quenga.net - windows & application deployment – remote management – scripting & automation – and more…

Ghost,Scripts/Other,Sysprep/AIK

June 19, 2009

Windows XP Image Building Steps: Expanded

Tags: , , ,

Originally posted on January 30th 2009, updated on June 19th 2009.

Note: This is really long and if you’re not familiar with the imaging process it may be a little overwhelming.  I have updated this post to include more of the scrips I use and have expanded on a few of the steps, such as: creating a default profile in a way Windows will not overwrite  – Thanks.

These steps are used to build a hardware independent Windows XP Image using sysprep and Ghost Solution Suite to make this image file(s).  However, you should be able to use any imaging tool as building the preparing the computer should be the same…ok the first 90% may the same.

Yes, there are some pay tools that will assist with multiple platforms, but I only deal with Dells and I have some say as to what type of hardware we purchase.  If you need to build an image that crosses several different manufactures then purchasing a tool may be beneficial to your organization.

The trick to building a hardware independent image is first; loading all required device drivers, and second; loading drivers in the sysprep configuration file.  I use these steps to build an image that works on about 20 Dell models from Optiplex to the Latitude D & E Series notebooks.  Another issue is using the –pnp parameter during sysprep.  Needed in some of the older models this can cause undesired effects in the newer ones.

After the computer is imaged it needs a name.  Dell allows you to enter an Asset number into the BIOS, and MySysprep can read this Asset number and use it as the computer’s name.

I build images in several steps, backing up along the way, so if I have to start over for any reason I do not have to start from scratch.

First I make a series of template images.  These images are not syspreped, and therefore only work on the template computer.  These are my backup images.

Once everything is functioning properly I sysprep the image to make it compatible to all of my models.

Note about my image process:

  • I make several images;
    1. OS Template: just a backup of the OS build, a non-syspreped copy
      I use this image as a starting point.  Its faster to recover from this backup then to install the OS from disc.
    2. Drivers Image: a syspreped image containing all the drivers i need
      I use this image to test the drivers.  Its quicker to use this small image then one with lots of applications and stuff.  Once the drivers a verified i do not keep this image.
    3. Production Template: just a backup of the Production build, a non-syspreped copy
      This is just a backup of my production build.  If something goes wrong during the sysprep or i need to add, update or remove application using this backup on my template computer is a lot easier than rebuilding from the OS backup.
    4. Production Image: a fully syspreped image capable of being installed on any on my platforms
      And this is the final product.  Used to image all.
  • I make two types of images
    1. Deployed or Console image
      This image is built the same as the other but at the end i use the Ghost console to sysprep the image.  This allows me to better monitor what Ghost is doing when making the image and deploying it.
    2. Ghosted image
      This image is built the same as the other but is syspreped without the Ghost console.  I just use Ghost to package the image in the Ghost format.  The steps below follow this type of image.

I have several scripts loaded on a USB memory stick.  This stick also contains all of the device drivers.  Here is a summary of the items on this memory stick:

  • Device Drivers: All device drivers for every model this image will support
  • Sysprep Drive Scanner:  Scans for device drivers and loads paths into the registry
  • Sysprep: Microsoft sysprep files
  • MySysprep: MySysprep files in the Sysprep directory
  • Clean script: Cleans the hard drive of unused, cached, and temp files
  • CopyHAL script: Copies HAL files to ensure system compatibility
  • OpenCMD script: Simply opens a command window for a different drive
  • CopyDrivers script: Copies device drivers to the hard drive
  • CopyTemp script: Copies GUI run once files to system temp area
  • Prep script: Modifies files to customize the image
  • Sysprep script: Launches sysprep with set parameters

Brief rundown of the products used in the image and to make the image:

  • Template computer is a Dell Optiplex GX520
  • Windows XP SP3
  • Symantec Ghost Solution Suite
  • 3COM PXE Boot Services (included with Ghost)
  • Microsoft Sysprep
  • MySysprep (http://www.tsaysoft.com/mysysprep/)
  • Sysprep Drive Scanner (http://www.vernalex.com/tools/spdrvscn/)

OS Template – Operating System Only

This image is used as a fail back point and only works n the template computer.

  • Boot from Windows XP SP3 disc
  • Remove partition
  • Quick format
  • Clean Install from Windows XP SP3 disc
  • Set administrator <password>
    (I use a common administrator password then change it at the end)
  • No additional users; type ‘none’
    (When asked for users, if you type ‘none’ no other users will be setup)
  • Install NIC driver (R132254) (GX520 Broadcom, is Build System specific)
  • Copy SP3 i386 directory to %SystemDrive%\i386
    (I do this because some installations ask for the system disk.  Doing this eliminates the request, but I you do get the request just point to this location.)
  • Registry edit: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SourcePath to C:\i386
    (This should help installations automatically find the Windows source files)
  • Turn off firewall
    (This facilitates image building)
  • Turn automatic updates off
  • Remove unwanted Windows components, such as;
    (We do not use or want foe of the stuff automatically installed with the OS)
  • MSN Explorer
  • Outlook Express
  • Windows Messenger
  • Defrag hard drive
  • Make the Image
    Using your favorite imaging software make a backup (non-syspreped) image.

