لطفا منتظر باشید ...
Hack 65 Customize SysPrep
Using SysPrep to deploy Windows can be a
nightmare, unless you find a way to minimize the number of images you
have to maintain.
Are you in charge of imaging workstations in your company? Do you have
multiple hardware platforms deployed throughout your company? Do you
maintain more than five images of those workstations? If you answered
"yes" to any of these questions,
then this hack might just ease your workload. By using
Microsoft's SysPrep utility, system administrators
can reduce the number of PC images that are maintained on a daily
basis.
Using the approach in this hack, I have moved away from maintaining
between 15 and 20 images and now have to update only 2 or 3 images
for our entire company. I support nearly a dozen different types of
workstation hardware, including several hardware specifications for
laptops. SysPrep, while not inherently easy to configure or
understand, is well worth the time and energy invested.
Getting Started
On the lowest platform deployed at your company, install the
operating system and leave the administrator account password blank.
By leaving the administrator password blank, you prevent passing it
in plain text via the sysprep.inf file. For our
example, we'll use the following credentials:
Name: Company NameOrganization: Company NameComputer Name: XXXXXX (whatever you want)Administrator Password: (blank)
Create an administrative equivalent account called Test
with a password:
UserID: Test (or whatever else you want to use)Password: test! (or whatever)
Now, decide on the Network Options. Check the radio button that reads
"Users must enter a user name and password to use
the computer" or "Leave the machine
connected to the WORKGROUP." Once the operating
system is installed, build a new image from scratch by using the Test
account. This image should include the latest operating service pack
and security patches, in addition to all software that is to be
included in the base image. So that you don't have
to rely on hindsight, it is recommended that you upload this base
image before applying the SysPrep files. That way, if something goes
wrong with the SysPrep process, you still have a valid image and
won't have to reinstall all the software again. Make
sure to keep this uploaded base image separate from all other
SysPrep-generated images. Naming the image NoSysPrep
might be a good naming convention.
Now, create a folder called C:\SysPrep on the
base-image machine. Copy the following files to the newly created
folder:
Sysprep.exe
Prepares the hard drive on the master computer for duplication
Setupcl.exe
Regenerates new SIDs for the computers
Pnpids.exe
Helps you identify common names for supported Plug and Play devices
Msdpnp.txt
Contains inf settings for supported devices
Sysprep.inf
The answer file to be used for applying an unattended image to a
machine
Now, copy all drivers, for all hardware platforms, to
C:\SysPrep\Drivers from wherever they reside
(whether on a CD-ROM or a network drive). This directory structure
will be used when you modify the sysprep.inf
file. Note that it is important to download the latest
drivers for every type of hardware platform in your company. If
hard-drive space is not an issue, it might be a good idea to place
all device drivers in separate folders for each unique hardware
platform in your company.
Once all the drivers are copied locally, log out of the Test account
and log on as administrator. (The password should still be blank at
this point.) Delete the Test Profile by right-clicking on My Computer
and selecting Properties. Then, from the User Profiles tab, highlight
the Test Account and press the Delete key. Next, delete the Test
account by right-clicking on My Computer, selecting Manage, expanding
Local Users and Groups, highlighting Test Account, and pressing the
Delete key.
Run Disk Cleanup
(Start
ProgramsAccessoriesSystemTools
Disk Cleanup). Then, remove the following twoentries from the Registry to keep the base image tidy:
HKLM\Microsoft\Windows\CurrentVersion\RecentDocs
HKLM\Microsoft\Windows\CurrentVersion\ RunMRU
Change the administrator password from blank to something appropriate
to the security needs of your environment. Then, from the command
prompt, run the following command:
C:\SysPrep\sysprep.exe -pnp
By running the sysprep.exe utility, the PC will be
powered down once you click OK. This might take several minutes to
complete. The -pnp parameter here indicates
Plug and Play.
Now, upload new image and name it SysImage to
prevent overwriting the original image. Upon reboot, the SysPrep
wizard will run, finding all drivers for each particular hardware
device in the system.
Understanding the SysPrep.inf
The key to making SysPrep work on multiple hardware platforms lies in
customizing the SysPrep.inf file and the command
used to invoke the sysprep.exe utility. This
following sections explain each section of the SysPrep.inf
file. The following code is taken directly from the
sysprep.inf file included with the utility,
along with my explanations.
SysPrepMassStorage
The key to the SysPrep.inf file lies within the
SysPrepMassStorage section:
[SysPrepMassStorage]
Primary_IDE_Channel=%windir%\inf\mshdc.inf
Secondary_IDE_Channel=%windir%\inf\mshdc.inf
These two strings tell the operating system where to look for the IDE
drivers. When you run a full-blown Setup from any Windows setup disk,
Setup goes out and looks for the default IDE drivers for the primary
and secondary IDE controllers before the GUI phase of Setup begins.
