Cool Solutions

Windows 7 Automated Imaging and ZCM Registration



By:

December 13, 2010 8:22 am

Reads: 105

Comments:15

Score:0

Download: scripts_0.zip

Building the base image

Downloads required:

Windows Driver Kit Version 7.1.0 (to get access to DPINST.exe utility)

Windows AIK for Windows 7

Steps

  • Insert the Windows Driver Kit DVD on your machine and install.
  • Browse to install folder, then down to Redist\DIFx\dpinst\MultiLin\x86 and take a copy of DPINST.exe – this will be used later.
  • Insert the Windows AIK DVD on your own machine and install Windows System Image Manager. This will be used to build the unattend.xml file for the Windows 7 image.
  • Insert the Windows 7 DVD on your own machine and take a copy of the DVD onto a folder somewhere on your machine.
  • Launch Windows System Image Manager
    • Click on File, New Answer File
    • In the bottom left window, Right click and select “Select Windows Image” and browse to either the install.wim or install_windows7.clg file (both should be in the same “sources” folder extracted from the Windows 7 Installation DVD above)
    • In the bottom left window locate the sections listed below, right click them and add to the relevant section on the popup

These are the settings for Windows 7 32-bit. For Windows 7 64-bit use the relevant sections starting with amd64_ instead of x86_

x86_Microsoft-Windows-LUA-Settings_neutral 2 offline Servicing
x86_Microsoft-Windows-Security-SPP_neutral 3 generalize
x86_Microsoft-Windows-Deployment_neutral 4 specialize
x86_Microsoft-Windows-Security-SPP_UX_neutral 4 specialize
x86_Microsoft-Windows-Shell-Setup_neutral 4 specialize
x86_Microsoft-Windows-International-Core_neutral 7 oobeSystem
x86_Microsoft-Windows-Shell-Setup_neutral 7 oobeSystem

We now need to go through each section and change some settings.

In the Answer file Section, do the following:

Section Setting Name Value Reason
2 offline Servicing
x86_Microsoft-Windows-LUA-Settings_neutral
EnableLUA False Disables User Access Control
3 generalize
x86_Microsoft-Windows-Security-SPP_neutral
SkipRearm 1 Licensing
4 specialize
x86_Microsoft-Windows-Deployment_neutral
RunSynchronous Add a new command
Order 1
Net user administrator /active:yes
Active the local administrator account
4 specialize
x86_Microsoft-Windows-Security-SPP-UX_neutral
SkipAutoActivation True  
4 specialize
x86_Microsoft-Windows-Shell-Setup_neutral
ComputerName * Generates a random Computer name. My script later on picks up BIOS name and sets computer name
CopyProfile True  
ProductKey xxxxx-xxxxx-xxxxx-xxxxx-xxxxx Valid Product Key
RegisteredOrganization Leave as Microsoft  
RegisteredOwner Leave as AutoBVT  
ShowWindowsLive False  
TimeZone GMT Standard Time Set as appropriate for your region
7 oobeSystem

X86_Microsoft-Windows-International-Core_neutral
InputLocale

SystemLocale

UILanguage

UserLocale
en-GB Set as appropriate for your region
7 oobeSystem

x86_Microsoft-Windows-Shell-Setup_neutral
RegisteredOrganization xxxxxxxxxxxxxxxxxxxx Your Company Name
RegisteredOwner xxxxxxxxxxxxxxxxxxxx Your Company Name
TimeZone GMT Standard Time Set as appropriate for your region
Subsection AutoLogon Enabled True  
LogonCount 3 Do 3 auto logons before leaving user at login screen (to cater for automated scripts and reboots)
Username administrator  
Password Pa55word Set as appropriate – make sure it matches up with other sections in this guide
Subsection FirstLogonCommands CommandLine

Order 1

RequiresUserInput false
cscript //b C:\windows\system32\slmgr.vbs /ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx  
CommandLine

Order 2

RequiresUserInput false
%SystemRoot%\
system32\
WindowsPowerShell\
v1.0\powershell.exe -Command “&{set-executionpolicy RemoteSigned -Force}”
Enables Powershell Scripts
CommandLine

Order 3

RequiresUserInput false
%SystemRoot%\
system32\
WindowsPowerShell\
v1.0\powershell.exe “c:\setup\Win7Image-Script1.ps1″
 
Subsection OOBE HideEULAPage True  
NetworkLocation Work  
ProtectYourPC 1  
Subsection UserAccounts AdministratorPassword Pa55word  
LocalAccounts
Add record for user administrator
Description: administrator

DisplayName: administrator

Group: administrators

Name: administrator

Password Pa55word
 

Save the unattend.xml answer file

  • On Target Windows 7 machine
  • Install Windows 7 from DVD, making sure that you zap any and all partitions on the disk at the start
  • Once initial install is complete, and you’re prompted to create a username on the welcome screen, press CTRL-SHIFT-F3 to reboot machine into admin audit mode.

