Wednesday, May 28, 2008

Windows update and Deep Freeze

I've given some thought to how to do Windows updates on an XP Pro computer connected to a domain, with Deep Freeze. I think the following might work:

- Disable the group policy that configure s Windows update from the domain
- Run a script that will turnoff WAU, change the registry settings to force detection, start the service and start the detection
- Windows will immediately check for, download and install updates within the thaw window

There are some minor concerns. The above script will work for WSUS. Perhaps I can adapt it to SUS. To automate this properly, it will need to be scheduled within Deep Freeze and require no manual intervention.

Thursday, May 22, 2008

Useful Vista Links

Automate autoadminlogon

Inside Vista Setup - A better explanation of the sysprep process

Mark Minasi's newsletters - There is some good stuff on sysprep here

Developing Applications that run at logon

BDD 2007 - I have not used this, but it could be useful for reference

The URL is too long so just click here

Windows Vista Team Blog - I have not used this either, but it looks useful

This URL is too long so just click here

Wednesday, May 21, 2008

A complete Declone and Sysprep solution

I think I have a complete end-to-end solution. Here's how it goes:


Pass 5 auditSystem
Autologon 5 times

Pass 6 auditUser
RunSynchronous1 = c:\declone\declone.cmd
RunSynchronous2 = %windir%\system32\sysprep.exe /oobe /quiet /reboot

Pass 7 oobeSystem
Reseal = false, OOBE
Autologon once
FirstLogonCommands, SynchronousCommand1 = c:\declone\post-sysprep1.cmd
OOBE =true,work,1,true,true

In addition, prior to running sysprep, I've automated removing the machine from the domain, rebooting and starting sysprep with:

sysprep.exe /generalize /quiet /audit /unattend:c:\windows\system32\sysprep\unattend.xml /reboot

If one doesn't remove the machine from the domain after it has been sysprepped, the following error will occur after reboot:

"Windows could not complete the installation. To install Windows on this computer, restart the installation. "

To summarize:

Run setup.cmd to setup the autoadminlogon, remove from domain & copy sysprep.cmd to buddha's startup folder.
Reboot, autologon and run sysprep.cmd to sysprep the machine
Reboot, run generalize pass
Reboot, run audit pass, autologon, run delcone and sysprep /oobe
Reboot, run oobesystem pass, autologon, set language & display settings, and run post-sysprep1.cmd to join domain and delete sysprep.cmd in startup folder
Reboot, and the computer is ready for use

Oh I also enabled CTRL-ALT-DEL and disabled Display username in the registry.

Friday, May 16, 2008

Joining a domain

Lots of progress today. I've gotten sysprep to join a domain. When it boots into audit mode after finishing post-sysprep1.cmd it tends to crash with a "windows needs to be reinstalled error". Got past that by adding a "sysprep /oobe/quiet/reboot as the 3rd RunSynchronous command in 6 audituser, with WillReboot=Never.

It will do all the oobe stuff as per the unattend.xml and give you a nice CTRL-ALT-DEL prompt to logon with. Problem is it prompts for the network location setup after logon. Working on the reg tweak to fix that.

Also have the problem of not displaying a prompt so that I can choose the username and domain to logon.

Successful sysprep

I got it. Finally. With a little help from

It looks like that SP1 messed up the instructions from firgeier's site. The old way, with the RunSynchronous in 4 specialize causes the following error:

"Interactive logon process failed to initialize
Please check the error log for more information"

And the computer shuts down.

I ended up modifying the unattended.xml file as follows.

1) Removed all entries from 4 specialize
2) Left the RunSyncrhonous command for c:\declone\declone.cmd in 6 audit user and set WillReboot=Always.
3) Removed the RunSyncrhonous command for sysprep /audit/quiet /reboot and WillReboot=Always.
4) The last statement causes sysprep to reboot in a loop even though it completes pass 6 sucessfully.
5) Left the 7 oobeSystem settings as they were, I don't think they are read in this pass.
6) Used sysprep.exe /generalize /quiet /oobe /unattend:c:\windows\system32\sysprep\unattend.xml /reboot

Here is the thing... sysprep did not seem to use the oobe switch. I have never seem Windows Welcome appear. Perhaps it could be that it was told to be silent in unattended.xml. I had it reboot into audit mode so that I could continue the testing.

So far, declone is working to rename the computer and reboot. Sysprep brings the computer back to a usable state. Next up... joining a domain.

Wednesday, May 14, 2008

Sysprep nada

Well, sysprep is very easy to mess up. The last couple of times I tried, I had to reimage the computer. I've rewritten Declone.cmd for Vista. Works great if you run it manually. Still trying to figure out how to make it run in Sysprep.

I figured out that if you run sysprep.exe /generalize /audit /unattend:c:windows\panther\unattend.xml /reboot, it will run the specialize pass after reboot. That is the good news. I added x86_Microsoft-Windows-DeploymentXXX_neutral \RunSynchonous\RunSynchronousCommand to 4 specialize.

I found a useful procedure to call sysprep multiple times in audit mode to simulate the renaming of the machine, rebooting, joining of the domain and other housekeeping tasks.

Even after all that, declone.exe dies with ERROR:Critical when running in audit mode. I'm not sure why. It makes the machine unusable and I have to reimage.