DriverTest  Image – Syspreped Image of the OS that will load on all models.

This image is basically a syspreped version of the OS Template image and used to ensure all device drivers work.

On the template computer;

  • Load OS Image Template
  • Turn Firewall off
  • Copy HAL files to %SystemRoot%\System32 using CopyHAL script This will set the HAL to ACPI and copy the necessary HAL and kernel files to the system directory.  These HAL files are Service Pack specific but named the same. (As newer computers have multiple processors, this is needed to ensure all computers boot and load the operating system.)
@echo off

REM Copies HAL files

REM These files set the HAL to ACPI
copy /y halacpi.dll %SystemRoot%\system32\hal.dll
copy /y ntkrnlpa.exe %SystemRoot%\system32
copy /y ntoskrnl.exe %SystemRoot%\system32
echo ACPI files copied...

REM These files allow HAL to change to match different systems
copy /y halaacpi.dll %SystemRoot%\system32
copy /y halacpi.dll %SystemRoot%\system32
copy /y halapic.dll %SystemRoot%\system32
copy /y halmacpi.dll %SystemRoot%\system32
copy /y halmps.dll %SystemRoot%\system32
copy /y halsp.dll %SystemRoot%\system32
copy /y ntkrnlmp.exe %SystemRoot%\system32
copy /y ntkrpamp.exe %SystemRoot%\system32
copy /y win32k.sys %SystemRoot%\system32\drivers
echo Remaining HAL files copied...

echo Copy complete...
pause
  • Reboot
  • Check HAL – need to be ACPI
  • Join Domain, if applicable
  • Install network certificate, if applicable, and ensure it is fully trusted (certmgr.msc)

From the memory stick;

  • Run OpenCMD; to open a command window
%comspec% /k
  • Run Clean script; clears caches, temp areas, and MRU lists
    The part clearing user data may not look right.  This is the only cleaning script i use and the ‘image’ user is explained later.
@echo off

REM The following scripts/commands clean/clear settings
REM for preparation of imaging a template computer

NET USE /PERSISTENT:No

REM Clear Sophos Anti-Virus Settings, provided by Sophos
echo Clearing Sophos Settings...
net stop "sophos message router"
net stop "sophos agent"
net stop "sophos autoupdate service"
reg delete "HKLM\SOFTWARE\Sophos\ALC Agent\Private" /v pkc /f
reg delete "HKLM\SOFTWARE\Sophos\ALC Agent\Private" /v pkp /f
reg delete "HKLM\SOFTWARE\Sophos\Messaging System\Router\Private" /v pkc /f
reg delete "HKLM\SOFTWARE\Sophos\Messaging System\Router\Private" /v pkp /f
reg delete "HKLM\SOFTWARE\Sophos\Remote Management System\ManagementAgent\Private" /v pkc /f
reg delete "HKLM\SOFTWARE\Sophos\Remote Management System\ManagementAgent\Private" /v pkp /f
del /q /f "C:\Program Files\Sophos\AutoUpdate\Data\Status\status.xml"
del /q /f "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\Config\Machine.xml"

REM Clear MRUs - most recently used lists of files
echo Clearing MRUs...
reg delete "HKCU\Software\Microsoft\Internet Explorer\TypedURLs" /f
reg delete "HKCU\Software\Microsoft\MediaPlayer\Player\RecentFileList" /f
reg delete "HKCU\Software\Microsoft\MediaPlayer\Player\RecentURLList" /f
reg delete "HKCU\Software\Microsoft\Office\11.0\Common\Open Find" /f
reg delete "HKCU\Software\Microsoft\Office\11.0\Excel\Recent Files" /va /f
reg delete "HKCU\Software\Microsoft\Office\11.0\Excel\UserInfo" /va /f
reg delete "HKCU\Software\Microsoft\Office\11.0\PowerPoint\Recent File List" /va /f
reg delete "HKCU\Software\Microsoft\Office\11.0\PowerPoint\UserInfo" /va /f
reg delete "HKCU\Software\Microsoft\Office\11.0\Publisher\Recent File List" /va /f
reg delete "HKCU\Software\Microsoft\Office\11.0\Publisher\UserInfo" /va /f
REM reg delete "HKCU\Software\Microsoft\Office\11.0\Word\ /va /f
reg delete "HKCU\Software\Microsoft\Office\11.0\Word\UserInfo" /va /f
reg delete "HKCU\Software\Microsoft\Office\12.0\Common\Open Find" /f
reg delete "HKCU\Software\Microsoft\Office\12.0\Common\UserInfo" /f
reg delete "HKCU\Software\Microsoft\Office\12.0\Excel\File MRU" /va /f
reg delete "HKCU\Software\Microsoft\Office\12.0\PowerPoint\File MRU" /va /f
reg delete "HKCU\Software\Microsoft\Office\12.0\Publisher\Recent File List" /va /f
reg delete "HKCU\Software\Microsoft\Office\12.0\Word\File MRU" /va /f
reg delete "HKCU\Software\Microsoft\Search Assistant\ACMru" /f
reg delete "HKCU\Software\Microsoft\Terminal Server Client\UsernameHint" /va /f
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Paint" /f
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit" /v LastKey /f
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad" /f
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU" /va /f
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU" /va /f
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComputerDescriptions" /va /f
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU" /f
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FindComputerMRU" /f
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU" /f
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /va /f
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\PrnPortsMRU" /f
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs" /f
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU" /f
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU" /f

