Wednesday, December 10, 2008

Adding audio/video drivers to sysprep

It's taken me awhile, but I've finally figured out how to find which files sysprep needs to install things like audio and video drivers.

1) Install the driver using its install program.
2) Check the device settings, note in driver details what files are installed.
3) Look in c:\windows\setupapi.log
4) Look for references to your particular driver, there should be a section reference and an inf reference. For example, for the Sapphire Radeon HD 3650, look for [ati2mtag_RV3650] and CX_70226.inf
5) Scan the inf carefully to figure out what files need to be copied to sysprep. Also look for something similar to [SourceDiskNames...] at the end of the file. Sometimes if you have drivers that are in sysprep but still cannot be found by sysprep this is the problem.
6) Test on a clean image. Repeat.

Thursday, November 20, 2008

PXE and BartPE/Windows grabbing different IPs

We have an interesting problem where PXE and BartPE/Windows get issued two different IP addresses from the DHCP server. Apparently this problem has been around for a while. It is caused by different interpretation of the client identifier. This one is Microsoft's fault. Still working on a solution.

http://marc.info/?l=dhcp-server&m=108790473426622&w=2

http://www.ietf.org/mail-archive/web/dhcwg/current/msg05941.html

Friday, November 14, 2008

Lame debugging error

Have you ever spent hours debugging code? Particularly code that had worked the last time you used it? Just added a new wrapper and now it doesn't work? I just did. I ran admod and got this error:

DN Count: 1
LDAP_SEARCH_S: 0x34
LDAP_SEARCH_S: Unavailable

ERROR: Couldn't gather RootDSE Info...
Terminating program.

What the heck does this mean? Google couldn't tell me. After hours of painfully debugging the entire VBS, I narrowed it down to one thing: authentication credentials. The machine I was using was not administrator on the domain.

AUUGHHHH!!!

Monday, October 27, 2008

Add/delete a list of users from Active Directory

I got tired of entering user names by hand in ADUC. Seeing that I have close to 50 users to enter, I decided to write a script. Here's the business portion of it. I use a logfile to record the results.

Add users from a list

for /f "tokens=1-3 delims=| skip=1" %%i in (%datfile%) do (
echo Adding : >> .\logs\%logfile% 2>&1
dsadd user "cn=%%i,%ou_string%" -pwd %%j -desc %%k -canchpwd no -pwdneverexpires yes -d %domain% -u %user% -p %pass% >> .\logs\%logfile% 2>&1
echo To : cn=%%i,%ou_string% >> .\logs\%logfile% 2>&1
echo **************************** >> .\logs\%logfile% 2>&1
)

Delete users from a list (use dsrm not dsadd)

for /f "tokens=1 delims=| skip=1" %%i in (%datfile%) do (
echo Adding : >> .\logs\%logfile% 2>&1
dsrm "cn=%%i,%ou_string%" -d %domain% -noprompt -u %user% -p %pass% >> .\logs\%logfile% 2>&1
echo To : cn=%%i,%ou_string% >> .\logs\%logfile% 2>&1
echo **************************** >> .\logs\%logfile% 2>&1
)

I love recycling code!

Tuesday, September 23, 2008

Stop Windows XP from "Personalizing your Internet Explorer Settings"

A pet peeve of mine is whenever a new user logs into a machine, Windows spends the first few seconds "Personalizing your Internet Explorer" settings. Here's how to stop that.

http://windowsitpro.com/article/articleid/93691/how-do-i-prevent-internet-explorer-from-creating-personalized-settings-for-each-new-user.html

Thursday, August 21, 2008

Add a list of PCs to Active Directory

I got tired of entering computer names by hand in ADUC. Seeing that I have close to 100 machines to enter, I decided to write a script. Here's the business portion of it. I use a logfile to record the results.

for /f "tokens=2 delims=| skip=1" %%i in (%datfile%) do (
echo Adding : >> .\logs\%logfile% 2>&1
dsadd computer "cn=%%i,%ou_string%" -d %domain% -u %user% -p %pass% >> .\logs\%logfile% 2>&1
echo To : cn=%%i,%ou_string% >> .\logs\%logfile% 2>&1
echo **************************** >> .\logs\%logfile% 2>&1
)

Friday, August 15, 2008

Sysprep Intel Video Driver Issue

Well, had an interesting sysprep issue. I need one image to work both on a clone with an Intel ICH9 chipset and an Optiplex 755 with the same. Here are the two scenarios:

1) Build base on 755 and image on clone.
This didn't work because the clone was missing the audio driver and a some Intel Chipset drivers.

