locked
Capture system image with MDT RRS feed

  • Question

  • Hello everyone,
    I want to create a Windows 7 installation disc that will allow me to have, immediately after installation, a system updated with the latest hotfixes, installed programs and all the settings I want already selected in the system.
    Now, I used MDT 2013 on x64 Windows 8.1 Pro to create a DeploymentShare Windows 7 Pro x86, including drivers, applications and various hotfixes, once I create the image of Windows PE, through which I install the above system from DeploymentShare, all row smoothly, but I have any dubious:

    1) Once the system is installed, they log me in as Administrator, why?

    2) If I log in as Administrator, then I have to run the sysprep.exe / generalize / oobe before delivering the computer to an imaginary customer?

    3) If I want to make changes to the settings of the user (for example to make sure that hidden folders see by default after installation or arrange the icons on the desktop as I will ensure that the end user see it exactly so) I have to use the CopyProfile?

    4) If yes, at what stage should I use the CopyProfile? Specifying an unattend.xml during sysprep.exe on point 2? Or maybe I recapture system image after install it and use the file *.wim with a different unattend.xml, that is, in practice doing two laps of installation?

    5) Once I captured the system image, when I try to install it, the system logs me in again with Administrator account instead of OOBE, why?

    I want to do this final procedure on the end user PC:
    1) Put the DVD (or USB) of this modified Windows
    2) Install Windows automatically with all applications, hotfixes and settings
    3) Once Windows is installed, I install in audit mode all drivers for that PC and sysprep /oobe it
    4) Give the PC to the client

    Thank you in advance!

    P.S: sorry for my bad english

    Monday, February 23, 2015 4:19 AM

Answers

  • 1. By design, a hold out from the days when MDT also supported XP.

    2. By design, images need to be syspreped if they are to be applied to other machines.

    3. Typically I do *NOT* recommend making changes to HKCU during imaging, instead settings should be applied using GPO or other method. CopyProfile can work as a last resort.

    4. CopyProfile is applied during "Specialize" as per documentation, not during sysprep.

    5. MDT enables the local administrator account for use in MDT deployments later. Check out the unattend64.xml template in the MDT install directory:

                <RunSynchronous>
                    <RunSynchronousCommand wcm:action="add">
                        <Description>EnableAdmin</Description>
                        <Order>1</Order>
                        <Path>cmd /c net user Administrator /active:yes</Path>
                    </RunSynchronousCommand>
                    <RunSynchronousCommand wcm:action="add">
                        <Description>UnfilterAdministratorToken</Description>
                        <Order>2</Order>
                        <Path>cmd /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v FilterAdministratorToken /t REG_DWORD /d 0 /f</Path>
                    </RunSynchronousCommand>
                    <RunSynchronousCommand wcm:action="add">
                        <Description>disable user account page</Description>
                        <Order>3</Order>
                        <Path>reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\OOBE /v UnattendCreatedUser /t REG_DWORD /d 1 /f</Path>
                    </RunSynchronousCommand>
                </RunSynchronous>
    This works for MDT deployment later, but if you have a custom process, you may need to adjust the system.


    Keith Garner - Principal Consultant [owner] - http://DeploymentLive.com

    Tuesday, February 24, 2015 7:53 AM

All replies

  • 1. By design, a hold out from the days when MDT also supported XP.

    2. By design, images need to be syspreped if they are to be applied to other machines.

    3. Typically I do *NOT* recommend making changes to HKCU during imaging, instead settings should be applied using GPO or other method. CopyProfile can work as a last resort.

    4. CopyProfile is applied during "Specialize" as per documentation, not during sysprep.

    5. MDT enables the local administrator account for use in MDT deployments later. Check out the unattend64.xml template in the MDT install directory:

                <RunSynchronous>
                    <RunSynchronousCommand wcm:action="add">
                        <Description>EnableAdmin</Description>
                        <Order>1</Order>
                        <Path>cmd /c net user Administrator /active:yes</Path>
                    </RunSynchronousCommand>
                    <RunSynchronousCommand wcm:action="add">
                        <Description>UnfilterAdministratorToken</Description>
                        <Order>2</Order>
                        <Path>cmd /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v FilterAdministratorToken /t REG_DWORD /d 0 /f</Path>
                    </RunSynchronousCommand>
                    <RunSynchronousCommand wcm:action="add">
                        <Description>disable user account page</Description>
                        <Order>3</Order>
                        <Path>reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\OOBE /v UnattendCreatedUser /t REG_DWORD /d 1 /f</Path>
                    </RunSynchronousCommand>
                </RunSynchronous>
    This works for MDT deployment later, but if you have a custom process, you may need to adjust the system.


    Keith Garner - Principal Consultant [owner] - http://DeploymentLive.com

    Tuesday, February 24, 2015 7:53 AM
  • Thanks for your response, I appreciated very much and I'm sorry if I could not answer before, but I had some personal problems.

    Okay, so basically I should install the system on a reference computer through MDT, the system logs me in as Administrator, at this stage I have to make other changes to the system that I want to be in the system image, finally, I have to run the sysprep with options generalize, shutdown and oobe (or should I add the CopyProfile through unattend?). After that, I have to capture the image of the system and install that image on other computers using a unattend.xml with CopyProfile option during installation. The problem is that this is all that I've done, but at the end of the installation, instead of getting into OOBE, the system logs me in as Administrator and I do not understand how to avoid this.

    Another scenario that I have attempted to address is to configure such a thing to an installation LiteTouch, with some changes, I'll explain:
    I configure everything in MDT, I create the image capture task in MDT, create a pause in the task list after the task of windows update and before the second task of windows update, install the system on the reference computer logged in as Administrator, when deploying pauses, supply the various changes to Windows and I leave the pause, at this point the system performs the other steps, generalizes the system, turn off the system, enters into Windows PE, capturing the image and the end. Then I install the image on a different computer, but this installation logs me in always as Administrator, instead of going out on OOBE... Why? How can I do to get into OOBE?

    Finally, how can I use GPO to set user settings? I've always done it with CopyProfile...

    Wednesday, March 4, 2015 2:16 AM