REM Remove Caches and Temp Folder Contents
echo Clearing Caches and Temp areas...
del /S /Q /F "%windir%\Prefetch"
del /S /Q /F "%windir%\temp"
del /S /Q /F "%windir%\System32\dllcache"
REM Do this for every user
del /S /Q /F "C:\Documents and Settings\administrator\Application Data\Microsoft\Office\Recent"
del /S /Q /F "C:\Documents and Settings\Administrator\Local Settings\Temp"
del /S /Q /F "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files"
del /S /Q /F "C:\Documents and Settings\Administrator\Cookies"
del /S /Q /F "C:\Documents and Settings\Administrator\Local Settings\History"
del /S /Q /F "C:\Documents and Settings\Administrator\Local Settings\Application Data\iconcache.db"
echo Clearing Restore Points...
cscript ResetSR.vbs

echo Cleaning Procedure is Finished...
echo Run prep.bat <image name> <'y' to copy sysprep>
pause

ResetSR.vbs (called from the clean script);

REM 'The following script (from MSDN - slightly modified) can be used to clear the
REM 'System Restore points quickly. It automatically disables System Restore, clears
REM 'all the Restore points and re-enables System Restore on all drives. Copy the
REM 'following script to a notepad and save as "ResetSR.VBS".

strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\default")
Set objItem = objWMIService.Get("SystemRestore")
errResults = objItem.Disable("")
REM errResults = objItem.Enable("")

REM 'The above is an equivalent of selecting Turn Off System Restore on all drives
REM '(which clears all the Restore points) and the last line in the script re-enables
REM 'the System Restore points.
  • Run CopyDrivers; Copies drivers to %SystemDrive%\Drivers
xcopy "\Drivers" "c:\Drivers" /S /I /Y
  • Run Prep; with parameters <image name> <y> First parameter is the name of the image being made, no spaces Second parameter indicates whether or not to copy the sysprep files to the system drive; y to copy, anything else or blank/nothing to not copy the files.
@echo off

REM Creates image.txt file in the root,
REM copies password file if image name is ‘Type2’ or ‘Type3’
REM changes OU if image name is ‘Type2’ or ‘Type3’
REM and copies sysprep directory if second parameter is ‘y’
REM usage; prep.bat <name of image> <y>

REM If no prams entered stop
if X%1==X goto NoPram

REM Create desc.cmd file
REM This file is used later to set the computer description
echo Creating desc.cmd file...
echo net config server /srvcomment:"%1 image packaged on %date%" > %windir%\temp\desc.cmd

REM create image.txt file
REM This text file saves image information, so i know what image it was
echo Creating image.txt file...
echo "%1 image packaged on %date%" > %systemdrive%\image.txt

REM if image name is Type2 copy password file
REM during the GIU run-once, this changes the local admin's password
if /i not "%1"=="Type2" goto pwd_3
copy \temp\pwdType22.vbs %windir%\temp\pwd.vbs
echo Type2 password copied.

REM if image name is Type3 copy password file
REM during the GIU run-once, this changes the local admin's password
:pwd_3
if /i not "%1"=="Type3" goto CpySysprep
copy \temp\pwdType3.vbs %windir%\temp\pwd.vbs
echo Type3 password copied.

:CpySysprep
REM If 2nd pram is y than copy sysprep folder
echo Copying sysprep files...
if /i not "%2"=="y" goto Patch
xcopy "\sysprep" "c:\sysprep" /S /I /Y
echo Sysprep folder copied.
cd c:\sysprep

REM Change OU from Type1 to Type2
REM this will change the MachineObjectOU data in the sysprep.inf file
if /i not "%1"=="Type2" goto OUType3
cscript OUType2.vbs
echo Sysprep.inf file modified for Offices.

REM Change OU from Type1 to Type3 & add loaner user
REM this will change the MachineObjectOU data in the sysprep.inf file
REM and creates a local user and add it to the local admin's group
:OUType3
if /i not "%1"=="Type3" goto Patch
cscript OUType3.vbs
echo Sysprep.inf file modified for Type3

net user type3 password /Add /Fullname:"Type3" /Comment:"Type3" /Passwordchg:no /expires:never
net localgroup "administrators" Type3 /add

:Patch
REM Copy program patch file for GUI Run Once
echo Copying GUI run once patch file...
copy \temp\fix.cmd %windir%\temp\fix.cmd

:Done
echo *** SUMMARY ***
REM Display completed notes
echo Image name: %1.
if "%2"=="y" echo SysPrep files copied.
goto last

:NoPram
REM Display no pram entered error
echo No Image Name Entered, Command STOPPED
pause
EXIT /B

:last
REM Display finished note
echo Prep Procedure is Finished.
echo Ready to launch Device Driver Scanner.

pause
spdrvscn.exe

The Fix.cmd file that was copied by the script above is shown below
This is my GUI run-once file.  This main patch file make all the required mods; re-installs anti-virus, sets the firewall, moves the template user ‘image’ to be the default, sets default domain for login, removes system generated shortcuts i don’t want, and more

