ServersUsing Sysprep to deploy Windows 2000 Professional

Using Sysprep to deploy Windows 2000 Professional




Sean Stecker

Microsoft Windows 2000 Professional can be deployed within
your organization in many different ways.  This
article will discuss the crhme of the crop, Sysprep. 
Sysprep is not an all in one deployment utility. 

Rather, it is a complement to many of the popular disk cloning utilities,
such as Symantec’s Norton Ghost.  Sysprep
allows you to customize your -golden- image to be used in your enterprise,
and then clone it to all of your workstations.

Microsoft Windows 2000 Professional can be deployed within your organization in many different ways. This article will discuss the crhme of the crop, Sysprep. Sysprep is not an all in one deployment utility. Rather, it is a complement to many of the popular disk cloning utilities, such as Symantecs Norton Ghost. Sysprep allows you to customize your golden image to be used in your enterprise, and then clone it to all of your workstations.

 This paper is not intended to be a guide to the best
practices of configuring Windows 2000 Professional.  This paper will cover how best to utilize Sysprep and a third
party cloning utility to allow you to deploy a standard image throughout your
organization.  This image will be
configured to reduce the amount of input by deployment personnel to a bare
minimum.  In fact, the image
detailed in the following scenario requires only the machine name to be
successfully deployed.  By cloning
your base image, you can minimize your departments support costs by eliminating
workstation -deltas- (one machine configured differently than others) and
the possibility of human error during the setup process.

  

What
is Sysprep?

Sysprep is a utility that will allow you to duplicate a
fully configured Windows 2000 installation to a large number of machines. 
This utility automatically regenerates the SID on each duplicated system. 
Sysprep can also be used to duplicate stand alone and member servers. 
At this time, Sysprep cannot be used to clone Domain Controllers. 
You can however create a base server image, and then run DC Promo on each
server to reduce deployment time for a large number of similar servers. 
Microsoft has written a very informative Whitepaper on the subject called
Automating Windows 2000 Deployments with Sysprep located here.

The version of Sysprep that comes on the Windows 2000 
CD has been updated to V 1.1.  You
can download the new version here.
This new version eliminates the mass storage controller dependency of the
original version.  Previously you
would need to create a separate image for each system that had a different mass
storage controller.  Sysprep is
still dependent on the Hardware Abstraction Layer, and you will need a separate
image for each variation of HAL’s within your enterprise.
When used in conjunction with Plug and Play, you can deploy Windows 2000
Professional throughout an entire organization with one single image.

 

Using Sysprep

 The following is a brief overview of the Sysprep
process: 

  1. Install
    and configure Windows 2000 Professional.
  2. Install
    and configure applications.
  3. Run
    sysprep.exe and shutdown computer. (note: sysprep.exe uses options
    configured in sysprep.inf)
  4. Clone
    image to network share utilizing third party disk copying software.
  5. Deploy
    image to target workstation.
  6. On
    restart, machine with duplicated image parses sysprep.inf and runs minisetup.
  7. After
    minisetup completes, restart machine, SID is automatically regenerated.

 

Goals

The following is a list of requirements and goals that we
will accomplish with this Sysprep image: 

  1. Reduce
    the amount of user/administrative input during setup of the machine.
  2. Give
    each imaged machine a unique name consistent with our organizations naming
    convention.
  3. Set
    the administrative password with setup. (In my current organization our tech
    support personnel are not given the local administrative password. 
    This eliminates the only common account in use in our organization.  We will set the same option here.)
  4. Allow
    dynamic updating of hardware drivers.
  5. Allow
    additional applications to be installed after setup.
  6. Allow
    additional files to be copied to the workstation after setup.

  

Network preparation 

For the purposes of this discussion, we will be deploying
Windows 2000 Professional to our company named Trake Inc. 
Our main file server’s name is DC1, containing our distribution share
DIST$.  We have created our Sysprep
directory on our distribution share under the Windows 2000 directory. 
We will also need to create a directory named POSTPROC to handle some of
our workarounds that we will incorporate into our sysprep image.

 

Sysprep components

The Sysprep directory will contain the following:

Sysprep.exe

Setupcl.exe

Pnpids.exe

Sysprep.inf

I386 directory – contains $OEM$ directory and
cmdlines.txt

 

Sysprep.inf

Sysprep.inf is the configuration file that is applied to
your cloned image for use with Minisetup.  In
keeping with our -minimal input- theme, I will highlight the main options
needed to appropriately answer the most common setup questions:

 

[unattended]

ExtendOemPartition=1 (automatically extends system
partition to size of disk)

OemSkipEula=Yes (End user license agreement acceptance)

InstallFilesPath = “c:sysprepi386”

OemPnPDriversPath=dc1dist$windows2000postprocdrivers
(location of additional drivers)

 

[guiunattended]

timezone=015 (current time zone, refer here
for complete listing of timezones)

OEMSkipWelcome=1 (Skip welcome screen)

OEMSkipRegional=1 (Skip Regional options screen – default
US English)

 

[userdata]

fullname=”Any Employee”

Orgname=”Trake Inc.”

 

[networking]

 

[identification]

DomainAdmin=”trakew2kadmin” (Domainusername of
account with permission to add computer account                             

                               
                                                   
to domain)               

DomainAdminPassword=123456 (Password of above account,
please make your password stronger)

JoinDomain=”trake” (Domain to join)

 

The most notable option we have enabled here is the
OemPnPDriversPath.  By redirecting
the drivers location to a network share, we have the ability to update Plug and
Play drivers for future hardware purchases, without recreating the original
image. 

We are agreeing to the License and welcome screens by
default. 

