Sysprep Overview

Sysprep is a tool used to prepare a computer’s hard disk for disk duplication, auditing, and customer delivery. After auditing, you must run Sysprep as the final step in your manufacturing process. Sysprep removes machine-specific settings so that you can deploy the disk image to other machines without System Identifier (SID) or globally unique identifier (GUID) clashes.

Disk-cloning is the fastest way to deploy large numbers of computers but disk-cloning software presents four major problems:

Identical hardware configuration
The target computer(s)—the computer(s) that receives the image—and the reference computer—the computer from which you create the image—must virtually have an identical hardware configuration. If there is a mismatch of hardware, the target computer(s) will likely go to blue screen when booted.
Identical security identifiers
When disk-cloning, the target computer(s) and the reference computer will have identical security identifiers (SIDs). A SID is a value that uniquely identifies a user, group, computer account, and logon session on a network. This poses a significant security problem since each computer requires a unique SID. In a network environment two machines that have the same SID would result in all users’ accounts being the same regardless of any differences in the usernames.
Quality control
Disk-cloning doesn’t really test the target computer for quality. It simply lays down the OS on the hard disk. When you load a system from the CD you are putting a load on the system insuring a consistent and quality computer.
Microsoft support
Microsoft does not provide support for computers that were set up with SID duplicating tools other than the System Preparation tool.

Once Sysprep is executed on a computer, the computer will return to the last stage of the Windows setup process. This is the point where a unique SID is generated. Sysprep also removes critical configuration information and effectively rolls the system back to a state prior to setup completion.

NOTE Don’t run Sysprep on a customer’s existing operating system! If you do it will remove all critical configuration information. Run Sysprep only on reference systems that you've intentionally set up.

When you preinstall the computer using the OPK tools and Windows PE, the Master computer will automatically start up in Sysprep Factory Mode which is also an audit mode.

By running Sysprep in Factory mode, Factory.exe will:

Process its answer file, Winbom.ini
Copy drivers from a network source to the computer (if configured)
Start Plug and Play enumeration
Stage, install, and uninstall applications on the computer from source files located on either the computer or a network source
Add customer data

During factory mode you can install additional drivers and applications at the stage after the reboot that follows Sysprep.

Note: To check the actions of Sysprep -Factory as defined in winbom.ini, you can analyze the log file c:\sysprep\winbom.log.

Return to top

Auditing
Auditing is the manual testing of new computers and should be done on the computers you manufacture to verify a computer is functional before shipment. During auditing, you should:

Verify the operating system loads and applications start properly
Run a disk defragmenter program
Check for corrupted hard disk files, by running Chkdsk
Verify all installed devices in Device Manager are properly recognized
Run other auditing or test tools

You can test the computer or install applications without destroying the pages displayed for the end user's first-run experience. You can restart as many times as necessary while auditing the computer. Normally you audit the Master computer before resealing and imaging.

Return to top

Sysprep -reseal
Running Sysprep -reseal is normally the last thing you do when preparing a computer for delivery.

When you run sysprep -reseal, Sysprep does the following:

Clears any registry keys and settings that need to be unique, such as Internet connection settings, Microsoft Media Player IDs, or any items on the Start menu.
Uses Setupcl.exe to reset the security IDs (SIDs) the next time the operating system restarts, before Windows Welcome or Mini-Setup runs.
Sysprep populates the [SysprepMassStorage] section in Sysprep.inf, if the value of BuildMassStorageSection in the [Sysprep] section of Sysprep.inf is Yes and Sysprep.inf has the [SysprepMassStorage] section.
Installs the mass-storage drivers from [SysprepMassStorage] in Sysprep.inf.
Closes network connections.
Configures Windows Welcome or Mini-Setup to run on next boot.
Copies Sysprep.inf to %WINDIR%\System32\$winnt$.inf.
Writes the registry keys in HKEY_LOCAL_MACHINE\SYSTEM\Setup\CloneTag.
Clears any system restore points.
Resets the time clock for Windows Product Activation, if the time clock has not already been reset three times.

The Sysprep files must be in %SYSTEMDRIVE%\Sysprep folder. When you run Sysprep.exe, Sysprep removes the %SYSTEMDRIVE%\Sysprep folder and its contents after it finishes running.