2) Build base on clone and image on 755.
This worked better because the two drivers were installed. The only issue was that the Intel Q35 Video wasn't completely recognized. It kept on asking for the installation CD. I'm not sure why as it was recognized before.

I worked with scenario 2 and discovered the following in the setupapi.log. Highlighted in orange is what the installer found. Highlighted in purple is what the installer used. The section"[iBLB0]" that was installed had a mismatched driver version compared to what was in igxp32.inf. As a result I had to rem out that section in oem4.inf. It skipped to oem39.inf and used the section "[iBLB1]" which had the same version number, 6.14.10.4964, as igxp32.inf. Igxp32.inf is the correct installation file for the driver. I'm sure that I could have remmed out sections in oem39.inf as well and used igxp32.inf instead.

[2008/08/15 11:13:59 540.68 Driver Install]
#-019 Searching for hardware ID(s): pci\ven_8086&dev_29b2&subsys_02111028&rev_02,pci\ven_8086&dev_29b2&subsys_02111028,pci\ven_8086&dev_29b2&cc_030000,pci\ven_8086&dev_29b2&cc_0300
#-018 Searching for compatible ID(s): pci\ven_8086&dev_29b2&rev_02,pci\ven_8086&dev_29b2,pci\ven_8086&cc_030000,pci\ven_8086&cc_0300,pci\ven_8086,pci\cc_030000,pci\cc_0300
#-198 Command line processed: C:\WINDOWS\system32\services.exe -setup
#I022 Found "PCI\VEN_8086&DEV_29B2&SUBSYS_02111028" in C:\WINDOWS\inf\oem4.inf; Device: "Intel(R) Q35 Express Chipset Family"; Driver: "Intel(R) Q35 Express Chipset Family"; Provider: "Intel Corporation"; Mfg: "Intel Corporation"; Section name: "iBLB0".
#I023 Actual install section: [iBLB0]. Rank: 0x00000001. Effective driver date: 06/05/2007.
#I022 Found "PCI\VEN_8086&DEV_29B2" in C:\WINDOWS\inf\oem39.inf; Device: "Intel(R) Q35 Express Chipset Family"; Driver: "Intel(R) Q35 Express Chipset Family"; Provider: "Intel Corporation"; Mfg: "Intel Corporation"; Section name: "iBLB0".
#I023 Actual install section: [iBLB0]. Rank: 0x00002001. Effective driver date: 06/27/2008.
#I022 Found "PCI\VEN_8086&DEV_29B2" in C:\sysprep\vid\igxp32.inf; Device: "Intel(R) Q35 Express Chipset Family"; Driver: "Intel(R) Q35 Express Chipset Family"; Provider: "Intel Corporation"; Mfg: "Intel Corporation"; Section name: "iBLB0".
#I023 Actual install section: [iBLB0]. Rank: 0x00002001. Effective driver date: 06/27/2008.
#I022 Found "PCI\VEN_8086&DEV_29B2" in c:\temp\igxp32.inf; Device: "Intel(R) Q35 Express Chipset Family"; Driver: "Intel(R) Q35 Express Chipset Family"; Provider: "Intel Corporation"; Mfg: "Intel Corporation"; Section name: "iBLB0".
#I023 Actual install section: [iBLB0]. Rank: 0x00002001. Effective driver date: 06/27/2008.
#-166 Device install function: DIF_SELECTBESTCOMPATDRV.
#I063 Selected driver installs from section [iBLB0] in "c:\windows\inf\oem4.inf".
#I320 Class GUID of device remains: {4D36E968-E325-11CE-BFC1-08002BE10318}.
#I060 Set selected driver.
#I058 Selected best compatible driver.
#-166 Device install function: DIF_INSTALLDEVICEFILES.
#I124 Doing copy-only install of "PCI\VEN_8086&DEV_29B2&SUBSYS_02111028&REV_02\3&172E68DD&0&10".
#-011 Installing section [iBLB0] from "c:\windows\inf\oem4.inf".
#E358 An unsigned or incorrectly signed file "c:\windows\inf\oem4.inf" for driver "Intel(R) Q35 Express Chipset Family" blocked (server install). Error 1168: Element not found.
#E122 Device install failed. Error 1168: Element not found.

