we currently have 2 methods of operating system deployment: Remote Installation Services (RIS) and System Preparation (Sysprep). Both of these methods do the same job of deploying Windows 2000 Professional operating system through the network without the need to physically visit each client computer.

 

In Engineering, we are currently using the Sysprep method. We have found Sysprep to be very reliable and the hardware infrastructure to support it is not a great as RIS. The steps to create a Sysprep image are about 95% the same as to RIS. The subtle differences are the locations of where the files are hosted and the final steps of packaging the operation system.

 

This documentation is a step to step HOW-TO to create and configure a Sysprep image.

 

Network Services:

 

Sysprep requires that several services be running on the network for it to function. They can run on the same computer as Sysprep or on other computers located on the network.

 

• DHCP server – assigns IP addresses to the clients.
• Active Directory server – locates client computer.
• DNS server – locates the Active Directory service. DNS server must support SRV records.

 

Server and disk space requirements:

 

Sysprep images can be hosted on any type of server. It can be either Unix-based or Windows-based as long as the server support samba. Each completed Sysprep image is about ~500MB. The disk capacity that you want to allocate to the system is pretty much up to you. The more space that you can allocate to the server, the more images your server will hold.

 

In Engineering Computing, we have dedicated a server, ISABEAU, to support sysprep. The server is a P2-400, with 512MB RAM, IBM 36G SCSI HDD, and an Intel Pro100 network card running FreeBSD 4.4.

 

(To build an appfiler, see Appfiler-HOWTO)

 

Pre-staging Client Computers to the Domain:

 

Pre-staging means pre-configuring a computer account for the client computer in AD and optionally assigning it to a designated RIS server (allows the workstation to use both RIS and Sysprep). If you assign a client to a RIS server, only the designated RIS server will respond to requests from that client computer.

 

Pre-staging is primary done for security reasons. It prevents unknown RIS clients from obtaining images from RIS servers. It also prevents users from joining unauthorized computers to the domain or from illegally installing software.

 

Globally Unique Identifier (GUID)

 

For computers starting from a RIS boot disk, the GUID is the MAC address of the network adapter, padded with leading enough zeroes to ensure that the GUID is 32 characters in length. It is in the following form:

 

e. g. {00000000-0000-0000-0000-00A2B38A7D07}

 

Pre-staging With A Known GUID:

 

In Active Directory

 

1. In “Active Directory Users and Computers”, right-click the OU where you want to create the computer account, click “NEW” then click “COMPUTER”.
2. In dialog box, type a computer name, then NEXT.
3. Select “this is a managed computer” checkbox, type the computer GUID, then NEXT.
4. Type the fully qualified name of the RIS server under “specify the remote installation server to support this client | the following remote installation server”.
5. Click Next, and then Finish.

 

Using Adman (Single Machine)

 

1. Click Start | Run.
2. Type “net use z: \\hope\adman /user:nexus\username” and click OK.
3. Authenticate yourself.
4. Click Start | Run.
5. Type “cmd” and click OK.
6. In the command prompt type z:\adman

 

• base //nexus/faculties/engineering/engineering computing/development/hon’s office
• addpc Noriko-chan /bootguid=0x123456 /server=nausicaa.uwaterloo.ca /path=c:\temp\temp.txt
• modify Noriko-chan /location=”CPH-2374H”
• quit

 

Using Adman (Multiple machines)

 

1. Create a DOS text file with all the computer information in it.

 

e. g. 

 

addpc TEST-A01     /bootguid=0x000000000000000000000003D38a7d07            /server=nausicaa /path=c:\temp\temp.txt

addpc TEST-A02     /bootguid=0x000000000000000000000003D38C8FFB           /server=nausicaa /path=c:\temp\temp.txt

addpc TEST-A03     /bootguid=0x000000000000000000000003D38AB180          /server=nausicaa /path=c:\temp\temp.txt

addpc TEST-A04     /bootguid=0x000000000000000000000003D38C8AF5          /server=nausicaa /path=c:\temp\temp.txt

addpc TEST-A05     /bootguid=0x000000000000000000000003D35FF980           /server=nausicaa /path=c:\temp\temp.txt

addpc TEST-A06     /bootguid=0x000000000000000000000003D38A8B6C          /server=nausicaa /path=c:\temp\temp.txt

addpc TEST-A07     /bootguid=0x000000000000000000000003D38A8B68          /server=nausicaa /path=c:\temp\temp.txt

 

2.) base //nexus/faculties/engineering/engineering computing/computing labs/fulcrum

3.) run temp.txt.

