Windows 10 1703 - Sysprep Question



  • Server
    • FOG Version: 1.4.4 (SVN 6077)
    • OS: CentOS 7 x64
    Client
    • Service Version: 1.0.12
    • OS: Windows 10 - 1703 Education
    Description

    After messing around with Windows 10 1703, I figured I would give sysprep a try. I used the same unattend file as I did in 1511 and 1607.

    Very basic - activate the built in administrator account, set a password, etc. On previous Windows 10 builds, I always had 1 AutoLogin in the unattend.xml file. Normally, the FOG client service would be activated from the SetupComplete.cmd (using the two sections from the Wiki) … but for some reason, despite starting, it never reboots. I can post an example log tomorrow when I’m back in the office, however it was an issue with the hostname changer. It would not change the name because the default (AutoLogin) administrator user was logged in. Was this a change within Windows or with how the latest version of the client handles renaming/joining domain?

    It’s worth noting that if I set the unattend file to 0 auto logins, it does not automatically reboot. If I select within the GUI to force hostname/domain joining despite a user being logged in - it works.



  • As a temporary solution, I have removed the auto login portion of my unattend.xml file … I’m not sure if this is the ideal solution but it worked.

    When I remove the autologin portion, I do not need to force FOG to rename when users are logged in. In the past, 1511 and 1607, it didn’t seem to mind the local administrator account being logged in after an imaging task to rename, join domain and reboot. It appears it matters now?

    If I keep the autologin, I have to ensure FOG is set to force changes despite a user being logged in. For those using my unattend - remove this:

               <AutoLogon>
                    <Password>
                        <Value>password here</Value>
                        <PlainText>false</PlainText>
                    </Password>
                    <Enabled>true</Enabled>
                    <LogonCount>1</LogonCount>
                    <Username>administrator</Username>
                </AutoLogon>
    

    If I had to guess, 1703 had a couple of changes that will require a FOG Client update.



  • Use the unattend.xml file into my post: https://forums.fogproject.org/topic/10485/best-way-to-make-windows-10-master-and-upload

    Everything work fine with Windows 10 PRO - 1703

    setupcomplete.cmd work fine if you setup him into unattend.xml



  • Hi,

    i am working with windows 10 pro oem and i also use 1 autologin for a local admin user because pro don’t support setupcomplete.cmd to be executed automated like with enterprise, therefore i used firstlogoncommands in unattend.xml to execute setupcomplete.cmd that way.

    For me all is working the only strange thing is that sometimes the computer doesn’t reboot when i check the hostname and domain status i can see name was changed and joined to domain without the final reboot where i would normally logon as domain administrator or final domain user.

    Regards X23



  • Thanks for that. I’m wondering if anybody else has had success with 1703. If they have, there’s a chance that it is an issue on my head rather than some changes within Windows affecting the client.

    My SetupComplete is below:

    @ECHO OFF
    
    TITLE Post Sysprep Configuration Script
    
    REM *** Activating Windows
    TITLE Activating Windows 10...
    
    cscript slmgr.vbs /skms kms.domain.org
    cscript slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
    cscript slmgr.vbs /ato
    
    REM *** Activate Office 
    TITLE Activating Office...
    
    cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /sethst:kms.domain.org
    cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /act
    
    REM *** Starting FOG Service after boot
    TITLE Start FOG Service...
    
    sc config FOGService start= auto
    shutdown -t 0 -r
    
    REM *** Finalize Script Actions and Cleanup the Scripting Environment
    TITLE Finalizing Script Actions...
    
    DEL /Q /F c:\Windows\System32\Sysprep\unattend.xml
    DEL /Q /F c:\Windows\panther\unattend.xml
    RD /S /Q c:\windows\setup\scripts
    

    And my unattend file is:

