SIM - Creating the Unattend.xml Guide?



  • Server
    • FOG Version: 1.3.2
    • OS: Ubuntu 14.04
    Description

    Hi all,

    Just a quick one: is there any guide to setting up the unattend.xml for sysprepped images? I recall creating it before, but I can’t exactly remember how. I’ve downloaded the Windows System Image Manager and need to create an unattend.xml file that will run setupcomplete.exe in C:\System\Panther.
    Any help with this would be appreciated.


  • Moderator

    @x23piracy While this isn’t FOG related, imaging rights are important to follow. If you want to survive an audit you should understand what you are allowed to do and can’t do.

    Chris (from Microsoft) has posted 2 clear documents on what you can do with system imaging (from a MS perspective). This question comes up on Spiceworks almost daily.

    https://community.spiceworks.com/how_to/124056-reimaging-rights-for-windows-10-licensing-how-to

    https://community.spiceworks.com/how_to/69219-reimaging-rights-how-they-apply-to-your-licensing

    Take these documents as a clear explanation of the MS EULA.

    It is true if you have a single VLK key, you can deploy any number of systems as long as the OEM key is licensed for the same OS as the VLK key. For example if you have a single VLK key for Windows 10 Pro. You may reimage any number of computers that came from the manufacturer with Windows 10 Pro already installed. You may not use the VLK key for Win 10 Pro to deploy Win 10 Pro to a computer that had Win 8.1 previously installed. That is a different license (version upgrade).



  • Hi,

    FYI

    https://wiki.fogproject.org/wiki/index.php?title=FOG_Client#FOG_Client_with_Sysprep
    alt text

    like @george1421 sad, OEM Version don’t have imaging rights, i am not sure if your license is compliant if you work this way, i also do this but i don’t know if this is Microsoft SAM safe? Anyone?

    I found the following information, you are allowed to reimage until you bougth at least one vollume license. So having one volume license should be enough to gain reimaging rights even if you use oem in real.

    Reimaging is permitted if the copies made from the Volume Licensing media are identical to the originally licensed product . Volume Licensing customers who have licensed Microsoft software products from an OEM, through a retail source, or under any agreement other than their Microsoft Volume Licensing agreement may use copies made from Microsoft Volume Licensing media. Customers can use these copies from Microsoft media only if they are the same product and version, contain the same components, and are in the same language.

    Do I have rights to reimage Office products available through FPP and OEM?
    Yes. Volume Licensing customers are allowed to re-image Office acquired trough FPP or OEM as long as the products fulfill all of the reimaging eligibility requirements listed above, in addition to the installation and activation requirements per the terms of the licensed software.

    Do I have the right to reimage if I do not have Software Assurance?
    Yes. All Microsoft Volume Licensing customers, regardless of having Software Assurance, are able to reimage as long as the eligibility requirements for reimaging are met.

    Regards X23



  • @george1421 Thanks! We always update the system with the correct license after being imaged.

    Thanks as well for pointing out that section. I’m just about to test it :)


  • Moderator

    @RobTitian16 Be aware that Microsoft OEM licenses don’t support/provide imaging. Just be aware of licensing of you use customized OEM images.

    But I would look at this section to run custom commands on first login. Just make sure the first login section is a user that has local admin rights.

                    <SynchronousCommand wcm:action="add">
                        <CommandLine>shutdown.exe -r -t 30 /c "The computer will reboot in 30 seconds"</CommandLine>
                        <Description>Reboot at end</Description>
                        <Order>2</Order>
                    </SynchronousCommand>
    


  • @george1421 Thanks, George. Because I’m using an OEM version of windows, sysprep doesn’t run setupcomplete.cmd. The workaround, or so I’m told, is to use the unattend file.
    Thanks for posting it - I’ll take a look shortly.


  • Moderator

    This unattend.xml should get your started. It contains the major sections you can edit with WAIK. This is for a x64 bit windows install.

    Hint: You could insert custom fields identifiers in this xml file and then replace them with a fog post install script. That could make the unattend.xml file generic and specifically targeted to the deployment environment using a bit more complex fog post install script.

