Windows Sysprep Breaking
-
@george1421 Should i register before sysprep or during the sysprep boot? Or does it even matter?
-
@agray I would register the FOG server before you get into syspreping the device. In my case I have a VM that always build the reference image on, so it has been registered in FOG from day one.
-
After testing with the FOG client on my reference/golden image I found my issue which may help. I would task my client PC to be added to AD when the Auto Delayed service starts. Well, when a computer is being restored with the Windows 10 image it will start the services. Since it is starting the services it is trying to join the domain while the system is being sysprepped. This caused Windows to come up with an error to install or boot and various other errors. After the service was stopped in the reference/golden image then restoring had no issues. I manually have to enable the service and start it as well. The big issue turned into a okay fix.
-
Sorry I’ve been on medical leave so I haven’t had time to work on this, but, unfortunately, it is not solved.
I have made my own unattend.xml file, i am following this guide (https://forums.fogproject.org/topic/9877/windows-10-pro-oem-sysprep-imaging/11) almost exact. Using it’s batch file and operations but not using a setupcomplete.cmd
I personally think it’s something i’m doing in the audit mode. I’m not connecting to our Domain but I am setting a static IP for just installation process, then change it back to dynamic for sysprep and capture.
The software I am attempting to install is the following: VNC, Java, .Net, Silverlight, VLC, Firefox, Chrome, Cute pdf, Munis, Laserfiche, Office 365 (not activated), Sophos Endpoint, Comm Portal -
@agray Antivirus products sometimes cause trouble when installed before sysprep I believe.
For example: Bitdefender has a page about it
-
@Quazz said in Windows Sysprep Breaking:
@agray Antivirus products sometimes cause trouble when installed before sysprep I believe.
For example: Bitdefender has a page about it
Symantec is the same, there even is a program that you have to run in order to reset everything for sysprep to work.
@agray I cant seem to find your response into what the log files say. Did you check them? Or have I just not seen it and its in the thread somewhere?
-
I have to provide a wet blanket moment here as a moderator.
The Windows OEM EULA doesn’t allow for system cloning with OEM media. You can only deploy images directly from OEM media. You are not allowed to create a golden image with OEM media and then clone that image to multiple computers. If you want to do that legally you must use volume licensing media. The cost of volume licensing media is not that great. If you have 100 computers with Win10 Pro OEM on it you only need one Windows 10 Pro VL license. This is allowed by the EULA. You MAY NOT have 100 Win10 Pro OEM computers and upgrade them to Win10 Enterprise this way. In this case you need 100 Win10 Enterprise licenses. As long as you are redeploying Win10 Pro OEM with Win10 Pro VLK then you only need one volume license. Most SMBs will purchase 1 Win10 Pro VLK and 4 other client or RDS licenses to get to the minimum of 5 points to get into the MS Volume Licensing program.
In regards to preinstalled software. I would avoid installing any software that depends on a unique system id (GUID). I would avoid installing those softwares in your golden image. Because each cloned system will have the same software GUID. Enterprise AV is a big one that relies on a unique system GUID that should be installed post image deployment.
-
@george1421 My Windows 10 UBS is from the media creation tool but inside my unattend.xml, it has our volume license product key. Do I need to use the iso from the volume license?
-
@Taspharel I don’t have access to the logs. The sysprep goes through properly until I boot it back up; then it provides an error and will not boot at all.
-
@agray said in Windows Sysprep Breaking:
Do I need to use the iso from the volume license?
I would say yes, start with your VLK media. The setupcomplete.cmd will run as expected as well as a few other things that MS has blocked from running if you use the OEM media kit. And if it was me with MS coming out with 2 releases per year… I would create my reference image with MDT (microsoft deployment toolkit) to avoid that whole audit mode mess. Just have MDT create your golden image on a VM using the lite touch approach. You will probably spend a better part of one work week setting up MDT and perfecting your image. But on the back end, when a new version of win10 is released you just import the media and copy over your task sequences to a new task sequence and deploy. Using the lite touch approach all of your applications and custom settings can be auto installed into your Golden image. I can go from having a new version ISO to start to deploy a new golden image in about 20 minutes. That golden image will be ready to be captured by FOG without any human interactions after the task sequence has completed.
