Microsoft Windows Registry Guide, Second Edition
Building a Disk Image
You got the overview earlier in this chapter. Now it's time for some detail.
The first step is to configure a sample computer, and you start by installing Windows. Don't just drop the Windows CD in the drive and install the operating system manually, however. If you find an error in your disk image, you're likely to repeat it or introduce different errors because you're using a manual process. Instead, install Windows from a fully customized distribution folder. Chapter 14, “Deploying with Answer Files,” describes how to customize the distribution folders so that Windows installs without any user interaction. Just make sure that your answer file joins a workgroup and not a domain because Sysprep will remove the computer from the domain anyway and you don't want the extra configuration information in the registry.
Next install the applications you want to include in your disk image. Include only the applications that you want to install on every computer to which you deploy the disk image. For example, include Office 2003 Editions and your antivirus software, but don't include line of business applications that only one department uses if you want to use that disk image for other departments. I don't like to install applications manually for the same reasons that I don't like to install Windows manually: regression testing. Instead, install Windows Installer–based applications from fully customized administrative installations. Install other applications using any quiet mode switches that those programs provide, or consider repackaging them as Windows Installer packages, which you can install without interaction. After you automate each application's installation, you can easily install each from your Windows answer file.
TIP
Whether it's superstition or has some basis in fact, I usually build custom computers for the express purpose of building disk images. I use the most generic hardware I can find and I leave out any unnecessary devices (sound cards, and so on). My thinking, and what I want to pass on to you, is that by using generic hardware, I have a better chance of producing a disk image that works on many different configurations. The goal, of course, is to manage fewer disk images.
Customizing Mini-Setup
Sysprep.inf automates Mini-Setup Wizard. In other words, the wizard avoids prompting users for settings that you provide in Sysprep.inf. If your goal is a 100-percent automated installation, you'll want to create a robust Sysprep.inf. Completely automating Mini-Setup Wizard can be difficult in the following three cases, however:
- User name.
You can provide a user name, such as Valued Microsoft Employee in Sysprep.inf, or you can allow the wizard to prompt users for their names.
- Computer name.
This is the toughest of all to automate. You can accept the random computer names that Mini-Setup Wizard generates when you set ComputerName=* in Sysprep.inf, or you can allow the wizard to prompt users for a computer name. This is one of the reasons that many organizations send technicians to desktops to install Windows. Alternatively, you can accept the random computer name and then change the name after installation using scripts. The TechNet Script Center provides Windows Script Host scripts for renaming computers and joining them to domains, and you can run these scripts from Sysprep.inf. See Chapter 14, “Deploying with Answer Files,” to learn how to run programs after Windows finishes installation. The Script Center is at http://www.microsoft.com/technet/scriptcenter/default.mspx.
- Joining a domain.
To automatically join a domain, you must provide domain administrator credentials in your answer file. But, annoyingly, they are in plain text. (Documentation that says you can encrypt the domain Administrator password is inaccurate.) One solution is to create a domain account with just enough rights and permissions to join computers to the domain and then use those credentials in the answer file. Otherwise, you can delegate ownership of computers to users so that they can join their own computers to the domain. You can also use the scripts from the TechNet Script Center to automatically join computers to domains after Windows finishes installing.
The remaining settings in a typical Sysprep.inf file will be easy to understand because you already learned about answer files in Chapter 14. The ultimate reference is Ref.chm in Deploy.cab, however. Microsoft's documentation is full of sample answer files, but Listing 15-1 shows you one that I typically use. A few notes about this listing:
ExtendOemPartition causes Mini-Setup Wizard to extend the partition to the end of the disk, which is necessary if the target computer's hard disk is bigger than that of the sample computer.
InstallFilesPath tells Mini-Setup Wizard where to find additional installation files, including the $OEM$ folder, which contains a Cmdlines.txt file (more on that later).
OemPnPDriversPath tells Mini-Setup Wizard where to find the third-party device drivers that I've included in the disk image (which helps reduce image count).
ComputerName and Username are missing from this Sysprep.inf file, so Mini-Setup Wizard prompts users for both values.
DomainAdmin and DomainAdminPassword are absent from this Sysprep.inf file, so Mini-Setup Wizard prompts users for the credentials necessary to join the computer to the domain.
