Many will want to rollout Win 8.1 on new hardware well before the expiry of XP in April 2014
-
we deploy to 1000 computers every 12 weeks… never syspreped once… is that bad??
-
[quote=“Lethal Kebab, post: 20910, member: 1498”]we deploy to 1000 computers every 12 weeks… never syspreped once… is that
bad??[/quote]See lower post, SID is not preliminary to activation, but Sysprep does affect activation.
Hope this helps.
-
Jaymes, thanks for your input. You say that a UID is needed for KMS to work.
If that is true then I am forced to use MAK activation, because I don’t want to use sysprep.By UID I assume you mean local machine SID and not domain machine SID.
I have not managed to find verification of this need for unique local machine SID on the internet.
I am very confused about this because Mark Russinovich says “neither he nor the Windows security team could think of any situation where duplicate SIDs could cause any problems” He and Microsoft then discontinued NewSid which only changes the local SID.
Logically this also implies that sysprep is also not needed to change the local machine SID, if duplicate SIDs don’t matter in a domain environment. -
By the way, that photo of you and your daughter is fantastic. Brings back memories.
-
I was tired and typed UID out of what I thought was memory, I meant to type SID, as in machine Security Identifier.
Look, this is the information that sysprep changes, and to say that it isn’t needed is bologna, if it wasn’t needed it wouldn’t be required…
“Windows operating system installations include many unique elements per installation that need to be “generalized” before capturing and deploying a disk image to multiple computers. Some of these elements include:
Computer name[1]
Security Identifier (SID)
Driver Cache
Sysprep seeks to solve these issues by allowing for the generation of new computer names, unique SIDs, and custom driver cache databases during the Sysprep process.”I’m not here to argue, just recommend that you sysprep. It has been speculation that the SID affects activation. I can’t confirm or deny this, but I can point you at an example.
This summer we rolled out Windows 7, the reason they never upgraded was because they didn’t want to sysprep and get the image to activate. We do not have a Volume license, we have KMS, and very few MAK keys. After I spent some time playing with 7, deploying, and activating it to the MAK, I realized with some help of this forum, that my imaging method was incorrect and figured out the way to sysprep our image. After my sysprep image was pushed to my test machines I was able to activate my images to my KMS sever, or the MAK license we had. All I can state is SOMETHING that sysprep does, WILL affect your activation. Specifically if you have a WSUS server for windows updates and activation.
That being said, you are correct Mark does state that having more than one SID shouldn’t affect anything
“I realize that the news that it’s okay to have duplicate machine SIDs comes as a surprise to many, especially since changing SIDs on imaged systems has been a fundamental principle of image deployment since Windows NT’s inception. This blog post debunks the myth with facts by first describing the machine SID, explaining how Windows uses SIDs, and then showing that - with one exception - Windows never exposes a machine SID outside its computer, proving that it’s okay to have systems with the same machine SID. [B]Note that Sysprep resets other machine-specific state that, if duplicated, can cause problems for certain applications like Windows Server Update Services (WSUS), so MIcrosoft’s support policy will still require cloned systems to be made unique with Sysprep.[/B]”So I am sorry in stating that SID affects activation, I was incorrect, but as you can see there are other reasons to sysprep that will affect the outcome of your image.
Also note that in an Active Directory environment, having machines with the same SID would be counter-productive.
Might I ask why you do not want to sysprep?
-
You’ll need sysprep if you want to use KMS, WSUS, or almost any other microsoft management system. Sysprep was difficult to figure out, and I still haven’t done it all, but I am comfortable with it now and have my process worked out where I can create a new image from scratch in a few hours.
-
I should give some background to explain my comments and questions. I have been deploying XP images since 2005 until 2011 with Symantec Ghost corporate solution suite (Ghost console), and then with FOG since 2011. I have never used SYSPREP. I have always used either Ghostwalker or NewSID to change SID numbers straight after deployment. I have always used WSUS successfully by removing the WSUS id number (different from SID) from the registry from the master image just before cloning. This ensures that each new deployed PC will automatically create its own unique WSUS id. Naming of clients was always handled automatically by both Ghost console and later FOG with PXE client registration. You mentioned the “driver cache” - I will risk making a statement that may be wrong: the driver cache does not matter at all when I am deploying to PCs that have IDENTICAL hardware to the master image PC. The above concrete experience shows that sysprep is not necessary for the correct functioning of WSUS or for the successful deployment of ninety-five XP clients on one LAN. I don’t know about win 7 or win 8.
Why don’t I use sysprep on XP?
- it resets the administrator account which I want to retain with my settings
- it gives the first time user the “OOBE” Out of Box Experience startup choices which I don’t want. My master image is already exactly what I want, I don’t want it changed, or new profiles created.
- I would need to learn how to use answer files etc…
- I think there was another reason also, but I can’t remember now
With regard to KMS, which I hope to use, I suspect Jaymes that you were correct in your first post when you said that unique SID numbers (and perhaps WSUS ids) were needed for KMS to work.