Friday, July 18, 2008

Sysprep is loading mass storage, network and video drivers

I finally got Sysprep for XP to do a most useful thing. Now I know why it needs to load mass storage drivers. I needed to get the same image going on a Optiplex 755, GX280 and a clone with some kind of Intel chipset. I loaded the following into sysprep.inf:

[SysprepMassStorage]
;IDE chipset driver for Dell Optiplex GX270 (ICH-5)
;PCI\VEN_8086&DEV_24D1=C:\windows\inf\mshdc.inf
;PCI\VEN_8086&DEV_24DB=C:\windows\inf\mshdc.inf
PCI\VEN_8086&DEV_24D1=C:\sysprep\chipset\ich5ide.inf
PCI\VEN_8086&DEV_24DB=C:\sysprep\chipset\ich5ide.inf
PCI\VEN_8086&DEV_25A2=C:\sysprep\chipset\ich5ide.inf
PCI\VEN_8086&DEV_25A3=C:\sysprep\chipset\ich5ide.inf
;IDE chipset drivers for Dell Optiplex 280
PCI\VEN_8086&DEV_2651=C:\sysprep\chipset\ich6ide.inf
PCI\VEN_8086&DEV_2652=C:\sysprep\chipset\ich6ide.inf
PCI\VEN_8086&DEV_2653=C:\sysprep\chipset\ich6ide.inf
PCI\VEN_8086&DEV_266F=C:\sysprep\chipset\ich6ide.inf
;IDE chipset driver for Dell GX620, GX520
PCI\VEN_8086&DEV_27C0=C:\sysprep\chipset\ich7ide.inf
PCI\VEN_8086&DEV_27C4=C:\sysprep\chipset\ich7ide.inf
PCI\VEN_8086&DEV_27DF=C:\sysprep\chipset\ich7ide.inf
;IDE chipset driver for Dell Optiplex 745
PCI\VEN_8086&DEV_2820=C:\sysprep\chipset\ich8ide.inf
PCI\VEN_8086&DEV_2825=C:\sysprep\chipset\ich8ide.inf
PCI\VEN_8086&DEV_2828=C:\sysprep\chipset\ich8ide.inf
PCI\VEN_8086&DEV_2850=C:\sysprep\chipset\ich8ide.inf
;IDE chipset driver for Dell Optiplex 755
PCI\VEN_8086&DEV_2920=C:\sysprep\chipset\ich9ide.inf
PCI\VEN_8086&DEV_2921=C:\sysprep\chipset\ich9ide.inf
PCI\VEN_8086&DEV_2926=C:\sysprep\chipset\ich9ide.inf
PCI\VEN_8086&DEV_2928=C:\sysprep\chipset\ich9ide.inf
PCI\VEN_8086&DEV_292D=C:\sysprep\chipset\ich9ide.inf
PCI\VEN_8086&DEV_292E=C:\sysprep\chipset\ich9ide.inf

I also loaded some NIC and video drivers into the sysprep folder. Its best to load all of what the vendor gives you, because if you are short a file, sysprep just might crap out on you.

Think I'll build the base on the 755, it seems to have a hard time with the GX520 image. It wouldn't boot into anything but safe mode, but with enough iterations of sysprep and some additional driver installation, I got it to behave normally.

Thursday, July 17, 2008

Sysprep is !$%@&!

Well... it turns out the problem is with the sysprep.inf. It is causing cmdlines.txt not to run. I had to copy the orginal from Declone 4.0.0 ETS and modify it to make it work. And furthermore do the edits on my PC as oppose to the one I'm building the image on. I wonder if the format is written differently between computers? Next time when in doubt, recopy sysprep.inf

Wednesday, July 16, 2008

More sysprep annoyances

Apparently, leaving in the sysprep mass storage references causes cmdlines.txt not to run. The following entire section must be removed.