    <?xml version="1.0" encoding="utf-8"?>
    <unattend xmlns="urn:schemas-microsoft-com:unattend">
        <settings pass="specialize">
            <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <ComputerName>X64DEFAULT</ComputerName>
                <CopyProfile>true</CopyProfile>
                <RegisteredOrganization>Domain Corporation</RegisteredOrganization>
                <RegisteredOwner>Domain Corporation</RegisteredOwner>
                <TimeZone>Central Standard Time</TimeZone>
            </component>
            <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <Identification>
                    <Credentials>
                        <Domain>domain.com</Domain>
                        <Username>LittleJimBob</Username>
                        <Password>Not-a-Secret-Password-For-Me</Password>
                    </Credentials>
                    <JoinDomain>domain.com</JoinDomain>
                    <MachineObjectOU>change_me_in_postinstall</MachineObjectOU>
                </Identification>
            </component>
        </settings>
        <settings pass="oobeSystem">
            <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <OOBE>
                    <HideEULAPage>true</HideEULAPage>
                    <NetworkLocation>Work</NetworkLocation>
                    <ProtectYourPC>3</ProtectYourPC>
                    <SkipMachineOOBE>true</SkipMachineOOBE>
                    <SkipUserOOBE>true</SkipUserOOBE>
                </OOBE>
                <RegisteredOrganization>Domain Corporation</RegisteredOrganization>
                <RegisteredOwner>Domain Corporation</RegisteredOwner>
                <TimeZone>Central Standard Time</TimeZone>
                <OEMInformation>
                    <Logo>C:\Windows\DomainLogo.bmp</Logo>
                    <Manufacturer>Domain Corporation</Manufacturer>
                    <Model>TurboZip</Model>
                    <SupportHours>24 x 7 x 363</SupportHours>
                    <SupportURL>http://helpdesk.domain.com</SupportURL>
                    <SupportPhone>+1 666 1234567</SupportPhone>
                </OEMInformation>
                <UserAccounts>
                    <DomainAccounts>
                        <DomainAccountList wcm:action="add">
                            <DomainAccount wcm:action="add">
                                <Group>Administrators</Group>
                                <Name>BigJimBob</Name>
                            </DomainAccount>
                            <Domain>domain.com</Domain>
                        </DomainAccountList>
                    </DomainAccounts>
                </UserAccounts>
                <AutoLogon>
                    <Password>
                        <Value>No-Secret-Password-For-You.Sorry</Value>
                        <PlainText>true</PlainText>
                    </Password>
                    <Enabled>true</Enabled>
                    <Username>BigJimBob</Username>
                    <LogonCount>1</LogonCount>
                    <Domain>domain.com</Domain>
                </AutoLogon>
                <FirstLogonCommands>
                    <SynchronousCommand wcm:action="add">
                        <CommandLine>shutdown.exe -r -t 30 /c "The computer will reboot in 30 seconds"</CommandLine>
                        <Description>Reboot at end</Description>
                        <Order>2</Order>
                    </SynchronousCommand>
                    <SynchronousCommand wcm:action="add">
                        <Order>1</Order>
                        <RequiresUserInput>false</RequiresUserInput>
                        <CommandLine>cscript /B C:\windows\system32\_slmgr.vbs /ato</CommandLine>
                        <Description>Activate Windows</Description>
                    </SynchronousCommand>
                </FirstLogonCommands>
            </component>
            <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <InputLocale>en_us</InputLocale>
                <SystemLocale>en_us</SystemLocale>
                <UILanguage>en_us</UILanguage>
                <UserLocale>en_us</UserLocale>
            </component>
        </settings>
        <settings pass="generalize">
            <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <PersistAllDeviceInstalls>false</PersistAllDeviceInstalls>
            </component>
        </settings>
    </unattend>
    

  • Moderator

    the unattend.xml does not run the setupcomplete.cmd file. That file is run by the oobe setup process.

    FWIW: SetupComplete.cmd goes into “%WINDIR%\Setup\Scripts” and the unattend.xml file goes into “%WINDIR%\Panther”


Log in to reply
 

485
Online

39.3k
Users

11.0k
Topics

104.5k
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.