Microsoft Windows 2000 Professional can be deployed within
your organization in many different ways. This
article will discuss the crhme of the crop, Sysprep.
Sysprep is not an all in one deployment utility.
Rather, it is a complement to many of the popular disk cloning utilities,
such as Symantec’s Norton Ghost. Sysprep
allows you to customize your -golden- image to be used in your enterprise,
and then clone it to all of your workstations.
Microsoft Windows 2000 Professional can be deployed within your organization in many different ways. This article will discuss the crhme of the crop, Sysprep. Sysprep is not an all in one deployment utility. Rather, it is a complement to many of the popular disk cloning utilities, such as Symantecs Norton Ghost. Sysprep allows you to customize your golden image to be used in your enterprise, and then clone it to all of your workstations.
This paper is not intended to be a guide to the best
practices of configuring Windows 2000 Professional. This paper will cover how best to utilize Sysprep and a third
party cloning utility to allow you to deploy a standard image throughout your
organization. This image will be
configured to reduce the amount of input by deployment personnel to a bare
minimum. In fact, the image
detailed in the following scenario requires only the machine name to be
successfully deployed. By cloning
your base image, you can minimize your departments support costs by eliminating
workstation -deltas- (one machine configured differently than others) and
the possibility of human error during the setup process.
Sysprep is a utility that will allow you to duplicate a
fully configured Windows 2000 installation to a large number of machines.
This utility automatically regenerates the SID on each duplicated system.
Sysprep can also be used to duplicate stand alone and member servers.
At this time, Sysprep cannot be used to clone Domain Controllers.
You can however create a base server image, and then run DC Promo on each
server to reduce deployment time for a large number of similar servers.
Microsoft has written a very informative Whitepaper on the subject called
Automating Windows 2000 Deployments with Sysprep located here.
The version of Sysprep that comes on the Windows 2000
CD has been updated to V 1.1. You
can download the new version here.
This new version eliminates the mass storage controller dependency of the
original version. Previously you
would need to create a separate image for each system that had a different mass
storage controller. Sysprep is
still dependent on the Hardware Abstraction Layer, and you will need a separate
image for each variation of HAL’s within your enterprise.
When used in conjunction with Plug and Play, you can deploy Windows 2000
Professional throughout an entire organization with one single image.
The following is a brief overview of the Sysprep
and configure Windows 2000 Professional.
and configure applications.
sysprep.exe and shutdown computer. (note: sysprep.exe uses options
configured in sysprep.inf)
image to network share utilizing third party disk copying software.
image to target workstation.
restart, machine with duplicated image parses sysprep.inf and runs minisetup.
minisetup completes, restart machine, SID is automatically regenerated.
The following is a list of requirements and goals that we
will accomplish with this Sysprep image:
the amount of user/administrative input during setup of the machine.
each imaged machine a unique name consistent with our organizations naming
the administrative password with setup. (In my current organization our tech
support personnel are not given the local administrative password.
This eliminates the only common account in use in our organization. We will set the same option here.)
dynamic updating of hardware drivers.
additional applications to be installed after setup.
additional files to be copied to the workstation after setup.
For the purposes of this discussion, we will be deploying
Windows 2000 Professional to our company named Trake Inc.
Our main file server’s name is DC1, containing our distribution share
DIST$. We have created our Sysprep
directory on our distribution share under the Windows 2000 directory.
We will also need to create a directory named POSTPROC to handle some of
our workarounds that we will incorporate into our sysprep image.
The Sysprep directory will contain the following:
I386 directory – contains $OEM$ directory and
Sysprep.inf is the configuration file that is applied to
your cloned image for use with Minisetup. In
keeping with our -minimal input- theme, I will highlight the main options
needed to appropriately answer the most common setup questions:
ExtendOemPartition=1 (automatically extends system
partition to size of disk)
OemSkipEula=Yes (End user license agreement acceptance)
InstallFilesPath = “c:sysprepi386”
(location of additional drivers)
timezone=015 (current time zone, refer here
for complete listing of timezones)
OEMSkipWelcome=1 (Skip welcome screen)
OEMSkipRegional=1 (Skip Regional options screen – default
DomainAdmin=”trakew2kadmin” (Domainusername of
account with permission to add computer account
DomainAdminPassword=123456 (Password of above account,
please make your password stronger)
JoinDomain=”trake” (Domain to join)
The most notable option we have enabled here is the
OemPnPDriversPath. By redirecting
the drivers location to a network share, we have the ability to update Plug and
Play drivers for future hardware purchases, without recreating the original
We are agreeing to the License and welcome screens by
The $OEM$ directory contains a file named cmdlines.txt,
which allows you to specify additional commands to run at the conclusion of
minisetup. The standard method of
utilizing this file is to script your additional commands here.