[Sysprep] and [SysprepMassStorage] help to reduce the number of disk images that you must maintain. I discuss these two sections in “Reducing Image Count,” later in this chapter.
Listing 15-1 Sysprep.inf
[Unattended] ExtendOemPartition=1 InstallFilesPath=\Sysprep\i386 OemPnPDriversPath=\Windows\Drivers OemPreinstall=Yes OemSkipEula=Yes [GuiUnattended] OemSkipRegional=1 OemSkipWelcome=1 TimeZone=020 [UserData] OrgName="Jerry Honeycutt" ProductID=#####-#####-#####-#####-##### [TapiLocation] AreaCode=972 CountryCode=1 Dialing=Tone [Identification] JoinDomain=HONEYCUTT [Networking] InstallDefaultComponents=Yes [Sysprep] BuildMassStorageSection=Yes [SysprepMassStorage] ;end
The easiest way to build your own Sysprep.inf file is to use a template and then edit it in Notepad. You can use the preceding listing with very little modification. If you prefer, you can use Windows Setup Manager. Chapter 14, “Deploying with Answer Files,” introduced Windows Setup Manager to you. There are a few more settings available to you in Windows Setup Manager that this listing doesn't show, such as installing printers; thus, you might build a Sysprep.inf file using Windows Setup Manager and then use that as your template for future jobs.
NOTE
Chapter 14 describes how to deploy settings in an answer file. It shows how to use REG files, INF files, and so on from an answer file. You can use those same methods in the Sysprep.inf file, too. Just like in any normal answer file, you can run a command in the [GuiRunOnce] section or run a command from the Cmdlines.txt file that edits the registry. Because Chapter 14 covers these topics thoroughly, I won't duplicate them here.
Preparing for Duplication
You're almost done; now you must prepare the sample computer's hard disk for duplication. On the surface, this is the easy part but, as I sometimes do, I'm going to complicate matters. To prepare for duplication, create %SystemDrive%\Sysprep and copy Sysprep.exe, Setupcl.exe, and the Sysprep.inf file you created to it.
That's it–now for the complication: fully automated disk image production is the ideal. It enables regression testing. If you can (and you can with a good bit of work), you'll want to modify your Windows answer file (Unattend.txt, or whatever you've named it) so that it runs Sysprep after it installs all the applications. Here's how:
Create a Sysprep folder in the Windows distribution folder under $OEM$\$1 so that the setup program creates %SystemDrive%\Sysprep for you during installation. This prevents you from having to interact with the disk image at all.
Add the following lines of code to the answer file you're using to build the disk image. This installs each application. The placeholders setup1 and setup2 are the commands necessary to install the applications you want to include on the disk image. If you prefer, you can run a batch file from the [GuiRunOnce] section and install all the applications from that batch file. Running each setup program with no user interaction is preferable. This script quietly runs Sysprep configured to use Mini-Setup Wizard, which prepares the disk for duplication:
[GuiRunOnce] "setup1" "setup2" "%SYSTEMDRIVE%\Sysprep\Sysprep.exe -mini -quiet -reseal -forceshutdown"
Add the following code to the answer file you're using to build the disk image. This automatically logs the local Administrator on to Windows to run the programs in [GuiRunOnce]. (Set AutoLogonCount to the number of times you need to log on to Windows to complete the installation process in [GuiRunOnce].)
[GuiUnattended] AutoLogon=Yes AutoLogonCount=1
In the answer file you're using to install Windows on the sample computer, leave the local Administrator password null: AdminPassword=*. Doing so ensures that you can change the local Administrator password in Sysprep.inf.
Cloning the Disk Image
The last step is to run Sysprep and clone the disk to an image file. If you're fully automating disk image production, this occurs automatically. Otherwise, run Sysprep manually. The following steps describe how to run Sysprep so that it prepares the disk for duplication and configures it to automate Mini-Setup Wizard:
Run %SystemDrive%\Sysprep.exe.
You see the Sysprep window shown in Figure 15-2.
Figure 15-2 Earlier versions of Sysprep had no user interface, so this look and feel is truly new.
Select the MiniSetup check box.
This causes Sysprep to use Mini-Setup Wizard as the first-run experience instead of Windows Welcome, which is the default. Mini-Setup Wizard is the first-run experience that you customize with Sysprep.inf.
Optionally, select the Detect Non-Plug And Play Hardware check box.