After it finds the default drivers, it continues with whatever task
it needs to perform. After all the files have been copied over and
the setup is completed, it will either keep the default IDE drivers
or look for a more updated one from the path provided in the
SysPrep.inf answer file. It rarely prompts for
an updated driver, unless you have another IDE controller installed
(i.e., in addition to the primary and secondary controllers).
Note that %windir% is the environment variable
used to describe the location of the Windows files. For Windows
NT/2000 operating systems, the Windows files are located in
C:\Winnt. For Windows 9x/XP operating systems,
Windows files are located in C:\Windows. By
using this environment variable, the SysPrep.inf
file can be used for nearly all operating systems without
additional coding.
The Mshdc.inf file references the Microsoft Hard
Drive Controller .inf file.
PCMCIA\*PNP0600=%systemroot%\inf\mshdc.inf
*PNP0600=%systemroot%\inf\mshdc.inf
PCMCIA\KME-KXLC005-A99E=%systemroot%\inf\mshdc.inf
PCMCIA\_-NinjaATA--3768=%systemroot%\inf\mshdc.inf
PCMCIA\FUJITSU-IDE-PC_CARD-DDF2=%systemroot%\inf\mshdc.inf
*AZT0502=%systemroot%\inf\mshdc.inf
PCI\VEN_10B9&DEV_5215=%systemroot%\inf\mshdc.inf
PCI\VEN_10B9&DEV_5219=%systemroot%\inf\mshdc.inf
PCI\VEN_10B9&DEV_5229=%systemroot%\inf\mshdc.inf
PCI\VEN_1097&DEV_0038=%systemroot%\inf\mshdc.inf
PCI\VEN_1095&DEV_0640=%systemroot%\inf\mshdc.inf
PCI\VEN_1095&DEV_0646=%systemroot%\inf\mshdc.inf
PCI\VEN_0E11&DEV_AE33=%systemroot%\inf\mshdc.inf
PCI\VEN_8086&DEV_1222=%systemroot%\inf\mshdc.inf
PCI\VEN_8086&DEV_1230=%systemroot%\inf\mshdc.inf
PCI\VEN_8086&DEV_7010=%systemroot%\inf\mshdc.inf
PCI\VEN_8086&DEV_7111=%systemroot%\inf\mshdc.inf
PCI\VEN_8086&DEV_2411=%systemroot%\inf\mshdc.inf
PCI\VEN_8086&DEV_2421=%systemroot%\inf\mshdc.inf
PCI\VEN_8086&DEV_7199=%systemroot%\inf\mshdc.inf
PCI\VEN_1042&DEV_1000=%systemroot%\inf\mshdc.inf
PCI\VEN_1039&DEV_0601=%systemroot%\inf\mshdc.inf
PCI\VEN_1039&DEV_5513=%systemroot%\inf\mshdc.inf
PCI\VEN_10AD&DEV_0001=%systemroot%\inf\mshdc.inf
PCI\VEN_10AD&DEV_0150=%systemroot%\inf\mshdc.inf
PCI\VEN_105A&DEV_4D33=%systemroot%\inf\mshdc.inf
PCI\VEN_10AD&DEV_0571=%systemroot%\inf\mshdc.inf
Referring back to the SysPrepMassStorage section
of Sysprep.inf, the two strings below the
primary/secondary controllers (not shown) are unique IDE drivers for
your own specific hardware. If you have a unique IDE controller and
would like to use drivers other than the MS defaults, you can add
them to this section.
You must be very careful when adding a line in the
SysPrepMassStorage section of the .inf
file. By using only the downloaded drivers, instead of the
Microsoft default drivers, you might get an error message stating
that there is an invalid disk. If you are running a different IDE
driver, you might want to run the driver setup at the end of the
SysPrep process. This can be accomplished by placing the setup string
in the RunOnce section of the
SysPrep.inf answer file. This should then update
the IDE controller to the driver that you prefer to use, in addition
to creating a stable SysPrep run.
Another thing to consider is an already-configured IDE controller
that is a part of your base image. You might lose the updated IDE
driver, because the SysPrep setup-wizard parameter
pnp (Plug and Play) will overwrite your
preconfigured driver. There is a way around this SysPrep feature:
omit the pnp parameter when you run
sysprep.exe. Omitting the pnp
parameter when you run SysPrep runs only a portion of PnP process and
not the full PnP feature.
While this might prevent the loss of a preconfigured IDE driver on
your workstation image, you should use caution when you choose not to
run the full pnp parameter. Running the full
pnp parameter as a part of the SysPrep process
will indeed allow one image to locate and install a variety of
unsupported hardware configurations. If the default Microsoft IDE
driver or the specific IDE driver is not detected, then SysPrep will
not run correctly.
