Related Tips & Info

Windows 7 Automated Imaging and ZCM Registration

MigrationDeletedUser
0 Likes
Download: scripts_0.zip

Building the base image



Downloads required:



Windows Driver Kit Version 7.1.0 (to get access to DPINST.exe utility)



Windows AIK for Windows 7



Steps


  • Insert the Windows Driver Kit DVD on your machine and install.

  • Browse to install folder, then down to Redist\DIFx\dpinst\MultiLin\x86 and take a copy of DPINST.exe – this will be used later.

  • Insert the Windows AIK DVD on your own machine and install Windows System Image Manager. This will be used to build the unattend.xml file for the Windows 7 image.

  • Insert the Windows 7 DVD on your own machine and take a copy of the DVD onto a folder somewhere on your machine.

  • Launch Windows System Image Manager

    • Click on File, New Answer File

  • In the bottom left window, Right click and select "Select Windows Image" and browse to either the install.wim or install_windows7.clg file (both should be in the same "sources" folder extracted from the Windows 7 Installation DVD above)

  • In the bottom left window locate the sections listed below, right click them and add to the relevant section on the popup



These are the settings for Windows 7 32-bit. For Windows 7 64-bit use the relevant sections starting with amd64_ instead of x86_


x86_Microsoft-Windows-LUA-Settings_neutral2 offline Servicing

x86_Microsoft-Windows-Security-SPP_neutral3 generalize

x86_Microsoft-Windows-Deployment_neutral4 specialize

x86_Microsoft-Windows-Security-SPP_UX_neutral4 specialize

x86_Microsoft-Windows-Shell-Setup_neutral4 specialize

x86_Microsoft-Windows-International-Core_neutral7 oobeSystem

x86_Microsoft-Windows-Shell-Setup_neutral7 oobeSystem



We now need to go through each section and change some settings.



In the Answer file Section, do the following:





Section

Setting Name

Value

Reason


2 offline Servicing
x86_Microsoft-Windows-LUA-Settings_neutral		EnableLUAFalseDisables User Access Control

3 generalize
x86_Microsoft-Windows-Security-SPP_neutral		SkipRearm1Licensing

4 specialize
x86_Microsoft-Windows-Deployment_neutral		RunSynchronousAdd a new command
Order 1
Net user administrator /active:yes		Active the local administrator account

4 specialize
x86_Microsoft-Windows-Security-SPP-UX_neutral		SkipAutoActivationTrue 

4 specialize
x86_Microsoft-Windows-Shell-Setup_neutral		ComputerName*Generates a random Computer name. My script later on picks up BIOS name and sets computer name

CopyProfileTrue 

ProductKeyxxxxx-xxxxx-xxxxx-xxxxx-xxxxxValid Product Key

RegisteredOrganizationLeave as Microsoft 

RegisteredOwnerLeave as AutoBVT 

ShowWindowsLiveFalse 

TimeZoneGMT Standard TimeSet as appropriate for your region


7 oobeSystem

X86_Microsoft-Windows-International-Core_neutral

InputLocale

SystemLocale

UILanguage

UserLocale

en-GB

Set as appropriate for your region


7 oobeSystem

x86_Microsoft-Windows-Shell-Setup_neutral		RegisteredOrganizationxxxxxxxxxxxxxxxxxxxxYour Company Name

RegisteredOwnerxxxxxxxxxxxxxxxxxxxxYour Company Name

TimeZoneGMT Standard TimeSet as appropriate for your region

Subsection AutoLogonEnabledTrue 

LogonCount3Do 3 auto logons before leaving user at login screen (to cater for automated scripts and reboots)

Usernameadministrator 

PasswordPa55wordSet as appropriate - make sure it matches up with other sections in this guide

Subsection FirstLogonCommandsCommandLine

Order 1

RequiresUserInput false		cscript //b C:\windows\system32\slmgr.vbs /ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx 

CommandLine

Order 2

RequiresUserInput false		%SystemRoot%\
system32\
WindowsPowerShell\
v1.0\powershell.exe -Command "&{set-executionpolicy RemoteSigned -Force}"		Enables Powershell Scripts

CommandLine

Order 3

RequiresUserInput false		%SystemRoot%\
system32\
WindowsPowerShell\
v1.0\powershell.exe "c:\setup\Win7Image-Script1.ps1"		 

