Thursday, December 31, 2009

Sysprep with the Copyprofile setting - the correct WAY

This article is in response to Brian Jackson's blog posting: Sysprep a Windows 7 Machine – Start to Finish

I've spent some time trying to get a customized default profile set up in Windows and I've failed several times before finally getting it to work.

First, a lot people/blogs suggest to create a new user account, customize it and do either one of the following
a) log in with the admin account and manually copy the customized user profile over the default user profile in C:\users\
b) Download a free 3rd party tool called Windows Enabler, which will allow you to use the greyed out "Copy to" button in User Profiles (in System Properties).

Both of these things do the same exact thing as far as I can tell and both lead to a big problem. For new accounts that you create, you will find that all the words in "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" will have user data based on the original user account you customized the default profile with.

So for example, suppose you started with a clean Windows 7 install, created the user 'John' and customized that profile. Then you followed either a) or b) to overwrite the default profile. Now when you create a new user account, say 'Mary', under her account in the registry path pasted above, the DWORD "AppData" will point to C:\Users\John\AppData\Roaming instead of the correct C:\Users\Mary\AppData\Roaming. You could, of course, write a script to replace 'John' with 'whatever' but i've found many other places under HKEY_CURRENT_USER\* where old profile data/paths to 'John' would appear.

This is why I tried to get sysprep with the copyprofile = true setting to work. First, it appears that you can't create a user account, customize it, and then run sysprep from that account with the copyprofile=true setting, as after sysprep reboots your machine, it will fail when it attempts to process your answerfile (when it reaches the copyprofile step). It will actually give you an error message, tell you to reboot the machine, and when you do so the error message reappears, leaving you in an endless cycle of rebooting.

The correct way to get sysprep to work with copyprofile=true is after you first install win7, when you arrive at the welcome screen and it asks you to create a username, hit ctrl+shift+f3. This will reboot your machine and put your windows build in 'audit' mode. On reboot, you'll automatically be logged in under the built-in Administrator account*. A sysprep GUI box will appear, but you can close it and NOW begin to customize your profile. Install any software/drivers, make any profile customizations, etc. If you need to reboot, the computer will boot you back into the Administrator account. You will be stuck in this audit mode until you run sysprep with the /oobe parameter. After doing so, sysprep will delete/clean up the Administrator account, but if you have copyprofile=true in your unattended answerfile, it will copy the customized Admin account to the default profile before deleting it. On reboot, Windows will run out of the box, as the /oobe is intended. Create a new user account in the Welcome screen, and when you log in, you should see all your customizations there. The registry information will also have all the correct paths based on the new user account and not of the original.


I also have a copy of Acronis True Image and made a bootable rescue CD, which allows me to boot into Acronis TI and make a backup of my sysprepped partition (to a network drive) instead of having to use WINPE. A lot of people are also making images of their drive with a Norton Ghost bootable CD. Both of these programs significantly simplify the process of backing up and restoring your images and are far more user friendly compared to WINPE and Imagex.

*If you're like me and like working through remote desktop to set up the machine, you can do the following so you can log into the machine via remote desktop while it's in audit mode.

1) Start-Control Panel-Admin Tools - Computer Mgmt, under Local Users and Groups-Users, double click on Administrator and uncheck "Account is disabled."
2) Start-Control Panel-Admin Tools - Local Security Policies - Local Policies - Security options, disable "Accounts: Limit local account use of blank passwords to console logon."
3) Enable Remote Desktop under Control Panel - System - Remote settings.

Before you sysprep the machine, undo the changes you made in steps 1 and 2, and disable remote desktop if you don't want it enabled on your machines. You can possibly avoid step 2 by setting a password for the built-in Administrator account, but since the system boots you into the Admin account automatically in audit mode, I have no idea what problems, if any, may arise if a password is set. To avoid additional headaches, I just did as outlined in step 2.

18 comments:

  1. What if you want to use the admin account, with a set password, for management purposes?

    I use administrator on our WinXP environment many times when I want to do something nitty gritty on a device.

    ReplyDelete
  2. Nathan,
    Have you tried to copy the default profile over to a mounted wim and see if the settings are kept from a clean install using that wim file?

    ReplyDelete
  3. @Kyle You can set a password for the admin account in your answer file. I'm not sure that setting a password while you're in audit mode will be carried over after you run sysprep with the /oobe switch.

    @BHolt As far as I know.. WIM just makes an image of your hard drive just as any other hard drive imaging software would like Acronis true image or norton ghost.. I see no reason why the copyprofile method I outlined would not work if you imaged the drive using WIM.

    I strongly suggest that you image your drive before running sysprep that way if for some reason it fails, you can restore the machine just as it were prior to sysprepping it. If sysprep fails, it will usually trash windows and your only option at that point is to format and reinstall windows or load an image of the drive prior to sysprepping it.. the latter is obviously more preferrable. You can image the drive prior to sysprepping using WIM, btw.

    ReplyDelete
  4. When I do the audit mode and start setting up some applications - after installing MS Office 2007, when I reboot, it comes to a "Windows could not complete the installtion. To install Windows on this computer, restart the installation." loop. I the only thing I found that I can do is to start all over again. Any suggestions?