 

Creating Image from Scratch:

 

1.)      Boot Windows 2000 Professional from the CD.

2.)      Partition the system disk to be 2000MB (2.0G).

3.)      Format the partition using NTFS.

 

4.) Regional Settings:

• Press the customize button “to change system or user locale settings…”.
• Under the “General” tab, change the “Your locale (location)” to “English (Canada)”. Click Apply.
• Under the “Input Locales” tab, remove the “English (United States)”. You will have to do this procedure two times to remove the US locale. Press Apply.
• Under the time format, I usually change the time to 24-Hour clock. Click NEXT.

 

4.)      Under the "Input Locales" tab, remove the "English (United States). Press Apply. You will have to do this two times. Click NEXT.

5.)      Under “Personalize Your Software”, input “Waterloo Nexus” and “University of Waterloo” in the Name and Organization dialog box respectively. Click NEXT.

6.)      Input the CD Key. Click NEXT.

7.)      Under “Computer Name and Administrator”, input the computer name and the local administrator password. Click NEXT.

8.)      Select the right time zone and then click NEXT.

9.)      Select the “Typical” networking settings. Click NEXT.

10.)   Select “No, this computer is not …” setting and then click NEXT.

11.)   After the OS installs, click FINISH to reboot.

12.)   When the “Network Identification Wizard” appears, click NEXT.

13.)   Select “Users must enter a user name and password to use this computer” dialog box and then click NEXT and FINISH.

14.)   Logon as local administrator.

15.)   Install drivers for peripherals (video, sound, network card, etc) on the workstation. Reboot.

16.)   Access the net share on Isabeau.

17.)   Copy security patches (SP2, IE) from \\isabeau\...\Patches to c:\temp.

18.)   Copy directories SYSPREP and NEXUS from \\isabeau\...\SYSPREP\FILES to C:\ root.

19.)   Install Windows 2000 SP2. Reboot.

20.)   Install IE SP2. Reboot.

21.)   Install IE 128bit encryption. Reboot.

22.)   Logon to the web and surf to “http://windowsupdate.microsoft.com”. Click on “Product Updates”.

23.)   Install the following:

a.        Critical Updates and Service Packs

b.       Advanced Security Updates

c.        Device Drivers

d.       Recommended Updates:

                                                               i.      COM+ Rollup Package 18.1

                                                              ii.      Root Certificates Update

                                                            iii.      Windows 2000 Compatibility Updates

                                                            iv.      DirectX 8.1 (for some OpenGL applications)

24.)   Edit C:\SYSPREP\SYSPREP.INF and change the XXXXX to the appropriate information

a.        “AdminPassword” is the local workstation’s administrator password.

b.       “DomainAdmin” is the name of the account that has the privilege to join the workstation to the domain.

c.        “DomainAdminPassword” is the password to the above account.

 

[Insert from Ray’s Windows 2000 Professional Changes with additions and modifications]

 

25.)   When the "Getting Started" dialog appears:

a.        Uncheck the "Show this Screen at Start-up" box.
Click "Exit"

26.)   Start Windows Explorer

a.        Create two new directories under the C: drive
C:\Temp -- erasable space for temporary files
C:\Software -- installation space for applications that can't handle the name "Program Files"

b.       Open Tools/Folder Options...
Under Offline Files Tab:
Uncheck Enable Offline Files (NetApp provides a similar service)

27.)   Start "Connect to Internet" from the desktop and answer the appropriate questions.
Make sure you check the box "Do not show this again" and exit. The icon should disappear from the desktop.

28.)   Start Internet Explorer

a.        Open the "Tools/Internet Options" panel

                                                               i.      Under the General Tab:
Set the home page to be: http://www.uwaterloo.ca
Change the Settings for the Temporary Internet Files

1.        Click Settings
Click Move Folder
Select C:\Temp

b.       Internet Explorer will log you off in order to move the files

29.)   Open Start/Settings/Control Panel

a.        Open Display

                                                               i.      Under the Screen Saver Tab:
Set Screensaver to 3D Pipes
Check the Password protected box

                                                              ii.      Under the Appearance Tab:
Select Storm (to differentiate the desktop from Windows 95)

                                                            iii.      Under the Effects Tab:
Uncheck Use Transition effects fro the menus and tool tips

b.       On ATX-style machines (with software controlled Power Buttons)
Set Power Save option to standby, rather than off.

c.        Open Network and Dialup Connections

                                                               i.      Open Properties for Local Area Connection
Check Show Icon in taskbar when connected

d.       Open System

                                                               i.      Under Advanced tab:
Click "Environment Variables..."

