At TMCC we maintain one master set (32 and 64bit) for admin and one set for academics. I will cover our process for the academic side. We maintain one master computer for admin and acad in the image lab that have two HDD's. the first drive is a 120gig and is the main OS drive, the second is a 2TB drive used to backup the main drive. All our images come from these 2 systems. I update or install all software to these, use windows image backup to create a copy on the second HDD prior to sysprep so my masters are only sysprep'd once. I restore the master from the windows image so the master has never been sysprep'd. To backup this way (control panel, backup and restore, create a system image). Windows always creates a directory named windowsimagebackup. I maintain different versions on this drive by renaming this directory to something like windowsimagebackup-060612allsites. When needed you just rename the one you need back to windowsimagebackup and the restore process finds it automatically. To restore I boot to a windows disk, do a repair and restore from backup. The master will restore and reboot, be back in the domain ready to do the next updates.
I have a local user name installer and a domain account named installer, will make sense later. I use the domain account to make all my changes to, we have all 3 browsers installed set to certain home pages and lots of software (50 programs for standard Fall 2012). I configure everything I want all users to get with the domain installer account then during sysprep this get copied to default. Place my drivers for all models on the master http://www.itninja.com/blog/view/creating-a-windows-7-sysprep-image-without-having-to-install-any-drivers-at-post-install-tasks. Turn off any updaters and make other tweaks in the programs as requested by teaching staff.
Prior to sysprep I clean up the installers profile to get it a small a possible. make a backup. delete all unecessary profiles and profile directories. With the profile directories I copy default to default.old and create a new folder named default, and delete all other profile folders execpt for the user you are using, all users and public.
I already have the kace1000 client installed and the machine has a SUS id so I clear those in a batch file that calls sysprep after running some registry merges. I also create a unique software entry that will show in the kace1000 under software inventory so we can easily track what version of the image is on a machine.
I delete these keys prior to sysprep
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate]
[HKEY_LOCAL_MACHINE\SOFTWARE\kace]
"InstallId"=-
"MachineId"=-
Create these keys
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TMCC IMAGE INFO] "Comments"="Installed office and updated"
"Contact"="SMal"
"DisplayVersion"="Acad32F12 All Sites 061812"
"HelpTelephone"="57800"
"Publisher"="WIM file acf12allst"
"DisplayName"="TMCC Acad Image"
"Readme"="The Display Version is the K2000 image name"
It nexts runs "sysprep /generalize /oobe /shutdown /unattend:acadfall12cpnname.xml" and then I capture.
Use WAIK to create and validate your xml, less problems.
The system will login as local installer the first time (in sysprep, then post I join the domain, delete local installer, reboot and login as domain installer 2 more times to allow me to get printers and gpo's up to date prior to installing Faronics deepfreeze.
does not to show correctly, but you can email me and I will send you a copy of my xml file had to replace the <> with {}
{?xml version="1.0" encoding="utf-8"?}
{unattend xmlns="urn:schemas-microsoft-com:unattend"}
{settings pass="specialize"}
{component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"}
{CopyProfile}true{/CopyProfile}
{ShowWindowsLive}false{/ShowWindowsLive}
{TimeZone}Pacific Standard Time{/TimeZone}
{ProductKey}33PXH-7Y6KF-2VJC9-XBBR8-HVTHH{/ProductKey}
{TaskbarLinks}
{Link0}%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk{/Link0}
{Link1}%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk{/Link1}
{/TaskbarLinks}
{WindowsFeatures}
{ShowInternetExplorer}true{/ShowInternetExplorer}
{ShowMediaCenter}true{/ShowMediaCenter}
{ShowWindowsMediaPlayer}true{/ShowWindowsMediaPlayer}
{/WindowsFeatures}
{/component}
{component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"}
{DisableFirstRunWizard}true{/DisableFirstRunWizard}
{DisableWelcomePage}true{/DisableWelcomePage}
{/component}
{component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"}
{Identification}
{JoinWorkgroup}tmccacad.tmcc.e{/JoinWorkgroup}
{/Identification}
{/component}
{/settings}
{settings pass="oobeSystem"}
{component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"}
{InputLocale}en-us{/InputLocale}
{SystemLocale}en-us{/SystemLocale}
{UILanguage}en-us{/UILanguage}
{UserLocale}en-us{/UserLocale}
{/component}
{component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"}
{OOBE}
{HideEULAPage}true{/HideEULAPage}
{NetworkLocation}Work{/NetworkLocation}
{ProtectYourPC}3{/ProtectYourPC}