Do this only if you want Mini-Setup Wizard to detect legacy devices during hardware detection, which adds about 10 minutes to the installation process.
Click Reseal to prepare the disk for duplication, and shut down the computer.
I'm not a fan of graphical user interfaces when there is a perfectly good command that I can type in the command prompt window. As a result, I almost always use Sysprep's command-line options instead:
sysprep {[-clean] | [-activated] [-audit] [-factory] [-forceshutdown] [-mini] [-noreboot] [-nosidgen] [-pnp] [-quiet] [-reboot] [-reseal]}
-activated | Does not reset the grace period for Windows Product Activation. Use this option only if you have activated Windows in Factory mode. The product key that you use to activate Windows must match the product key located on the COA sticker attached to that particular computer. |
-audit | Reboots the computer into Factory mode without generating new SIDs or processing any items in the [OEMRunOnce] section of Winbom.ini. Use this command-line option only if the computer is already in Factory mode. |
-clean | Clears the critical devices database used by the [SysprepMassStorage] section in Sysprep.inf. You learn about this setting in the section titled “Reducing Image Count,” later in this chapter. |
-factory | Restarts the computer without displaying Windows Welcome or Mini-Setup Wizard. This option is useful for updating drivers, running Plug and Play enumeration, installing applications, testing, configuring the computer with customer data, and making other configuration changes in your factory environment. For companies that use disk imaging, Factory mode can reduce the number of images required. When you have finished your desired set of tasks in Factory mode, run Sysprep with the -reseal option selected to prepare the computer for end-user delivery. |
-forceshutdown | Shuts down the computer after Sysprep is complete. Use this option with a computer that has ACPI BIOS and that does not shut down properly with Sysprep's default behavior. |
-mini | Configures Windows Professional to use Mini-Setup Wizard rather than Windows Welcome. This option has no effect on Windows XP Home Edition, in which the first-run experience is always Windows Welcome. |
-noreboot | Modifies registry keys (SID, OemDuplicatorString, and so on) without the system rebooting or preparing for duplication. This option is used mainly for testing, specifically to see if the registry is modified properly. This option is not recommended because making changes to a computer after Sysprep has run can invalidate the preparation done by Sysprep. Do not use this option in a production environment. |
-nosidgen | Runs Sysprep without generating new SIDs. You must use this option if you are not duplicating the computer on which you are running Sysprep or if you are pre-installing domain controllers. |
-pnp | Runs the full Plug and Play device enumeration and installation during Mini-Setup Wizard. This command-line option has no effect if the first-run experience is Windows Welcome. Use -pnp only when you need to detect and install legacy, non–Plug and Play devices. Do not use sysprep -pnp on computer systems that use only Plug and Play devices. If you do, you will increase the time required for the first-run experience without providing any additional benefit to the user. |
-quiet | Runs Sysprep without displaying onscreen confirmation messages. This option is useful if you are automating Sysprep. Select -quiet if you plan to run Sysprep immediately following installation, for example. |
-reboot | Forces the computer to automatically reboot and then start Windows Welcome, Mini-Setup Wizard, or Factory mode. This is useful when you want to audit the system and verify that the first-run experience is operating correctly. |
-reseal | Clears the Event Viewer logs and prepares the computer for delivery to the customer. Windows Welcome or Mini-Setup Wizard is set to start at the next boot. If you run the command sysprep -factory, you must seal the installation as the last step in your pre-installation process, either by running the command sysprep -reseal or by clicking Reseal in the Sysprep window. |
After you've prepared the disk for duplication, use your third-party disk-imaging product to clone the disk to an image file. For example, with Symantec Ghost, the product I know and love, you run the Ghost Multicast client on the sample computer to transfer the disk image to the Ghost Multicast server. This is the simplistic way to clone a disk image, though. The product gets more complicated when you configure disk images so that you can deploy them remotely. In the case of Symantec Ghost, you use the Ghost Enterprise Console to manage and deploy images. For more information, see your vendor's documentation.
TIP
Sysprep doesn't always shut down the computer properly. Sometimes it just reboots the computer. If Mini-Setup Wizard starts, however, you can't use the image. To prevent a surprise reboot, stick a blank floppy disk in drive A before running Sysprep so that if the computer does restart, the computer will boot from the floppy disk and Mini-Setup Wizard won't run.