Novell is now a part of Micro Focus

Getting ZEN Imaging to work with SYSPREP

Novell Cool Solutions: Trench
By Michael J. Prentice

Digg This - Slashdot This

Posted: 25 Apr 2001

Version: ZENworks for Desktops 3

For those of you who like to have as few Windows 2000 images for as many different PCs as possible, and love the functionality of the ZEN Imaging Service, this cool solution is for you. Also included is a workaround for the current Auto Admin Login count bug as described in TID 10061404, and an automated way to have a freshly imaged PC join a Domain if you need it.

Microsoft has a tool called SYSPREP that allows you to take a Windows 2000 PC and put it into a state that will allow it to be imaged to different PC's. The ZEN Imaging Service (I'll call it ZIS) in brief allows you to maintain the same computer name during imaging or if it's a new PC, it allows you to name your PCs based on policies you define. For those of us who like to use the computer name as the workstation object name, this was perfect. Unfortunately ZIS and the SYSPREP process don't work together by default, but with a little ingenuity you can get around that. I won't go into how to use SYSPREP in detail as you can find that information and download it here.

The Problem

To explain the problem first I need to describe SYSPREP a little more. When you have setup a Windows 2000 workstation the way you want it, you use the SYSPREP process to strip the PC of most of its hardware specific information. You would then take an image of the PC. At that point when you boot up from that image, Windows 2000 goes through a mini setup. That setup can be automated so that a user doesn't have to touch it. Unfortunately for the outcome we want, to automate it you have to tell the setup what computer name you want to use. The problem with that is that we want the PC to keep the same computer name it had before.

That's where ZIS would come in and save us normally, allowing you to keep the same computer name that the PC had before. But here is the root of the problem; ZIS runs before the mini setup does, changing the computer name (and some other things) to what they were before. The mini setup then runs after ZIS and changes the computer name to be what you told it to when you automated it. The end result is that the mini setup negates the function of ZIS, but we need the mini setup so that it will detect and install the different pieces of hardware that might be on that PC.

The Solution

In order to resolve this problem you need to get the PC to do a few automated reboots. To do that we will need to use the Auto Admin Login feature of Windows 2000, some batch files, registry files and some utility programs.

  1. To get prepared, in addition to SYSPREP you'll need found in the Cool Solutions download section.
  2. When setting up the automated mini setup for SYSPREP, you instruct it to have the PC auto login and also tell it how many times to auto logon, once it's finished the mini setup. You then instruct SYSPREP to run once c:\winnt\zmg\1strun.bat.
  3. Just before you apply SYSPREP to the workstation remove the following registry key:
    [HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows NT\ CurrentVersion\ Winlogon]
    This key is what tells ZIS to load. By removing it we can get ZIS to run when we want, instead of running just before the mini setup as it does by default.
  4. Now we need to create a few batch files and some registry files to get this going. First let's create the 1strun.bat that SYSPREP will be running. Below are the contents of the file with descriptive remarks.

    rem ### 1strun.bat###

    rem ### The next line gets ZIS to run again on each reboot.###
    c:\winnt\regedit /s c:\winnt\zmg\ zisinst.reg

    rem ### This tells the PC to run once c:\winnt\zmg\ 2ndrun.bat###
    c:\winnt\regedit /s c:\winnt\zmg\2ndrun.reg

    rem ### This forcibly reboots the PC. ###
    c:\winnt\zmg\ ncshutdown.exe /7


    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows NT\CurrentVersion\ Winlogon]


    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\ Microsoft\Windows\CurrentVersion\ Runonce]
    "2run"="c:\\winnt\\zmg\\ 2ndrun.bat"

  6. Now that we have gotten ZIS to run after the mini setup, it will change the computer name back to what it was before, or use your Policy if it's a new PC. Next we will get the PC to reboot one last time after ZIS has run. Because of the 2ndrun.reg, the PC is going to run 2ndrun.bat one time.