 

External
command processing

The $OEM$ directory contains a file named cmdlines.txt,
which allows you to specify additional commands to run at the conclusion of
minisetup.  The standard method of
utilizing this file is to script your additional commands here. 
After minisetup runs, the commands will be processed and applied to the
machine.  This would allow you
specify the installation of extra applications and the like. 

However, if one of those applications becomes outdated, you will need to
recreate your image just to remove the line that specifies the out of date
application.  This is where we will
create another one of our own workarounds.

 

We will have cmdlines.txt invoke a batch file in the same
local directory, which invokes another batch file on our network share to allow
dynamic updating of these commands, again with no updating of the original
image.

 

Here are the contents of cmdlines.txt:

[Commands]

“.cmdlines.bat”

 

The contents of cmdlines.bat:

@echo OFF

net use m: dc1dist$ 123456 /USER:trakew2kadmin /PERSISTENT:NO

m:

cd windows2000postproc

postproc.bat

 

And finally the contents of postproc.bat:

@echo OFF

call adminpw.bat

regedit /s logonopt.reg

regedit /s legal.reg

copy logoff.exe c:winnt /y

copy con2prt.exe c:winnt /y

copy printers.bat c:winnt /y

 

Your configuration of postproc.bat may differ. 
Here is what the sample postproc.bat does:

 

  1. call
    adminpw.bat
    – This  batch
    file contains the standard NET USER command to reset the admin password. 
    This prevents us from having to specify it during setup, and allows
    us to change the local admin password on newly imaged machines if the
    original is ever compromised.  This
    is useful if your organization has a policy of changing the local password
    every 6 months or so.
  2. regedit
    /s logonopt.reg
    – Registry hack to blank out the Username field, and
    prepopulate the Domain field in the Ctrl+Alt+Del dialog box after your
    target machine restarts.
  3. regedit
    /s legal.reg
    – Registry hack to create the LegalNoticeCaption and
    LegalNoticeText option.  It may
    be a good idea to be able to change your Legal Notice on your workstations
    with the vast number of companies involved in mergers these days.
  4. copy
    logoff.exe c:winnt /y
    – A Resource Kit utility that allows you to
    remotely logoff a user from the workstation.  My company does not currently utilize this utility, but
    it is there if we ever need it.
  5. copy
    con2prt.exe c:winnt /y
    – A utility that allows you to script the
    installation of network printers. 
  6. copy
    printers.bat c:winnt /y
    – The actual batch file for the network
    printer utility.  Our users
    simply select Start | Run | printers and all the network printers are
    mapped.

 

This is just a sampling of the many different
configurations you can apply to your image dynamically. 
You can also add unattended installations of applications to your image
to keep up with the ever changing world of software upgrades. 

 

Using Sysprep in the real world

Now that we now how it works, let’s make it work. 
We are assuming that you have created your master Windows 2000 image,
configured all of your applications, and are ready to stamp this image as the
Master.  We also assume that you
possess a third party imaging utility and have it configured per the
manufacturers instructions for use in a networked environment. 

  1. Copy
    the Sysprep directory from the network share to the C: drive of the
    workstation.
  2. Reset
    the local Administrator password to blank (not the word blank, just nothing)
  3. Remove
    the workstation from the domain and put it into a workgroup.
  4. After
    restarting, log in as the local Administrator with the black password.
  5. Remove
    all of your domain specific profiles from C:Documents and Settings (we
    don’t need to deploy extra profiles do we?).
  6. Select
    Start | Run | C:sysprepsysprep.exe -pnp (This will invoke a full plug
    and play scan during deployment to the new workstations to pick up any
    different hardware than what was used for this image).
  7. The
    workstation will shut down (It probably won’t.  There is a hotfix for this bug, but I haven’t ever
    gotten around to applying it. If you get the chance, go for it. 
    Otherwise, just wait 20 seconds after the screen goes blank and then
    turn the machine off).
  8. Insert
    your network boot disk to connect to the imaging share and use a third party
    utility to copy the image to the network.

That’s it.  You
can use your third party imaging utility to copy this image to your workstations
for deployment.

In our example, the only information that will be needed
will be the workstation name.  I
have experimented with the approved ways of automating the naming of the
workstations but never found a scenario that was able to take advantage of it. 
If your organization is willing to accept the default machine names given
by Windows 2000 setup (cryptic at best),  you
will have a fully automated installation with absolutely no input by support
personnel.

You will notice when you are prompted for the machine name
that you are also prompted for the local Administrator password. 

Remember, we set the local Administrator password with postproc.bat, and
any password you put in at this stage, will get overwritten with our after-setup
processing.  This is by design.

You can also reduce the size of your image stored on the
network by deleting pagefile.sys, and hiberfil.sys (if applicable).

 

Summary

By utilizing Sysprep and a third party disk cloning
utility, you can deploy Windows 2000 Professional to your network with the same
exact configurations every time.  With
the introduction of Plug and Play to the Windows 2000 platform and depending on
the variation of hardware in your workstations, you may be able to perform a
full scale deployment to your organization with one single image. 

You can also use this repeatability to your advantage with
workstation support.  In my neck of
the woods, we troubleshoot for 10 minutes, then we blast down the master image
to the workstation again.  Returning
the users workstation to a known, supported, working state. 

With the availability of free software for download from the Internet,
and how that free software always seems to destroy something on an NT based
workstation, this is a must for large scale shops. Otherwise the majority of
your IT Departments time is spent troubleshooting problems caused by unsupported
software.

Please take the time to read through the Microsoft
Whitepapers regarding Sysprep and Automated Deployments. 
With a little planning, you can reduce the costs associated with
supporting an Enterprise network tremendously.

Latest Posts

Related Stories