Standalone Imaging Solution

I’ve been in a situation a couple of times where a client was going to use a third-party vendor to image hardware offsite, but didn’t have Microsoft deployment tools (WAIK, WDS, MDT, SCCM, etc.) for deploying the standard WIM image that was created.  To work with this scenario, I developed an unattended answer file with WSIM that can be used to sysprep a computer for an image where the disk can be cloned.  This sysprep file essentially does the following items below.  Many of the items may seem “unnecessary”, but they are necessary in order to automate the majority of the deployment.

Sysprep.xml Features

• enables the local admin account
• removes the “copy profile” functionality
• removes the “Get Windows Live” shortcuts
• sets the time zone to MST
• enables RDP
• disables firewall notifications
• disables the domain firewall
• disables Windows Defender
• disables IE accelerators
• disables the IE first run wizard
• enables IE compatibility mode
• disables IE suggested sites
• sets Windows to skip auto activation
• disables system restore
• sets the local language to English
• sets the registered owner/org
• sets Windows to automatically login as Administrator one time
• sets the screen resolution to 1024×768
• sets the first logon command to execute a script in C:\CompanyName
• Hides the Windows EULA Hides the wireless network setup wizard
• sets the default network location to “Work”
• sets the recommended level of protection for Windows Update
• creates taskbar links to Outlook and Word

Download sysprep.xml here!!

Next, the overall process looks like such:

1. Automate driver installation using HP SoftPaqs and script to copy the files into C:\CompanyName\ModelName\
   1. Optionally, automate and script BIOS updates
2. Create script named “ImageConfigTasks.vbs” (code below) to do the following items (this will run post sysprep).  Script should be copied into C:\CompanyName.  You can use the attached script as a starting point.
   1. Prompt for PC name
   2. Detect PC model and install drivers (do this next to ensure the NIC driver gets installed for the domain join)
   3. Join to domain and OU
   4. Install SCCM client
   5. Install SCEP client
   6. Restart Window
3. Create sysprep.xml file with x64 bits which essentially allows the PC to auto logon into Windows with the admin account and launches ImageConfigTasks.  You can use the attached sample as guidance, but do not actually use this file as it was compiled for the x86 components and you need it for x64.
4. Create a “build” task sequence which installs Windows, software, security updates, copy of the drivers into the CompanyName folder, copy of the ImageConfigTasks script, copy the sysprep.xml file
5. Run the task sequence on a VM
6. After completion, login to Windows and run %SYS32%\sysprep\sysprep.exe /generalize /oobe /shutdown /unattend:C:\CompanyName\sysprep.xml
   1. This will sysprep the PC’s disk for cloning.  Do not power on the PC once its shutdown!
   2. Optionally, you can creatively automate this process so that you do not need to actually login to the PC
7. Once the PC with the cloned disk has been delivered onsite, power on the PC.  Windows will go through mini-setup to install generic devices.  Then Windows will auto logon to run the script and complete the setup process.

Download the ImageConfigTasks script here!!

Run on physical hardware

To build-out this custom solution for the vendor, do the following.

1. Complete and “certify” the newly captured image (note: this is still in progress as of 12:15 PM today, but is looking good to complete successfully).
2. Use the deployment task to install this image AND the hardware drivers AND any other software/configurations that did not make it into the image.  You may also want to change the task sequence to NOT join to the domain for this model so that it does not receive [junky] group policies.
3. Once that task sequence is done, login to Windows as the local admin account.
4. Ensure the two script files live in C:\CompanyName
5. Run %SYS32%\sysprep\sysprep.exe /generalize /oobe /shutdown /unattend:C:\CompanyName\sysprep.xml
6. DO NOT TURN THE COMPUTER ON.  Remove the hard drive and give to vendor.  Once a cloned PC is onsite and connected to the network, only then should the PC be turned on.  A prompt for the computer name will appear and then the custom script will execute.

While you’re in the process of testing/development, you can of course turn it on to validate the scripts execute, drivers are installed, etc.

How to Add a Language Pack to Win7 OSD Without MDT

For those whom need to add language packs to a Win7 image build/deployment, but only have SCCM infrastructure (without MDT integration), a TechNet forum posting gives the answer (which I’ve posted below).

1. Create a package and copy each lp.cab file into the root (Just rename each cab so they can all exist in the same folder e.g. de-de.cab for German etc…)
2. In your task sequence, after the Setup windows and ConfigMgr step and before you apply any updates (important) add a Run command line step with the following properties:
   1. Package: The package from step 1
   2. Disable 64-bit file system redirection: Enabled
   3. Command Line: cmd.exe /c dism.exe /online /add-package /PackagePath:”%CD%”

This will add all language packs that exist in the package directory to the installed OS. If you need to add more languages later, just drop a CAB file in the package and update it the command line stays the same. This also has the added benefit of only downloading the package once to install all the required languages. If you specify multiple tasks to do this in the task sequence it has to download each one separately which can add some additional overhead to the time to install.

