1 2 Previous Next 16 Replies Latest reply on Aug 14, 2013 7:37 AM by Silvercoupe

    Questions on Sysprep during Windows 7 deployment

    MrGadget Expert

      Continued from http://community.landesk.com/support/docs/DOC-7444

       

      Silvercoup,

      thanks for explaining why you use sysprep /audit /shutdown. I have been frustrated by the Landesk doc which is written for Windows XP. Then trying to find something here that is up to date and works. From all my research I was totally confused as to why the above doc says to use sysprep /audit but you have cleared that up for me.

       

      I have a question you said something about not changing the administrator account. Will it hurt to give the administrator a unique password before capturing or does that mess things up?

      You also said to let landesk make the unattend.xml file on deployment. Does that mess things up if I use my own? Or should I tweak the landesk one?

      Do you know (as I've read somewhere) if deleteing out the whole computername line will cause it to prompt you for a computername?

      Our computernames are unique and can't be named using variables in the unattend.xml computername section

       

      I'm also interested in your vbs script to inject .exe drivers.

        • 1. Re: Questions on Sysprep during Windows 7 deployment
          Apprentice

          Hey MrGadget,

           

          I didn't have much luck renaming the admin account in my image (this is our standard practice) but setting a password should be OK.  As long as the account and password are in every pass in your unattend file you should be fine.  I think where I was running into trouble was having a renamed Administrator account while I was capturing in audit mode.  The uattend did not seem to like this.

           

          I now have 2 scripts that I use for both Server 2008 and Windows 7 deployments.  I run one script, drivinst.vbs, during the AuditUser pass and another, agentinst.vbs, as my only FirstLogonCommand item in the OOBE pass.  Drivinst dynamically determines what OS it is running under and then determines what model of machine it's running under, which tells it what drivers and programs to install.  I keep these 2 scripts separate from the image and download during either provisioning or OSD (we use Provisioning for servers, OSD for Windows 7.  Easier for our techs to use the PXE Boot Menu).  Drivinst is also used for Windows XP in our environment so don't get caught up in all the XP commands.  I just found it easier to have one script to modify that worked on all our platforms.

           

          Agentinst determines what model it's running under and installs the correct LD agent and McAfee ePO agent, copies over a local Group Policy folder, renames the admin account and sets a password, does some cleanup then an INV scan, GPUpdate and log off.  I had to modify the local group policy in my reference image to be able to run installs off the network without being prompted.  I can share that setting if you need it.  The GPO folder copy is what puts that setting back to default once the machine is imaged.  Couldn't use a GPO for this as it took over before the final installs would run.

           

          For the Unattend, if you're not familiar with creating an Unattend using the WSIM tools, I definitely recommend letting the LANDesk OSD wizard create your first one.  Just create a new OSD script for Windows 7 and follow all the prompts (you'll need an image somewhere to complete the wizard, but you don't have to use that image afterward).  Once you finish the wizard, go to your Core server under \\core\ldmain\landesk\files and look for the name of the OSD script your created.  If you have your own Unattend already, no problem using that one, but the LANDesk one is a good way to get started.  Good as a reference when tweaking your own too.

           

          As for the %computername% prompting you to name the machine I may just make your day.    I wrote another script, PEPreload, that I injected into my WinPE image (you could also just download during provisioning or OSD, whichever you want to use) that pops a text box asking you to name the machine you're about to image.  I set this script to run immediately following the drive mapping commands in both my OSD and Prov scripts (just make sure that you map an H: drive to your \\core\ldmain share).  Once you enter the name, the script creates an inventory scan file and dumps it into the ldscan directory on your core.  It's picked up the Inventory service and creates a new record in the database.  As long as your OSD or Provisioning script is set to use an existing name in the database, the name is pulled into your Unattend file during imaging.  I did it this way so our techs could front-load the name of the device and could just come back in 30 minutes or so to a fully imaged machine, named and in AD.  Otherwise, you'll get half-way through Sysprep then be sitting at a prompt for a name.  I'll include that script as well for you.

           

          Take a look at the scripts and lemme know if you need any help getting them tightened up.  There's plenty other ways out there to get all this done, but I've found using these scripts by far the most flexible since they're out of the image and can be modified on the fly to suit your needs.  Just make sure you keep a master copy somewhere that you can go back to.  

           

          Good luck.

          • 2. Re: Questions on Sysprep during Windows 7 deployment
            MrGadget Expert

            Thanks for all your knownledge.

            I am new to Landesk and not familar with Sysprep in Landesk. I will be setting up my deployment scripts after I go back to work next week so I'm hoping to have success with this new knowledge. If I can inject a computer name from winpe I'll be ecstatic. I'll look at your scripts and probably will have more questions later.

             

            I did vpn to work and make a deployment job to see the unattend.xml that Landesk made, it doesn't seem to have my organization or the copyprofile,the administrator and password and a second backup user and password so I might have to tweak it.