@echo on

REM Sophos setup, reinstalls Sophos Anti-Virus
del "%ProgramFiles%\Sophos\Sophos Anti-Virus\cidsync.upd"
start /wait msiexec.exe /i "%ProgramFiles%\Sophos\AutoUpdate\cache\savxp\Sophos Anti-Virus.msi" REINSTALL=ALL REINSTALLMODE=voums UPDATEDRIVERS=0 /l*v c:\msi.log /qb

REM Sets firewall, starts server service, resets password, sets computer description
netsh firewall set opmode mode = disable profile = all
net start server
cscript %windir%\Temp\PWD.vbs //B
call %windir%\Temp\desc.cmd

REM Next 5 sections copy and setup default profile from image profile
REM makes the user image's profile the default, if there is one
if not exist "C:\Documents and Settings\image\NTUSER.dat" goto :Pass
rmdir /q /s "C:\Documents and Settings\Default User"
move "C:\Documents and Settings\image" "C:\Documents and Settings\Default User"
attrib +H "C:\Documents and Settings\Default User"
If exist %TEMP%\DESKTOP.TMP del /q %TEMP%\DESKTOP.TMP

set Ipath="C:\Documents and Settings\Default User\My Documents\Desktop.INI"
attrib -H -S %Ipath%
Findstr /b /i /v /l /c:Owner= %Ipath% >>%TEMP%\DESKTOP.TMP
copy %TEMP%\DESKTOP.TMP %Ipath%
del /q %TEMP%\DESKTOP.TMP
attrib +H +S %Ipath%

set Ipath="C:\Documents and Settings\Default User\My Documents\My Music\Desktop.INI"
attrib -H -S %Ipath%
Findstr /b /i /v /l /c:Owner= %Ipath% >>%TEMP%\DESKTOP.TMP
copy %TEMP%\DESKTOP.TMP %Ipath%
del /q %TEMP%\DESKTOP.TMP
attrib +H +S %Ipath%

set Ipath="C:\Documents and Settings\Default User\My Documents\My Pictures\Desktop.INI"
attrib -H -S %Ipath%
Findstr /b /i /v /l /c:Owner= %Ipath% >>%TEMP%\DESKTOP.TMP
copy %TEMP%\DESKTOP.TMP %Ipath%
del /q %TEMP%\DESKTOP.TMP
attrib +H +S %Ipath%

set Ipath="C:\Documents and Settings\Default User\My Documents\My Videos\Desktop.INI"
attrib -H -S %Ipath%
Findstr /b /i /v /l /c:Owner= %Ipath% >>%TEMP%\DESKTOP.TMP
copy %TEMP%\DESKTOP.TMP %Ipath%
del /q %TEMP%\DESKTOP.TMP
attrib +H +S %Ipath%

:Pass
REM sets the default domain for login
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "AltDefaultDomainName" /d "domain" /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "DefaultDomainName" /d "domain" /f
REG ADD "HKCR\Applications\MMC.exe" /v "NoOpenWith" /d "" /f
REG ADD "HKCR\Applications\MMC.exe" /v "NoStartPage" /d "" /f

REM Remove image user locally
net user image /delete

REM Program patches, these are some program patches
REM yes i could have done some of this before imaging but i forget these things
REM just changing users rights
if not exist "%ProgramFiles%\meetingmaker\MMCLNT32" goto :2
cacls "%ProgramFiles%\meetingmaker\MMCLNT32" /e /g Users:c
.
.
.
:7
REM this program knows its on a different computer and must be reactivated
if not exist "%ProgramFiles%\QSR\NVivo 8" goto :11
"%ProgramFiles%\QSR\NVivo 8\NVivo.exe" -a "%ProgramFiles%\QSR\NVivo 8\NVivo8_Activation.xml"

:11
REM Remove automatically generated desktop and program list shortcuts by clearing data for StubPath
REM In this order; Windows Messenger, Internet Explorer 6, Windows Media Player, Outlook Express, Outlook Express, Internet Explorer, Windows Media Player
reg add "hklm\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}" /v "StubPath" /t REG_EXPAND_sz /d "" /f
reg add "hklm\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}" /v "StubPath" /t REG_EXPAND_sz /d "" /f
reg add "hklm\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}" /v "StubPath" /t REG_EXPAND_sz /d "" /f
reg add "hklm\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}" /v "StubPath" /t REG_EXPAND_sz /d "" /f
reg add "hklm\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}" /v "StubPath" /t REG_EXPAND_sz /d "" /f
reg add "hklm\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}" /v "StubPath" /t REG_EXPAND_sz /d "" /f
reg add "hklm\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}" /v "StubPath" /t REG_EXPAND_sz /d "" /f
REM remove the rest but not dotnet thing
reg add "hklm\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}" /v "StubPath" /t REG_EXPAND_sz /d "" /f
reg add "hklm\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}" /v "StubPath" /t REG_EXPAND_sz /d "" /f
reg add "hklm\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}" /v "StubPath" /t REG_EXPAND_sz /d "" /f
reg add "hklm\SOFTWARE\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}" /v "StubPath" /t REG_EXPAND_sz /d "" /f
reg add "hklm\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}" /v "StubPath" /t REG_EXPAND_sz /d "" /f
reg add "hklm\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}" /v "StubPath" /t REG_EXPAND_sz /d "" /f
reg add "hklm\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}" /v "StubPath" /t REG_EXPAND_sz /d "" /f
reg add "hklm\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}" /v "StubPath" /t REG_EXPAND_sz /d "" /f
reg add "hklm\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}" /v "StubPath" /t REG_EXPAND_sz /d "" /f
REM reg add "hklm\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}" /v "StubPath" /t REG_EXPAND_sz /d "" /f
reg add "hklm\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS" /v "StubPath" /t REG_EXPAND_sz /d "" /f

