Why sysprep should be mandatory



  • Sysprep has for many been an option they decided to skip when cloning Windows computers. This is bad practice.

    The arguments for skipping sysprep is usually that the scenario includes a Windows domain, where the machine domain account gives a unique SID that will be used instead of the machine SID in every important case. The [URL=‘http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx’]2009 article from Mark Russinovich[/URL] has often been used (also by myself) as an argument for this. However, it’s a long article, please read the last sentence as well. “Note that Sysprep resets other machine-specific state that, if duplicated, can cause problems for certain applications…”

    Microsoft has never supported Windows cloning without sysprep. Sysprep is by Microsoft [URL=‘http://support.microsoft.com/kb/314828’]considered mandatory[/URL], and skipping it could lead to undocumented problems.

    There are several Microsoft systems that we know use the machine SID instead of the domain account SID, including WSUS and KMS. If you use any of these, you are bound to get in trouble without sysprep.

    Tools like NewSID are not an option. Russinovich states: “these tools don’t necessarily know about all the places where Windows stashes away references to the machine SID. The reliability and security of a system that has a mix of the old and new machine SID can’t be guaranteed.” Considering NewSID has not been updated since 2006, it should be obvious not to use it.

    Other articles about this is
    [url]http://support.microsoft.com/kb/929829[/url]
    [url]http://technet.microsoft.com/en-us/library/ee939272.aspx[/url]
    [url]http://blogs.technet.com/b/askcore/archive/2009/10/16/kms-host-client-count-not-increasing-due-to-duplicate-cmid-s.aspx[/url]
    [url]http://www.brianmadden.com/blogs/guestbloggers/archive/2011/04/13/do-sids-matter-anymore.aspx[/url]

    Regards, Bjorn



  • [quote=“eric0626, post: 3807, member: 357”]KMS does not use SID, but it uses CMID instead. Thus, you don’t have to sysprep the image if you want to KMS, you can just simply rearm the OS before uploading the image.[/quote]

    Eric, you are right about the fact that KMS does not use the SID, but CMID instead. This does not change the fact that sysprep is necessary, as CMID is also changed by sysprep. Having the same CMID on all computers results in KMS not counting.

    Rearming the computer will create a new CMID, but this is not supported by MS. The recommended way is to rebuild your image with sysprep /generalize and no <SkipRearm>. The last note on the [URL=‘http://support.microsoft.com/kb/929829’]KB929829 [/URL]might be confusing though.

    Regards, Bjorn


  • Moderator

    [quote=“Darren George, post: 3810, member: 375”]HI all im banging my head with sysprep big time, Ive read several forums blogs trying to get a definative idea of sysprep and theres so many different opinions, ive been syspreping for around 5 months now with windows 7 and seem to get so many strange things the new one seems to be “cannot parse the XML file” any one got any ideas please the help would be very helpful[/quote]

    Hi I made a guide for this because I was having problems just like you:

    [url]http://fogproject.org/forum/threads/windows-7-deployment-fog-sad2-driver-tool.380/[/url]

    Feel free to post in the thread or PM me and I will help if I can.

    Thanks,



  • hey Darren, take a look at this blog…hope it helps.
    [url]http://theitbros.com/sysprep-a-windows-7-machine-–-start-to-finish[/url]

    I followed this guide when i first started syspreping. It helped me a lot.



  • HI all im banging my head with sysprep big time, Ive read several forums blogs trying to get a definative idea of sysprep and theres so many different opinions, ive been syspreping for around 5 months now with windows 7 and seem to get so many strange things the new one seems to be “cannot parse the XML file” any one got any ideas please the help would be very helpful



  • KMS does not use SID, but it uses CMID instead. Thus, you don’t have to sysprep the image if you want to KMS, you can just simply rearm the OS before uploading the image.



  • I’ve been imaging PCs via Ghost boot CD and Acronis for years on XP, 2000, Vista, and Win 7 . Why havn’t i had any of these issues without sysprepping?



  • And to pass out a warning to those delving into sysprep for the first time.

    In windows 7, if you don’t do your unattend file correctly the windows setup will always error are the same point it looks for the file and therefore loop the setup.

    As far as I’ve figured whenever I’ve done this I have to start the image again from a fresh windows install. It doesn’t just give me the options to fill out manually.

    Test it on a VM, use snapshots.



  • I totally agree. Well put. The few extra minutes it takes to sysprep before you clone can eliminate many problems down the road.


Log in to reply
 

399
Online

39.3k
Users

11.0k
Topics

104.6k
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.