After minisetup runs, the commands will be processed and applied to the
machine. This would allow you
specify the installation of extra applications and the like.
However, if one of those applications becomes outdated, you will need to
recreate your image just to remove the line that specifies the out of date
application. This is where we will
create another one of our own workarounds.
We will have cmdlines.txt invoke a batch file in the same
local directory, which invokes another batch file on our network share to allow
dynamic updating of these commands, again with no updating of the original
Here are the contents of cmdlines.txt:
The contents of cmdlines.bat:
net use m: dc1dist$ 123456 /USER:trakew2kadmin /PERSISTENT:NO
And finally the contents of postproc.bat:
regedit /s logonopt.reg
regedit /s legal.reg
copy logoff.exe c:winnt /y
copy con2prt.exe c:winnt /y
copy printers.bat c:winnt /y
Your configuration of postproc.bat may differ.
Here is what the sample postproc.bat does:
adminpw.bat – This batch
file contains the standard NET USER command to reset the admin password.
This prevents us from having to specify it during setup, and allows
us to change the local admin password on newly imaged machines if the
original is ever compromised. This
is useful if your organization has a policy of changing the local password
every 6 months or so.
/s logonopt.reg – Registry hack to blank out the Username field, and
prepopulate the Domain field in the Ctrl+Alt+Del dialog box after your
target machine restarts.
/s legal.reg – Registry hack to create the LegalNoticeCaption and
LegalNoticeText option. It may
be a good idea to be able to change your Legal Notice on your workstations
with the vast number of companies involved in mergers these days.
logoff.exe c:winnt /y – A Resource Kit utility that allows you to
remotely logoff a user from the workstation. My company does not currently utilize this utility, but
it is there if we ever need it.
con2prt.exe c:winnt /y – A utility that allows you to script the
installation of network printers.
printers.bat c:winnt /y – The actual batch file for the network
printer utility. Our users
simply select Start | Run | printers and all the network printers are
This is just a sampling of the many different
configurations you can apply to your image dynamically.
You can also add unattended installations of applications to your image
to keep up with the ever changing world of software upgrades.
Using Sysprep in the real world
Now that we now how it works, let’s make it work.
We are assuming that you have created your master Windows 2000 image,
configured all of your applications, and are ready to stamp this image as the
Master. We also assume that you
possess a third party imaging utility and have it configured per the
manufacturers instructions for use in a networked environment.
the Sysprep directory from the network share to the C: drive of the
the local Administrator password to blank (not the word blank, just nothing)
the workstation from the domain and put it into a workgroup.
restarting, log in as the local Administrator with the black password.
all of your domain specific profiles from C:Documents and Settings (we
don’t need to deploy extra profiles do we?).
Start | Run | C:sysprepsysprep.exe -pnp (This will invoke a full plug
and play scan during deployment to the new workstations to pick up any
different hardware than what was used for this image).
workstation will shut down (It probably won’t. There is a hotfix for this bug, but I haven’t ever
gotten around to applying it. If you get the chance, go for it.
Otherwise, just wait 20 seconds after the screen goes blank and then
turn the machine off).
your network boot disk to connect to the imaging share and use a third party
utility to copy the image to the network.
That’s it. You
can use your third party imaging utility to copy this image to your workstations
In our example, the only information that will be needed
will be the workstation name. I
have experimented with the approved ways of automating the naming of the
workstations but never found a scenario that was able to take advantage of it.
If your organization is willing to accept the default machine names given
by Windows 2000 setup (cryptic at best), you
will have a fully automated installation with absolutely no input by support
You will notice when you are prompted for the machine name
that you are also prompted for the local Administrator password.
Remember, we set the local Administrator password with postproc.bat, and
any password you put in at this stage, will get overwritten with our after-setup
processing. This is by design.
You can also reduce the size of your image stored on the
network by deleting pagefile.sys, and hiberfil.sys (if applicable).
By utilizing Sysprep and a third party disk cloning
utility, you can deploy Windows 2000 Professional to your network with the same
exact configurations every time. With
the introduction of Plug and Play to the Windows 2000 platform and depending on
the variation of hardware in your workstations, you may be able to perform a
full scale deployment to your organization with one single image.
You can also use this repeatability to your advantage with
workstation support. In my neck of
the woods, we troubleshoot for 10 minutes, then we blast down the master image
to the workstation again. Returning
the users workstation to a known, supported, working state.
With the availability of free software for download from the Internet,
and how that free software always seems to destroy something on an NT based
workstation, this is a must for large scale shops. Otherwise the majority of
your IT Departments time is spent troubleshooting problems caused by unsupported
Please take the time to read through the Microsoft
Whitepapers regarding Sysprep and Automated Deployments.
With a little planning, you can reduce the costs associated with
supporting an Enterprise network tremendously.