    ReplyDelete
  5. Hm.. strange. I had no problems installing Office 2007 while in audit mode. Are you sure it's Office causing the error message and not another software/driver you installed? Only thing I can suggest is to wipe the computer clean, reinstall Windows, and first thing in audit mode is install MS Office 2007 and only Office, reboot, and see if the error comes up again. If it doesn't, you know something else is causing it. Maybe also search google for "audit mode" with the error message in the same box and see if anyone else encountered such a problem.

    ReplyDelete
  6. Nathan, I am having a bit of a issue finding articles that seem similiar to what I am experiencing, but I am still looking.

    Before making my post here, I did just what you suggested. That is why I know it is Office 2007. I have restarted the OS before the install and it brings me right back to the desktop, however, after Office 2007, it breaks. The only thing I might of done that is different than what you may have done - is I install ALL components of Office 2007. I find it kind of weird that Office is causing this issue...

    ReplyDelete
  7. Hmm.. I also installed Office 2007 from the hard drive with the 2nd SP slipstreamed.. The method is detailed here:
    http://community.winsupersite.com/blogs/paul/archive/2009/04/28/slipstream-office-2007-with-sp2.aspx
    Give it a shot and see if you're still having issues. I also ran the Windows update to install all office 2007 updates prior to rebooting. Make sure Windows Update is set to update all software in addition to Windows. Finally, if you're planning to deploy this image of Windows to dissimilar machines with different hardware, I wouldn't install any drivers. Perhaps a driver you're installing is causing the issue. Finally, there should be a log kept in your C:\Windows\Panther\ directory detailing everything sysprep is doing. I'm not sure if this log is written while you're in audit mode before actually running sysprep from the command line, but you might want to see if there is something there. If not, you may want to search Google for where Windows 7 stores it boot log and see if any errors are detailed there. Somewhere, there should be a log with an error code and maybe additional information about why Windows is misbehaving.

    ReplyDelete
  8. I found once I finally got the copyprofile=true parameter to work that the default profile had ballooned to over 50M. Anyone else see that or did I just forget to clean up temp files or something?

    ReplyDelete
  9. David-
    Not using copyprofile=true, but I have at least one image witha 200meg default profile. Some of the software we use likes to really load up the user profile with stuff.

    ReplyDelete
  10. Well I tried this over and over again with no success. I've also tried out the method found here: http://blog.brianleejackson.com/sysprep-a-windows-7-machine-–-start-to-finish-v2 with no success either. Well I finally hit paydirt. Part of my problem has been that I use an AutoUnattend.xml file to do my inital PC build (AutoUnattend.xml is for when you are automating the partitioning of a drive) and neither of these two methods would work for me. Both resulted in various conditions or errors, none of which accomplished my goals. So on a whim, I decided to simplify and follow Microsoft's instructions found here: http://support.microsoft.com/kb/959753.

    I used my AutoUnattend.xml file to do the initial build of my PC as well as I did the OOBE part so in essence the machine is 100% ready to use. However at this point I copied over another xml file that I used for copying the Admin profile. All I have in this XML file is as MS recommends, true (as built by WSIM). I placed this in C:\Windows\system32\sysprep, opened a command prompt in that folder and ran the following: sysprep /generalize /oobe /unattend:myxmlfile.xml

    This resulted in a successful profile copy for me.

    ReplyDelete
  11. Seems to work partly.
    Firefox profile etc is working but not the icons on my taskbar.

    When I log in with local administrator after i have deployed the image it is still in audit mode.

    ReplyDelete
  12. I seem to only get errors when I use the /generalize switch. Has anyone had problems using the same image on multiple computers without using generalize? It appears that generalize just resets the SID, but I am booting the computer after sysprep and setting everything up, then cloning and distributing so that new deployments don't have to go through the OOBE steps. Furthermore, the guy who wrote the SID changer app claims it's irrelevant.

    http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx

    But was 'debunked' by another guy.

    http://4sysops.com/archives/why-sysprep-is-an-obligatory-windows-deployment-tool-part-2-unique-sids-are-necessary/

    And I can't find quality info about what all "generalize" does anyway, and see no immediate ill effects by not using it.

    -- Paul

    ReplyDelete
  13. So do I run the command Brian Lee used in his article?
    sysprep /generalize /oobe /shutdown /unattend:Win7.xml
    or just a /oobe then login then run the command?

    ReplyDelete
  14. Hi guys, I am quite new to this and am a little lost:

    Can you show me what an answer file would look like with the "Copyprofile=true" option included? Do you use WAIK to make it, and how?

    ReplyDelete
  15. @Evan, what happens when nopt using the copy profile option?
    How does the new user appear? what about program settings ?
    What does the desktop look like? All programs work anyway?

    ReplyDelete
  16. Thanks for taking the time to explain this process from start to finish. I have spent day's struggling with a troublesome WIM which was constantly crapping out because of the CopyProfile tag in unattend.xml.

    It's a real shame those nice chaps at Microsoft don't explain the significance of Audit mode. My issue was caused because I had configured my default user profile by enabling the local admin account, but because it was enabled and had a password assigned the CopyProfile phase of sysprep could not function - resulting in the endless rebooting during Windows Setup.

    Again thanks very much. I don't think I would have overcome this problem without your help.

    ReplyDelete