;[Sysprep]
;BuildMassStorageSection=Yes

;Need to trim this section. Only useful for the generic image
;[SysprepMassStorage]
*pnp0a00=c:\windows\inf\machine.inf
*pnp0a01=c:\windows\inf\machine.inf
*pnp0a04=c:\windows\inf\machine.inf
*pnp0a03=c:\windows\inf\machine.inf

Monday, July 7, 2008

Sysprep Annoyances

I'm rather annoyed with sysprep for XP. In particular, the mass storage section. I have never used it until recently and found out that the following settings will generate hard drive activity for a full 20 min.

[Sysprep]
BuildMassStorageSection=Yes

[SysprepMassStorage]

To get around this, one can predefine the drivers by running sysprep -bmsd. So now I have a list that looks like this.

;[Sysprep]
;BuildMassStorageSection=Yes

[SysprepMassStorage]
*pnp0a00=c:\windows\inf\machine.inf
*pnp0a01=c:\windows\inf\machine.inf
*pnp0a04=c:\windows\inf\machine.inf

With about 700 entries. The idea is to trim the SysprepMassStorage section so that it searches for only the drivers you need. For every driver that appears it takes at least 1-2 seconds to process. Even with half the list, it only went down to 10 min instead of 20.

I've concluded that this should only be done with a true generic image. Custom images should have the above sections remmed out and use only reseal.

Wednesday, July 2, 2008

Updating Windows XP

I had two cases recently where I had to update components for Windows XP Pro. One involved installing IIS and the other was loading an image onto a computer that it wasn't explicitly built for. In both cases the orginal Windows XP CD and the SP3 files were required. I had to unpack the files for SP3 using

http://www.winsupersite.com/showcase/xpsp3_slipstream.asp

Then it was easy... although IIS seemed to require the service to be restarted on the console for it to work properly.

Wednesday, May 28, 2008

Windows update and Deep Freeze

I've given some thought to how to do Windows updates on an XP Pro computer connected to a domain, with Deep Freeze. I think the following might work:

- Disable the group policy that configure s Windows update from the domain
- Run a script that will turnoff WAU, change the registry settings to force detection, start the service and start the detection http://msmvps.com/blogs/athif/pages/66375.aspx
- Windows will immediately check for, download and install updates within the thaw window

There are some minor concerns. The above script will work for WSUS. Perhaps I can adapt it to SUS. To automate this properly, it will need to be scheduled within Deep Freeze and require no manual intervention.

Thursday, May 22, 2008

Useful Vista Links

Automate autoadminlogon

http://shellrevealed.com/blogs/shellblog/archive/2006/10/11/A-useful-tool-for-setting-up-autologon.aspx

Inside Vista Setup - A better explanation of the sysprep process

http://dtmjedi.com/InsideVistaSetup_DtmJedi.htm


Mark Minasi's newsletters - There is some good stuff on sysprep here

http://www.minasi.com/nwstoc.htm


Developing Applications that run at logon

http://msdn.microsoft.com/en-us/library/bb325654.aspx

BDD 2007 - I have not used this, but it could be useful for reference

The URL is too long so just click here


Windows Vista Team Blog - I have not used this either, but it looks useful

This URL is too long so just click here

Wednesday, May 21, 2008

A complete Declone and Sysprep solution

I think I have a complete end-to-end solution. Here's how it goes:

unattend.xml

Pass 5 auditSystem
Autologon 5 times

Pass 6 auditUser
RunSynchronous1 = c:\declone\declone.cmd
RunSynchronous2 = %windir%\system32\sysprep.exe /oobe /quiet /reboot

Pass 7 oobeSystem
Reseal = false, OOBE
Autologon once
FirstLogonCommands, SynchronousCommand1 = c:\declone\post-sysprep1.cmd
OOBE =true,work,1,true,true

In addition, prior to running sysprep, I've automated removing the machine from the domain, rebooting and starting sysprep with:

sysprep.exe /generalize /quiet /audit /unattend:c:\windows\system32\sysprep\unattend.xml /reboot

If one doesn't remove the machine from the domain after it has been sysprepped, the following error will occur after reboot:

"Windows could not complete the installation. To install Windows on this computer, restart the installation. "

To summarize:

Run setup.cmd to setup the autoadminlogon, remove from domain & copy sysprep.cmd to buddha's startup folder.
Reboot, autologon and run sysprep.cmd to sysprep the machine
Reboot, run generalize pass
Reboot, run audit pass, autologon, run delcone and sysprep /oobe
Reboot, run oobesystem pass, autologon, set language & display settings, and run post-sysprep1.cmd to join domain and delete sysprep.cmd in startup folder
Reboot, and the computer is ready for use

Oh I also enabled CTRL-ALT-DEL and disabled Display username in the registry.