{/OOBE}
{UserAccounts}
{LocalAccounts}
{LocalAccount wcm:action="add"}
{Password}
{PlainText}false{/PlainText}
{Value}Password8AcgBkAA=={/Value}
{/Password}
{DisplayName}F12Master{/DisplayName}
{Name}F12Master{/Name}
{Group}Administrators{/Group}
{/LocalAccount}
{/LocalAccounts}
{AdministratorPassword}
{PlainText}false{/PlainText}
{Value}Password8AcgBkAA=={/Value}
{/AdministratorPassword}
{/UserAccounts}
{RegisteredOrganization}tmcc{/RegisteredOrganization}
{RegisteredOwner}staff{/RegisteredOwner}
{AutoLogon}
{Password}
{Value}Password8AcgBkAA=={/Value}
{PlainText}false{/PlainText}
{/Password}
{Enabled}true{/Enabled}
{LogonCount}1{/LogonCount}
{Username}installer{/Username}
{/AutoLogon}
{/component}
{/settings}
{settings pass="generalize"}
{component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"}
{OEMInformation}
{HelpCustomized}true{/HelpCustomized}
{Manufacturer}TMCC Helpdesk{/Manufacturer}
{SupportHours}8 - 5{/SupportHours}
{SupportPhone}673-7800{/SupportPhone}
{SupportURL}http://www.tmcc.edu/ito/contact/{/SupportURL}
{Model}Compuiter Support{/Model}
{/OEMInformation}
{/component}
{/settings}
{cpi:offlineImage cpi:source="catalog:c:/w7image/install_windows 7 enterprise.clg" xmlns:cpi="urn:schemas-microsoft-com:cpi" /}
{/unattend}
I have two deployments. one keeps the computer name the other prompts for a name post sysprep prior to joining the domain.
the only difference is the two extra tasks pre and mid to collect and apply computer name.
\
I have my post down to one task for acad and one for admin. I need a second for admin laptops that sets the KMS w7 and of2012 keys from kms to mak so they can go off campus.
Here is the acad post task script.
(added set time because out of box machines were always off, and they would not join domain due to time difference)
net start w32time
%SystemRoot%\system32\w32tm /config /update /manualpeerlist:ntp.tmcc.edu /syncfromflags:manual
start /wait net user administrator /active:yes
start /wait net localgroup administrators f12master /add
Start /wait net user administrator XXXXXX
start /wait cscript.exe -b c:\windows\w2d\join_domain.vbs tmccacad.tmcc.edu installer XXXXXX
start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoAdminLogon /d 1 /f
start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoLogonCount /t REG_DWORD /d 2 /f
start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultDomainName /d tmccacad /f
start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName /d installer /f
start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultPassWord /d XXXXXX /f
start /wait reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Enviroment" /v LSFORCEHOST /d ms-vdf.tmccacad.tmcc.edu /f
start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v Userinit /d "C:\Windows\system32\KUsrInit.exe," /f
del C:\Users\Default\AppData\Local\Microsoft\Windows\*.log1 /f /q /a:hs
del C:\Users\Default\AppData\Local\Microsoft\Windows\*.log2 /f /q /a:hs
del C:\Users\Default\AppData\Local\Microsoft\Windows\*.blf /f /q /a:hs
del C:\Users\Default\AppData\Local\Microsoft\Windows\*.regtrans-ms /f /q /a:hs
del C:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\*.* /f /q
del c:\users\default\downloads\*.* /f /q /s
start /wait cscript %SystemRoot%\System32\slmgr.vbs -ATO
start /wait cscript "c:\program files\microsoft office\office14\ospp.vbs" /act
"c:\program files\dell\cctk\x86\cctk.exe" bootorder --sequence=hdd.1,hdd.2,embnic,usbdev,cdrom --valsetuppwd=XXXXXX
start /wait reg.exe add "HKLM\SYSTEM\CurrentControlSet\services\Tcpip6\Parameters" /v DisabledComponents /t REG_DWORD /d 4294967295 /f
net user installer /delete
cmd /c md "%allusersprofile%\Dell\KACE" & cmd /c move /y "%systemdrive%\KACE\k2000_deployment_info.conf" "%allusersprofile%\Dell\KACE\k2000_deployment_info.conf"
start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v kclean /d "c:\kcleanup.exe"
First one is about your "start /wait net user administrator *" commands. Do you have to have a valid password for that account before you make any changes or is your local admin without a default password? I made a mistake in my latest sysprep and forgot to update our local admin password in the unattend file. So now when the image is through installing it gives a wrong password error and you have to login with an older password upon first boot. I'd like to use that command in an automated task to update the password to the newest, but I'm not sure if it would even work.
Second question is, when comparing the kbox taking a pre-sysprepped image to the Windows image restore/backup is one considerably faster than the other? If so, by how much? - aaronr 11 years ago
net user administrator newpassword - SMal.tmcc 11 years ago
the windows image is not syspreped, I use that process to backup my masters prior to sysprep so i have a restore I can make other changes to if needed. The windows process is very fast since it is local to local and creates a VHD snapshot to backup the drive. - SMal.tmcc 11 years ago