none
Audit Mode & Sysprep RRS feed

  • Question

  • Hi,

    I'm fairly new to MDT, but I've been reading posts and searching for solutions for a few months now.  I'm highly confused by some things I've been reading, and I'm hoping someone may be able to either explain some things, or point out the problems in my thinking.  I'm in the process of changing the way my org does imaging.  The current process looks like this:

    1. Install Windows 7 Ent (x64) to a machine
    2. Use Ctrl + Shift + F3 to go into Audit mode
    3. Update windows
    4. Install common Software
    5. Install Office (2013 for now)
    6. Update windows again
    7. Update drivers for machine model
    8. Use Ghost to pull an (open) image that we can modify later down the line
    9. Run Sysprep with custom Unattend.xml file
    10. Use Ghost to pull finalized image that we can either deploy, or clone

    There are tons of reasons we're trying to move away from this process, but a big thing I've been trying to do with MDT involves automating as much of this process as possible.  My 2 biggest walls right now are the following:

    • There doesn't seem to be a good way to tell MDT to use Audit mode - it just logs in as the admin user and does whatever you set it to do
    • It seems like there's no good way to automate (via MDT) the actual Sysprep process?  all the things I've found online say that you have to actually boot into the system and then run the remote LiteTouch.wsf file to kick off the process - how is it that this doesn't just work from the WinPE?

    For as much as MDT has the potential to make my life easier, I'm not understanding the manual parts to this.  Any clarity folks can provide would be a big help.  I'm using MDT build 8443 - We plan to move to Win10 soon, but I want to get things working for Win7 before I move on to the next OS

    Thanks!


    Monday, October 30, 2017 6:21 PM

All replies

  • I should also mention that I'm aware of Config Manager, but I haven't yet ventured into that territory.  I only recently found out that we have access to it ( I avoided it at 1st because I didn't want to add something that we'd have to pay for).  I also want to understand what I'm doing & working with, before I add another layer of complexity.
    Monday, October 30, 2017 6:23 PM
  • MDT does not use Audit mode (thank god for that), instead, it automates the process of patching & configuring as well as installing applications and then running Sysprep to generalize and seal the image.

    A good starting point is the deployment research website:

    You could also consider reading an excellent book on MDT called "Mastering Microsoft Deployment Toolkit" by Manuel Singer.

    Regardless, MDT build 8443 fully supports Windows 10 and Windows 7 at the same time. A lot of work you put into Windows 7 image can be carried over to Windows 10.


    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    • Proposed as answer by Dan_Vega Thursday, February 1, 2018 3:49 PM
    Monday, October 30, 2017 6:57 PM
  • Thanks Anton!  I'm glad to know that I wont have to start from scratch when I get to the Win10 part of my work.  As for Audit mode - is there any advantage/disadvantage to using it in this capacity?  You said "Thank god for that" in reference to MDT not using Audit mode - is it primary purpose just for what I was doing in my original image builds?

    Funny enough, I have a number of Deployment Research tabs already open, and that Win7 link is what I used to build my 1st base image  :-D  I'll have to comb through it again tho, because the image that came out of it was non actually sysprep-ed.

    Thanks for the response.

    Monday, October 30, 2017 8:03 PM
  • Well, MDT and audit mode do not mix and, since if you are creating a reference image you are going down the Sysprep route, there is no need for it anyway. If you really need to do some manual customizing, there is a way to pause the execution of a TS and then resume it at a later point.

    As to why your image wasn't "sysprepped", I can only theorize:

    Assuming you did not remove Sysprep and capture bits from your task sequence, I would recommend adding following bits to your CustomSettings.ini:

    ComputerBackupLocation=%DeployRoot%\Captures
    BackupFile=W10_1703_#replace(date,"/",".") & ".wim"#
    SkipCapture=NO
    DoCapture=YES
    PrepareWinRE=NO

    ComputerBackupLocation specifies where to put the resulting WIM file

    BackupFile dynamically sets file name

    SkipCapture = NO tells MDT to show Sysprep / capture UI dialogue (you can change that to YES)

    DoCapture = YES instructs MDT to execute Sysprep and perform image capture

    PrepateWinRE = NO makes sure that WinRE partition is not being created as it is totally unnecessary in a ref image.

