Hack 65 Customize SysPrep

figs/expert.gif figs/hack65.gif

Using SysPrep to deploy Windows can be a nightmare, unless you find a way to minimize the number of images you have to maintain.

Are you in charge of imaging workstations in your company? Do you have multiple hardware platforms deployed throughout your company? Do you maintain more than five images of those workstations? If you answered "yes" to any of these questions, then this hack might just ease your workload. By using Microsoft's SysPrep utility, system administrators can reduce the number of PC images that are maintained on a daily basis.

Using the approach in this hack, I have moved away from maintaining between 15 and 20 images and now have to update only 2 or 3 images for our entire company. I support nearly a dozen different types of workstation hardware, including several hardware specifications for laptops. SysPrep, while not inherently easy to configure or understand, is well worth the time and energy invested.

Getting Started

On the lowest platform deployed at your company, install the operating system and leave the administrator account password blank. By leaving the administrator password blank, you prevent passing it in plain text via the sysprep.inf file. For our example, we'll use the following credentials:

Name: Company Name
Organization: Company Name
Computer Name: XXXXXX (whatever you want)
Administrator Password: (blank)

Create an administrative equivalent account called Test with a password:

UserID: Test (or whatever else you want to use)
Password: test! (or whatever)

Now, decide on the Network Options. Check the radio button that reads "Users must enter a user name and password to use the computer" or "Leave the machine connected to the WORKGROUP." Once the operating system is installed, build a new image from scratch by using the Test account. This image should include the latest operating service pack and security patches, in addition to all software that is to be included in the base image. So that you don't have to rely on hindsight, it is recommended that you upload this base image before applying the SysPrep files. That way, if something goes wrong with the SysPrep process, you still have a valid image and won't have to reinstall all the software again. Make sure to keep this uploaded base image separate from all other SysPrep-generated images. Naming the image NoSysPrep might be a good naming convention.

Now, create a folder called C:\SysPrep on the base-image machine. Copy the following files to the newly created folder:


Prepares the hard drive on the master computer for duplication


Regenerates new SIDs for the computers


Helps you identify common names for supported Plug and Play devices


Contains inf settings for supported devices


The answer file to be used for applying an unattended image to a machine

Now, copy all drivers, for all hardware platforms, to C:\SysPrep\Drivers from wherever they reside (whether on a CD-ROM or a network drive). This directory structure will be used when you modify the sysprep.inf file. Note that it is important to download the latest drivers for every type of hardware platform in your company. If hard-drive space is not an issue, it might be a good idea to place all device drivers in separate folders for each unique hardware platform in your company.

Once all the drivers are copied locally, log out of the Test account and log on as administrator. (The password should still be blank at this point.) Delete the Test Profile by right-clicking on My Computer and selecting Properties. Then, from the User Profiles tab, highlight the Test Account and press the Delete key. Next, delete the Test account by right-clicking on My Computer, selecting Manage, expanding Local Users and Groups, highlighting Test Account, and pressing the Delete key.

Run Disk Cleanup (StartProgramsAccessoriesSystem ToolsDisk Cleanup). Then, remove the following two entries from the Registry to keep the base image tidy:


HKLM\Microsoft\Windows\CurrentVersion\ RunMRU

Change the administrator password from blank to something appropriate to the security needs of your environment. Then, from the command prompt, run the following command:

C:\SysPrep\sysprep.exe -pnp

By running the sysprep.exe utility, the PC will be powered down once you click OK. This might take several minutes to complete. The -pnp parameter here indicates Plug and Play.

Now, upload new image and name it SysImage to prevent overwriting the original image. Upon reboot, the SysPrep wizard will run, finding all drivers for each particular hardware device in the system.

Understanding the SysPrep.inf

The key to making SysPrep work on multiple hardware platforms lies in customizing the SysPrep.inf file and the command used to invoke the sysprep.exe utility. This following sections explain each section of the SysPrep.inf file. The following code is taken directly from the sysprep.inf file included with the utility, along with my explanations.


The key to the SysPrep.inf file lies within the SysPrepMassStorage section:




These two strings tell the operating system where to look for the IDE drivers. When you run a full-blown Setup from any Windows setup disk, Setup goes out and looks for the default IDE drivers for the primary and secondary IDE controllers before the GUI phase of Setup begins. After it finds the default drivers, it continues with whatever task it needs to perform. After all the files have been copied over and the setup is completed, it will either keep the default IDE drivers or look for a more updated one from the path provided in the SysPrep.inf answer file. It rarely prompts for an updated driver, unless you have another IDE controller installed (i.e., in addition to the primary and secondary controllers).

Note that %windir% is the environment variable used to describe the location of the Windows files. For Windows NT/2000 operating systems, the Windows files are located in C:\Winnt. For Windows 9x/XP operating systems, Windows files are located in C:\Windows. By using this environment variable, the SysPrep.inf file can be used for nearly all operating systems without additional coding.