            One last question, you had said the windows aik does not work with the landsk unattend.xml,
            now I am somewhat familiar with Windows aik and making a unattend.xml, the question is, I believe you made it work, what did you do to get it to work?

            • 3. Re: Questions on Sysprep during Windows 7 deployment
              MrGadget Expert

              Followup.

              Forgive me for my stupidness, I looked at the preload script, it has 2 entries

              strFilePath = "x:\preload.ims"
              strDestination ="H:\ldscan\preload.ims

              Is the preload.ims already part of Landesk?

               

              In my deploy script I found 2 entries that run drvmp.exe. One to h:\\coreserver\ldmain and one to I:\\coreserver\ldlogon

              I assume these are the drv mapping lines you refer to and the preload script is inserted just after them. Correct so far?

              Now for the dumb part since I know nothing about script writing. What is the line I add to run the Preload script?

               

              By the way I checked the box that said something about using the name if its in the database in the OSD script. Now does this interfere with that since it is set up in the unattend.xml that Landesk created? In other words does it create a duplicate entry in Landesk database?

              Sorry for all the questions.

              • 4. Re: Questions on Sysprep during Windows 7 deployment
                Apprentice

                Hey, you'll never find out if you don't ask.   By the way, we use LD 9 Service Pack 2.  If you're using an earlier version all this still works, but your OSD scripts might look a little different.

                 

                OK.  The preload.ims is not part of LANDesk per se, I'm just creating a file that mimics what a LANDesk Inventory scan looks like when it's delivered normally from an agent.  If you look in your \\core\ldmain\ldscan folder you may see some of these in there, or you may see some bad ones under the ErrorScan folders.  By creating this file with a "0.0.0.0" IP and the name and MAC address, LANDesk creates a new record in the DB with this information.  When you create your OSD script there is a checkbox to "Use existing name in the database".  When the OSD script images the machine and afterward downloads your Unattend file, there's a TOKREPL command that replaces the %computername% in your Unattend file with the name from the database.  This allows Setup (Sysprep) to autoname the machine so you don't get prompted.  And yes, you'll need to add the line item just after you map your H: drive.  Here's a clip from my OSD script:

                 

                BEGINWINPE=TRUE
                REMPING17=WINPE, TIMEOUT=1800
                REMEXEC18=diskpart /s X:\LDClient\rmvol.txt
                REMEXEC19=ldrun drvmap.exe domain\user EncryptedPass I: <qt/>\\coreserver\image<qt/>, STATUS FACILITY=3513
                REMEXEC20=ldrun drvmap.exe domain\user EncryptedPass H: <qt/>\\coreserver\ldmain<qt/>, STATUS FACILITY=3513
                REMEXEC201=ldrun wscript.exe x:\ldclient\pepreload.vbs

                 

                I injected the pepreload script into my WinPE image so I could just run it locally, but you can just as easily add a line that downloads it from the core and then a line that runs it.  Look in your OSD script, you should see some lines with sdclient.  Mimic one of those to download the script during imaging, or just run it from one of the shares you just mapped.  Just make sure you've always got unique REMEXEC numbers in your scripts.  They don't have to be sequential, just different.

                 

                To answer your last question, no there is no duplicate.  If you're imaging a new machine, there is no record in LANDesk for it yet.  Using PEPreload, you're front-loading a name for the device so when the OSD script gets to the point where TOKREPL runs:

                 

                REMEXEC34=ldrun tokreplw C:\unattend.xml COMPUTERNAME=%Computer - Device Name%

                 

                There's a record in the database for the machine (more specifically the MAC address of the machine) that you're imaging.  The name is injected into the Unattend file so the entire Setup process can be automated, so long as the rest of the Unattend is working.

                 

                Hope this helps get you started.

                1 of 1 people found this helpful
                • 5. Re: Questions on Sysprep during Windows 7 deployment
                  MrGadget Expert

                  Thanks.

                  Guess I have a few more questions. If I put the preload in the osd script I will have a bunch to change and everyone in the future.

                  If I edit the Landesk boot.wim file for winpe should I map to where I stored preload.vbs and have a line like run preload.vbs at the end of the startnet.cmd file?

                   

                  I saw a line in the OSD unattend.xml that said:

                  name="Microsoft-Windows-Shell-Setup"> -<UserAccounts> -<AdministratorPassword> <PlainText>true</PlainText> <Value>false</Value> 

                  In the Value> False part according to the help file this is suppose to be a administrator password and I can find no explanition for putting the word False in there. You have any idea?

                  • 6. Re: Questions on Sysprep during Windows 7 deployment
                    Apprentice

                    Good idea on the startnet.cmd, however I don't recommend doing that or else you will ALWAYS get prompted to name a machine when PE boots.  I actually have several scripts and tools I use in the PE environment for troubleshooting provisioning issues, checking disk setups etc.  If this was in startnet it would run every time, even if I didn't want it to.  So yes, you'll want to add this to each OSD script where you'd like it to run, and any new script you create where you'd like it to run.  Wherever possible, having less OSD scripts is always a plus for this exact reason.  The only way around this, I suppose, would be to mod the script to ask you if you'd like to name the machine.  The script is built so our technicians don't have the option of canceling and the logic requires a name before it will proceed with the script.

