Monthly Archives: June 2013

Creating a syspreped Windows 7 Image for KACE

Creating a syspreped Windows 7 Image for KACE is pretty much done the same way as you would for Symantec Ghost or even Microsoft’s ImageX.  The Image process isn’t difficult and takes these basic steps:

  • Install Windows 7.
  • Install Applications.
  • Customize Windows and Apps
  • Copy unattend.xml and any scripts needed.
  • Run Sysprep.
  • Capture the Image

The unattend.xml file is the core to the image process.  It tells sysprep what to do so that is where I’ll start.

Create the unattend.xml file for sysprep

KACE has you download the Windows Automated Installation Kit (WAIK).  You will also need the Windows 7 media that came with your PC.  I buy Dell equipment so it was an option when I ordered our PC’s.  I am using Windows 7 64 bit Professional.  Install WAIK on a PC and copy the Windows 7 installation media to a folder on the hard drive.  Note this is not the PC you are going to image.

When I first started imaging Windows 7 machines I used Brian Jackson’s guide on how to Sysprep a Windows 7 Machine – Start to Finish V2.  Guess what, the exact same process works with KACE.  Brian has some good ideas but this is what I do.

Open the Windows System Image Manager.  From the File menu Select Windows Image… and browse into the sources directory of your Windows 7 media.  Select the Install.wim file.  Then under the File menu select New Answer File…  name it unattend.xml.

In the Answer File section (the middle) we are going to add some steps.  Eventually it will look like this:

WAIK-unnatended

3 generalize

amd64_Microsoft-Windows-Security-SPP_neutral

Skip Rearm equals 1

Set the SkipRearm = 1

This tells Windows to reset the licensing state as if it was a clean installation.

4 specialize

amd64_Microsoft-Windows-Deployment_neutral

4-specialize Run Synchronous Command

amd64_Microsoft-Windows-Security-SPP-UX_neutral

Skip Auto Activation

We are setting the SkipAutoActivation = true because we are going to activate Windows using KMS through a couple of cscript commands.

amd64_Microsoft-Windows-Shell-Setup_neutral

Win Shell Setup

amd64_Security-Malware-Windows-Defender_neutral

Disable Windows Defender

I am not using Windows Defender or Windows Live so those features are turned off.  You can set them to your preference.

7 oobeSystem

This is where the post image work is done.  When you boot the PC with your image for the first time this section of the unattend.xml is executed.

amd64_Microsoft-Windows-International-Core_neutral

Windows Internation Core Properties

amd64_Microsoft-Windows-Shell-Setup_neutral

Windows Shell Setup

Under the Shell Setup you add AutoLogon to log the machine in.  With Ghost I had set the LogonCount to 1.  With KACE I am finding that I need to increase the count to 3 or more.

Auto Login

To get over the licensing hurdle I used Microsoft’s Volume Activation (KMS) and the Deployment Guide.  In the deployment guide you will find the generic KMS Client Setup Keys.  This is the key that goes into the unattended.xml file created by WAIK.  It licenses Windows 7 and then with a couple of scripts in the oobe Windows will check the network for the KMS server and license the PC.  The cscripts are added to the 7 oobeSysten as Synchronous Commands.

synchronousCommand1

cscript //b c:\windows\system32\slmgr.vbs /ipk FJ82H-XT6CR-J8D7P-XQJJ2-GPDD

 

synchronousCommand2

 

CSCRIPT //b c:\windows\system32\slmgr.vbs /ato

synchronousCommand3

c:\Windows\setup\scripts\oobe-clean.cmd

@echo off

:CLEANUP
del /F /Q %SYSTEMDRIVE%\Answerfile\unattend.xml
rd %SYSTEMDRIVE%\Answerfile
del /F /Q %systemroot%\panther\unattend.xml
del /F /Q %systemroot%\System32\sysprep\unattend.xml
del /F /Q %SYSTEMDRIVE%\setup\scripts\unattend.xml
del /F /Q %SYSTEMDRIVE%\setup\scripts\oobe-clean.cmd

The cleanup script is run from the the unattend.xml but you need to create the script file and place it in the Windows\Setup\Scripts folder on the image PC before you sysprep it.  This is a holdout from Ghost, and you theoretically could do this as part of the KACE post installation tasks.

OOBE Properties

I dislike the “Set Network Location” prompt that users get the first time the PC is logged in.  So I found a script to turn it off but I then discovered that the unattend file can do this too.  In the oobe section just set the NetworkLocation = Work. I also hide the EULA page since I am accepting the license agreement for my users.

Themes

I set the screen saver, background image, and Window Color so all my machines have the same look in the Themes section.

Lastly you need to add the user account credentials that Windows 7 will use for the Administrator account.

oobeSystem

Local Account Name

Don’t forget to actually put in passwords.  I didn’t clip the screens of those sections.

Now you can save your unattend.xml file.  It should look something like this answerfile.

You can edit the unattend.xml file and remove the <ComputerName>*</ComputerName> line entirely.  This causes Windows to ask for a computer name which is what I did with Ghost.  With KACE I am working on Auto naming the PC so I left the astrisk in which gives Windows a random name.

Using the unattend.xml file with Sysprep

Now that you have the unattend.xml file you need to be able to do something with it.  On the PC that you want to create the image with boot your Windows 7 media and perform an install.

  • Select your language
  • Accept the Terms & Conditions
  • Perform a custom Install
  • Use all disk space and let Windows create the 100 meg boot partition
  • Windows will copy and install Features and Updates
  • Windows will restart
  • Setup updates registry settings and starts services and completes the installation
  • Windows restarts again
  • You will get the User Name Prompt – STOP

If you were installing Windows 7 on a PC for a single user you would go ahead and create a user name.  This image will NOT have a user already created.  Instead you want to boot using the hidden Windows Administrator account. Press CTRL+SHIFT+F3 now and it will log you in as the hidden Administrator.  This is called Windows Audit Mode.

At this point you can install applications, run Windows updates, reboot as needed.  A reboot will log you back in to audit mode until sysprep is run.  Once you have everything on your Image PC ready you need to copy the unattend.xml to a few directories.  It goes to C:\Windows\Panther,  C:\Windows\System32\Sysprep, and C:\answerfile  According to the Microsoft instructions the answer file doesn’t need to go in its own directory but I had problems getting sysprep to read it and this was my answer.

I also create a C:\Windows\setup\scripts directory and put in my oobe-clean.cmd file AND I copy my ssText3d.scr that I have configured for my screen saver into the Windows\System32 directory.

Now open a command prompt and sysprep the machine.

CD C:\Windows\System32\sysprep
sysprep.exe /oobe /shutdown /generalize /unattend:c:\answerfile\unattend.xml

Once the PC turns off you can restart it and boot from the network PXE boot and capture the image.

Simple eh?