    AT THIS POINT, take an image as a “pre-sysprep” image if needed
  • On reboot, you’ll be automatically logged in under the built-in administrator account. A SYSPREP GUI box will appear – close this for now. You are now ready to carry out any customizations.
  • Due to issues with a strange access rights issue on Windows 7 64-bit (that worked fine in Windows 7 32-bit), create a folder called C:\SETUP and make sure administrators group has full control
  • Place the unattend.xml file created above into the folder C:\WINDOWS\SYSTEM32\SYSPREP
  • Bring up a command prompt and browse to C:\WINDOWS\SYSTEM32\SYSPREP
  • Run the following command
    • SYSPREP /generalize /oobe /shutdown /unattend:unattend.xml
  • Wait for the machine to shutdown
  • You are now ready to take an image of the Windows 7 SYSPREP’d machine.

Additional addon-images were created following instructions located here as follows:

Win7-Addon-Drivers.zmg Contains the driver files for any unknown devices – creates a folder on C: called C:\SETUP\DRIVERS

Contains 32 and 64 bit drivers
Win7-Addon-Scripts.zmg Contains the relevant Powershell Scripts and any utilities that are required as part of the imaging process. Files are stored under C:\SETUP

Current Files are:

BiosConfigUtility.exe – HP Utility to read BIOS settings – use to rename computer

Win7Image-Script1.ps1

Win7Image-Script2.ps1

Win7Image-Script3.ps1

dpinst.exe, dpinst64.exe, dpinst.xml – used to do a hardware scan for any unknown devices
Win7-32-Addon-ZCMAgent.zmg (or Win7-64-Addon-ZCMAgent.zmg) Latest ZCM agent copied to C:\SETUP.

The Scripts above call this to register the machine in ZCM. Since agent name is always the same, this can be replaced with the latest agent whenever required.

The important thing to make sure when creating these is to make sure that the partition number on the image matches the partition number inside the Windows 7 ZMG file for the boot disk – as a default this is partition 2 as partition 1 is the 100MB hidden area for Windows 7.

The imaging bundle applies the relevant base image (32 or 64 bit), followed by these addon images.

i.e. ZCM Windows Bundle has the following 4 images listed as part of the image

Windows_7_Base_Image.zmg
Win7-Addon-Drivers.zmg
Win7-Addon-Scripts.zmg
Win7-32-Addon-ZCMAgent.zmg

NOTES:
Win7Image-Script3.ps1 – needs updating for your specific domain information re name of domain, relevant user account, and password to join computer to domain

One final step to take is to delete the C:\SETUP folder to remove any files that may contain passwords etc.

================

Editor’s Note: When it comes to Windows 7 Migration projects, ZENworks can be your new best friend. Check it out.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags: ,
Categories: ZENworks, ZENworks Configuration Management

Disclaimer: This content is not supported by Novell. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.

15 Comments

  1. By:rtingleywsfcu

    Thank you, Andy, for taking the time to share your work :) I have 2 questions…

    1. Are you using a Microsoft volume license for Windows 7 Professional?
    2. When restoring an image created by the above process, do you disable the Zenworks SIDchanger using a ziswin ‘restore mask’?

    Regards

    Robin

    VN:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
    • By:andystewartSL

      Hi Robin,

      1. Yes we’re using Volume Licence through our MS Enterprise Agreement
      2. No – haven’t found any need to disable the SIDChanger. Existing machines being reimaged are fine inside ZCM and AD, and new machines getting image for 1st time also work fine.

      Andy

      VN:F [1.9.22_1171]
      Rating: 0.0/5 (0 votes cast)
      • By:krogers1

        Hi Andy

        How can I adapt this to use Windows OEM license instead of a VLK??

        thanks
        Kirk

        VN:F [1.9.22_1171]
        Rating: 0.0/5 (0 votes cast)
      • By:andystewartSL

        I “think” its just a case of NOT entering the OEM key in the SYSPREP file, and when windows boots up, you should be prompted to enter it then.

        VN:F [1.9.22_1171]
        Rating: 0.0/5 (0 votes cast)
      • By:rtingleywsfcu

        Kirk,

        Based on reading the Microsoft Reimaging Rights document, and discussions with our Dell Microsoft licensing expert, I understand organizations do not have the right to reimage using OEM media. An OEM image can only be preloaded on a PC by the OEM during manufacturing. An image can be individually recovered by the organization (or a service provider they choose) by using the Recovery Media. The OEM recovery media should match the product version originally preinstalled on the system; no other image may be used to restore the system to its original state.

        So we purchased a Windows 7 Open license with Software Assurance., which in combination with the Windows 7 OEM license from Dell, allows us to create a customized Windows 7 image and then apply it to all our workstations.