Once a system has been sealed it will boot up to the Windows Welcome screen. You can skip Windows Welcome pressing the key combination CTRL+SHIFT+F3 when Windows Welcome starts. You may then audit the computer, or if you are a value-added reseller, make additional configurations on the computer before sending it to the customer. After completing your testing, you must run Sysprep -reseal to prepare the computer for the end user.

Note: You can reseal the same computer only three times to reset the time clock for Windows Product Activation.

Return to top

Sysprep Limitations
You cannot run Sysprep on a computer that has been configured as a Cluster services server, a Certificate services server, or a domain controller. Small Business Server 2003 has a special installation method which makes it possible to run Sysprep on a domain controller. This feature gives System Builders the possibility to image a complete installed Small Business Server.

If you run Sysprep on an NTFS file system partition that contains encrypted files or folders, the data in those folders will become unreadable and unrecoverable.
Sysprep images requires relatively similar hardware (HAL) on the target computers.

Sysprep Files	Description
Sysprep.exe	The System Preparation tool that uses the Sysprep.inf answer file to prepare a system disk image for duplication.
Sysprep.inf	An optional answer file that you can use to fully or partially automate Mini-Setup. If Sysprep.inf is present and contains values for the required element(s), Mini-Setup uses the information from Sysprep.inf instead of prompting the end user.
Setupcl.exe	An executable program invoked by Sysprep.exe that recognizes SIDs. This program must reside in the same folder as Sysprep.exe.
Factory.exe	An executable file that enables you to use Sysprep in Factory mode.

Sysprep Command Line Switches	Description
-activated	Do not reset the grace period for Windows Product Activation. Use this option only if you have activated the Windows installation in the factory.
-audit	Reboots the computer into Factory mode without generating new security IDs (SIDs) or processing any items in the [OEMRunOnce] section of Winbom.ini. Only use this command-line option if the computer is already in Factory mode.
-clean	Clears the critical devices database used by the [SysprepMassStorage] section in Sysprep.inf.
-dc	This is a switch for Windows Small Business Server only. Without the -dc (domain controller) switch, Sysprep will not be able to reseal a fully installed SBS computer.
-factory	Restarts in a network-enabled state without displaying Windows Welcome or Mini-Setup. This option is useful for updating drivers, running Plug and Play enumeration, installing applications, testing, configuring the computer with customer data, or making other configuration changes in your factory environment.
-forceshutdown	Shuts down the computer after Sysprep is complete. Note: Use this option with computers with ACPI BIOS that do not shut down properly with Sysprep's default behavior.
-mini	Configures Windows XP Professional to use Mini-Setup rather than Windows Welcome. This option has no effect on Windows XP Home Edition, where the first-run experience is always Windows Welcome.
-noreboot	Modifies registry keys (SID, OemDuplicatorString, and so on) without the system rebooting or preparing for duplication. This option is mainly used for testing, specifically to see if the registry is modified properly. This option is not recommended because making changes to a computer after Sysprep has run may invalidate the preparation done by Sysprep.
-nosidgen	Runs Sysprep without generating new SIDs. You must use this option if you are not duplicating the computer on which you are running Sysprep or if you are pre-installing domain controllers.
-pnp	Runs the full Plug and Play device enumeration and installation during Mini-Setup. This command-line option has no effect if the first-run experience is Windows Welcome. Use -pnp only when you need to detect and install legacy, non-Plug and Play devices.
-quiet	Runs Sysprep without displaying onscreen confirmation messages. This is useful if you are automating Sysprep. For example, if you plan to run Sysprep immediately following unattended Setup, add sysprep -quiet to the [GuiRunOnce] section of the Unattend.txt file.
-reboot	Forces the computer to automatically reboot and then start Windows Welcome Mini-Setup, or Factory mode, as specified. This is useful when you want to audit the system and verify that the first-run experience is operating correctly.
-reseal	Clears the Event Viewer logs and prepares the computer for delivery to the customer. Windows Welcome or Mini-Setup is set to start at the next boot. If you run the command sysprep -factory, you must seal the installation as the last step in your pre-installation process, either by running the command sysprep -reseal or by clicking the Reseal button in the Sysprep dialog box.