Subsection OOBEHideEULAPageTrue 

NetworkLocationWork 

ProtectYourPC1 

Subsection UserAccountsAdministratorPasswordPa55word 

LocalAccounts
Add record for user administrator		Description: administrator

DisplayName: administrator

Group: administrators

Name: administrator

Password Pa55word		 




Save the unattend.xml answer file




  • On Target Windows 7 machine

  • Install Windows 7 from DVD, making sure that you zap any and all partitions on the disk at the start

  • Once initial install is complete, and you're prompted to create a username on the welcome screen, press CTRL-SHIFT-F3 to reboot machine into admin audit mode.

    AT THIS POINT, take an image as a "pre-sysprep" image if needed

  • On reboot, you'll be automatically logged in under the built-in administrator account. A SYSPREP GUI box will appear – close this for now. You are now ready to carry out any customizations.

  • Due to issues with a strange access rights issue on Windows 7 64-bit (that worked fine in Windows 7 32-bit), create a folder called C:\SETUP and make sure administrators group has full control

  • Place the unattend.xml file created above into the folder C:\WINDOWS\SYSTEM32\SYSPREP

  • Bring up a command prompt and browse to C:\WINDOWS\SYSTEM32\SYSPREP

  • Run the following command

    • SYSPREP /generalize /oobe /shutdown /unattend:unattend.xml

  • Wait for the machine to shutdown

  • You are now ready to take an image of the Windows 7 SYSPREP'd machine.



Additional addon-images were created following instructions located here as follows:




Win7-Addon-Drivers.zmgContains the driver files for any unknown devices – creates a folder on C: called C:\SETUP\DRIVERS

Contains 32 and 64 bit drivers

Win7-Addon-Scripts.zmgContains the relevant Powershell Scripts and any utilities that are required as part of the imaging process. Files are stored under C:\SETUP

Current Files are:

BiosConfigUtility.exe - HP Utility to read BIOS settings - use to rename computer

Win7Image-Script1.ps1

Win7Image-Script2.ps1

Win7Image-Script3.ps1

dpinst.exe, dpinst64.exe, dpinst.xml - used to do a hardware scan for any unknown devices

Win7-32-Addon-ZCMAgent.zmg (or Win7-64-Addon-ZCMAgent.zmg)Latest ZCM agent copied to C:\SETUP.

The Scripts above call this to register the machine in ZCM. Since agent name is always the same, this can be replaced with the latest agent whenever required.



The important thing to make sure when creating these is to make sure that the partition number on the image matches the partition number inside the Windows 7 ZMG file for the boot disk – as a default this is partition 2 as partition 1 is the 100MB hidden area for Windows 7.



The imaging bundle applies the relevant base image (32 or 64 bit), followed by these addon images.



i.e. ZCM Windows Bundle has the following 4 images listed as part of the image



Windows_7_Base_Image.zmg

Win7-Addon-Drivers.zmg

Win7-Addon-Scripts.zmg

Win7-32-Addon-ZCMAgent.zmg



NOTES:

Win7Image-Script3.ps1 - needs updating for your specific domain information re name of domain, relevant user account, and password to join computer to domain

One final step to take is to delete the C:\SETUP folder to remove any files that may contain passwords etc.



================

Editor's Note: When it comes to Windows 7 Migration projects, ZENworks can be your new best friend. Check it out.

Labels:

How To-Best Practice
Comment List
  • Are the 3 scripts listed in this article still avalaible for download?
  • in reply to MigrationDeletedUser
    The link to download the scripts_0.zip file is fixed now.

    Thanks!
  • in reply to MigrationDeletedUser
    I did not see a reply to your question. In case you have not gotten the answer elsewhere yet I am injecting this late response.

    Installing the agent and successfully registering the workstation in the desired container gives you the ability to deliver applications to the workstation as desired. The agent is the important piece in this puzzle.
  • I downloaded the WDK7.1 iso but I am not finding DPInst.exe in it and I do not see it in my Windows 8 WDK either.