                     

                    As for the "False" value, this is where the password you are using for each unattend pass should go.  My unattend files either have nothing in this field (<Value></Value>) or they have a variable that I inject during Provisioning (<Value>%localadminpass%</Value>).  I'm thinking "False" is put in there by the WAIK maybe?

                     

                    By the way, you asked earlier how I opened the LANDesk Unattend file in the WSIM tool.  Not sure if you figured this out, but if you look at the header information of the unattend.xml that LANDesk creates, then look at a new unattend.xml you create with the WSIM, they look a little different.  Just look at the top few lines involving XML created in the WSIM tool and copy those to your LANDesk unattend file.  Then the WSIM should be able to open it.

                    • 7. Re: Questions on Sysprep during Windows 7 deployment
                      Apprentice

                      Can anyone tell me where the OSDScript.xml gets the default information pulled from?  When I create a new OSD script and use Sysprep it always puts the same information inside of the XML file, but I always have to manually edit this xml and place my own stuff in there.  I would like to make it part of the default sysprep, or unattend.xml script.  How do I do that?

                      • 8. Re: Questions on Sysprep during Windows 7 deployment
                        Apprentice

                        If I get what you're asking, you want to create a template.xml file.  When you create a new OSD script using the wizard, one of the options is to use a template unattend file.  If you have an unattend.xml that you've already configured the way you like, including Time Zone info, admin passwords etc., make a copy of it and name it template.xml (just for easy reference, you can call it anything you like).  Drop it in the \\ldmain\landesk\files directory.  When you build a new OSD script, select that template.xml file (I'm remote or else I'd give you a screenshot, but it's one of the items during the OSD script wizard).

                         

                        This will fill in the basic stuff for building the new unattend.xml file.  It should also retain any customizations you've made in the template.xml.

                        • 9. Re: Questions on Sysprep during Windows 7 deployment
                          Apprentice

                          Thanks for the speedy reply.  I guess I don't get it.  Where do I specify the template.xml file?  I tried the 'Use existing SYSPREP file as a template", but it only pulls some of the information, not all.  And the information it does pull is some of my personal stuff, so I know it is getting it from somewhere.  I'm just not sure where.

                          • 10. Re: Questions on Sysprep during Windows 7 deployment
                            Apprentice

                            Wkat kind of options is it not pulling when you said "Use existing..."?

                            • 11. Re: Questions on Sysprep during Windows 7 deployment
                              Apprentice

                              I have 3 things:

                              The first thing is a map to network resource - net use \\LDMCore\LDMain password domain.org\username

                              The second thing is:  cmd /q /c \\LDMCore\LDMain\Files\CustomScripts\OSDCustomScripts.cmd

                              The third is:  Shutdown -f -r -t 20 -c "this pc will now be rebooted"

                               

                              I have several registry tweaks that I do, and found that it was easier to do in a batch file (OSDCustomScripts.cmd) and call that from my OSD.xml script.  It make it easier to make small changes to the deployment without having to modify the OSD.xml script.  It all seems to work, I just wanted to know if there was a way to add all of this to the 'template', so I don't have to manually add it to the xml file.

                              • 12. Re: Questions on Sysprep during Windows 7 deployment
                                Apprentice

                                I have created a new sysprep.xml that is working by manually editing the .xml file.  I have copied it to a Template.xml file and tried to use that as the Sysprep Template for another OSD Task, but it only pulls in the first 6 commandlines in the <First LogonCommands> section.  Any ideas on where this is being pulled from?  I seem to get the same thing in my OSDTask.xml whether or not I choose a SysprepTemplate.

                                • 13. Re: Questions on Sysprep during Windows 7 deployment
                                  Rookie

                                  Sorry for replying to an old post.

                                   

                                  Silvercoupe, thanks for the pepreload script. I understand the principle, but when I try to use it, it does not show a popup. It just stops. When opening a command prompt and starting taskmgr, and show processes for all users, I do find the wscript executable. After killing it the OSD process continues. Apparently the popup in my testscript (msgbox "test") is active, but just not showing.

                                  When I start taskmgr, I see about 8 tasks under user system. When selecting show form all users I get a lot more, but most of them also run under the system account. I tried to copy it locally and start it from x:\windows\system32, but no joy. If I start a command prompt (in WinPE) and start the script from there it works fine, so I added the vbscript engine correct. I have no clue how to make the script start in a visible way. Did I forget something?

                                  • 14. Re: Questions on Sysprep during Windows 7 deployment
                                    Apprentice

                                    henry74,

                                     

                                    What version of LDMS/PE are you using?  Not sure which version it started happening on but I had the same issue.  Try using ldrun:

                                     

                                    REMEXEC201=ldrun wscript.exe x:\ldclient\pepreload.vbs

                                     

                                    Works fine every time for me.

                                    1 2 Previous Next