I’ve just discovered a shareware program called SIDCHG (32 and 64 bit) which does the same job as NewSID and also changes the WSUS SID as well. It works with Win 8.1. It costs $300 for a 500 user educational site license. I’m very tempted to take the chance of using that instead of SYSPREP.
-
With Windows 7 and Windows 8, it’s much easier to use Sysprep. I create images for each hardware platform as I have not yet figured out driverpacks. I have a sysprep answer file for Win7x32 and one for Win8x32, and a helper script that runs commands to copy my answer file and setupcomplete file, and to rearm Office 2010/2013 before running sysprep and shutting down the machine.
A high level overview of my procedure is:
- Start Windows setup, go until it reboots and asks for a computer and user name
- Hit ctrl+shift+f3 to restart in audit mode
- load programs, update local group policy
- shut down and take a pre-sysprep image, an “audit-mode” image
- push the image I just made to a second machine to verify it works and comes up in audit mode
- run my helper script that copies files, rearms office, and starts sysprep with the proper command line args.
- upload this to a new image as the “oobe image” for this hardware.
- set clients to use the oobe image and deploy
My FOG service is stopped and set to manual so it doesn’t try to rename/join domain while I’m loading software. My answer file has all the options setup so it doesn’t prompt for anything during the oobe prompt. My setupcomplete scripts activates windows and office either against KMS or against our AD (Active Directory Based Activation), sets the FOG server back to auto, starts the FOG service, and FOG then renames and joines the computer to the domain.
I have a checklist of software and settings that I can load for each platform depending on if it’s a student, teacher, or lab computer, and what campus it’s on. Since we use Deep Freeze to secure out student and lab computers (and some admins/teachers that like coupon printers and fake news websites) we cannot easily push out software after the machines leave the technology department.
-
I could not have said it better myself chad, thank you.
-
Thanks Chad
Very interesting. If I am forced in the end to run with sysprep, I will definitely use your post as a guide.
But I’m still interested in this other alternative …
I am waiting for a response from the SIDCHG program designers on questions about KMS.
I’ll post any relevant info here. -
My question is… Why use a free imaging system and pay to have the SID changed, Sysprep is easy (and free, and included with windows), the answer file takes some work to get it right, but a free alternative is always tastier to me than a paid solution.
And that is just my two cents. It seems like a lot of work to circumvent the sysprep process when really it can only benefit you.
If you’re looking to throw money away, you could just set up a windows WSUS server and let it do all your imaging, it will help you to pack all your programs up and let them install after imaging, help you do sysprep and create your answer file for you.
I prefer FOG as I am like Chad, we use DeepFreeze, I set everything specific in the image for Teachers, other Staff (Principals and such), and students. When I deploy my image I just lock it in a fresh state and bounce happily out of my lab.
Don’t get me wrong I’m not trying to push you away from FOG, but with so many of us barking the word “sysprep” at you, why will you still not heed our warnings?
If you’re worried about the time it takes to get the answer file correct, set up a virtual image and save some snapshots before you sysprep, that’s what I do, then I just revert back, and edit my file a bit, save and upload again. Plus the more you sysprep the more familiar you are with it. Like chad said a few posts up he can get an image ready, sysprepped, and answer file on there in a few hours tops.
-
My sysprep cheat sheet (forget the mountains of documentation scattered around MS websites):
Win7 basic guide: [url]http://technet.microsoft.com/library/hh825212.aspx#AnswerFile[/url]
Win7 unattended installation: [url]http://technet.microsoft.com/en-us/library/dd744272(v=ws.10).aspx[/url]
Win7 skip welcome junk in OOBE: [url]http://technet.microsoft.com/en-us/library/dd744547(v=ws.10).aspx[/url]
Win7 fix Media Player/Sysprep bug: [url]http://technet.microsoft.com/en-us/library/ee676648(v=ws.10).aspx[/url]I’ve attached my 3 files that I use. The unattend xml file can be loaded into your WSIM so you can set the administrator password or add default users. The setupcomplete should mostly work without being modified. The copyfiles-run-sysprep should work without modifications also. Just make sure all 3 files are in the same folder before you run the copyfiles command.
If you have questions, ask.
[url=“/_imported_xf_attachments/0/456_Win7x32-Sysprep.zip?:”]Win7x32-Sysprep.zip[/url]
-
I have files for Win8x32 also, they are similar except for activation is done with ADBA instead of KMS.
-
Thanks for sharing your information and files chad, I’ll look through them and see if I can learn anything form them too
-
[quote=“chad-bisd, post: 20978, member: 18”]With Windows 7 and Windows 8, it’s much easier to use Sysprep. I create images for each hardware platform as I have not yet figured out driverpacks. I have a sysprep answer file for Win7x32 and one for Win8x32, and a helper script that runs commands to copy my answer file and setupcomplete file, and to rearm Office 2010/2013 before running sysprep and shutting down the machine.[/quote]
Chad,
I’ve had much success, and easier to implement than Driverpacks, by extracting the Installers of drivers for the systems we have. Then I use a script:
[code]@echo off
net use z: \{NETWORKLOCATIONOFDRIVERS} domainpassword domainuseranddomain
for /r z:\ %%i in (*.inf) do pnputil -a %%i
net use /del z:
[/code]Anything that prompts with RED means it’s an unsigned driver and I DO NOT INSTALL as it will cause issues from a sysprepped machine.
