Windows 7 Automated Imaging and ZCM Registration

Windows 7 Automated Imaging and ZCM Registration

Download: scripts_0.zip

Building the base image



Downloads required:



Windows Driver Kit Version 7.1.0 (to get access to DPINST.exe utility)



Windows AIK for Windows 7



Steps


  • Insert the Windows Driver Kit DVD on your machine and install.

  • Browse to install folder, then down to Redist\DIFx\dpinst\MultiLin\x86 and take a copy of DPINST.exe – this will be used later.

  • Insert the Windows AIK DVD on your own machine and install Windows System Image Manager. This will be used to build the unattend.xml file for the Windows 7 image.

  • Insert the Windows 7 DVD on your own machine and take a copy of the DVD onto a folder somewhere on your machine.

  • Launch Windows System Image Manager

    • Click on File, New Answer File

    • In the bottom left window, Right click and select "Select Windows Image" and browse to either the install.wim or install_windows7.clg file (both should be in the same "sources" folder extracted from the Windows 7 Installation DVD above)

    • In the bottom left window locate the sections listed below, right click them and add to the relevant section on the popup



These are the settings for Windows 7 32-bit. For Windows 7 64-bit use the relevant sections starting with amd64_ instead of x86_









x86_Microsoft-Windows-LUA-Settings_neutral2 offline Servicing
x86_Microsoft-Windows-Security-SPP_neutral3 generalize
x86_Microsoft-Windows-Deployment_neutral4 specialize
x86_Microsoft-Windows-Security-SPP_UX_neutral4 specialize
x86_Microsoft-Windows-Shell-Setup_neutral4 specialize
x86_Microsoft-Windows-International-Core_neutral7 oobeSystem
x86_Microsoft-Windows-Shell-Setup_neutral7 oobeSystem


We now need to go through each section and change some settings.



In the Answer file Section, do the following:










































SectionSetting NameValueReason
2 offline Servicing
x86_Microsoft-Windows-LUA-Settings_neutral
EnableLUAFalseDisables User Access Control
3 generalize
x86_Microsoft-Windows-Security-SPP_neutral
SkipRearm1Licensing
4 specialize
x86_Microsoft-Windows-Deployment_neutral
RunSynchronousAdd a new command
Order 1
Net user administrator /active:yes
Active the local administrator account
4 specialize
x86_Microsoft-Windows-Security-SPP-UX_neutral
SkipAutoActivationTrue 
4 specialize
x86_Microsoft-Windows-Shell-Setup_neutral
ComputerName*Generates a random Computer name. My script later on picks up BIOS name and sets computer name
CopyProfileTrue 
ProductKeyxxxxx-xxxxx-xxxxx-xxxxx-xxxxxValid Product Key
RegisteredOrganizationLeave as Microsoft 
RegisteredOwnerLeave as AutoBVT 
ShowWindowsLiveFalse 
TimeZoneGMT Standard TimeSet as appropriate for your region
7 oobeSystem

X86_Microsoft-Windows-International-Core_neutral
InputLocale

SystemLocale

UILanguage

UserLocale
en-GBSet as appropriate for your region
7 oobeSystem

x86_Microsoft-Windows-Shell-Setup_neutral
RegisteredOrganizationxxxxxxxxxxxxxxxxxxxxYour Company Name
RegisteredOwnerxxxxxxxxxxxxxxxxxxxxYour Company Name
TimeZoneGMT Standard TimeSet as appropriate for your region
Subsection AutoLogonEnabledTrue 
LogonCount3Do 3 auto logons before leaving user at login screen (to cater for automated scripts and reboots)
Usernameadministrator 
PasswordPa55wordSet as appropriate - make sure it matches up with other sections in this guide
Subsection FirstLogonCommandsCommandLine

Order 1

RequiresUserInput false
cscript //b C:\windows\system32\slmgr.vbs /ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx 
CommandLine

Order 2

RequiresUserInput false
%SystemRoot%\
system32\
WindowsPowerShell\
v1.0\powershell.exe -Command "&{set-executionpolicy RemoteSigned -Force}"
Enables Powershell Scripts
CommandLine

Order 3

RequiresUserInput false
%SystemRoot%\
system32\
WindowsPowerShell\
v1.0\powershell.exe "c:\setup\Win7Image-Script1.ps1"
 
Subsection OOBEHideEULAPageTrue 
NetworkLocationWork 
ProtectYourPC1 
Subsection UserAccountsAdministratorPasswordPa55word 
LocalAccounts
Add record for user administrator
Description: administrator

DisplayName: administrator

Group: administrators

Name: administrator

Password Pa55word
 



Save the unattend.xml answer file




  • On Target Windows 7 machine

  • Install Windows 7 from DVD, making sure that you zap any and all partitions on the disk at the start

  • Once initial install is complete, and you're prompted to create a username on the welcome screen, press CTRL-SHIFT-F3 to reboot machine into admin audit mode.

