Click an Ad

If you find this blog helpful, please support me by clicking an ad!

Wednesday, June 20, 2012

Windows 7 imaging method

Windows 7 imaging method


We are using Acronis to image our mix of desktop and tablet computers, and I was charged with coming up with the methodology on imaging computers when we started rolling out Windows 7. Learning how to work with Windows' deployment kits was just stupid. The documentation is terrible and there are a ton of different programs internal to the AIK that you have to magically just know how to use. With my complaining out of the way, let me tell you how I accomplished getting Windows 7 out to my people.
First off, a little about my environment, which directly impacted my options and enabled me to do what I did. I only need to create images for 2 different desktop and 2 different tablet models. If I had to keep track of more models, I probably would have been forced to do it "Microsoft's way". We're upgrading to Windows 7 a little at a time, so I don't need to worry about using multicast to upgrade a lot of computers at once. Now, on to the process of creating a master image:

  • Install Windows 7 Professional from the DVD, creating a generic "user" account along the way, and giving the computer a name like HP2730MSTR (combining the hardware model with "Master")
  • Enable the local admin account and set its password
  • Activate Windows 7 with your key
  • Log off of "user" and log in as the local administrator account you just enabled
  • Install Drivers, Windows 7 SP1, and Windows updates
  • Uninstall some Windows Features (Internet Printing, Windows DVD Maker, Games, Windows Media Center, Windows Fax and Scan)
  • Install Office 2010, Office 2010 SP1, and Silverlight
  • Change the workgroup: If my domain name is foo.com I would change the computer to belong to the workgroup "foo". This allows me to access the file servers on my network.
  • Turn off UAC. Our users are all local administrators (yeah yeah, fact of life here) and this is just annoying to them.
  • Delete the profile and user account of "user"
  • Go into Windows Explorer and turn on "Show hidden files, folders, and drives" and also uncheck the box next to "Hide protected operating system files"
  • Modifications to the Default User registry hive. Break time. The Default User hive stores the registry template for every new user who logs on to the computer. Make a change here, and that setting will propagate to every user who logs on to the computer, provided they have never logged on before (which is why we're addressing it here in the image).To accomplish this:
    • Open Regedit.exe, and load the default user hive. This is accomplished by:
    • Highlight the HKEY_USERS key
    • Click File, then Load Hive
    • Choose C:\Users\Default\NTUSER.DAT (If you can't see the Default folder, then you didn't perform the Windows Explorer step above)
    • Give it a name, it doesn't matter what
    •  Now, expand HKEY_USERS and the folder you just named
    •  The subkey you want is Software/Microsoft/Windows/Currentversion/Runonce
    •  On the right pane, create two new string values, named "Libraries" and "RemPinned"
    • Modify the Libraries item so that the data= c:\libraries.bat
    • Modify the RemPinned item so that the data= c:\rempinned.vbs
So, now your asking yourself, "Where are those files?" Well, you need to create them, and copy in this text.

Filename: RemPinned.vbs
Purpose: This VBS file unpins the default items that Windows 7 pins to the taskbar (Media Player, IE, and Explorer)
Created by: Charles Stemaly (shamelessly copied and pasted from code found somewhere; I'm not very good at VB Scripting)


Option Explicit

Const CSIDL_STARTMENU = &HB
Const CSIDL_COMMON_PROGRAMS = &H17

Dim objShell, objFSO
Dim objCurrentUserStartFolder
Dim strCurrentUserStartFolderPath
Dim objAllUsersProgramsFolder
Dim strAllUsersProgramsPath
Dim objFolder
Dim objFolderItem
Dim colVerbs
Dim objVerb

Set objShell = CreateObject("Shell.Application")
Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objCurrentUserStartFolder = objShell.NameSpace (CSIDL_STARTMENU)
strCurrentUserStartFolderPath = objCurrentUserStartFolder.Self.Path

Set objAllUsersProgramsFolder = objShell.NameSpace(CSIDL_COMMON_PROGRAMS)
strAllUsersProgramsPath = objAllUsersProgramsFolder.Self.Path

'''''''''''''''''''''''''''''''''''''''Unpin Shortcuts'''''''''''''''''''''''''''''''''''''''
'Internet Explorer
If objFSO.FileExists(strCurrentUserStartFolderPath & "\Programs\Internet Explorer.lnk") Then
Set objFolder = objShell.Namespace(strCurrentUserStartFolderPath & "\Programs")
Set objFolderItem = objFolder.ParseName("Internet Explorer.lnk")
Set colVerbs = objFolderItem.Verbs
For Each objVerb in colVerbs
If Replace(objVerb.name, "&", "") = "Unpin from Taskbar" Then objVerb.DoIt
Next
End If