Identifying Windows Live Messenger Logins

We have implemented Microsoft Lync in our environment and are preparing to “federate” our domain.  When this happens, users whom have set up a Windows Live ID using their company email address, will no longer be able to use Messenger.  I created the following script which will get the login email address from Messenger as well as the last login time then output the information to a text file on a file share.

'==========================================================================
' AUTHOR: Nick Moseley, http://t3chn1ck.wordpress.com
' DATE  : 10/20/2011
'==========================================================================
Option Explicit
Const ForAppending = 8
On Error Resume Next

Dim oShell, oFSO, oUserDir, colSubFolders
Dim strProfileFolder, strAppFolder
Set oShell = CreateObject ("wscript.shell")
Set oFSO = CreateObject ("Scripting.FileSystemObject")

If oFSO.FolderExists ("c:\users") Then
	strProfileFolder = "c:\users"
	strAppFolder = "\AppData\Local\Microsoft\Messenger"
Else
	strProfileFolder = "c:\Documents and Settings"
	strAppFolder = "\Local Settings\Application Data\Microsoft\Messenger"
End If

Set oUserDir = oFSO.GetFolder (strProfileFolder)
Set colSubFolders = oUserDir.SubFolders

' Open log file
Dim sFileName, oLogFile
sFileName = "\\engsvr01\pstlogs\SCCM\" & oshell.ExpandEnvironmentStrings("%COMPUTERNAME%") & ".txt"
If not oFSO.FileExists (sFileName) Then
	oFSO.CreateTextFile sFileName
End If

Set oLogFile = oFSO.OpenTextFile (sFileName, ForAppending, True)
oLogFile.WriteLine "====Started: " & Date & "===="
oLogFile.WriteLine " " 

' For User folders, check for Windows
Dim oFldr, oFldr2, oWLMfolders, colWLMusers, oConfigFile, sFolderPath
For Each oFldr In colSubFolders
	sFolderPath = strProfileFolder & "\" & oFldr.Name & strAppFolder
	
	' if the Messenger folder exists, then do the following
	If oFSO.FolderExists (sFolderPath) Then
		Set oWLMfolders = oFSO.GetFolder (sFolderPath)
		Set colWLMusers = oWLMfolders.SubFolders
		
		' if the subfolders contains the config.cache file, then it was signed into on WLM
		For Each oFldr2 In colWLMusers
			oLogFile.WriteLine "User: " & oFldr.Name 
			oLogFile.WriteLine "Email: " & oFldr2.Name
			
			If oFSO.FileExists (sFolderPath & "\" & oFldr2.Name & "\config.cache.xml") Then
				' Set oConfigFile to get file's timestamp
				Set oConfigFile = oFSO.GetFile (sFolderPath & "\" & oFldr2.Name & "\config.cache.xml")
				'oLogFile.WriteLine "User: " & oFldr.Name 
				'oLogFile.WriteLine "Email: " & oFldr2.Name
				oLogFile.WriteLine "Last signin: " & oConfigFile.DateLastModified
			Else
				oLogFile.WriteLine "Last signin: UNKNOWN" 
			End If
			
			oLogFile.WriteLine " " 
		Next
	End If
Next 

' end logging
oLogFile.WriteLine "====Ended===="
oLogFile.WriteLine " " 
WScript.Quit (oLogFile.Close)

Since not all computers will have used Messenger, let alone a person having logged into Messenger, create a collection that will be limited to just computers that have recently executed “msnmsgr.exe”.  You can use the below query to determine those systems for your collection.

select distinct SMS_R_System.Name
from  SMS_R_System
inner join SMS_G_System_CCM_RECENTLY_USED_APPS
on SMS_G_System_CCM_RECENTLY_USED_APPS.ResourceID = SMS_R_System.ResourceId
where SMS_G_System_CCM_RECENTLY_USED_APPS.ExplorerFileName = "msnmsgr.exe"
order by SMS_R_System.Name

Hotfix for Windows 7 Extremely Slow Boot Performance

When our company first implemented Windows 7, the performance was quite good and we were impressed.  However, now that Win7 has been in our organization for the last 1 1/2 years, we’re beginning to see a significant performance degradation in boot times.  What was a 1 minute boot time can now be anywhere from 4 to 10 minutes for Windows to get to Ctrl-Alt-Del screen.

In performing analysis on extremely slow boot/login times, I identified both the cause and a Win7 hotfix to correct the issue.  If you are having a similar problem, check out KB2505348 – High CPU usage or a lengthy startup process occurs during WMI repository verification when a large WMI repository exists in Windows 7 or in Windows Server 2008 R2.

One has to chuckle at Microsoft’s titled description on the issue as “lengthy startup process” which in the real world means “so slow that you never want ever EVER shut off your computer because every time you do, you consider making a switch to Linux”.

** Update 10/2/12: there is a newer version for Windows 7 SP1 at http://support.microsoft.com/kb/2617858 **