    Additional info: if you are using Hyper-V to build your image (which you should), make sure you use Gen. 1 VMs and not Gen. 2.


    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    Monday, October 30, 2017 8:13 PM
  • Ah, good info.  Some of that I think I have, some of it is new.  I'm glad to know I don't need to worry about Audit mode - I was racking my brain over that for a while because I've basically been trying to duplicate/automate my old process in this new environment.  My CustomSettings.ini file:

    [Settings]
    Priority=Default
    
    [Default]
    _SMSTSORGNAME=Org-name
    UserDataLocation=NONE
    DoCapture=YES
    OSInstall=Y
    AdminPassword=test
    TimeZoneName=Eastern Standard Time
    JoinWorkgroup=WORKGROUP
    HideShell=NO
    FinishAction=SHUTDOWN
    ApplyGPOPack=NO
     
    SkipAdminPassword=YES
    SkipProductKey=YES
    SkipComputerName=YES
    SkipDomainMembership=YES
    SkipUserData=YES
    SkipLocaleSelection=YES
    SkipTaskSequence=NO
    SkipTimeZone=YES
    SkipApplications=YES
    SkipBitLocker=YES
    SkipSummary=YES
    SkipRoles=YES
    SkipCapture=NO
    SkipFinalSummary=YES
    EventService=http://SERVER:9800
    

    Looking back, I'm wondering if the "FinishAction=SHUTDOWN" is a contributing factor (although that actually came from the DeplymentResearch guide).  I already have DoCapture=YES & SkipCapture=NO, so I'll try adding these other items.  I'd suppose it's also possible something in my Unattend file could be causing trouble too.

    I am using Hyper-V, and I learned about G1 vs G2 the hard way, haha.  definitely using G1 VMs at this point.  part of what's frustrating me in all this is that most of the process seems to work pretty easily, but things don't look right at the end.  Namely, when I deploy an image after sysprep & capture, it boots to the admin login screen, not oobe.  As mentioned earlier, I found a few sites that mention that you have to run the "Sysprep & Capture" TS from within the VM - whcih I thought was odd.  for all the automation provided by MDT, why is that a manual process?  Also, which unattend file is used when you do this?  the Unattend from the "Build" Task Sequence, or the one from the "S&C" Task Sequence?

    Monday, October 30, 2017 8:35 PM
  • I would start with the standard client TS as it includes all the moving pieces to syprep and capture an image.

    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".


    Monday, October 30, 2017 11:12 PM
  • Build a deployment share that's only for creating images. As Anton mention create a standard client TS. If you already looked at the DeploymentResearch website, you might also want to include a task for Suspend task sequence. That way you can build your image in a VM and when it suspends the TS you can shutdown your VM and create a checkpoint. This will allow you to reload it in the future and then check for/install updates. You can then resume the TS and have an up to date capture without needing to start all over again.

    These are what my settings look like:

    [Settings]
    Priority=Default
    Properties=MyCustomProperty
    
    [Default]
    _SMSTSOrgName=Administrative Deployment Share
    OSInstall=Y
    DoCapture=YES
    JoinWorkgroup=MDT
    UserDataLocation=NONE
    KeyboardLocale=en-US
    UserLocale=en-US
    UILanguage=en-US
    TimeZoneName=Central Standard Time
    TimeZone=020
    ComputerBackupLocation=NETWORK
    BDEInstallSuppress=YES
    FinishAction=SHUTDOWN
    HideShell=NO
    ApplyGPOPack=NO
    SLShare=\\SERVER\Logs$
    
    SkipCapture=NO
    SkipAdminPassword=YES
    SkipProductKey=YES
    SkipComputerBackup=YES
    SkipBitLocker=YES
    SkipDomainMembership=YES
    SkipUserData=YES
    SkipComputerName=YES
    SkipLocaleSelection=YES
    SkipTimeZone=YES
    SkipSummary=YES
    SkipApplications=YES
    SkipTaskSequence=NO
    SkipRoles=YES
    SkipFinalSummary=YES


    If this post is helpful please vote it as Helpful or click Mark for answer.

    • Proposed as answer by Dan_Vega Thursday, February 1, 2018 3:49 PM
    Wednesday, November 1, 2017 1:48 PM