Article

andystewartSL's picture
article
Reads:

24827

Score:
5
5
2
 
Comments:

13

Windows 7 Automated Imaging and ZCM Registration

(View Disclaimer)

Building the base image

Downloads required:

Windows Driver Kit Version 7.1.0 (to get access to DPINST.exe utility)

Windows AIK for Windows 7

Steps

  • Insert the Windows Driver Kit DVD on your machine and install.
  • Browse to install folder, then down to Redist\DIFx\dpinst\MultiLin\x86 and take a copy of DPINST.exe – this will be used later.
  • Insert the Windows AIK DVD on your own machine and install Windows System Image Manager. This will be used to build the unattend.xml file for the Windows 7 image.
  • Insert the Windows 7 DVD on your own machine and take a copy of the DVD onto a folder somewhere on your machine.
  • Launch Windows System Image Manager
    • Click on File, New Answer File
    • In the bottom left window, Right click and select "Select Windows Image" and browse to either the install.wim or install_windows7.clg file (both should be in the same "sources" folder extracted from the Windows 7 Installation DVD above)
    • In the bottom left window locate the sections listed below, right click them and add to the relevant section on the popup

These are the settings for Windows 7 32-bit. For Windows 7 64-bit use the relevant sections starting with amd64_ instead of x86_

x86_Microsoft-Windows-LUA-Settings_neutral 2 offline Servicing
x86_Microsoft-Windows-Security-SPP_neutral 3 generalize
x86_Microsoft-Windows-Deployment_neutral 4 specialize
x86_Microsoft-Windows-Security-SPP_UX_neutral 4 specialize
x86_Microsoft-Windows-Shell-Setup_neutral 4 specialize
x86_Microsoft-Windows-International-Core_neutral 7 oobeSystem
x86_Microsoft-Windows-Shell-Setup_neutral 7 oobeSystem

We now need to go through each section and change some settings.

In the Answer file Section, do the following:

Section Setting Name Value Reason

2 offline Servicing

x86_Microsoft-Windows-LUA-Settings_neutral

EnableLUA False Disables User Access Control

3 generalize

x86_Microsoft-Windows-Security-SPP_neutral

SkipRearm 1 Licensing

4 specialize

x86_Microsoft-Windows-Deployment_neutral

RunSynchronous

Add a new command

Order 1

Net user administrator /active:yes

Active the local administrator account

4 specialize

x86_Microsoft-Windows-Security-SPP-UX_neutral

SkipAutoActivation True  

4 specialize

x86_Microsoft-Windows-Shell-Setup_neutral

ComputerName * Generates a random Computer name. My script later on picks up BIOS name and sets computer name
CopyProfile True  
ProductKey xxxxx-xxxxx-xxxxx-xxxxx-xxxxx Valid Product Key
RegisteredOrganization Leave as Microsoft  
RegisteredOwner Leave as AutoBVT  
ShowWindowsLive False  
TimeZone GMT Standard Time Set as appropriate for your region
7 oobeSystem
X86_Microsoft-Windows-International-Core_neutral
InputLocale
SystemLocale
UILanguage
UserLocale
en-GB Set as appropriate for your region
7 oobeSystem
x86_Microsoft-Windows-Shell-Setup_neutral
RegisteredOrganization XXXXXXXXXXXXXXXXXXXX Your Company Name
RegisteredOwner XXXXXXXXXXXXXXXXXXXX Your Company Name
TimeZone GMT Standard Time Set as appropriate for your region
Subsection AutoLogon Enabled True  
LogonCount 3 Do 3 auto logons before leaving user at login screen (to cater for automated scripts and reboots)
Username administrator  
Password Pa55word Set as appropriate - make sure it matches up with other sections in this guide
Subsection FirstLogonCommands CommandLine
Order 1
RequiresUserInput false
cscript //b C:\windows\system32\slmgr.vbs /ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx  
CommandLine
Order 2
RequiresUserInput false
%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -Command "&{set-executionpolicy RemoteSigned -Force}" Enables Powershell Scripts
CommandLine
Order 3
RequiresUserInput false
%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe "c:\setup\Win7Image-Script1.ps1"  
Subsection OOBE HideEULAPage True  
NetworkLocation Work  
ProtectYourPC 1  
Subsection UserAccounts AdministratorPassword Pa55word  
LocalAccounts
Add record for user administrator
Description: administrator
DisplayName: administrator
Group: administrators
Name: administrator
Password Pa55word
 

Save the unattend.xml answer file

  • On Target Windows 7 machine
  • Install Windows 7 from DVD, making sure that you zap any and all partitions on the disk at the start
  • Once initial install is complete, and you're prompted to create a username on the welcome screen, press CTRL-SHIFT-F3 to reboot machine into admin audit mode.
    AT THIS POINT, take an image as a "pre-sysprep" image if needed
  • On reboot, you'll be automatically logged in under the built-in administrator account. A SYSPREP GUI box will appear – close this for now. You are now ready to carry out any customizations.
  • Due to issues with a strange access rights issue on Windows 7 64-bit (that worked fine in Windows 7 32-bit), create a folder called C:\SETUP and make sure administrators group has full control
  • Place the unattend.xml file created above into the folder C:\WINDOWS\SYSTEM32\SYSPREP
  • Bring up a command prompt and browse to C:\WINDOWS\SYSTEM32\SYSPREP
  • Run the following command
    • SYSPREP /generalize /oobe /shutdown /unattend:unattend.xml
  • Wait for the machine to shutdown
  • You are now ready to take an image of the Windows 7 SYSPREP'd machine.