    Also, can you read the image safe data name and use that instead of using the bios name? The rename function is not working for us in Zen10 and I need the ability to give the machine the same name it had when I reimage it. How would the powershell script change to read the imagesafe data or will it read the ziswin info and then use the data?
  • Andy,

    One thing missing adding drivers to the gold image. I got some new Dells and spent ages trying to get info on injecting drivers. Ended up on the ghost forums and they have the same issue. Anyway taken from the ghost and twisted to support your format. I had posted in the forums but figure I would stick it on here as well if people are looking for a complete solution.

    And for those who may need to inject drivers, I would only recommend Mass storage and maybe NICs as you don't want to bloat the gold image, with to many drivers you don't need. This is why you are creating a specific drivers image for machine types.
    Follow AndyStewartSL guide on creating sysprep.
    On his unattend.xml add
    Microsoft-Windows-PnpCustomizationsWinPE line in the windowsPE pass in the answer file. Insert a Path line there too with the path & the credentials matching what you put in for it during the auditSystem pass. (c:\drivers\msd)
    Save the unattend.xml

    Create a new answer file called audit.xml
    Within the 5 audit system pass add
    1. x86_Microsoft-Windows-Deployment_neutral
    a) With a "Reseal" line in there too. Reseal can be set to "ForceShutdownNow" as "False" and "Mode" to "Audit"
    2. x86_Microsoft-Windows-PnpCustomizationsNonWinPE_netural
    a) With a Path line in there too. The path should point at a directory containing your drivers. It will search recursively. So you can have one path that points at a parent directory with sub-directories in it. c:\drivers\msd
    3. x86_Microsoft-Windows-Shell-Setup_neutral
    Autologin - username Administrator
    Save this answer file.
    Copy the drivers you want to c:\drivers\msd - creating as many subfolders as you want. Rather than going to each model type we have, I went to driver packs and got the complete list. You could have it pointing to a network share if you wanted.

    Okay copy both answer files to c:\windows\system32\sysprep in your gold image

    Make sure you have the drivers copied.

    open a dos box cd c:\windows\system32\sysprep
    sysprep /audit /reboot /unattend:audit.xml
    This will reboot the machine into audit mode injecting the drivers. You maybe in audit mode already. This is not an issue.

    open a dos box cd c:\windows\system32\sysprep
    sysprep /generalize /shutdown /oobe /unattend:unattend.xml
    Sysprep runs and shutdowns the machine, take the image, ready to deploy to new hardware.

    Hope this info helps people with the migration to 7 and getting Mass storage drivers injected.

    Just remember you will need to create answer files for 64 and 32 bit versions of windows.

    Environment I am using is Oracle VM VirtualBox as it allows snapshots so you can keep going back to play.
  • The process looks good, but for those of us unfamiliar with PS, some comments in the scripts might be helpful.

    Also, I'm curious, how do you install applications at this point. Does installing the agent after the OS yield any benefits other than being able to update the agent installer more easily?
  • I'll give it a try. Otherwise I'll create a default rule in the active directory, that tells the where to put a new import workstation.

    Thanks.
  • in reply to MigrationDeletedUser
    You can change Win7Image-Script3.ps1 as follows:

    Add-Computer -DomainName blah.com -OUPath "OU=Computers,OU=dept,DC=blah,DC=com" -credential (New-Object System.Management.Automation.PSCredential ("blah\reguser", (ConvertTo-SecureString "password" -AsPlainText -Force)))

    This will add the computer to a specific container.

    The only issue I've found with the Add-Computer command is that it doesn't like it if the computer record already exists (i.e. reimaging a machine)
  • Hi Andy

    In the powershell script, that adds the computer to active directory, can it put the workstation in a specified ou? Or do you have to do that afterwards?

    Thanks
    NIels
  • in reply to MigrationDeletedUser
    Kirk,

    Based on reading the Microsoft Reimaging Rights document, and discussions with our Dell Microsoft licensing expert, I understand organizations do not have the right to reimage using OEM media. An OEM image can only be preloaded on a PC by the OEM during manufacturing. An image can be individually recovered by the organization (or a service provider they choose) by using the Recovery Media. The OEM recovery media should match the product version originally preinstalled on the system; no other image may be used to restore the system to its original state.

    So we purchased a Windows 7 Open license with Software Assurance., which in combination with the Windows 7 OEM license from Dell, allows us to create a customized Windows 7 image and then apply it to all our workstations.

    Robin
Related
Recommended

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.