-
This post is deleted! -
@george1421 I looked into MDT and it looks a lot easier and simplifies FOG. There is a problems I am seeing and would like to know how you work around them.
- How does Fog interact with the WIM files?
-
@agray said in Windows Sysprep Breaking:
How does Fog interact with the WIM files?
It doesn’t. WIM files are windows only.
Maybe I did not explain the concept for MDT well enough. The idea is to use MDT to build your golden image in a virtual machine. MDT will take the WIM file and deploy it to a virtual machine. You can configure MDT to also install any current windows updates as well as any global applications you want into your golden image. In my case I use vSphere, and part of setting up MDT is that MDT will create a iso boot disk that connects the target computers to the MDT server (which can be run on a windows desktop OS) to run the install task sequences. When the MDT creation process is done you will have a computer ready for sysprep. At this point MDT’s job is done it has created your golden image. Now you sysprep the golden image and capture with FOG for deployment.
You could use MDT for low volume image deployments (< 5 a week). The differences between MDT/WDS/SCCM and FOG is that the former use file level cloning where FOG/Ghost/Clonezilla use disk block level cloning. Both methods have their advantages and disadvantages. The advantage of FOG and disk block level cloning is SPEED. FOG can deploy a disk over a 1 GbE network at a rate of 6GB/m or about 4 minutes for a 25GB fat image. With MDT/SCCM it will take about 1hr to fully deploy a windows image.
Each application has its roles in this set.
- MDT creates a repeatable and verifiable golden image the same way every time.
- FOG captures and deploys images very fast every time.
-
@george1421 What George says, about OEM.
Also try something simpler first. Instead of creating a gold-leafed banana sundae, just put a single scoop of ice cream into a bowl first, then add things one at a time with each attempt … though I’d blame the AV straight up. ESET Endpoint AV pulls the same with its self-defense setting which must be disabled prior to sysprep. If you check the sysprep log it will show you where the error occurs and I’d bet dollars to donuts that it’s the AV.
-
@george1421 So MDT is basically adding more steps to take out the time of windows updates?
MDT would make basically be my physical machine would be easier to restart every time it fails?
I have yet to try and capture a VM using FOG so I may have some issues with that, I don’t think the process would be much different, right? -
@agray said in Windows Sysprep Breaking:
So MDT is basically adding more steps to take out the time of windows updates?
Well that’s not exactly right. You will more steps initially to setup MDT, that is for sure. But what once MDT is setup it will give you a reliable way to build your reference image, every time. If you only make 1 or 2 images a month you can use MDT directly and not use FOG to clone your systems. You would just boot into MDT via the MDT boot disk, select your task sequence and deploy to your hardware. It will take you 1-2 hours of (you no touch time) for MDT to build your system.
Now MDT will NOT work if you need to reimage a 30 computer class room in 20 minutes. You will need FOG, WDS, or SCCM to do that.
Since you are at the beginning, I would take some time and watch some videos on MDT on how to set it up and how to use it. If you understand my process your time will not be wasted learning MDT. You can decide after you build your golden image with MDT. 1. Do I just use MDT to imaging my computer or 2. Do I use FOG to capture the MDT image and deploy that way if you need speed. Your efforts will not be wasted learning MDT. There are MANY good tutorials on the internet on how to setup and use MDT.
-
@george1421 said in Windows Sysprep Breaking:
If you only make 1 or 2 images a month you can use MDT directly and not use FOG to clone your systems.
We image, on advantage around 10 an entire year. we are just looking for a quick fix if something brakes and we need one out fast.
Even though MDT bootable, like you said, isn’t fast; it seem simpler than this long process with FOG, at least for my needs. -
@agray said in Windows Sysprep Breaking:
it seem simpler than this long process with FOG, at least for my needs
I can agree with that too. My goal is to help you make an informed decision. What works for me, probably isn’t the best for someone else.
-
@Quazz After running tests, it was Sophos that was causing the issue. Thank you!