Windows 10 Deployment from existing machine as reference using sysprep

aharrison

Server

• FOG Version: 1.3.5
• OS: Ubuntu 16.04.2 LTS

Client

• Service Version: Lenovo m900z
• OS: Windows 10 Pro

Description

Just wondering if someone could give me some pointers here. I’ve been tearing my hair out for days.

So we have thirty Lenovo m900z workstations to deploy. I have one of them set up the way we want. Relatively uncomplicated, just a few pre-installations of software, one local user account, though the PC is joined to the AD domain. My idea was to sysprep it and use Fog to deploy to the remaining 29.

I’ve run into a lot of the usual problems that have already been answered here and solved most of the issues based on what I found here and on the Fog wiki.

My lingering problem is that I’ve created a unattend.xml file that seems to simply be ignored. I tried to create a full file with all params, but really I only care about the one that tells it not to strip the device drivers PersistAllDeviceInstalls.

I’ve installed things like the MDT and ADK to try and make absolutely sure I’ve got a valid xml file. But one thing I need to know is if the cpi:offlineImage param is absolutely necessary. These Lenovos didn’t come with any media whatsoever and getting Lenovo to give us media has been ridiculously difficult in the past. So I don’t have access to a proper install.wim file that goes along with these specific machines.

I did make a .wim file from other media. I tried making a .wim from the files generated by Microsoft’s Media Creation Tool. I also tried using a .wim file I made from the recovery disk of a different model of Lenovo, though still Windows 10. I even figured out how to use the DSIM capture option, so I network booted one of the virgin Lenovo m900z’s into WinPE, and created a DSIM captured .wim file. None seem to behave any different, it’s as if my unattend.xml file is being ignored. I had my unattend.xml file saved in the C:\Windows\System32\Sysprep\ directory and ran sysprep from that directly using: sysprep /generalize /oobe /shutdown /unattend:unattend.xml

Could anyone give me some pointers as to what to look at next?

Here is the unattended.xml file I attempted to use:

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <InputLocale>en-US</InputLocale>
            <SystemLocale>en-US</SystemLocale>
            <UILanguage>en-US</UILanguage>
            <UserLocale>en-US</UserLocale>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <FirstLogonCommands>
                <SynchronousCommand wcm:action="add">
                    <CommandLine>del /Q /F c:\windows\system32\sysprep\unattend.xml</CommandLine>
                    <Order>1</Order>
                    <Description>Deletes unattend.xml</Description>
                    <RequiresUserInput>false</RequiresUserInput>
                </SynchronousCommand>
                <SynchronousCommand wcm:action="add">
                    <CommandLine>del /Q /F c:\windows\Panther\unattend.xml</CommandLine>
                    <Order>2</Order>
                    <Description>Deletes unattend.xml</Description>
                    <RequiresUserInput>false</RequiresUserInput>
                </SynchronousCommand>
            </FirstLogonCommands>
            <OOBE>
                <HideEULAPage>true</HideEULAPage>
                <ProtectYourPC>1</ProtectYourPC>
                <SkipMachineOOBE>true</SkipMachineOOBE>
                <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
                <SkipUserOOBE>true</SkipUserOOBE>
                <NetworkLocation>Work</NetworkLocation>
            </OOBE>
        </component>
    </settings>
    <settings pass="specialize">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <TimeZone>Eastern Standard Time</TimeZone>
        </component>
        <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <RunAsynchronous>
                <RunAsynchronousCommand wcm:action="add">
                    <Path>net user administrator /active:yes</Path>
                    <Order>1</Order>
                </RunAsynchronousCommand>
            </RunAsynchronous>
        </component>
    </settings>
    <settings pass="generalize">
        <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>
            <DoNotCleanUpNonPresentDevices>true</DoNotCleanUpNonPresentDevices>
        </component>
        <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <SkipRearm>1</SkipRearm>
        </component>
    </settings>
</unattend>

george1421

@aharrison said in Windows 10 Deployment from existing machine as reference using sysprep:

though the PC is joined to the AD domain.

This is your first problem. Domain joined PCs will be difficult to clone, even if you disconnect them from the domain. Adding a new system to a domain tattoos them with domain “junk”.

The second thing that jumps out at me is your sysprep setup.
sysprep /generalize /oobe /shutdown /unattend:unattend.xml

If it was me I would put the unattend.xml file in the Panther directory AND define the full path to the unattend.xml file. The rest of your sysprep command looks good.

Are/Is this OS you are deploying OEM or do you have a VLK?

george1421

Your unattend.xml file looks a little “lite” on the required settings. You might want to compare your unattend.xml file against one created by one of the online generators: http://windowsafg.no-ip.org/win10x86_x64.html

aharrison

Thanks for the replies @george1421

You’re definitely on the right track. I ended up figuring it out finally. Since I had already followed the steps to make WinPE available to boot from Fog, I booted the failed target machine using WinPE and started looking more closely at the sysprep logs.

I discovered that Lenovo uses the same sysprep tool to deploy their new machines and they left the majority of their sysprep stuff in the Panther directory, including an unattend.xml. Since I wasn’t giving it a fully qualified path, it obviously checks the Panther directory first where it grabbed theirs instead of mine. The did clean up some of their sysprep stuff, so the drivers and sources directories referenced by their xml config files weren’t there. Had they been there, their sysprep might have even worked for me.

And, despite being somewhat light on required settings, once my unattend.xml was found and used, it worked fine.

Thanks again!

–
Andy

sudburr

When sysprep is run with reference to an unattend.xml it parses that .xml then writes a generated unattend.xml in Panther.

I would have expected it to overwrite what might already exist in Panther.

It’s been awhile since I’ve worked with anything but my own .xmls, but that generated .xml in Panther can reveal information from the original, which is why it’s good to always delete it in post-sysprep cleanup.

If after the machine has shutdown you were to alter the original unattend.xml you referenced by sysprep, it would have no effect because it only looks at the one it generated and left in Panther when it powers up for the first time.

Re-sysprepping an image can be messy or a thing of beauty depending on your forensic skills and how deeply you want to dig out the detritus of the previous sysprep.

aharrison

@sudburr

Gotcha. So my unattend.xml was probably never being read by sysprep at all. The unattend.xml that was left in the Panther direct was definitely one of Lenovo’s and not mine.

I did attempt to glean some useful info from what Lenovo left behind, but everything interesting, like the drivers or possible .wim files, get stripped out before shipping.

george1421

@aharrison For in the FWIW bucket. The for win10 the panther folders gets searched first for the unattend file first and then on down the line: https://technet.microsoft.com/en-us/library/cc749415(v=ws.10).aspx

MS Recommends that you place the file in the panther folder (either unattend, or panther directly). Then calling out the specific path to it isn’t required. I always do include the specific path out of habit.