The Mshdc.inf file references the Microsoft Hard Drive Controller .inf file.




























Referring back to the SysPrepMassStorage section of Sysprep.inf, the two strings below the primary/secondary controllers (not shown) are unique IDE drivers for your own specific hardware. If you have a unique IDE controller and would like to use drivers other than the MS defaults, you can add them to this section.

You must be very careful when adding a line in the SysPrepMassStorage section of the .inf file. By using only the downloaded drivers, instead of the Microsoft default drivers, you might get an error message stating that there is an invalid disk. If you are running a different IDE driver, you might want to run the driver setup at the end of the SysPrep process. This can be accomplished by placing the setup string in the RunOnce section of the SysPrep.inf answer file. This should then update the IDE controller to the driver that you prefer to use, in addition to creating a stable SysPrep run.

Another thing to consider is an already-configured IDE controller that is a part of your base image. You might lose the updated IDE driver, because the SysPrep setup-wizard parameter pnp (Plug and Play) will overwrite your preconfigured driver. There is a way around this SysPrep feature: omit the pnp parameter when you run sysprep.exe. Omitting the pnp parameter when you run SysPrep runs only a portion of PnP process and not the full PnP feature.

While this might prevent the loss of a preconfigured IDE driver on your workstation image, you should use caution when you choose not to run the full pnp parameter. Running the full pnp parameter as a part of the SysPrep process will indeed allow one image to locate and install a variety of unsupported hardware configurations. If the default Microsoft IDE driver or the specific IDE driver is not detected, then SysPrep will not run correctly.


The following lines in the Unattended section mean that the whole SysPrep setup will not stop or pause for anything. Note that you can document the SysPrep.inf file by using a semicolon as a comment marker, as shown here above the actual command:


; the following optional line means setup won't pause for anything, including errors

UnattendedMode = FullUnattended

The following lines skip the license agreement and any other prompts dealing with licensing:

OemSkipEula = Yes

OemPreinstall = No

The following line tells SysPrep the folder location for hardware-specific drivers that are not included with the operating system:

OemPnPDriversPath = sysprep\Drivers\1\NIC;sysprep\Drivers\1\Sound\W2k;sysprep\Drivers\1\






Typically, you should copy all drivers into a C:\Drivers folder and separate them on a machine-by-machine basis. To keep this line from becoming unmanageable, abbreviate hardware-specific folders and document them accordingly. In this particular instance, the 6 represents hardware running at 600 Mhz, 7 represents 733 Mhz, 8 represents 866 Mhz, and so on. Use any method that fits your environment.

If the image you created has all the drivers for all the different hardware, then the OEMPNPDRIVERSPATH is not needed. However, I recommend you reference all drivers, just in case the manufacturer makes any hardware changes. You do have to copy all the drivers into the SysPrep folder. The space is lost for the image but will be reclaimed after SysPrep finishes, because the image automatically deletes itself. Just make sure that the drivers you need are inside the SysPrep folder.


In the GuiUnattended section, the asterisk beside AdminPassword means the local administrator password is blank:






By having a configured local administrator password on your image, this SysPrep answer file will not null out the password, keeping the password the same. This creates good security by not passing the administrator password via the SysPrep.inf file.


The UserData section is pretty self-explanatory:





Productid=License info goes here

By configuring the screen settings in the Display section, you can prevent the screen from coming up to the far-right or far-left side of the monitor. The display will be centered. These settings can be configured to suit your company's needs:








The BitsPerPel section references the color. Make sure to check the hardware compatibility with a hardware refresh rate (VRefresh). A refresh rate of 75 should work for most hardware, but sometimes 65 is a better option. The AutoConfirm setting is enabled so that confirmation is already set, thus preventing a change back to the default setting.


The Identification section configures a PC to join a specific workgroup:



The workgroup name can be almost anything. If you want to have the PC automatically join a domain, other command lines are needed.


The Networking section tells SysPrep to use the default network settings, including Client for Microsoft Networks, File and Printer Sharing, and TCP/IP (DHCP):



Within this section you can also add additional protocols, clients, services, static IP, and other networking options.

The only issue I have encountered, when running sysprep.exe with the -pnp switch (which causes SysPrep to perform a full device enumeration using Plug and Play), is that my company's preconfigured DNS settings are overwritten because the network card is redetected during the SysPrep process. A possible solution to this issue is to add a line in the RunOnce section of the SysPrep.inf file that will automate reconfiguring those DNS entries.


Finally, by adding the following line to the GuiRunOnce section of the SysPrep.inf file, a script is run from the local machine:



The script file can perform a wide variety of commands. Be sure the file exists on the machine before you reference the command in the SysPrep answer file.

Now you know how to customize the SysPrep.inf file for your environment! For more helpful information on using SysPrep, see my column at myITforum.com (http://www.myitforum.com).

?Janis Keim