Additional addon-images were created following instructions located here as follows:

Win7-Addon-Drivers.zmg Contains the driver files for any unknown devices – creates a folder on C: called C:\SETUP\DRIVERS
Contains 32 and 64 bit drivers
Win7-Addon-Scripts.zmg Contains the relevant Powershell Scripts and any utilities that are required as part of the imaging process. Files are stored under C:\SETUP
Current Files are:
BiosConfigUtility.exe - HP Utility to read BIOS settings - use to rename computer
Win7Image-Script1.ps1
Win7Image-Script2.ps1
Win7Image-Script3.ps1
dpinst.exe, dpinst64.exe, dpinst.xml - used to do a hardware scan for any unknown devices
Win7-32-Addon-ZCMAgent.zmg (or Win7-64-Addon-ZCMAgent.zmg) Latest ZCM agent copied to C:\SETUP.
The Scripts above call this to register the machine in ZCM. Since agent name is always the same, this can be replaced with the latest agent whenever required.

The important thing to make sure when creating these is to make sure that the partition number on the image matches the partition number inside the Windows 7 ZMG file for the boot disk – as a default this is partition 2 as partition 1 is the 100MB hidden area for Windows 7.

The imaging bundle applies the relevant base image (32 or 64 bit), followed by these addon images.

i.e. ZCM Windows Bundle has the following 4 images listed as part of the image

Windows_7_Base_Image.zmg
Win7-Addon-Drivers.zmg
Win7-Addon-Scripts.zmg
Win7-32-Addon-ZCMAgent.zmg

NOTES:
Win7Image-Script3.ps1 - needs updating for your specific domain information re name of domain, relevant user account, and password to join computer to domain

One final step to take is to delete the C:\SETUP folder to remove any files that may contain passwords etc.

================

Editor's Note: When it comes to Windows 7 Migration projects, ZENworks can be your new best friend. Check it out.

AttachmentSize
scripts.zip1.65 KB

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.




User Comments

rtingleywsfcu's picture

Microsoft volume license & Zenworks SID changer questions

Submitted by rtingleywsfcu on 21 December 2010 - 3:52pm.

Thank you, Andy, for taking the time to share your work :) I have 2 questions...

1. Are you using a Microsoft volume license for Windows 7 Professional?
2. When restoring an image created by the above process, do you disable the Zenworks SIDchanger using a ziswin 'restore mask'?

Regards

Robin

andystewartSL's picture

Re VLA and SIDChanger

Submitted by andystewartSL on 22 December 2010 - 3:46am.

Hi Robin,

1. Yes we're using Volume Licence through our MS Enterprise Agreement
2. No - haven't found any need to disable the SIDChanger. Existing machines being reimaged are fine inside ZCM and AD, and new machines getting image for 1st time also work fine.

Andy

krogers1's picture

Windows 7 OEM

Submitted by krogers1 on 23 March 2011 - 4:14pm.

Hi Andy

How can I adapt this to use Windows OEM license instead of a VLK??

thanks
Kirk

andystewartSL's picture

I "think" its just a case of

Submitted by andystewartSL on 24 March 2011 - 1:43am.

I "think" its just a case of NOT entering the OEM key in the SYSPREP file, and when windows boots up, you should be prompted to enter it then.

rtingleywsfcu's picture

Windows7 imaging rights

Submitted by rtingleywsfcu on 24 March 2011 - 2:03pm.

Kirk,

Based on reading the Microsoft Reimaging Rights document, and discussions with our Dell Microsoft licensing expert, I understand organizations do not have the right to reimage using OEM media. An OEM image can only be preloaded on a PC by the OEM during manufacturing. An image can be individually recovered by the organization (or a service provider they choose) by using the Recovery Media. The OEM recovery media should match the product version originally preinstalled on the system; no other image may be used to restore the system to its original state.

So we purchased a Windows 7 Open license with Software Assurance., which in combination with the Windows 7 OEM license from Dell, allows us to create a customized Windows 7 image and then apply it to all our workstations.

Robin

krogers1's picture

OEM key

Submitted by krogers1 on 23 March 2011 - 4:21pm.

