I’ve been in a situation a couple of times where a client was going to use a third-party vendor to image hardware offsite, but didn’t have Microsoft deployment tools (WAIK, WDS, MDT, SCCM, etc.) for deploying the standard WIM image that was created. To work with this scenario, I developed an unattended answer file with WSIM that can be used to sysprep a computer for an image where the disk can be cloned. This sysprep file essentially does the following items below. Many of the items may seem “unnecessary”, but they are necessary in order to automate the majority of the deployment.
- enables the local admin account
- removes the “copy profile” functionality
- removes the “Get Windows Live” shortcuts
- sets the time zone to MST
- enables RDP
- disables firewall notifications
- disables the domain firewall
- disables Windows Defender
- disables IE accelerators
- disables the IE first run wizard
- enables IE compatibility mode
- disables IE suggested sites
- sets Windows to skip auto activation
- disables system restore
- sets the local language to English
- sets the registered owner/org
- sets Windows to automatically login as Administrator one time
- sets the screen resolution to 1024×768
- sets the first logon command to execute a script in C:\CompanyName
- Hides the Windows EULA Hides the wireless network setup wizard
- sets the default network location to “Work”
- sets the recommended level of protection for Windows Update
- creates taskbar links to Outlook and Word
Next, the overall process looks like such:
- Automate driver installation using HP SoftPaqs and script to copy the files into C:\CompanyName\ModelName\
- Optionally, automate and script BIOS updates
- Create script named “ImageConfigTasks.vbs” (code below) to do the following items (this will run post sysprep). Script should be copied into C:\CompanyName. You can use the attached script as a starting point.
- Prompt for PC name
- Detect PC model and install drivers (do this next to ensure the NIC driver gets installed for the domain join)
- Join to domain and OU
- Install SCCM client
- Install SCEP client
- Restart Window
- Create sysprep.xml file with x64 bits which essentially allows the PC to auto logon into Windows with the admin account and launches ImageConfigTasks. You can use the attached sample as guidance, but do not actually use this file as it was compiled for the x86 components and you need it for x64.
- Create a “build” task sequence which installs Windows, software, security updates, copy of the drivers into the CompanyName folder, copy of the ImageConfigTasks script, copy the sysprep.xml file
- Run the task sequence on a VM
- After completion, login to Windows and run %SYS32%\sysprep\sysprep.exe /generalize /oobe /shutdown /unattend:C:\CompanyName\sysprep.xml
- This will sysprep the PC’s disk for cloning. Do not power on the PC once its shutdown!
- Optionally, you can creatively automate this process so that you do not need to actually login to the PC
- Once the PC with the cloned disk has been delivered onsite, power on the PC. Windows will go through mini-setup to install generic devices. Then Windows will auto logon to run the script and complete the setup process.
Run on physical hardware
To build-out this custom solution for the vendor, do the following.
- Complete and “certify” the newly captured image (note: this is still in progress as of 12:15 PM today, but is looking good to complete successfully).
- Use the deployment task to install this image AND the hardware drivers AND any other software/configurations that did not make it into the image. You may also want to change the task sequence to NOT join to the domain for this model so that it does not receive [junky] group policies.
- Once that task sequence is done, login to Windows as the local admin account.
- Ensure the two script files live in C:\CompanyName
- Run %SYS32%\sysprep\sysprep.exe /generalize /oobe /shutdown /unattend:C:\CompanyName\sysprep.xml
- DO NOT TURN THE COMPUTER ON. Remove the hard drive and give to vendor. Once a cloned PC is onsite and connected to the network, only then should the PC be turned on. A prompt for the computer name will appear and then the custom script will execute.
While you’re in the process of testing/development, you can of course turn it on to validate the scripts execute, drivers are installed, etc.