none
Sysprep and Domain Joined PC

    Question

  • Can someone point me to Microsoft documentation that specifically states WHY you should not Sysprep a domain joined PC?  I'm being challenged on this and want to provide detailed specifics.

    Thank you,

    ~B

    Thursday, July 29, 2010 8:12 PM

Answers

  • There is no documentation why you should not sysprep a domain joined PC simply because it's a supported scenario. Sysprep will remove all identifiers from the machine anyway. Techncially there is nothing that prevents you from sysprepping a machine domain joined (it's a myth).

    That being said, sometimes real world catches up  :)   If you don't pay attention, group policies from the domain might bring settings and/or applications to the reference inage that you don't want... can happen in environments not very well managed... a tiny error in the reference image doesn't get smaller because you deploy it to a few thousand machines...  :)

    So, in most cases, because of the control I get, I prefer to deploy my refimages into a workgroup, but I have also worked with customers who create their refimages in the domain because their deployment tools requires it, or they have an application in the image that requires the machine to be domain joined.

    / Johan

    Thursday, July 29, 2010 9:02 PM

All replies

  • I'm not aware of a doc for this, but for starters, OSD won't allow you to capture an image of a machine that's domain joined (the capture CD).  Also, it's bad practice because of settings from GPO's.  Many of those GPO settings will become part of the machine's local policy and may cause issues down the road.
    Scott Gill
    SCCM Consultant
    Thursday, July 29, 2010 8:38 PM
  • There is no documentation why you should not sysprep a domain joined PC simply because it's a supported scenario. Sysprep will remove all identifiers from the machine anyway. Techncially there is nothing that prevents you from sysprepping a machine domain joined (it's a myth).

    That being said, sometimes real world catches up  :)   If you don't pay attention, group policies from the domain might bring settings and/or applications to the reference inage that you don't want... can happen in environments not very well managed... a tiny error in the reference image doesn't get smaller because you deploy it to a few thousand machines...  :)

    So, in most cases, because of the control I get, I prefer to deploy my refimages into a workgroup, but I have also worked with customers who create their refimages in the domain because their deployment tools requires it, or they have an application in the image that requires the machine to be domain joined.

    / Johan

    Thursday, July 29, 2010 9:02 PM