Many will want to rollout Win 8.1 on new hardware well before the expiry of XP in April 2014
-
I’ve deployed 8.1 with Fog .32.
Fresh Install 8.1
Install .Net 3.5
Install Fog Service/Software
Install Remote Server Administration Tools for 8.1 to fix domain joining if you need to.
Run command line
start /w pkgmgr /iu:RemoteServerAdministrationTools-Roles-AD-DS-SnapIns;RemoteServerAdministrationTools-Roles-AD-DS;RemoteServerAdministrationTools-Roles-AD;RemoteServerAdministrationTools-Roles;RemoteServerAdministrationTools
Install what you want on your image.
Sysprep (I use the same unattend.xml I use for my Win 7 machines.)
Use Windows 7 as Host OS
Upload Image
Deploy Image
You will get a winload.exe failure. Boot off a 8.1 disk/usb and repair.
Sysprep again
Upload AgainNow it will deploy correctly and join the domain (if set to do so.)
-
Oh, If you don’t like the standard 8.1 then download and install Start Menu 8 (Freeware). Set it to look like Win 7 and put it in the Common Startup folder. I did this for my Win8.1 deployment so it will look like Win 7 for all users.
-
Thanks Michael, a response first to your 2nd post - I had planned to install “Classic Shell” which gives an XP or Win 7 desktop and is also free. I had not heard of “Start Menu 8” I have no real world experience with either. I just hope they don’t give problems with group policies coming from Server 2012.
Now to FOG. Thanks for that informative list.
In all my Ghost imaging with 2000 and XP over the last 10 years and FOG imaging over the last 2 years I have never used sysprep. In fact I don’t know how to use it. I’m HOPING I won’t need it. I have heard from a number of people on this forum that they have successfully imaged without sysprep. Do you have any comments on that?
Interesting to note the WINLOAD.EXE failure. Doesn’t that reveal some kind of bug in FOG?
I was planning/hoping I could do what I have done before with XP:
- go to each PC and use PXE to register each PC with FOG (only 50 clients)
- upload image of master PC (removed from domain)
- roll out image to pre registered clients and allow FOG to both give them their names and join them to domain.
What do you think?
(I used to use NewSID to change SID numbers on every client before joining them to the domain - until I read the following:
After NewSID’s retirement, Microsoft engineer [URL=‘http://en.wikipedia.org/wiki/Mark_Russinovich’]Mark Russinovich[/URL] posted an article on his blog explaining the retirement of the NewSID stating that neither he nor the Windows security team could think of any situation where duplicate SIDs could cause any problems at all, against commonly accepted wisdom. On November 1, 2009, Microsoft added the following to the NewSID download page: Note: NewSID will be retired from Sysinternals on November 2, 2009.) -
We’ve been deploying Windows 7 for a few years now and have always sysprepped the image because it seemed like a good thing to do. in certain cases we deployed without using sysprep and are still here to tell the tale so i say do what feels right for your situation. We’re a few years away from deploying Win 8 globally even though I run 8.1 on my desktop.
-
Thanks Steve.
-
we deploy to 1000 computers every 12 weeks… never syspreped once… is that bad??
-
[quote=“Lethal Kebab, post: 20910, member: 1498”]we deploy to 1000 computers every 12 weeks… never syspreped once… is that
bad??[/quote]See lower post, SID is not preliminary to activation, but Sysprep does affect activation.
Hope this helps.
-
Jaymes, thanks for your input. You say that a UID is needed for KMS to work.
If that is true then I am forced to use MAK activation, because I don’t want to use sysprep.By UID I assume you mean local machine SID and not domain machine SID.
I have not managed to find verification of this need for unique local machine SID on the internet.
I am very confused about this because Mark Russinovich says “neither he nor the Windows security team could think of any situation where duplicate SIDs could cause any problems” He and Microsoft then discontinued NewSid which only changes the local SID.
Logically this also implies that sysprep is also not needed to change the local machine SID, if duplicate SIDs don’t matter in a domain environment. -
By the way, that photo of you and your daughter is fantastic. Brings back memories.
-
I was tired and typed UID out of what I thought was memory, I meant to type SID, as in machine Security Identifier.