REM remove the password file
del /q /f %windir%\Temp\PWD.vbs

REM once i removed the device drivers but not ileave them
REM rmdir /s /q C:\Drivers
REM update group policy and reboot

REM i use both command because if there are no gpo requiring a restart then /boot will not work
gpupdate /force /boot
shutdown -r -f
  • Run SysPrep Driver Scanner (automatically opens after running: Prep.bat)
    Sysprep Driver Scanner:  http://www.vernalex.com/tools/spdrvscn/
    (you can add drivers to the OemPnPDriversPath in sysprep.inf but using this tool adds the entries the the registry allowing the string to be longer/bigger)

    • Click button ‘1. Default’
    • Change ‘Search Path:’ to c:\Drivers (or where ever you loaded the drivers)
    • Click button ‘2. Scan’
    • Click button ‘5. Save’
    • Click button ‘6. Done’
  • Run Sysprep script (not sysprep.exe, run sysprep.bat)
@echo off
c:\sysprep\mysysprep.exe -reseal -mini -pnp -quiet
  • Below are the system preparation configuration files I use

sysprep.inf;

;SetupMgrTag - All Computers Using Ghost

[Unattended]
    unattendedMode=FullUnattended

    ;OemPnPDriversPath=
    KeepPageFile=0
    DriversigningPolicy=ignore
    OemPreinstall=Yes
    OemSkipEula=Yes
    InstallFilesPath=C:\i386

    ConfirmHardware=No
    OverwriteOemFilesOnupgrade=No
    DriverSigningPolicy=Ignore
    updateInstalledDrivers=Yes

[GuiUnattended]
    AdminPassword="password"
    EncryptedAdminPassword=NO
    OEMSkipRegional=1
    TimeZone=35
    OemSkipWelcome=1
    AutoLogon=Yes
    AutoLogonCount=1

[UserData]
    ProductKey=xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
    FullName="Name"
    OrgName="Name"
    ;Computer name from bios asset tag using mysysprep
    ComputerName=%AssetTag%    

[Identification]
    JoinDomain=doamin
    DomainAdmin=username
    DomainAdminPassword=password
    MachineObjectOU="OU=name,DC=name,DC=example,DC=com"

[Display]
    BitsPerPel=32
    Xresolution=1280
    YResolution=1024
    Vrefresh=75