1.        Under User variables for Administrator
Select TEMP, and Edit..., Set its value to "C:\TEMP"
Select TMP and Edit..., Set its value to "C:\TEMP"

2.        Click "Start-up and Recovery..."
Uncheck "Display list of operating systems..."

Click “Performance Options”

1.        Click “Advanced”

2.        Under “Virtual Memory”, click CHANGE

3.        Change the registry size to 128MB.

30.)   Open Start/Settings/Taskbar and Start Menu...

a.        Under General Tab:
Uncheck Use Personalized Menus

b.       Under Advanced Tab:
Check Display Logoff in Start Menu Settings
Click Advanced... to open System Tools Explorer

c.                    Local Disk C:

d.                    +-Documents and Settings

e.                      +-All Users

f.                        +-Start Menu

g.                          +-Programs

h.                            +-Accessories

i.                         Remove Games

j.                         Remove Communications/HyperTerminal

k.                         Remove Communications/Internet Connection Wizard

l.                         Remove Communications/Phone Dialer

m.                    Local Disk C:

n.                    +-Documents and Settings

o.                      +-Default User

p.                        +-Start Menu

q.                          +-Programs

r.                              Add subdirectory Internet Tools

s.                              Create shortcut (link) from Local Disk C:\Program Files\Internet Explorer\IEXPLORE.EXE

t.                              Rename the shortcut to "Internet Explorer"

u.                              Add subdirectory Internet Tools/Mail

v.                              Create shortcut from Local Disk C:\Program Files\Outlook Express\msimn.exe

w.                 Rename shortcut to "Outlook Express"

x.                    Local Disk C:

y.                    +-Documents and Settings

z.                      +-Default User

aa.                    +-Start Menu

bb.                      +-Programs

cc.                        +-Accessories

dd.             Select properties of the "Command Prompt" and change the target to %SystemRoot%\system32\cmd.exe /F:ON

ee.             Change the Start in to %HomeDrive%%HomePath%

31.)   Run regedt32

32.)     HKEY_LOCAL_MACHINE   (this automatically adds the Connection Wizard)

33.)     +-Software

34.)       +-Microsoft

35.)         +-Active Setup

36.)           +-Install Components

37.)             +-{44BBA840-CC51-11CF-AAFA-00AA00B6015C}

38.)               +-Stubpath

39.)                 Delete Key...

40.)   

41.)     HKEY_LOCAL_MACHINE

42.)     +-SYSTEM

43.)       +-CurrentControlSet

44.)         +-Services

45.)          +-lanmanworkstation

46.)           +-parameters

47.)             Modify enableplaintextpassword

48.)              set its value to 1

49.)   

50.)     HKEY_CURRENT_USER

51.)     +-Control Panel

52.)       +-Colors

53.)         File/Save Key...

54.)     HKEY_USERS

55.)     +-.DEFAULT

56.)       +-Control Panel

57.)         +-Colors

58.)           File/Restore...

59.)     to set the default screen colors to "Storm (VGA)" settings

60.)   

61.)     HKEY_USERS

62.)     +-.DEFAULT

63.)       +-Control Panel

64.)         +-Desktop

65.)           Modify SCRNSAVE.EXE from logon.scr to scrnsave.scr

66.)   

67.)     HKEY_USERS

68.)     +-.Default

69.)       +-software

70.)         +-Microsoft

71.)           +-Windows

72.)             +-Current Version

73.)               +-Runonce

74.)                 Delete SetupICWDesktop: REG_SZ: C:\Program Files \Internet Explorer\Connection Wizard\icwconn.exe /desktop

Changes will require a reboot to take effect

 

75.)   Open Recycle Bin Properties

a.        Under Global Tab:
Select Use one setting for all drives
Check "Do not move files to the Recycle Bin. Remove files immediately when deleted"
(this is necessary to prevent permission problems with files deleted off the local hard drive - the network drives do not use the recycle bin.)

76.)   Right Click Outlook Express icon in Quicklaunch toolbar, and select Delete.

77.)   Copy the Command Prompt and Windows Explorer icons into Quicklaunch area.

78.)   Copy the WordPad icon into “C:\Documents and Settings\Administrator\SendTo”.