Look, this is the information that sysprep changes, and to say that it isn’t needed is bologna, if it wasn’t needed it wouldn’t be required…
“Windows operating system installations include many unique elements per installation that need to be “generalized” before capturing and deploying a disk image to multiple computers. Some of these elements include:
Computer name[1]
Security Identifier (SID)
Driver Cache
Sysprep seeks to solve these issues by allowing for the generation of new computer names, unique SIDs, and custom driver cache databases during the Sysprep process.”I’m not here to argue, just recommend that you sysprep. It has been speculation that the SID affects activation. I can’t confirm or deny this, but I can point you at an example.
This summer we rolled out Windows 7, the reason they never upgraded was because they didn’t want to sysprep and get the image to activate. We do not have a Volume license, we have KMS, and very few MAK keys. After I spent some time playing with 7, deploying, and activating it to the MAK, I realized with some help of this forum, that my imaging method was incorrect and figured out the way to sysprep our image. After my sysprep image was pushed to my test machines I was able to activate my images to my KMS sever, or the MAK license we had. All I can state is SOMETHING that sysprep does, WILL affect your activation. Specifically if you have a WSUS server for windows updates and activation.
That being said, you are correct Mark does state that having more than one SID shouldn’t affect anything
“I realize that the news that it’s okay to have duplicate machine SIDs comes as a surprise to many, especially since changing SIDs on imaged systems has been a fundamental principle of image deployment since Windows NT’s inception. This blog post debunks the myth with facts by first describing the machine SID, explaining how Windows uses SIDs, and then showing that - with one exception - Windows never exposes a machine SID outside its computer, proving that it’s okay to have systems with the same machine SID. [B]Note that Sysprep resets other machine-specific state that, if duplicated, can cause problems for certain applications like Windows Server Update Services (WSUS), so MIcrosoft’s support policy will still require cloned systems to be made unique with Sysprep.[/B]”So I am sorry in stating that SID affects activation, I was incorrect, but as you can see there are other reasons to sysprep that will affect the outcome of your image.
Also note that in an Active Directory environment, having machines with the same SID would be counter-productive.
Might I ask why you do not want to sysprep?
-
You’ll need sysprep if you want to use KMS, WSUS, or almost any other microsoft management system. Sysprep was difficult to figure out, and I still haven’t done it all, but I am comfortable with it now and have my process worked out where I can create a new image from scratch in a few hours.
-
I should give some background to explain my comments and questions. I have been deploying XP images since 2005 until 2011 with Symantec Ghost corporate solution suite (Ghost console), and then with FOG since 2011. I have never used SYSPREP. I have always used either Ghostwalker or NewSID to change SID numbers straight after deployment. I have always used WSUS successfully by removing the WSUS id number (different from SID) from the registry from the master image just before cloning. This ensures that each new deployed PC will automatically create its own unique WSUS id. Naming of clients was always handled automatically by both Ghost console and later FOG with PXE client registration. You mentioned the “driver cache” - I will risk making a statement that may be wrong: the driver cache does not matter at all when I am deploying to PCs that have IDENTICAL hardware to the master image PC. The above concrete experience shows that sysprep is not necessary for the correct functioning of WSUS or for the successful deployment of ninety-five XP clients on one LAN. I don’t know about win 7 or win 8.
Why don’t I use sysprep on XP?
- it resets the administrator account which I want to retain with my settings
- it gives the first time user the “OOBE” Out of Box Experience startup choices which I don’t want. My master image is already exactly what I want, I don’t want it changed, or new profiles created.
- I would need to learn how to use answer files etc…
- I think there was another reason also, but I can’t remember now
With regard to KMS, which I hope to use, I suspect Jaymes that you were correct in your first post when you said that unique SID numbers (and perhaps WSUS ids) were needed for KMS to work.
I’ve just discovered a shareware program called SIDCHG (32 and 64 bit) which does the same job as NewSID and also changes the WSUS SID as well. It works with Win 8.1. It costs $300 for a 500 user educational site license. I’m very tempted to take the chance of using that instead of SYSPREP.
-
With Windows 7 and Windows 8, it’s much easier to use Sysprep. I create images for each hardware platform as I have not yet figured out driverpacks. I have a sysprep answer file for Win7x32 and one for Win8x32, and a helper script that runs commands to copy my answer file and setupcomplete file, and to rearm Office 2010/2013 before running sysprep and shutting down the machine.
A high level overview of my procedure is:
- Start Windows setup, go until it reboots and asks for a computer and user name
- Hit ctrl+shift+f3 to restart in audit mode
- load programs, update local group policy
- shut down and take a pre-sysprep image, an “audit-mode” image
- push the image I just made to a second machine to verify it works and comes up in audit mode
- run my helper script that copies files, rearms office, and starts sysprep with the proper command line args.