[Networking]
    InstallDefaultComponents=Yes

[TerminalServices]
    AllowConnections=1

[Branding]
    BrandIEUsingUnattended=Yes

[Proxy]
    Proxy_Enable=0
    Use_Same_Proxy=0

[GuiRunOnce]
    Command0=%windir%\Temp\Fix.cmd

[Sysprep]
    BuildMassStorageSection=No

[SysprepMassStorage]
    PCI\VEN_1180&DEV_8043&CC_0880=%systemdrive%\drivers\R188776\W2K\Rimmptsk.inf ;Ricoh SD/MMC Host Controller
    PCI\VEN_8086&DEV_24CA&CC_0101=%windir%\inf\mshdc.inf ;Intel(R) 82801DBM Ultra ATA Storage Controller - 24CA
    PCI\VEN_8086&DEV_24CB&CC_0101=%windir%\inf\mshdc.inf ;Intel(R) 82801DB Ultra ATA Storage Controllers - 24CB
    PCI\VEN_8086&DEV_24D1&CC_0101=%windir%\inf\mshdc.inf ;Intel(R) 82801EB Ultra ATA Storage Controllers
    PCI\VEN_8086&DEV_24DB&CC_0101=%windir%\inf\mshdc.inf ;Intel(R) 82801EB Ultra ATA Storage Controllers
    PCI\VEN_8086&DEV_2651&CC_0101=%windir%\inf\mshdc.inf ;Intel(R) 82801FB Ultra ATA Storage Controllers - 2651
    PCI\VEN_8086&DEV_2653&CC_0101=%windir%\inf\mshdc.inf ;Intel(R) 82801FBM Ultra ATA Storage Controller - 2653
    PCI\VEN_8086&DEV_266F&CC_0101=%windir%\inf\mshdc.inf ;Intel(R) 82801FB/FBM Ultra ATA Storage Controllers - 266F
    PCI\VEN_8086&DEV_2681&CC_0106=%systemdrive%\drivers\imsm\iaahci.inf ;Intel(R) ESB2 SATA AHCI Controller
    PCI\VEN_8086&DEV_2682&CC_0104=%systemdrive%\drivers\imsm\iastor.inf ;Intel(R) ESB2 SATA RAID Controller
    PCI\VEN_8086&DEV_27C0&CC_0101=%windir%\inf\mshdc.inf ;Intel(R) 82801GB/GR/GH (ICH7 Family) Ultra ATA Storage Controllers - 27C0
    PCI\VEN_8086&DEV_27C1&CC_0106=%systemdrive%\drivers\imsm\iaahci.inf ;Intel(R) ICH7R/DH SATA AHCI Controller
    PCI\VEN_8086&DEV_27C3&CC_0104=%systemdrive%\drivers\imsm\iastor.inf ;Intel(R) ICH7R/DH SATA RAID Controller
    PCI\VEN_8086&DEV_27C4&CC_0101=%windir%\inf\mshdc.inf ;Intel(R) 82801GBM/GHM (ICH7-M Faimly) Serial ATA Storage Controller - 27C4
    PCI\VEN_8086&DEV_27C5&CC_0106=%systemdrive%\drivers\imsm\iaahci.inf ;Intel(R) ICH7M/MDH SATA AHCI Controller
    PCI\VEN_8086&DEV_27C6&CC_0104=%systemdrive%\drivers\imsm\iastor.inf ;Intel(R) ICH7MDH SATA RAID Controller
    PCI\VEN_8086&DEV_27DF&CC_0101=%windir%\inf\mshdc.inf ;Intel(R) 82801G (ICH7 Family) Ultra ATA Storage Controllers - 27DF
    PCI\VEN_8086&DEV_2820&CC_0101=%windir%\inf\mshdc.inf ;Intel(R) ICH8 4 port Serial ATA Storage Controller - 2820
    PCI\VEN_8086&DEV_2821&CC_0106=%systemdrive%\drivers\imsm\iaahci.inf ;Intel(R) ICH8R/DH/DO SATA AHCI Controller
    PCI\VEN_8086&DEV_2822&CC_0104=%systemdrive%\drivers\imsm\iastor.inf ;Intel(R) ICH8R/ICH9R/ICH10R/DO SATA RAID Controller
    PCI\VEN_8086&DEV_2825&CC_0101=%windir%\inf\mshdc.inf ;Intel(R) ICH8 2 port Serial ATA Storage Controller - 2825
    PCI\VEN_8086&DEV_2828&CC_0101=%windir%\inf\mshdc.inf ;Intel(R) ICH8M 3 Port Serial ATA Storage Controller - 2828
    PCI\VEN_8086&DEV_2829&CC_0106=%systemdrive%\drivers\imsm\iaahci.inf ;Intel(R) ICH8M-E/M SATA AHCI Controller
    PCI\VEN_8086&DEV_282A&CC_0104=%systemdrive%\drivers\imsm\iastor.inf ;Intel(R) ICH8M-E/ICH9M-E SATA RAID Controller
    PCI\VEN_8086&DEV_2850&CC_0101=%windir%\inf\mshdc.inf ;Intel(R) ICH8M Ultra ATA Storage Controllers - 2850
    PCI\VEN_8086&DEV_2920&CC_0101=%windir%\inf\mshdc.inf ;Intel(R) ICH9 4 port ATA Storage Controller 2 - 2920
    PCI\VEN_8086&DEV_2922&CC_0106=%systemdrive%\drivers\imsm\iaahci.inf ;Intel(R) ICH9R/DO/DH SATA AHCI Controller
    PCI\VEN_8086&DEV_2926&CC_0101=%windir%\inf\mshdc.inf ;Intel(R) ICH9 2 port ATA Storage Controller 2 - 2926
    PCI\VEN_8086&DEV_2928&CC_0101=%windir%\inf\mshdc.inf ;Intel(R) ICH9M/M-E 2 port Serial ATA Storage Controller 1 - 2928
    PCI\VEN_8086&DEV_2929&CC_0106=%systemdrive%\drivers\imsm\iaahci.inf ;Intel(R) ICH9M-E/M SATA AHCI Controller
    PCI\VEN_8086&DEV_292D&CC_0101=%windir%\inf\mshdc.inf ;Intel(R) ICH9M/M-E 2 port Serial ATA Storage Controller 2 - 292D
    PCI\VEN_8086&DEV_3A02&CC_0106=%systemdrive%\drivers\imsm\iaahci.inf ;Intel(R) ICH10D/DO SATA AHCI Controller
    PCI\VEN_8086&DEV_3A22&CC_0106=%systemdrive%\drivers\imsm\iaahci.inf ;Intel(R) ICH10R SATA AHCI Controller

MySysprep.inf;

;;Wildcard characters
;; *  Any string of zero or more characters.
;; ?  Any single character.
;;[ ] Any single character within the specified range ([a-f]) or set ([abcdef]).
;;[!] Any single character not within the specified range ([!a-f]) or set ([!abcdef]).