Unattended
The following lines in the Unattended section mean
that the whole SysPrep setup will not stop or pause for anything.
Note that you can document the SysPrep.inf file
by using a semicolon as a comment marker, as shown here above the
actual command:
[Unattended]
; the following optional line means setup won't pause for anything, including errors
UnattendedMode = FullUnattended
The following lines skip the license agreement and any other prompts
dealing with licensing:
OemSkipEula = Yes
OemPreinstall = No
The following line tells SysPrep the folder location for
hardware-specific drivers that are not included with the operating
system:
OemPnPDriversPath = sysprep\Drivers\1
\NIC;sysprep\Drivers\1\SoundW2k;sysprep\Drivers\1Sound;sysprep\Drivers\1
\video;sysprep\Drivers\6\NIC;sysprep
\Drivers\7\NIC;sysprep\Drivers7\Video;sysprep
\Drivers\8\NIC;sysprep\Drivers
\8\Sound;sysprep\Drivers\8\Video;sysprep|
Drivers\Evo\3c0XNic;sysprep\Drivers\Evo\IntelNic;sysprep\Drivers
\Evo\Nvidia;sysprepDrivers
\Evo\Sound;sysprep\Drivers\Evo\Sound\Smaxwdm\W2k;sysprep
\Vli8\Keyboard;sysprepVli8
\NIC;sysprep\VLi8\Sound;sysprep\Vli8\Video
Typically, you should copy all drivers into a
C:\Drivers folder and separate them on a
machine-by-machine basis. To keep this line from becoming
unmanageable, abbreviate hardware-specific folders and document them
accordingly. In this particular instance, the 6
represents hardware running at 600 Mhz, 7
represents 733 Mhz, 8 represents 866 Mhz, and so
on. Use any method that fits your environment.
If the image you created has all the drivers for all the different
hardware, then the OEMPNPDRIVERSPATH is not
needed. However, I recommend you reference all drivers, just in case
the manufacturer makes any hardware changes. You do have to copy all
the drivers into the SysPrep folder. The space
is lost for the image but will be reclaimed after SysPrep finishes,
because the image automatically deletes itself. Just make sure that
the drivers you need are inside the SysPrep
folder.
GuiUnattended
In the GuiUnattended section, the asterisk beside
AdminPassword means the local administrator
password is blank:
[GuiUnattended]
AdminPassword=*
OEMSkipRegional=1
TimeZone=20
OemSkipWelcome=1
By having a configured local administrator password on your image,
this SysPrep answer file will not null out the password, keeping the
password the same. This creates good security by not passing the
administrator password via the SysPrep.inf file.
UserData
The UserData section is pretty self-explanatory:
[UserData]
FullName="YourCompanyNameGoesHere"
OrgName="YourCompanyNameGoesHere"
ComputerName=xxxxxx
Productid=License info goes here
Display
By configuring the screen settings in the Display
section, you can prevent the screen from coming up to the far-right
or far-left side of the monitor. The display will be centered. These
settings can be configured to suit your company's
needs:
[Display]
ConfigureAtLogon=0
BitsPerPel=16
XResolution=1024
YResolution=768
VRefresh=75
AutoConfirm=1
The BitsPerPel section references the color. Make
sure to check the hardware compatibility with a hardware refresh rate
(VRefresh). A refresh rate of
75 should work for most hardware, but sometimes
65 is a better option. The
AutoConfirm setting is enabled so that
confirmation is already set, thus preventing a change back to the
default setting.
Identification
The Identification section configures a PC to join
a specific workgroup:
[Identification]
JoinWorkgroup=WORKGROUP
The workgroup name can be almost anything. If you want to have the PC
automatically join a domain, other command lines are needed.
Networking
The Networking section tells SysPrep to use the
default network settings, including Client for Microsoft Networks,
File and Printer Sharing, and TCP/IP (DHCP):
[Networking]
InstallDefaultComponents=Yes
Within this section you can also add additional protocols, clients,
services, static IP, and other networking options.
The only issue I have encountered, when running
sysprep.exe with the -pnp
switch (which causes SysPrep to perform a full device enumeration
using Plug and Play), is that my company's
preconfigured DNS settings are overwritten because the network card
is redetected during the SysPrep process. A possible solution to this
issue is to add a line in the RunOnce section of
the SysPrep.inf file that will automate
reconfiguring those DNS entries.
GuiRunOnce
Finally, by adding the following line to the
GuiRunOnce section of the SysPrep.inf
file, a script is run from the local machine:
[GuiRunOnce]
Command0=C:\temp\Scriptfile
The script file can perform a wide variety of commands. Be sure the
file exists on the machine before you reference the command in the
SysPrep answer file.
Now you know how to customize the SysPrep.inf
file for your environment! For more helpful information on
using SysPrep, see my column at myITforum.com
(http://www.myitforum.com).
Janis Keim
