Thursday, December 31, 2009

Sysprep - Windows 7 and the 100 MB hidden partition

This article is in response to Brian Jackson's blog posting: Sysprep a Windows 7 Machine – Start to Finish

If you allow the Windows 7 setup CD to create your primary partition, it will actually create two partitions, a hidden 100mb system reserved partition used for bootmgr and bitlocker, and the remaining space in a second partition.

Brian Jackson's Diskpart script does not take into account the hidden 100mb partition and if it's not restored, the machine will not boot, showing a cannot find bootmgr error. BCDEdit /set <...> always produces the following error message:
The boot configuration data store could not be opened.
The system cannot find the file specified.

Thus, the following is how to properly image/recreate BOTH partitions.

When you load up WINPE, drive C: is assigned to the 100mb system reserved partition while drive D: is assigned to the windows partition. In order to correctly capture an image of your machine, you need to use Imagex (or GImagex) to make a WIM of BOTH the C drive and the D drive. On the machine you wish to deploy this image, with the WINPE disc loaded, you need to recreate both partitions by entering the following in the WINPE command prompt:
*Select disk 0
Create partition primary size=100
Select partition 1
Format fs=ntfs quick
Create partition primary
Select partition 2
Format fs=ntfs quick

*It's very possible that disk 0 is not the correct drive. You should therefore type "list disk" prior to the "select disk" step and change the 0 to the number corresponding to your physical hard drive. Occasionally, Disk 0 referenced my USB flash drive while Disk 1 was my physical hard drive.

Reboot the machine and reload the WINPE disc so that both partitions are reassigned the correct C and D drive letters. Load up GImagex deploy the system reserved image back to the C drive and the windows image back to the D drive.

You can avoid this process altogether by using a 3rd party program (such as Brian Jackson's DISKPART script on the WINPE cd) to partition the drive before installing windows 7 on the machine you're imaging. The hidden 100mb partition will not be created and you will not have to image two partitions. Another workaround is to use Acronis True Image or Norton Ghost loaded from a boot disk. Those programs can make an image of your entire sysprepped drive and all of it's partitions like Imagex does, but they are much easier to use and far more user friendly. If you have no intentions of using bitlocker, I strongly suggest doing the above so that the 100mb hidden partition is not created, as it appears there may be other issues with sysprep when you have any additional partitions on the drive. (see
"Windows could not finish configuring the system. To attempt to resume configuration restart computer")

More INFO:

“Windows could not finish configuring the system. To attempt to resume configuration restart computer”

Sysprep with the Copyprofile setting - the correct WAY

This article is in response to Brian Jackson's blog posting: Sysprep a Windows 7 Machine – Start to Finish

I've spent some time trying to get a customized default profile set up in Windows and I've failed several times before finally getting it to work.

First, a lot people/blogs suggest to create a new user account, customize it and do either one of the following
a) log in with the admin account and manually copy the customized user profile over the default user profile in C:\users\
b) Download a free 3rd party tool called Windows Enabler, which will allow you to use the greyed out "Copy to" button in User Profiles (in System Properties).

Both of these things do the same exact thing as far as I can tell and both lead to a big problem. For new accounts that you create, you will find that all the words in "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" will have user data based on the original user account you customized the default profile with.

So for example, suppose you started with a clean Windows 7 install, created the user 'John' and customized that profile. Then you followed either a) or b) to overwrite the default profile. Now when you create a new user account, say 'Mary', under her account in the registry path pasted above, the DWORD "AppData" will point to C:\Users\John\AppData\Roaming instead of the correct C:\Users\Mary\AppData\Roaming. You could, of course, write a script to replace 'John' with 'whatever' but i've found many other places under HKEY_CURRENT_USER\* where old profile data/paths to 'John' would appear.

This is why I tried to get sysprep with the copyprofile = true setting to work. First, it appears that you can't create a user account, customize it, and then run sysprep from that account with the copyprofile=true setting, as after sysprep reboots your machine, it will fail when it attempts to process your answerfile (when it reaches the copyprofile step). It will actually give you an error message, tell you to reboot the machine, and when you do so the error message reappears, leaving you in an endless cycle of rebooting.

The correct way to get sysprep to work with copyprofile=true is after you first install win7, when you arrive at the welcome screen and it asks you to create a username, hit ctrl+shift+f3. This will reboot your machine and put your windows build in 'audit' mode. On reboot, you'll automatically be logged in under the built-in Administrator account*. A sysprep GUI box will appear, but you can close it and NOW begin to customize your profile. Install any software/drivers, make any profile customizations, etc. If you need to reboot, the computer will boot you back into the Administrator account. You will be stuck in this audit mode until you run sysprep with the /oobe parameter. After doing so, sysprep will delete/clean up the Administrator account, but if you have copyprofile=true in your unattended answerfile, it will copy the customized Admin account to the default profile before deleting it. On reboot, Windows will run out of the box, as the /oobe is intended. Create a new user account in the Welcome screen, and when you log in, you should see all your customizations there. The registry information will also have all the correct paths based on the new user account and not of the original.

I also have a copy of Acronis True Image and made a bootable rescue CD, which allows me to boot into Acronis TI and make a backup of my sysprepped partition (to a network drive) instead of having to use WINPE. A lot of people are also making images of their drive with a Norton Ghost bootable CD. Both of these programs significantly simplify the process of backing up and restoring your images and are far more user friendly compared to WINPE and Imagex.

*If you're like me and like working through remote desktop to set up the machine, you can do the following so you can log into the machine via remote desktop while it's in audit mode.

1) Start-Control Panel-Admin Tools - Computer Mgmt, under Local Users and Groups-Users, double click on Administrator and uncheck "Account is disabled."
2) Start-Control Panel-Admin Tools - Local Security Policies - Local Policies - Security options, disable "Accounts: Limit local account use of blank passwords to console logon."
3) Enable Remote Desktop under Control Panel - System - Remote settings.

Before you sysprep the machine, undo the changes you made in steps 1 and 2, and disable remote desktop if you don't want it enabled on your machines. You can possibly avoid step 2 by setting a password for the built-in Administrator account, but since the system boots you into the Admin account automatically in audit mode, I have no idea what problems, if any, may arise if a password is set. To avoid additional headaches, I just did as outlined in step 2.