Hi Andy

How can I adapt this to use OEM key instead of VLK?

thanks
Kirk

nop1983's picture

Powershell Domain OU

Submitted by nop1983 on 7 June 2011 - 5:14am.

Hi Andy

In the powershell script, that adds the computer to active directory, can it put the workstation in a specified ou? Or do you have to do that afterwards?

Thanks
NIels

andystewartSL's picture

You can change

Submitted by andystewartSL on 8 June 2011 - 12:41am.

You can change Win7Image-Script3.ps1 as follows:

Add-Computer -DomainName blah.com -OUPath "OU=Computers,OU=dept,DC=blah,DC=com" -credential (New-Object System.Management.Automation.PSCredential ("blah\reguser", (ConvertTo-SecureString "password" -AsPlainText -Force)))

This will add the computer to a specific container.

The only issue I've found with the Add-Computer command is that it doesn't like it if the computer record already exists (i.e. reimaging a machine)

nop1983's picture

Good to know

Submitted by nop1983 on 9 June 2011 - 10:20pm.

I'll give it a try. Otherwise I'll create a default rule in the active directory, that tells the where to put a new import workstation.

Thanks.

BryKKan's picture

Add comments?

Submitted by BryKKan on 15 June 2012 - 2:29pm.

The process looks good, but for those of us unfamiliar with PS, some comments in the scripts might be helpful.

Also, I'm curious, how do you install applications at this point. Does installing the agent after the OS yield any benefits other than being able to update the agent installer more easily?

PruittJ's picture

Benefit of agent install after OS

Submitted by PruittJ on 13 March 2013 - 7:54am.

I did not see a reply to your question. In case you have not gotten the answer elsewhere yet I am injecting this late response.

Installing the agent and successfully registering the workstation in the desired container gives you the ability to deliver applications to the workstation as desired. The agent is the important piece in this puzzle.

sgardiner's picture

Mass Storage drivers

Submitted by sgardiner on 20 February 2013 - 6:19am.

Andy,

One thing missing adding drivers to the gold image. I got some new Dells and spent ages trying to get info on injecting drivers. Ended up on the ghost forums and they have the same issue. Anyway taken from the ghost and twisted to support your format. I had posted in the forums but figure I would stick it on here as well if people are looking for a complete solution.

And for those who may need to inject drivers, I would only recommend Mass storage and maybe NICs as you don't want to bloat the gold image, with to many drivers you don't need. This is why you are creating a specific drivers image for machine types.
Follow AndyStewartSL guide on creating sysprep.
On his unattend.xml add
Microsoft-Windows-PnpCustomizationsWinPE line in the windowsPE pass in the answer file. Insert a Path line there too with the path & the credentials matching what you put in for it during the auditSystem pass. (c:\drivers\msd)
Save the unattend.xml

Create a new answer file called audit.xml
Within the 5 audit system pass add
1. x86_Microsoft-Windows-Deployment_neutral
a) With a "Reseal" line in there too. Reseal can be set to "ForceShutdownNow" as "False" and "Mode" to "Audit"
2. x86_Microsoft-Windows-PnpCustomizationsNonWinPE_netural
a) With a Path line in there too. The path should point at a directory containing your drivers. It will search recursively. So you can have one path that points at a parent directory with sub-directories in it. c:\drivers\msd
3. x86_Microsoft-Windows-Shell-Setup_neutral
Autologin - username Administrator
Save this answer file.
Copy the drivers you want to c:\drivers\msd - creating as many subfolders as you want. Rather than going to each model type we have, I went to driver packs and got the complete list. You could have it pointing to a network share if you wanted.

Okay copy both answer files to c:\windows\system32\sysprep in your gold image

Make sure you have the drivers copied.

open a dos box cd c:\windows\system32\sysprep
sysprep /audit /reboot /unattend:audit.xml
This will reboot the machine into audit mode injecting the drivers. You maybe in audit mode already. This is not an issue.

open a dos box cd c:\windows\system32\sysprep
sysprep /generalize /shutdown /oobe /unattend:unattend.xml
Sysprep runs and shutdowns the machine, take the image, ready to deploy to new hardware.

Hope this info helps people with the migration to 7 and getting Mass storage drivers injected.

Just remember you will need to create answer files for 64 and 32 bit versions of windows.

Environment I am using is Oracle VM VirtualBox as it allows snapshots so you can keep going back to play.

PruittJ's picture

How to use Imagesafe data and where is DPinst.exe?

Submitted by PruittJ on 1 March 2013 - 12:43pm.

I downloaded the WDK7.1 iso but I am not finding DPInst.exe in it and I do not see it in my Windows 8 WDK either.

Also, can you read the image safe data name and use that instead of using the bios name? The rename function is not working for us in Zen10 and I need the ability to give the machine the same name it had when I reimage it. How would the powershell script change to read the imagesafe data or will it read the ziswin info and then use the data?

© 2013 Novell