        Robin

        VN:F [1.9.22_1171]
        Rating: 0.0/5 (0 votes cast)
      • By:krogers1

        Hi Andy

        How can I adapt this to use OEM key instead of VLK?

        thanks
        Kirk

        VN:F [1.9.22_1171]
        Rating: 0.0/5 (0 votes cast)
  2. By:nop1983

    Hi Andy

    In the powershell script, that adds the computer to active directory, can it put the workstation in a specified ou? Or do you have to do that afterwards?

    Thanks
    NIels

    VN:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
    • By:andystewartSL

      You can change Win7Image-Script3.ps1 as follows:

      Add-Computer -DomainName blah.com -OUPath “OU=Computers,OU=dept,DC=blah,DC=com” -credential (New-Object System.Management.Automation.PSCredential (“blah\reguser”, (ConvertTo-SecureString “password” -AsPlainText -Force)))

      This will add the computer to a specific container.

      The only issue I’ve found with the Add-Computer command is that it doesn’t like it if the computer record already exists (i.e. reimaging a machine)

      VN:F [1.9.22_1171]
      Rating: 0.0/5 (0 votes cast)
  3. By:nop1983

    I’ll give it a try. Otherwise I’ll create a default rule in the active directory, that tells the where to put a new import workstation.

    Thanks.

    VN:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  4. By:BryKKan

    The process looks good, but for those of us unfamiliar with PS, some comments in the scripts might be helpful.

    Also, I’m curious, how do you install applications at this point. Does installing the agent after the OS yield any benefits other than being able to update the agent installer more easily?

    VN:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
    • By:PruittJ

      I did not see a reply to your question. In case you have not gotten the answer elsewhere yet I am injecting this late response.

      Installing the agent and successfully registering the workstation in the desired container gives you the ability to deliver applications to the workstation as desired. The agent is the important piece in this puzzle.

      VN:F [1.9.22_1171]
      Rating: 0.0/5 (0 votes cast)
  5. By:sgardiner

    Andy,

    One thing missing adding drivers to the gold image. I got some new Dells and spent ages trying to get info on injecting drivers. Ended up on the ghost forums and they have the same issue. Anyway taken from the ghost and twisted to support your format. I had posted in the forums but figure I would stick it on here as well if people are looking for a complete solution.

    And for those who may need to inject drivers, I would only recommend Mass storage and maybe NICs as you don’t want to bloat the gold image, with to many drivers you don’t need. This is why you are creating a specific drivers image for machine types.
    Follow AndyStewartSL guide on creating sysprep.
    On his unattend.xml add
    Microsoft-Windows-PnpCustomizationsWinPE line in the windowsPE pass in the answer file. Insert a Path line there too with the path & the credentials matching what you put in for it during the auditSystem pass. (c:\drivers\msd)
    Save the unattend.xml

    Create a new answer file called audit.xml
    Within the 5 audit system pass add
    1. x86_Microsoft-Windows-Deployment_neutral
    a) With a “Reseal” line in there too. Reseal can be set to “ForceShutdownNow” as “False” and “Mode” to “Audit”
    2. x86_Microsoft-Windows-PnpCustomizationsNonWinPE_netural
    a) With a Path line in there too. The path should point at a directory containing your drivers. It will search recursively. So you can have one path that points at a parent directory with sub-directories in it. c:\drivers\msd
    3. x86_Microsoft-Windows-Shell-Setup_neutral
    Autologin – username Administrator
    Save this answer file.
    Copy the drivers you want to c:\drivers\msd – creating as many subfolders as you want. Rather than going to each model type we have, I went to driver packs and got the complete list. You could have it pointing to a network share if you wanted.

    Okay copy both answer files to c:\windows\system32\sysprep in your gold image

    Make sure you have the drivers copied.

    open a dos box cd c:\windows\system32\sysprep
    sysprep /audit /reboot /unattend:audit.xml
    This will reboot the machine into audit mode injecting the drivers. You maybe in audit mode already. This is not an issue.

    open a dos box cd c:\windows\system32\sysprep
    sysprep /generalize /shutdown /oobe /unattend:unattend.xml
    Sysprep runs and shutdowns the machine, take the image, ready to deploy to new hardware.

    Hope this info helps people with the migration to 7 and getting Mass storage drivers injected.

    Just remember you will need to create answer files for 64 and 32 bit versions of windows.

    Environment I am using is Oracle VM VirtualBox as it allows snapshots so you can keep going back to play.

    VN:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  6. By:PruittJ

    I downloaded the WDK7.1 iso but I am not finding DPInst.exe in it and I do not see it in my Windows 8 WDK either.

    Also, can you read the image safe data name and use that instead of using the bios name? The rename function is not working for us in Zen10 and I need the ability to give the machine the same name it had when I reimage it. How would the powershell script change to read the imagesafe data or will it read the ziswin info and then use the data?

    VN:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  7. By:dabarnett

    Are the 3 scripts listed in this article still avalaible for download?

    VN:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)

Comment

RSS