Friday, May 16, 2008

Joining a domain

Lots of progress today. I've gotten sysprep to join a domain. When it boots into audit mode after finishing post-sysprep1.cmd it tends to crash with a "windows needs to be reinstalled error". Got past that by adding a "sysprep /oobe/quiet/reboot as the 3rd RunSynchronous command in 6 audituser, with WillReboot=Never.

It will do all the oobe stuff as per the unattend.xml and give you a nice CTRL-ALT-DEL prompt to logon with. Problem is it prompts for the network location setup after logon. Working on the reg tweak to fix that.

Also have the problem of not displaying a prompt so that I can choose the username and domain to logon.

Successful sysprep

I got it. Finally. With a little help from http://www.msfn.org/board/sysprepexe-quite-audit-causes-pc-to-t-t106728.html&p=753640#entry753640.

It looks like that SP1 messed up the instructions from firgeier's site. The old way, with the RunSynchronous in 4 specialize causes the following error:

"Interactive logon process failed to initialize
Please check the error log for more information"

And the computer shuts down.

I ended up modifying the unattended.xml file as follows.

1) Removed all entries from 4 specialize
2) Left the RunSyncrhonous command for c:\declone\declone.cmd in 6 audit user and set WillReboot=Always.
3) Removed the RunSyncrhonous command for sysprep /audit/quiet /reboot and WillReboot=Always.
4) The last statement causes sysprep to reboot in a loop even though it completes pass 6 sucessfully.
5) Left the 7 oobeSystem settings as they were, I don't think they are read in this pass.
6) Used sysprep.exe /generalize /quiet /oobe /unattend:c:\windows\system32\sysprep\unattend.xml /reboot

Here is the thing... sysprep did not seem to use the oobe switch. I have never seem Windows Welcome appear. Perhaps it could be that it was told to be silent in unattended.xml. I had it reboot into audit mode so that I could continue the testing.

So far, declone is working to rename the computer and reboot. Sysprep brings the computer back to a usable state. Next up... joining a domain.

Wednesday, May 14, 2008

Sysprep nada

Well, sysprep is very easy to mess up. The last couple of times I tried, I had to reimage the computer. I've rewritten Declone.cmd for Vista. Works great if you run it manually. Still trying to figure out how to make it run in Sysprep.

I figured out that if you run sysprep.exe /generalize /audit /unattend:c:windows\panther\unattend.xml /reboot, it will run the specialize pass after reboot. That is the good news. I added x86_Microsoft-Windows-DeploymentXXX_neutral \RunSynchonous\RunSynchronousCommand to 4 specialize.

I found a useful procedure to call sysprep multiple times in audit mode to simulate the renaming of the machine, rebooting, joining of the domain and other housekeeping tasks.

http://firegeier.unattended-sponsor.de/en/applications.html

Even after all that, declone.exe dies with ERROR:Critical when running in audit mode. I'm not sure why. It makes the machine unusable and I have to reimage.

Tuesday, April 29, 2008

Vista... is da bomb, no really, Sysprep just bombed

My first experience with Vista is leaving me less then satisfied. It takes over an hour to install on an Optiplex 745 with 2GB of RAM. Got it to ghost without issue using Ghost 11.

The sysprep.inf is not just a simple text file anymore. :-( It is now *.xml and the * can be called almost anything you want. One also has to install Windows SIM (System Image Manager) from the Microsft WAIK (Windows Automated Installation Kit) to create this XML file. Good luck editing it with a text editor.

First kick at sysprep revealed that it likes to disable the administrator account. So I have to use the account that I orginally created to logon to Vista for sysprep. Apparently sysprep makes multiple passes for different purposes. Every time sysprep finishes, the mini-setup window appears. Further checking reveals that Windows has " Setup States"

The Windows image state can be found in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State

With a value of IMAGE_STATE_GENERALIZE_RESEAL_TO_AUDIT

My best guess is that it is waiting for an auditing pass.

First Post

Ahhh... I figured it was about time that I blogged some of the stuff that puzzles me at work. Next up... Vista.