    AT THIS POINT, take an image as a "pre-sysprep" image if needed

  • On reboot, you'll be automatically logged in under the built-in administrator account. A SYSPREP GUI box will appear – close this for now. You are now ready to carry out any customizations.

  • Due to issues with a strange access rights issue on Windows 7 64-bit (that worked fine in Windows 7 32-bit), create a folder called C:\SETUP and make sure administrators group has full control

  • Place the unattend.xml file created above into the folder C:\WINDOWS\SYSTEM32\SYSPREP

  • Bring up a command prompt and browse to C:\WINDOWS\SYSTEM32\SYSPREP

  • Run the following command

    • SYSPREP /generalize /oobe /shutdown /unattend:unattend.xml

  • Wait for the machine to shutdown

  • You are now ready to take an image of the Windows 7 SYSPREP'd machine.



Additional addon-images were created following instructions located here as follows:







Win7-Addon-Drivers.zmgContains the driver files for any unknown devices – creates a folder on C: called C:\SETUP\DRIVERS

Contains 32 and 64 bit drivers
Win7-Addon-Scripts.zmgContains the relevant Powershell Scripts and any utilities that are required as part of the imaging process. Files are stored under C:\SETUP

Current Files are:

BiosConfigUtility.exe - HP Utility to read BIOS settings - use to rename computer

Win7Image-Script1.ps1

Win7Image-Script2.ps1

Win7Image-Script3.ps1

dpinst.exe, dpinst64.exe, dpinst.xml - used to do a hardware scan for any unknown devices
Win7-32-Addon-ZCMAgent.zmg (or Win7-64-Addon-ZCMAgent.zmg)Latest ZCM agent copied to C:\SETUP.

The Scripts above call this to register the machine in ZCM. Since agent name is always the same, this can be replaced with the latest agent whenever required.


The important thing to make sure when creating these is to make sure that the partition number on the image matches the partition number inside the Windows 7 ZMG file for the boot disk – as a default this is partition 2 as partition 1 is the 100MB hidden area for Windows 7.



The imaging bundle applies the relevant base image (32 or 64 bit), followed by these addon images.



i.e. ZCM Windows Bundle has the following 4 images listed as part of the image



Windows_7_Base_Image.zmg

Win7-Addon-Drivers.zmg

Win7-Addon-Scripts.zmg

Win7-32-Addon-ZCMAgent.zmg



NOTES:

Win7Image-Script3.ps1 - needs updating for your specific domain information re name of domain, relevant user account, and password to join computer to domain

One final step to take is to delete the C:\SETUP folder to remove any files that may contain passwords etc.



================

Editor's Note: When it comes to Windows 7 Migration projects, ZENworks can be your new best friend. Check it out.
Attachments

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Comments
Thank you, Andy, for taking the time to share your work 🙂 I have 2 questions...

1. Are you using a Microsoft volume license for Windows 7 Professional?
2. When restoring an image created by the above process, do you disable the Zenworks SIDchanger using a ziswin 'restore mask'?

Regards

Robin
Hi Robin,

1. Yes we're using Volume Licence through our MS Enterprise Agreement
2. No - haven't found any need to disable the SIDChanger. Existing machines being reimaged are fine inside ZCM and AD, and new machines getting image for 1st time also work fine.

Andy
Hi Andy

How can I adapt this to use Windows OEM license instead of a VLK??

thanks
Kirk
Hi Andy

How can I adapt this to use OEM key instead of VLK?

thanks
Kirk
I "think" its just a case of NOT entering the OEM key in the SYSPREP file, and when windows boots up, you should be prompted to enter it then.
Kirk,

Based on reading the Microsoft Reimaging Rights document, and discussions with our Dell Microsoft licensing expert, I understand organizations do not have the right to reimage using OEM media. An OEM image can only be preloaded on a PC by the OEM during manufacturing. An image can be individually recovered by the organization (or a service provider they choose) by using the Recovery Media. The OEM recovery media should match the product version originally preinstalled on the system; no other image may be used to restore the system to its original state.