'Windows Explorer
If objFSO.FileExists(strCurrentUserStartFolderPath & "\Programs\Accessories\Windows Explorer.lnk") Then
Set objFolder = objShell.Namespace(strCurrentUserStartFolderPath & "\Programs\Accessories")
Set objFolderItem = objFolder.ParseName("Windows Explorer.lnk")
Set colVerbs = objFolderItem.Verbs
For Each objVerb in colVerbs
If Replace(objVerb.name, "&", "") = "Unpin from Taskbar" Then objVerb.DoIt
Next
End If

'Windows Media Player
If objFSO.FileExists(strAllUsersProgramsPath & "\Windows Media Player.lnk") Then
Set objFolder = objShell.Namespace(strAllUsersProgramsPath)
Set objFolderItem = objFolder.ParseName("Windows Media Player.lnk")
Set colVerbs = objFolderItem.Verbs
For Each objVerb in colVerbs
If Replace(objVerb.name, "&", "") = "Unpin from Taskbar" Then objVerb.DoIt
Next
End If
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

Filename: Libraries.bat
Purpose: This file leverages shlib.exe to manipulate the Windows 7 libraries available to your users. I remove the local Document library mapping to a local "Public" folder, then I remove the Music, Pictures, and Videos libraries. Group Policy doesn't have very good methods to manage libraries, so I had to go this route.
Created by: Charles Stemaly
Other requirements: This batch file requires that a file named ShLib.exe be present in you C:\Windows\System32 folder. ShLib.exe can be found here, via the Grim Admin, and his methodology is here if you want to learn about this the way I did initially.

c:
cd\
shlib remove "%userprofile%\appdata\roaming\microsoft\windows\libraries\documents.library-ms" "c:\users\public\documents"
del "%userprofile%\appdata\roaming\microsoft\windows\libraries\music.library-ms"
del "%userprofile%\appdata\roaming\microsoft\windows\libraries\pictures.library-ms"
del "%userprofile%\appdata\roaming\microsoft\windows\libraries\videos.library-ms"
Now, back to the list:

  • Still in regedit, unload the Default User hive by clicking on the folder which you named, clicking the File menu, and then choosing Unload Hive.
  • You should turn off the "Network" tree in Windows Explorer (it normally appears under "Computers in the left pane"). This normally allows people to browse computers on your network, and no sir, I don't like it.
    • Still in regedit, expand the following: HKEY_CLASSES_ROOT\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\
    • Right click on Shellfolder, and alter the permissions to give administrator full control
    • Modify the "Attributes" DWORD value on the right and change its value to b0940064 (I only ever had to alter 1 character, the 9)
  • Now, you can close regedit
  • Ensure that RemPinned.vbs and Libraries.bat are in your C:\ (the root folder)
  • Copy ShLib.exe to C:\Windows\System32
  • Run C:\rempinned.vbs and C:\Libraries.bat to perform their functions for the local administrator profile that you're currently logged in as.
  • Install (and update) all of the applications that every computer of that model needs: Flash, Adobe Reader, Java, etc.
  • Configure any wireless settings
  • Run Windows Update and restart as needed
  • Turn hidden files back off from earlier
  • Ensure that everything is ready to go and the system boots cleanly from and updates you performed.
  • Power the system off
  • Boot the system to your disk imaging software and capture the image as "SysPrep0 - Master"
  • Now, boot the system back into windows, and log in as the local administrator
  • Launch C:\Windows\System32\Sysprep\Sysprep.exe
  • Choose "Enter System Out-of-Box Experience (OOBE), check the Generalize box, and choose "Shut Down"
  • Press Ok and let it work (it will take a few minutes)
  • Now, boot the system to your disk imaging software again and capture this image as "SysPrep1 - Deploy"
  • After this image is captured, reimage the computer using the Sysprep0 image you created earlier, thus reverting it to before you ran sysprep. Label this computer as a master and set it aside.
Every so often, boot up the master computer, run Windows Updates, install any software updates or new programs, then perform the last step again to capture a new sysprep0 and then a sysprep1 image. Doing so ensures that you don't run up against Microsoft's 3 sysprep limit.

I'm sure there are better ways to do a lot of this. I know that you can create an unattended XML answer file and probably get rid of a lot of the workarounds that my method uses. Unfortunately, I have yet to see a really thorough resource for what my options are and all of the syntax for the unattend.xml file.

I tried Microsoft, I really did, but you need to clean up your rollout methodologies, or better document them, or something.









Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)