    <?xml version="1.0" encoding="utf-8"?>
    <unattend xmlns="urn:schemas-microsoft-com:unattend">
        <servicing></servicing>
        <settings pass="windowsPE">
            <component name="Microsoft-Windows-PnpCustomizationsWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <DriverPaths>
                    <PathAndCredentials wcm:action="add" wcm:keyValue="b895faa4">
                        <Path>C:\Windows\Drivers</Path>
                    </PathAndCredentials>
                </DriverPaths>
            </component>
        </settings>
        <settings pass="generalize">
            <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <SkipRearm>1</SkipRearm>
            </component>
        </settings>
        <settings pass="specialize">
            <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <SkipAutoActivation>true</SkipAutoActivation>
            </component>
            <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <RunSynchronous>
                    <RunSynchronousCommand wcm:action="add">
                        <Description>Activates Built-in Administrator account</Description>
                        <Order>1</Order>
                        <Path>net user administrator /active:yes</Path>
                    </RunSynchronousCommand>
                </RunSynchronous>
            </component>
            <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <DesktopOptimization>
                    <ShowWindowsStoreAppsOnTaskbar>false</ShowWindowsStoreAppsOnTaskbar>
                    <GoToDesktopOnSignIn>false</GoToDesktopOnSignIn>
                </DesktopOptimization>
                <TimeZone>Eastern Standard Time</TimeZone>
                <RegisteredOrganization>*school here*</RegisteredOrganization>
                <RegisteredOwner>*school here*</RegisteredOwner>
                <CopyProfile>true</CopyProfile>
                <ComputerName>*</ComputerName>
            </component>
        </settings>
        <settings pass="oobeSystem">
            <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <InputLocale>en-us</InputLocale>
                <SystemLocale>en-us</SystemLocale>
                <UILanguage>en-us</UILanguage>
                <UserLocale>en-us</UserLocale>
            </component>
            <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <OOBE>
                    <ProtectYourPC>1</ProtectYourPC>
                    <HideEULAPage>true</HideEULAPage>
                    <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
                    <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
                    <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
                    <HideLocalAccountScreen>false</HideLocalAccountScreen>
                </OOBE>
                <UserAccounts>
                    <AdministratorPassword>
                        <Value>password here</Value>
                        <PlainText>false</PlainText>
                    </AdministratorPassword>
                    <LocalAccounts>
                        <LocalAccount wcm:action="add">
                            <Password>
                                <Value>password here</Value>
                                <PlainText>false</PlainText>
                            </Password>
                            <Name>Administrator</Name>
                            <Group>Administrators</Group>
                            <DisplayName>Administrator</DisplayName>
                            <Description>Local Administrator</Description>
                        </LocalAccount>
                    </LocalAccounts>
                </UserAccounts>
                <VisualEffects>
                    <FontSmoothing>ClearType</FontSmoothing>
                </VisualEffects>
                <RegisteredOrganization>*school here*</RegisteredOrganization>
                <RegisteredOwner>*school here*</RegisteredOwner>
                <TimeZone>Eastern Standard Time</TimeZone>
                <AutoLogon>
                    <Password>
                        <Value>password here</Value>
                        <PlainText>false</PlainText>
                    </Password>
                    <Enabled>true</Enabled>
                    <LogonCount>1</LogonCount>
                    <Username>administrator</Username>
                </AutoLogon>
            </component>
        </settings>
        <cpi:offlineImage cpi:source="wim:c:location:/sw_dvd5_win_edu_10_1703_64bit_english_mlf_x21-36554/sources/install.wim#Windows 10 Education" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
    </unattend>
    

  • Moderator

    I don’t have a solid answer for you because I haven’t worked with 1703 as of now. But I do have a few comments.

    1703 came out or wasn’t in wide distribution after the current client was released. So there is a potential that something changed in 1703 that the current FOG Clients needs to compensate for.

    The setupcomplete.cmd batch file runs just after oobe completes and just before the login prompt appears. If you are running autologin to runs some commands in the windows gui to finish the setup, you can move the commands that startup the fog client to the async commands in the unattend.xml. Just make the 2nd to last step enabling the fog client service then the last step a shutdown.exe (reboot) step. This will start the fog client and then in a way log out the autologin user and make sure that the fog client has a clean OS to do its business.

    In my case I don’t use the fog client for renaming or connecting the client to the domain, I let the unattend.xml file do that. During image deployment I have a post install script inject the host name and destination OU into the unattend.xml file. We started doing it that way because we have a complex OU structure that had to be calculated at the time of OS installation.


Log in to reply
 

436
Online

38941
Users

10697
Topics

101497
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.