Windows 10 Pro OEM Sysprep & Imaging
i forgot something, when working with computers that have embedded license into bios i use the following method to activate them:
@echo off for /f "tokens=*" %%i in ('%cd%\oemkey') do set oemkey=%%i cscript %systemroot%\system32\slmgr.vbs /ipk %oemkey% >nul cscript %systemroot%\system32\slmgr.vbs /ato >nul exit
I’ve packed that into a 7z self extracting binary that execute the batch as snapin
oemkey.exe is a binary i found in the net it reads the windows key from bios
I can share the binary if needed.
If you have OEM license simply input the key into desired field within host management:
This post is deleted!
@george1421 I realize this is an older post. Is this information still relevant? Has this process changed any? Thanks!
@joe-gill I am working through it now, basically its the same. The variations come from differences in the environments and goals people have.
I have a Windows Server 2016 box with WDS and WSUS roles (only as they are needed for my process, I dont functionally use them directly) with ADK installed.
I have a powershell script that take the install.wim from my Windows OS (7,8,10,server 2008, 2012, 2016) and patches it with all the relevant updates from a WSUS server on the network (so installing Windows 7 or server 2012 doesnt require 1,000 updates out of the box). I use manual commands in dism to add drivers to the image if its for a specific set of machines (like USB 3, NIC drivers or printers).
I then rebuild an ISO from that install.wim. I dump those ISO contents onto my FOG server as the sources to install from via iPXE.
I also on the 2016 server have a batch file I use to create the winpe stuff for each Windows OS. I also have an unattend file for sysprep with an entry in it to run SetupComplete.cmd to enable the FOG service as mentioned in OP.
I install via FOG/PXE to a machine to create the initial image, add the FOG client, disable its service and capture the image.
When deploying the image, first boot runs the batch file and enables the FOG client thus joining the machine to AD, changes the host name and activates Windows.
I created a batch snapin to delete the local user and its profile folder that was created by the unattend file, push gpupdate /force and reboot. So after the images deploy, having all the machines needed in the same group in FOG i just push the snapin to the group and then they are done.
I probably do somewhat less automation than the OP but its a lot better than a month ago when I had to do most of the post deployment stuff manually. Hope this helps
@zer0cool Thanks for that info! I"m working on it right now myself.
@x23piracy As a FOG noob, where does this script need to go? Also, I have tried to modify your “unattend.xml” file for en-US (rather than German…your file, as-is, works great, but wrong local & language)…I modify the language and locations, but it “fails to parse” every time. Any idea what I’m doing wrong?
I can get a generalized sysprep to work, and any software & settings ARE persistent through the sysprep and imaging…but then I am back to filling out all the initial set-up prompts. Suggestions?
@neiliob1973 Understand the unattend.xml and sysprep have nothing to do with FOG. This is a MS Windows thing.
The unattend.xml script goes in c:\windows\panther directory. Another recommendation I can make is to use an online unattend.xml generator to get you started with the configuration. Just don’t include any private information in the generator. This way you can see the structure of the file. http://www.windowsafg.com/
@george1421 Thank you for the link, George! Yeah, I’ve used FOG for about 2 years, but in a Linux environment (and has worked GREAT), but sysprep has not reared it’s head until now. This post also has a script (in a later comment) to deal with the license key/motherboard issues…any insights?
@neiliob1973 As for licensing when you build your golden image you use your VLK key (mak or kms) and then put the activation command into your setupcomplete.cmd file so its called just after winsetup is completed or if the fog client is installed the fog client can activate the computer for you.
Just for clarity Windows 10 Pro OEM EULA does not support reimaging. Meaning you are only allowed to install Windows OEM from the original OEM media and not construct a golden image based on Win10 OEM then redeploy it using any method. This is against the MS EULA. You can get past this issue by purchasing 1 Windows 10 Pro volume license seat to get you access to deploy a reasonable amount of Win10 Pro seats in your organizational as long as the Windows OEM version is the same (Win10Pro OEM -> Win10Pro VLK). You can not use this method to do a version upgrade (Win10Home OEM -> Win10Pro VLK). For this method you will need to purchase 1 seat for every computer you do a version upgrade on.
I don’t understand the articulation between sysprep and the activation / deactivation of the fog client.
I have a deployment procedure via MDT which installs Windows, creates my users with their password and installs the applications. And ends up installing the fog client.
I would like to do a sysprep. Do I just have to enable sysprep in MDT? Or do it by hand?
How do I get the fog client to activate automatically when or after the image is deployed?
@lebrun78 I don’t use the FOG Client so I can’t really speak to its activation of the target computer. But I believe if its enabled in the fog management web ui and you have entered either a OEM key or VLK key in the host configuration for that computer the FOG Client will try to activate it. I believe this is outside of any sysprep process.
I can tell you how I use MDT, sysprep and FOG.
I do use MDT to build my golden image each time using the lite touch process. At the end of imaging I run through a quick quality check to ensure everything is setup as it should be then I run a batch file that MDT drops in a certain directory that calls sysprep and points to a custom unattend.xml file. Sysprep then powers off the computer. I capture it with FOG. Then deploy it. I have a post install script update the unattend.xml file on the target computer with the computer’s name, target OU, timezone, KMS Key, and a few other things. When the computer boots and runs WinSetup/OOBE the target computer connects itself to AD and in the proper OU from the unattend.xml file. At the end of OOBE WinSetup calls the setupcomplete.cmd and runs a command
cscript c:\Windows\System32\slmgr.vbs /atothat activates windows.