- upload this to a new image as the “oobe image” for this hardware.
- set clients to use the oobe image and deploy
My FOG service is stopped and set to manual so it doesn’t try to rename/join domain while I’m loading software. My answer file has all the options setup so it doesn’t prompt for anything during the oobe prompt. My setupcomplete scripts activates windows and office either against KMS or against our AD (Active Directory Based Activation), sets the FOG server back to auto, starts the FOG service, and FOG then renames and joines the computer to the domain.
I have a checklist of software and settings that I can load for each platform depending on if it’s a student, teacher, or lab computer, and what campus it’s on. Since we use Deep Freeze to secure out student and lab computers (and some admins/teachers that like coupon printers and fake news websites) we cannot easily push out software after the machines leave the technology department.
-
I could not have said it better myself chad, thank you.
-
Thanks Chad
Very interesting. If I am forced in the end to run with sysprep, I will definitely use your post as a guide.
But I’m still interested in this other alternative …
I am waiting for a response from the SIDCHG program designers on questions about KMS.
I’ll post any relevant info here. -
My question is… Why use a free imaging system and pay to have the SID changed, Sysprep is easy (and free, and included with windows), the answer file takes some work to get it right, but a free alternative is always tastier to me than a paid solution.
And that is just my two cents. It seems like a lot of work to circumvent the sysprep process when really it can only benefit you.
If you’re looking to throw money away, you could just set up a windows WSUS server and let it do all your imaging, it will help you to pack all your programs up and let them install after imaging, help you do sysprep and create your answer file for you.
I prefer FOG as I am like Chad, we use DeepFreeze, I set everything specific in the image for Teachers, other Staff (Principals and such), and students. When I deploy my image I just lock it in a fresh state and bounce happily out of my lab.
Don’t get me wrong I’m not trying to push you away from FOG, but with so many of us barking the word “sysprep” at you, why will you still not heed our warnings?
If you’re worried about the time it takes to get the answer file correct, set up a virtual image and save some snapshots before you sysprep, that’s what I do, then I just revert back, and edit my file a bit, save and upload again. Plus the more you sysprep the more familiar you are with it. Like chad said a few posts up he can get an image ready, sysprepped, and answer file on there in a few hours tops.
-
My sysprep cheat sheet (forget the mountains of documentation scattered around MS websites):
Win7 basic guide: [url]http://technet.microsoft.com/library/hh825212.aspx#AnswerFile[/url]
Win7 unattended installation: [url]http://technet.microsoft.com/en-us/library/dd744272(v=ws.10).aspx[/url]
Win7 skip welcome junk in OOBE: [url]http://technet.microsoft.com/en-us/library/dd744547(v=ws.10).aspx[/url]
Win7 fix Media Player/Sysprep bug: [url]http://technet.microsoft.com/en-us/library/ee676648(v=ws.10).aspx[/url]I’ve attached my 3 files that I use. The unattend xml file can be loaded into your WSIM so you can set the administrator password or add default users. The setupcomplete should mostly work without being modified. The copyfiles-run-sysprep should work without modifications also. Just make sure all 3 files are in the same folder before you run the copyfiles command.
If you have questions, ask.
[url=“/_imported_xf_attachments/0/456_Win7x32-Sysprep.zip?:”]Win7x32-Sysprep.zip[/url]
-
I have files for Win8x32 also, they are similar except for activation is done with ADBA instead of KMS.
-
Thanks for sharing your information and files chad, I’ll look through them and see if I can learn anything form them too
-
[quote=“chad-bisd, post: 20978, member: 18”]With Windows 7 and Windows 8, it’s much easier to use Sysprep. I create images for each hardware platform as I have not yet figured out driverpacks. I have a sysprep answer file for Win7x32 and one for Win8x32, and a helper script that runs commands to copy my answer file and setupcomplete file, and to rearm Office 2010/2013 before running sysprep and shutting down the machine.[/quote]
Chad,
I’ve had much success, and easier to implement than Driverpacks, by extracting the Installers of drivers for the systems we have. Then I use a script:
[code]@echo off
net use z: \{NETWORKLOCATIONOFDRIVERS} domainpassword domainuseranddomain
for /r z:\ %%i in (*.inf) do pnputil -a %%i
net use /del z:
[/code]Anything that prompts with RED means it’s an unsigned driver and I DO NOT INSTALL as it will cause issues from a sysprepped machine.
Hopefully I’ve helped somebody.