Hopefully I’ve helped somebody.
-
Most of us like to continue with what we are most familiar with. I’m no exception.
I take warnings from others seriously. But Jaymes I think you are too quick to dismiss my own 9 years of experience in deploying XP in a domain environment. I’ve clearly demonstrated that sysprep was never “essential” for either Ghost or FOG XP deployments from and to identical hardware. So all the “warnings” I read in 2005 of the need to sysprep were not true for identical hardware. In the case of Win 8.1 today, sysprep may be essential, but maybe not on identical hardware again.My hope today was that I could save time by just doing the same as I did before, only this time with SIDCHG instead of NewSid.
I like having the administrator profile already setup with mappings and shortcuts etc. (helpful but not essential)
For the first user login I don’t know how to get past the OOBE window and go straight to the classic windows login window with user, password and domain fields. (I know the answer file can get you past most, if not all, of these setup questions, but I don’t look forward to sorting all that out. Chad you said yourself "
I know there will be other issues related to sysprep that I will have to come to terms with. It all takes time, research and questions on forums. I am replacing the entire system, PCs, iPads, wireless access points, server etc. I only work 60%. $300 is a small amount to pay to avoid even more hassle and uncertainty.Chad, I will only be using Win 8.1, 64 bit and Server 2012 64 bit, so your suggestion of active directory activation rather than KMS sounds better.
Jaymes, I have not heard of DeepFreeze. I’ll look into that.
Good advice when you write: “If you’re worried about the time it takes to get the answer file correct, set up a virtual image and save some snapshots before you sysprep, that’s what I do, then I just revert back, and edit my file a bit, save and upload again.” -
Ignor the half finished sentence:
" Chad you said yourself " "
-
Deepfreeze is a program that locks a station in a “frozen state” meaning any changes to the OS revert back to the original “frozen state” on each reboot. You can thaw a machine, make changes and then freeze it again if you like, I do so to update my windows image when the students leave for the day by installing Windows Updates from my WSUS. This keeps the students from moving my icons around and putting them in the trash can, the second I reboot my stuff comes back. So with that being said: It won’t affect much when it comes to imaging, just keeps your image clean after you push it out.
I understand your concerns with trying to use Sysprep, don’t take this the wrong way. I was never insinuating that my intelligence is higher than yours, just that I too have experience deploying Windows 7. I spent ALL of last year working on Windows 7 deployment, I know MANY ins and outs of it, but even I will not accept that I know EVERYTHING there is to know about it.
We are merely trying to prepare you for the journey ahead. You have expunged a lot of information from us regarding the process and how to complete it properly, it is ultimately up to you to decide how you image. We aren’t going to twist your arm, we are just trying to figure out if there is a volatile reason you want to avoid it like the plague, because we MAY actually be able to help you to work around it.
Either way, good luck.
-
[quote=“chad-bisd, post: 20978, member: 18”]With Windows 7 and Windows 8, it’s much easier to use Sysprep. I create images for each hardware platform as I have not yet figured out driverpacks. I have a sysprep answer file for Win7x32 and one for Win8x32, and a helper script that runs commands to copy my answer file and setupcomplete file, and to rearm Office 2010/2013 before running sysprep and shutting down the machine.
A high level overview of my procedure is:
- Start Windows setup, go until it reboots and asks for a computer and user name
- Hit ctrl+shift+f3 to restart in audit mode
- load programs, update local group policy
- shut down and take a pre-sysprep image, an “audit-mode” image
- push the image I just made to a second machine to verify it works and comes up in audit mode
- run my helper script that copies files, rearms office, and starts sysprep with the proper command line args.
- upload this to a new image as the “oobe image” for this hardware.
- set clients to use the oobe image and deploy
My FOG service is stopped and set to manual so it doesn’t try to rename/join domain while I’m loading software. My answer file has all the options setup so it doesn’t prompt for anything during the oobe prompt. My setupcomplete scripts activates windows and office either against KMS or against our AD (Active Directory Based Activation), sets the FOG server back to auto, starts the FOG service, and FOG then renames and joines the computer to the domain.
I have a checklist of software and settings that I can load for each platform depending on if it’s a student, teacher, or lab computer, and what campus it’s on. Since we use Deep Freeze to secure out student and lab computers (and some admins/teachers that like coupon printers and fake news websites) we cannot easily push out software after the machines leave the technology department.[/quote]
Chad,
At 3 of my schools I administer, I use Deep Freeze on all the Windows 7 machines. Updating and installing software has become so easy because of the remote console and all the features. Do you not use PStools in conjunction with Deep Freeze to deploy/update software?
-
Are you managing labs/desktop computers or 1-to-1 devices like laptops and tablets?