[CPU]
;GenuineIntel.MP=mp.inf
;GenuineIntel.UP=up.inf
;AuthenticAMD.MP=mp.inf
;AuthenticAMD.UP=up.inf

[Manufacturer]
;Manufacturer Name=mfg.inf

[Model Like]
;Model Name with wildcards=modellike.inf

[Model]
;Model Name=model.inf
;MP model=mp.inf
;UP model=up.inf
;Latitude D600=up.inf
;Latitude D800=up.inf
Latitude D610=up.inf
Latitude D810=up.inf
Latitude D620=mp.inf
Latitude D820=mp.inf
Latitude D630=mp.inf
Latitude D830=mp.inf
Latitude E4200=mp.inf
Latitude E4300=mp.inf
Latitude E6400=mp.inf
Latitude E5400=mp.inf
Latitude E5500=mp.inf
Latitude E6400=mp.inf
;Latitude E6400ATG=mp.inf
Latitude E6500=mp.inf
OptiPlex GX260=up.inf
OptiPlex GX270=up.inf
OptiPlex GX280=mp.inf
OptiPlex GX520=mp.inf
OptiPlex 745=mp.inf
OptiPlex 755=mp.inf
OptiPlex 760=mp.inf
OptiPlex 960=mp.inf

[SerialNo Like]
;Serial No with wildcards=seriallike.inf

[SerialNo]
;Serial No=serial.inf
  • Make the image
    Using your favorite imaging software make the image
  • Test
    • Image all models
    • Check Device Manager for;
      • Proper computer driver (HAL)
      • Missing drivers
      • If anything is wrong, start OS Template backup image all over addressing the issues.

Production Image – The final product

This image is like the DriverTest image but contains all desired programs.  Although I have several production images (Office, Science LAbs, General Labs, Podiums).  The first set and last set of steps are the same.

On the template computer;

  • Load OS Image Template
  • Turn Firewall off
  • Copy HAL files to %SystemRoot%\System32 using CopyHAL script
    This will set the HAL to ACPI and copy the necessary HAL and kernel files to the system directory.  These HAL files are Service Pack specific but named the same.
    (As newer computers have multiple processors, this is needed to ensure all computers boot and load the operating system.)
  • Reboot
  • Check HAL – need to be ACPI
  • Join Domain, if applicable
  • Install network certificate, if applicable, and ensure it is fully trusted (certmgr.msc)
  • Add the domain\image_account user to the local Administrators Group.
    I use this account (image) to install all software.  The GUI run-once file Fix.cmd will copy this account over the default account making this ‘image’ account profile the default profile.  This is needed because XP will over write your default profile during sysprep.  So to keep Customizations I copy the modified profile after imaging.
  • Reboot
  • Install and configure base programs
    Base programs are the programs that others rely on, such as;
    I consider a base program one that other may rely on such as; you need to install you browsers prior to installing Flash player.

    • Office
    • Web browsers
    • System software
  • Install standard applications
    These would be most other programs, or programs that do not fall into the other categories.
  • Install final programs
    These programs are the ones you do not want to install until the end.

    • Windows Defender
    • Anti-Virus (install this last)
  • Desktop Items
    • Add/remove desktop shortcuts
  • Configuration
    Modify the system to what you want it to be
    (Again, do this as the ‘image’ account.  This profile will be the default profile)

    • Configure Windows – modify Windows to what you like, such as;
      • Desktop theme
      • Set/Change desktop theme
    • Start Menu
      • Remove email link
      • Uncheck; highlight newly installed programs
      • Uncheck; Set Program Access and Defaults
      • Uncheck; List my most recently opened documents
    • Taskbar
      • Uncheck; Group similar taskbar buttons
      • Uncheck; Hide inactive icons
      • Remove all shortcuts above Programs list
      • Group like programs into one program group (i.e. Adobe products)
      • Delete; Remote Assistance link
      • Move single Windows links into Accessories folder & Sort by Name
      • Sort Programs list by name
    • Disable screen saver password
    • Power Options and Properties
    • Uncheck; Prompt for password…
    • Change Power button options to; Do nothing
    • Turn sound off
  • Prep for Imaging
    • Run Windows Disk Cleanup
    • Run Clean script
    • Run Windows Disk Defragmenter (run at least twice)
    • Change permissions on the Image user’s profile to anyone read
  • Make a Backup Image
    Using your favorite imaging software make a backup image (non-syspreped).  As you should never sysprep an image more than once, I use this a base image I can make changes to without starting from the beginning.
  • Run OpenCMD; to open a command window
  • Run Clean; clears caches, temp areas, and MRU lists
  • Run CopyDrivers; Copies drivers to %SystemDrive%\Drivers
  • Run Prep; with parameters <image name> <y>
    First parameter is the name of the image being made, no spaces
    Second parameter indicates whether or not to copy the sysprep files to the system drive; y to copy, anything else or blank/nothing to not copy the files.
  • Run SysPrep Driver Scanner (automatically opens after running: Prep
    • Click button ‘1. Default’
    • Change ‘Search Path:’ to c:\Drivers (or where ever you loaded the drivers)
    • Click button ‘2. Scan’
    • Click button ‘5. Save’
    • Click button ‘6. Done’
  • Run Sysprep script (not sysprep.exe, run sysprep.bat)
  • Make the image
    Using your favorite imaging software make the image
  1. I am a new comer to making image, please where am I copying the HAL files from, XP installation CD?

    Comment by Bob — November 6, 2009 @ 10:27 pm
  2. @Bob
    The HAL files are in the i386 directory on the CD or Service Pack download, but are compressed. Use the ‘expand’ command to uncompress them. Then you can put the HAL files in a directory on, say, a memory stick. Remember, the HAL files are Service Pack specific.