So we purchased a Windows 7 Open license with Software Assurance., which in combination with the Windows 7 OEM license from Dell, allows us to create a customized Windows 7 image and then apply it to all our workstations.

Robin
Hi Andy

In the powershell script, that adds the computer to active directory, can it put the workstation in a specified ou? Or do you have to do that afterwards?

Thanks
NIels
You can change Win7Image-Script3.ps1 as follows:

Add-Computer -DomainName blah.com -OUPath "OU=Computers,OU=dept,DC=blah,DC=com" -credential (New-Object System.Management.Automation.PSCredential ("blah\reguser", (ConvertTo-SecureString "password" -AsPlainText -Force)))

This will add the computer to a specific container.

The only issue I've found with the Add-Computer command is that it doesn't like it if the computer record already exists (i.e. reimaging a machine)
I'll give it a try. Otherwise I'll create a default rule in the active directory, that tells the where to put a new import workstation.

Thanks.
The process looks good, but for those of us unfamiliar with PS, some comments in the scripts might be helpful.

Also, I'm curious, how do you install applications at this point. Does installing the agent after the OS yield any benefits other than being able to update the agent installer more easily?
Andy,

One thing missing adding drivers to the gold image. I got some new Dells and spent ages trying to get info on injecting drivers. Ended up on the ghost forums and they have the same issue. Anyway taken from the ghost and twisted to support your format. I had posted in the forums but figure I would stick it on here as well if people are looking for a complete solution.

And for those who may need to inject drivers, I would only recommend Mass storage and maybe NICs as you don't want to bloat the gold image, with to many drivers you don't need. This is why you are creating a specific drivers image for machine types.
Follow AndyStewartSL guide on creating sysprep.
On his unattend.xml add
Microsoft-Windows-PnpCustomizationsWinPE line in the windowsPE pass in the answer file. Insert a Path line there too with the path & the credentials matching what you put in for it during the auditSystem pass. (c:\drivers\msd)
Save the unattend.xml

Create a new answer file called audit.xml
Within the 5 audit system pass add
1. x86_Microsoft-Windows-Deployment_neutral
a) With a "Reseal" line in there too. Reseal can be set to "ForceShutdownNow" as "False" and "Mode" to "Audit"
2. x86_Microsoft-Windows-PnpCustomizationsNonWinPE_netural
a) With a Path line in there too. The path should point at a directory containing your drivers. It will search recursively. So you can have one path that points at a parent directory with sub-directories in it. c:\drivers\msd
3. x86_Microsoft-Windows-Shell-Setup_neutral
Autologin - username Administrator
Save this answer file.
Copy the drivers you want to c:\drivers\msd - creating as many subfolders as you want. Rather than going to each model type we have, I went to driver packs and got the complete list. You could have it pointing to a network share if you wanted.

Okay copy both answer files to c:\windows\system32\sysprep in your gold image

Make sure you have the drivers copied.

open a dos box cd c:\windows\system32\sysprep
sysprep /audit /reboot /unattend:audit.xml
This will reboot the machine into audit mode injecting the drivers. You maybe in audit mode already. This is not an issue.

open a dos box cd c:\windows\system32\sysprep
sysprep /generalize /shutdown /oobe /unattend:unattend.xml
Sysprep runs and shutdowns the machine, take the image, ready to deploy to new hardware.

Hope this info helps people with the migration to 7 and getting Mass storage drivers injected.

Just remember you will need to create answer files for 64 and 32 bit versions of windows.

Environment I am using is Oracle VM VirtualBox as it allows snapshots so you can keep going back to play.
I downloaded the WDK7.1 iso but I am not finding DPInst.exe in it and I do not see it in my Windows 8 WDK either.

Also, can you read the image safe data name and use that instead of using the bios name? The rename function is not working for us in Zen10 and I need the ability to give the machine the same name it had when I reimage it. How would the powershell script change to read the imagesafe data or will it read the ziswin info and then use the data?
I did not see a reply to your question. In case you have not gotten the answer elsewhere yet I am injecting this late response.

Installing the agent and successfully registering the workstation in the desired container gives you the ability to deliver applications to the workstation as desired. The agent is the important piece in this puzzle.
Are the 3 scripts listed in this article still avalaible for download?
The link to download the scripts_0.zip file is fixed now.

Thanks!
Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2010-12-13 16:22
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.