locked
Using WSUS during a combined build and capture task sequence? RRS feed

  • Question

  • I want to create a single task sequence that can build a new image from scratch using Windows installation media, then install apps and Windows Updates, then sysprep and capture the image so we can then use the fully updated wim file in our standard OS deployment task sequence.

    When we have been building the model OS manually from DVD and then doing a separate capture Task Sequence using our WSUS to install approved updates, we have to manually clean the WSUS client ID out of the registry before we run sysprep to avoid the captured image having the WSUS ID from the captured workstation and then duplicating it to every new system that is deployed using this image.

    Does the default settings in the build and capture task sequence take care of this or do we still have to add a manual step to clear the SUSID before sysprep runs?

    We will be deploying Windows 7 SP1, Windows 8.1 Update 1, Server 2008 R2 and Server 2012 R2 systems.

    Thursday, December 25, 2014 11:32 PM

All replies

  • Hi,

    Do you run sysprep from the computer, locally (C:\Windows\System32\Sysprep), or do you use the buildin mdt sysprep task sequence?

    My experience using the buildin mdt sysprep task seuqence is good so far. I havent noticed any machines dropping in or out of WSUS

    /

    best regards

    jesper vindum, denmark

    Friday, December 26, 2014 1:40 AM
  • I would use the built in sysprep task sequence in MDT 2013.

    There is an issue with cloning systems that were already configured to use WSUS since the registry then includes the unique WSUS ID that then gets cloned to every system that uses this image.

    Is it documented anywhere that the built-in MDT Sysprep and Capture task sequence will automatically clean this out of the registry?  I know that running sysprep manually does not do this.

    Sunday, December 28, 2014 9:52 PM
  • Are you using the /generalize parameter when running sysprep? That should correct the issue with SusClientId and it's one of the parameters LTISysprep.wsf uses for Windows 7 and above.

    Out of habit more than anything else, I've always ran a small batch script as part of my TS to remove SusClientId and SusClientValidation before my sysprep and capture.


    -Nick O.

    Monday, December 29, 2014 7:03 PM
  • Yes I use generalize.  Last time I checked on this Sysprep does not do anything to the SUS client ID.  It requires manual interaction in the registry or a separate script to clean this.

    Has that changed when run from the MDT 2013 sysprep and capture task sequence?  If so, is this documented anywhere?

    Monday, December 29, 2014 7:28 PM
  • By default, if you enable ZTIWindowsUpdate in your Standard OS deployment + Capture Task Sequence with WSUSServer defined, you must manually remove the entries so it won'd use WSUS in the future.

    Keith Garner - Principal Consultant [owner] - http://DeploymentLive.com

    • Marked as answer by Keith GarnerMVP Wednesday, December 31, 2014 9:26 PM
    • Unmarked as answer by MyGposts Wednesday, December 31, 2014 9:29 PM
    Wednesday, December 31, 2014 9:26 PM
  • By default, if you enable ZTIWindowsUpdate in your Standard OS deployment + Capture Task Sequence with WSUSServer defined, you must manually remove the entries so it won'd use WSUS in the future.

    Keith Garner - Principal Consultant [owner] - http://DeploymentLive.com

    That was not what I was asking.

    I would want to keep using WSUS when running that task sequence in the future.

    The issue I'm asking about is whether sysprep or any other automated process will clear out or reset the SUSId (which is supposed to be unique for every system) so that this system ID does not get cloned into every future device that uses this WIM file.

    Wednesday, December 31, 2014 9:32 PM
  • In the past, in order to get around this, I created a small script to delete the offending WSUS values. I then added a task to my Capture TS that runs the script before the sysprep process begins to ensure the values are removed each time I have to run the Capture TS. (What I've just described is basically what is being done in the link Keith provided, except I use a simple batch script instead of a wsf.)


    -Nick O.

    Friday, January 2, 2015 4:49 PM