    Comment by Quenga — November 16, 2009 @ 12:48 pm
  3. @Quenga
    Thanks for your reply, as per your instruction I was able to extrac the HAL files but now I ran into the problem of hardware compatibility as the image was made on a GX745 dual core processore but will not load on a Latitude Inspiron 600m a single core processor. Any suggestion on how to go about this?

    Comment by Bob — December 7, 2009 @ 8:01 pm
  4. @Bob
    First: 2 good wed sites;
    http://adminbromo.blogspot.com/2006/10/universal-ghost-image-guide.html
    http://www.joshie.com/journal/2005/12/27/windows-xp-a-tale-of-2-hals.html

    After you extract the HAL files, copy them to the %systemroot%\system32 folder on your template computer. Ensure to copy halacpi.dll to hal.dll, and then reboot. When the system restarts look at the HAL setting: In Hardware > Device Manager, under Computer should indicate: Advanced Configuration and Power Interface (ACPI) PC. If you copied all of the HAL files when the new system boots it will adjust the HAL appropriately.

    Also, when booting in Safe Mode if the system stops at [apg440.sys] it’s the HAL, if it stops at [mup.sys] it’s the mass storage driver.

    Comment by Quenga — December 8, 2009 @ 4:38 pm
  5. @Quenga
    Quenga, once again thanks for your quick and valuable responses, It worked as i was able to duplicate the image from a GX60 unto Inspiron 600 and GX755. But I have a little glitch, when I logon for the first time it report that Windows cannot find “C:\windows\Temp\Fix.cmd” and i knew I have that created and placed in my C:\SysPrep folder should I manually copy this to the C:\Windows\Temp?

    Comment by Bob — December 9, 2009 @ 11:04 pm
  6. Also from MySysprep.inf above;

    ;;Wildcard characters
    ;; * Any string of zero or more characters.
    ;; ? Any single character.
    ;;[ ] Any single character within the specified range ([a-f]) or set ([abcdef]).
    ;;[!] Any single character not within the specified range ([!a-f]) or set ([!abcdef]).

    [CPU]
    ;GenuineIntel.MP=mp.inf
    ;GenuineIntel.UP=up.inf
    ;AuthenticAMD.MP=mp.inf
    ;AuthenticAMD.UP=up.inf

    [Manufacturer]
    ;Manufacturer Name=mfg.inf

    [Model Like]
    ;Model Name with wildcards=modellike.inf

    at what stage would i have to supply the value to auto mate the change ACPI to UP or MP. My GX745 has ACPI and it’s a dual core processsor any help would be greatly apprecaited. thanks.

    Comment by Bob — December 10, 2009 @ 2:43 am
  7. @Bob
    *RUN-ONCE FILE*
    All of my scripts live on a memory stick. When the Clean script is run it copies the fix.cmd (run-once) file to %windir%\temp (%windir% is usually c:\windows).

    Your run-once script can be anywhere, but ensure the location of the script file matches this line in your sysprep.ini file;
    [GuiRunOnce]
    Command0=%windir%\Temp\Fix.cmd

    *MYSYSPREP.INI*
    First, the website for mysysprep is: http://www.tsaysoft.com/mysysprep/

    I have decided to use the Model information to determine processor types. Ensure you enter the values the same way displayed when you run ‘mysysprep /smbios’ on the target system(s).

    Comment by Quenga — December 10, 2009 @ 4:35 pm
  8. First of all I want to say great wrightup on sysprep.

    I’m currently working on syspreping a Dell E5400 and I’m having some trouble getting drivers for the audio to work. I’ve tried diffent methods, Double Driver, Driver Max, ect. to extract the drivers without any luck. The Driver I’m looking for is an IDT Audio Driver 92HDxxx HD Audio. Also just wondering what tools or process you use to extract Drivers.

    Thanks

    Comment by Chris — May 28, 2010 @ 1:56 pm
  9. @Chris
    The driver for the Dell Latitude E5400, Windows XP can be downloaded from the support.dell website at; http://support.dell.com/support/downloads/driverslist.aspx?os=WW1&catid=-1&dateid=-1&impid=-1&osl=EN&typeid=-1&formatid=-1&servicetag=&SystemID=LAT_E5400&hidos=WLH&hidlang=en&TabIndex=&scanSupported=False&scanConsent=False

    I download the driver executable then run it. It is usually expanded to c:\Dell\Drivers\Rxxxxx. I use these expanded files to load for imaging. I don’t know of another way to expand Dell’s driver files. Because I don’t know how to nicely expand the Dell driver files I like to expand the drivers on the system the drivers are made for or on a system that I know the drivers will fail on. Either way, I expand the files on a test system.

    Now Dell is offering a cab file containing all drivers needed for this model. Located under the System Management area you’ll find Driver Pack (not Driver Pack for…Preinstallation…) Download the cab, expand it (I like 7-zip). This cab file should have all of the drivers standard for the modes.

    After I expand the files and load them into a common directory (c:\drivers) I run SysPrep Driver Scanner – search this page for ‘Run SysPrep Driver Scanner’. I do not use the OemPnPDriversPath within the sysprep.ini file.

    Comment by Quenga — May 30, 2010 @ 12:54 pm

Sorry, the comment form is closed at this time.