to configure a WIM to use a specific DART image:
      reagentc.exe /info
      reagentc.exe /disable
      reagentc.exe /setreimage /path C:\MyDARTFile
      reagentc.exe /enable

      DART features
      Windows hotfix uninstall tool. Yay!
      Remote Assistance tool for RDP
      A few other cool tools like Disk Commander

      Refresh Image commands
      Recimg /showcurrent - if ran from a system that was deployed via WIM you can set a refresh image
      recimg /setcurrent C:\MyRefreshImage

      DaRT Recovery Image Wizard
      Can be automated to run through this wizard via Powershell
      Configure what Tools are enabled in the image
      Add drivers for network and storage controllers
      Add WinPE add-ons
      Crash Analyzer for BSOD
      Enable and update Windows Defender (this is a good reason to refresh the image every quarter so the definitions are updated and the image is scanned for viruses)
      Create Image > Advanced editing = inject custom files

      reagentc /boottore - force a recovery environment boot for testing

      Online vs Offline

         * Easy
         * DISM
         * SCCM integrated
         * No service packs possible


         * All updates including most current
         * Service Packs will be included
         * Reboots to see broken patches

      Patching a WIM via offline:
      Put update packages in C:\Updates
      dism /Get-Wiminfo /WimFile:C:\folder\image.wim
      dism /Mount-Wim /wimfile:C:\folder\image.wim /MountDir:C:\mount
      dism /image:C:\mount /add-package /Packagepath C:\Updates

      MDT task sequence enable Windows Update to make sure (Pre and Post Application). State Restore and Customizations pass


      Making the user experience as smooth as possible using Group Policy.
      OU Structure - add it to the right place in AD
      Group membership
      Loopback Processing
      WMI filtering - GPO specific to images
      AGPM - Advanced Group Policy Management

         * Change Control folder in Group Policy Management. Client can checkout/checkin GPO and submit for approval by admin.
         * History of policies, changes, and versions..
         * Report on policies in XML or HTML format

      Win8 Performance Changes and Tuning
      Reduced install and boot times. This is due to services now starting automatically via triggers based on demand.
      Service configurations for optimal performance - http://www.blackviper.com/service-configurations/
      Page file needs only to be small and fixed so defragmentation can occur. Same with hibernation file.
      Visual Effects - adjust for best performance and then edit from there. Controllable via WIM GPO for specific hardware limitations
      GPO Preferences - Use them!

      Be the first to comment
      Showing 1 - 5 of 12 results

      Top Contributors

      Talk About K2000 post-imaging