    rem ### 2ndrun.bat###

    rem ###The next line implements a fix for the Auto Admin Login count bug and stop the Auto Admin Login.###
    c:\winnt\regedit.exe /s c:\winnt\zmg\winlogon.reg

    rem ###This forcibly reboots the PC.#### c:\winnt\zmg\ncshtdwn.exe /7


    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows NT\CurrentVersion\ Winlogon]

  8. Take each of the files and save them to a directory structure of WINNT\ZMG. Do not use your local WINNT directory for this though. Save each of the files to the ZMG subdirectory. Then use imgexp.exe found on your server to create an add-on image that contains the files in the ZMG directory. That way if you change the process down the road, you will only need to update this small image file.
  9. Create an NDS Image object have it use the image you created with the SYSPREP process, and add the add-on image.
  10. Once you image the PC, it will complete its last reboot from the 2ndrun.bat and be waiting at the login prompt for the user.

Taking it one more step

Now of course you can modify the process to do some other things as well. You might need another reboot if, for example, you wanted to use the NETDOM.EXE utility to automatically add the workstation to a domain. NETDOM can be found in the Support\Tools\ on the Windows 2000 CD. Or perhaps if you wish to give the PC a meaningful name you could use either ENGL Zcnc Lite 1.3 or WSNAME after ZISWIN runs. Both of those utilities are available in the download section. An article about ZCNC can be found here.

Another idea I've had, but haven't tested thoroughly, is to setup some force run add-on application images. In the next example I'll go over using NETDOM to have your PC auto join a domain.

Making your PC Auto-join a Domain

  1. Create a domain account using User Manager for Domains. Set the password to never expire, and give the account the ?Add workstation to domain? user right. We'll use this for the NETDOM process. For the purposes of our example the user name will be NETDOMUSR, the password will be NETDOMPWD, and the domain will be TESTDOMAIN
  2. Next we need to modify the 2nd reboot so that it introduces a 3rd, and overcomes one more hurdle. We also need to push the Auto Admin Login fix to the end; otherwise the PC won't Auto Login again. Below are the modified 2NDRUN files with descriptions:

    rem ### 2ndrun.bat###

    rem ###The next line clears the DefaultDomainName entry.###
    c:\winnt\regedit.exe /s c:\winnt\zmg\remdom.reg

    rem ### This tells the PC to run once c:\winnt\zmg\3rdrun.bat###
    c:\winnt\regedit /s c:\winnt\zmg\3rdrun.reg

    rem ###This forcibly reboots the PC.####
    c:\winnt\zmg\ncshtdwn.exe /7

    REMDOM.REG is needed because of the computer name change that ZIS just did for us. SYSPREP put the original computer name as the Default Domain that the Auto Admin login process uses. If we didn't clear the Default Domain entry, the next time the PC would try to Auto Login you would get a ?Domain not found? error.


    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows NT\CurrentVersion\ Winlogon]


    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\ Microsoft\Windows\CurrentVersion\ Runonce]
    "3run"="c:\\winnt\\zmg\\ 3rdrun.bat"

  4. Finally we need to get NETDOM to run, stop the Auto Admin login process, and secure our ZMG directory since the username and password for the domain account are in plain text.

    rem ###3rdrun.bat###

    rem ###Used to Join the Domain.### c:\winnt\zmg\netdom.exe join %computername% /Domain:TESTDOMAIN /UserD:netdomusr

    rem ###Implements a fix for the Auto Admin Login count bug and stop the Auto Admin Login.###
    c:\winnt\regedit.exe /s c:\winnt\zmg\winlogon.reg

    rem ###This will secure the ZMG directory to Administrators and the NT System Authority##
    echo y|cacls c:\winnt\zmg /t /g BUILTIN\Administrators:F
    echo y|cacls c:\winnt\zmg /t /e /g "NT Authority"\System:F

    rem ###This forcibly reboots the PC.####
    c:\winnt\zmg\ncshtdwn.exe /7


(See the above example)

Contact the Author

If you have any questions you may contact Michael at

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates