Monday, 21 February 2011

Windows 7 Hii

How to Capture, Sysprep, Deploy and add to domain a
Windows 7 Machine using Altiris DS 6.9 Start to Finish

Sorry about the formatting.
After a lot of googling, sorry research, I have managed to get a windows 7 image captured and able to deploy to a PC and get it on the domain.
I hope it helps somebody else even if they only take a small part and work out a better way to do the rest.
If you can simplify any of this let me know as it is quite involved.

Thanks.

A lot of help with the unattend.xml from Brian Jackson.
http://theitbros.com/sysprep-a-windows-7-machine-%E2%80%93-start-to-finish

What you need.

Altiris DS 6.9 sp4
Windows Auto Install Kit (WAIK)
                This includes Windows System Image Manager (WSIM)
Windows 7 DVD or ISO

Create the unattend.xml
1.       Install
WAIK
2.       Mount
your Windows 7 ISO or insert the DVD.
3.       Launch
WSIM






4.     Under the “Windows Image”
header, right click and select new image.


Browse to the install.wim
on the DVD or ISO.



Now we need to create a new answer file. Go to the file menu and select
“Create New Answer File.” Right after creating one, go ahead and simply go to
file menu and select “Save Answer File.” This will give your XML file a name
and save location. I chose to name mine unattend.xml. Now you see we
have two category folders, Components and Packages. Under the Components folder
you see that we have 7 options:

-1 windowsPE
-2 offlineServicing
-3 generalize
-4 specialize
-5 auditSystem
-6 auditUser
-7 oobeSystem
Step #6

These are very important as these are the steps in which the
unattend.xml file is sequenced.

The next part is a little confusing. You are going to add components, from
under the “Windows Image” section on the bottom left hand side to the passes on
your Answer File. To add a component, you can right click on them and select
“add to # pass”. There are many different options you can add, but they have to
be done in a certain order and pass otherwise your sysprep might fail. I am
simply going to use the one I created as the example.


Answer File - Unattend.xml
Here is more information about adding options under the passes:

1 windowsPE
Nothing required in my example.

2 offlineServicing
Nothing required in my example.

3 generalize
x86_Microsoft-Windows-Security-SPP_6.1.7600.16385_neutral

Set 1 for SkipRearm to allow up to 8 rearms

4 specialize
x86_Microsoft-Windows-Deployment_6.1.7600.16385_neutral

1.      Insert RunSynchronous

1.      RunSynchronousCommand[Order=”1”]

Order: 1
path: net user administrator /active:yes
WillReboot: Never
x86_Microsoft-Windows-Security-SPP-UX_6.1.7600.16385_neutral

SkipAutoActivation: true
x86_Microsoft-Windows-Shell-Setup_6.1.7600.16385_neutral

Do not add Computername at this point.
CopyProfile: true
Registered Organization: Microsoft (you must leave this in this section)
Registered Owner: AutoBVT (you must leave this in this section)
ShowWindowsLive: false
TimeZone: GMT Standard Time

                Autologon
                                Enabled true
                                LogonCount 5
                                Username Administrator
                                You can delete other sub-header components if you don’t need them.

5 auditSystem
Nothing required in my example.

6 auditUser
Nothing required in my example.

7 oobeSystem

x86_Microsoft-Windows-International-Core_neutral

InputLocale: 0809:00000809

SystemLocale: en-GB

UILanguage: en-us

UserLocale: en-GB

x86_Microsoft-Windows-Shell-Setup_neutral

RegisteredOrganization: Company Name
RegisteredOwner: Company User

·  AutoLogon

Password: Administrator Password
Enabled: true

LogonCount: 5

Username: Administrator

·  FirstLogonCommands


1.       CommandLine: cscript //b c:\windows\system32\slmgr.vbs /ipk
XXXXX-XXXXX-XXXXX-XXXXX-XXXXX (windows 7 license key)

Order 1

RequiresUserInput: false

CommandLine: cscript //b c:\windows\system32\slmgr.vbs /ato

Order 2

RequiresUserInput: false

SynchronousCommand[Order="1"]


SynchronousCommand[Order="2"]


·  OOBE



HideEULAPage: true

NetworkLocation: Home

ProtectYourPC: 1

 ·  UserAccounts


1.       

1.       

1.       

Password: Administrator Password

2.      Action: AddListItem

Description: Local Administrator

DisplayName: Administrator

Group: Administrators

Name: Administrator

2.      LocalAccount[Name="Administrator"]


AdministratorPassword: Administrator Password

LocalAccounts
If you have questions, look at my image above to see full layout of
components, it should help.

Step #7

Remove the following line from the unattend.xml.

 <ComputerName></ComputerName>

Save your answer file as unattend.xml.

Create a folder on the DS in the images dir called
win7pro.

Create the Image

Install Windows 7 on a PC.
I actually started looking at Microsoft Deplotment Toolkit to do this. Its quite good and helps to create the unattend.xml.

Make any changes.

Add proxy settings Etc…

On the PC you are going to be running sysprep on, you need to create a
folder called scripts in this directory: %WINDIR%\Setup\. Now you are
going to create a CMD file within the %WINDIR%\Setup\Scripts directory. Add
these lines;

del /Q /F c:\windows\system32\sysprep\unattend.xml

del /Q /F c:\windows\panther\unattend.xml

 msiexec /i c:\temp\dagent.msi /qn TCPADDR=ottouk237

This runs at the end of the install, deletes any copies
of the unattend.xml and installs the DAGENT.

Copy the DAGENT.msi from the DS to the c:\temp folder on
the PC.

Now for
sysprep…..

It’s a good idea to take an image at this point without sysprepping the
PC so that you can get back to this point if needed…and it will be.
Once you have everything configured correctly, Copy or move your
unattend.xml file to : C:\windows\system32\sysprep. Now to run sysprep,
navigate to that sysprep folder, hold SHIFT and right click and select “Open
New Command Windows Here”. Next, input the following commands:



sysprep /generalize /oobe /shutdown
/unattend:unattend.xml

The PC will shut down….DO NOT RESTART.

Capture image using Altiris DS 6.9

This presumes
that you already have a WinPe boot option set up.


Capture
using Ghost.
Choose
destination. Don’t select prepare using sysprep as it has already been done.

Add PC to
the database, give it a MAC address etc.

Run the job.

It created a 7ish GB image for me.



Depoly the image , add to the domain and activate.

Firstly we need to add some lines to the unattend.xml.

Add the token %COMPNAME%
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86"
publicKeyToken="31bf3856ad364e35" language="neutral"
versionScope="nonSxS"
xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
     <CopyProfile>true</CopyProfile>

<ShowWindowsLive>false</ShowWindowsLive>

<TimeZone>GMT Standard Time</TimeZone>

            <ComputerName>%COMPNAME%</ComputerName>

<AutoLogon>
               <Password>

Add the Windows 7 MAK Key

<FirstLogonCommands>

<SynchronousCommand wcm:action="add">

<CommandLine> cscript //b c:\windows\system32\slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
</CommandLine>

<Description>FGH key</Description>

<Order>1</Order>

<RequiresUserInput>false</RequiresUserInput>

</SynchronousCommand>

<SynchronousCommand wcm:action="add">

<CommandLine> cscript //b c:\windows\system32\slmgr.vbs
/ato</CommandLine>

<Description>Activate Windows 7</Description>

<Order>2</Order>

<RequiresUserInput>false</RequiresUserInput>

</SynchronousCommand>

</FirstLogonCommands>

Save the unattend.xml file on your DS. I saved mine
in the Images\win7pro folder.


Deploying a Windows 7 HII
There are 8 steps.



Step 1. Deploy Ghost image
Step 2. Copy addcomp.ps1 to target PC.

Step 3. Copy allow.reg to target PC.

Step 4. Copy notallow.reg to target PC.

Step 5. Run script to apply the allow.reg

Step 6. Run the Powershell command addcomp.ps1

Step 7. Run the script to apply the notallow.reg.

Step 8. Reboot.

Step 1

Deploy the ghost image
using  a WinPE boot option.
Using sysprep. Put in the key.
Tick use deploy anywhere


 
Step 2


Copy a powershell file to the target PC.

This is to add the PC to the domain.

The file is addcomp.ps1

$username = "domain\administrator"
$password = ConvertTo-SecureString "(password)" -AsPlainText -Force
$myCred = New-Object System.Management.Automation.PSCredential $username, $password
Add-Computer -DomainName domain.com -Credential $mycred

Pause

 


Step 3

Copy the allow.reg to the target PC.

This allows the powershell script to run as it is blocked
by default.

                Windows Registry Editor Version 5.00

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell          ]

                "Path"="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"

                "ExecutionPolicy"="Unrestricted"

Step 4.

Copy the notallow.reg to the target PC.

This disallows any powershell script from running.


                Windows Registry Editor Version 5.00

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell          ]

                "Path"="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"

                "ExecutionPolicy"="restricted"

Step 5.

Run the allow.reg.

regedit /s .\allow.reg

Step 6.

Run the addcomp.ps1




powershell -command "& { .\addcomp.ps1; exit$lastexitcode }"

set ret=%errorlevel%

del .\addcomp.ps1

del .\allow.reg

set-executionpolicy restricted

exit %ret%



This also deletes the allow.reg and addcomp.ps1 when
finished.

Step 7.

Run the notallow.reg

regedit /s .\notallow.reg

Step 8.

Reboot.


Steven Ricks

















Posted by at No comments:
Subscribe to: Posts (Atom)