79.)   Don't forget to copy the Administrator settings to the Default User settings using the Control Panel\System under the Users Profile Tab.
Change the permissions to "Local Computer"\Users

 

[unsnipped]

 

NOTE: if you are updating an existing image and you used the “sysprep restore method”, you will have to use PQMAGIC to shrink the partition down to 2.0G before doing the following steps below. Shrinking the image to 2.0G will allow you to use this image on hard drives 2.0G or larger. If you don’t shrink it and then compress it, the image will only be installed on hard drives with the capacity of the image or larger.

 

80.)   Clean up all cached files (SP2, IE, drivers) in C:\TEMP.

81.)   Clear history and cache files in IE.

82.)   Reboot.

83.)   Logon as local administrator and open a command prompt.

84.)   In the command prompt type “cd sysprep” (refer to steps 17-24), then type “sysprep /forceshutdown”.

85.)   Wait for a confirmation wizard to appear. Close the command prompt. Click OK.

86.)   The sysprep program will remove all SIDs and network information from the workstation.

87.)   Reboot. (Go directly to Step 88.)

 

Creating Sysprep Image Using PowerQuest Drive Image

 

88.)   Put in the Sysprep BootDisk into the floppy drive.

89.)   Wait for the machine to complete boot up process.

90.)   Type “net use y: \\isabeau\ic”. Authenticate yourself.

91.)   Type: “cd y:\images\(chipset directory)\group”

a.        ChipsetDirectory is the motherboard chipset type:

                                                               i.      I-ACPI – Intel chipset with ACPI power management features (P3s and newer)

                                                              ii.      I-nACPI – Intel chipset without ACPI power management features (pre-P3s)

                                                            iii.      V-ACPI – VIA chipset with ACPI power management features

                                                            iv.      V-nACPI – VIA chipset without ACPI power management features

                                                             v.      S-ACPI – SiS chipset with ACPI power management features

                                                            vi.      S-nACPI – Sis chipset without ACPI power management features

b.       Group is the group that the administrator is in. e.g. EngComp, AHS, etc.

92.)   Type PQDI.

93.)   In PQDI:

a.        Select “Create Image”. Click NEXT.

b.       Click “Browse” and verified that you are in the right directory.

c.        Type in the name of the sysprep that you will create. Click OK. (E.g. fulcrum.pqi)

d.       Type in a few comments of motherboard type, image number, etc, in the “Comments” area. Click NEXT.

e.        Select “HIGH” compression. Click NEXT.

f.         Click FINISH.

 

Restoring a Sysprep Image

 

94.)   Boot from the Sysprep BootDisk.

95.)   Wait until the boot up process to complete.

96.)   CD into the appropriate directory where the image is housed.

97.)   Type: restore image_name.pqi.

98.)   When the process is completed, the machine will reboot automatically.

99.)   After the workstation rebooted, you will be present with a wizard for the computer name. Input the computer name, click NEXT and the process is done.

 

Modifying Sysprep.inf Information During Boot-up Installation Process

 

If find that another administrator has created a sysprep image for your type of motherboard and you would like to use it, you will run into two problem. The first one is that you will not know the local administrator password to the workstation. The second is the that image will not automatically join workstation into the domain due to a different DomainAdmin account. Well, you can fix these little problems by doing the following below.

 

100.)                        Access \\isabeau\i\sysprep\files\sysprep and copy all the files onto a floppy disk.

101.)                        Modify the sysprep.inf file on the floppy.

102.)                        Restore an image as described above. The workstation will reboot after the installation process.

103.)                        As the workstation is booting up, put the floppy disk with the sysprep.inf file into the floppy drive.

 

As the image is booting up, the image will pick up the new sysprep information from the floppy disk instead of from the hard drive. The whole process will work like as you made the image yourself.

NOTE: to change the password for the local administrator, the image must be set with a null password (password not set). If the local administrator password for the image is set to something, the adminpassword on the image will not be changed by the password in the script. If the password set to something and you don’t know the password, do the following below.

Changing the Local Administrator Password of Workstation in the Domain

104.)                        Open the Active Directory Microsoft management console (MMC).

105.)                        Right-click on FACULTIES OU and select FIND.

106.)                        Select COMPUTERS in the FIND dialog box and then type in the computer name in the COMPUTER NAME dialog box.

107.)                        Click FIND NOW button.

108.)                        Right-click the computer name and then select MANAGE.

109.)                        Select LOCAL USERS and GROUP and then USERS.

110.)                        Right-click on the ADMINISTRATOR icon. Select RESET PASSWORD.

 This should reset the local administrator password and allow you to log onto the workstation without you knowing what the password that set.