Tuesday, 30 August 2011

Sysprep

Desktop deployment is typically performed via disk cloning applications. Sysprep can be used to prepare an operating system for disk cloning and restoration via a disk image.
Windows operating system installations include many unique elements per installation that need to be "generalized" before capturing and deploying a disk image to multiple computers. Some of these elements include:
  • Computer name
  • Security Identifier (SID)
  • Driver Cache
Sysprep seeks to solve these issues by allowing for the generation of new computer names, unique SIDs, and custom driver cache databases during the Sysprep process.
Administrators can use tools such as SetupMgr.exe (Windows XP) or the Windows Automated Installation Kit (Windows Vista/7/Server 2008) to generate answer files that Sysprep will process on new computer deployments.

Windows grants or denies access and privileges to resources based on access control lists (ACLs), which use SIDs to uniquely identify users and their group memberships. When a user logs into a computer, an access token is generated that contains user and group SIDs and user privilege level. When a user requests access to a resource, the access token is checked against the ACL to permit or deny particular action on a particular object.
SIDs are useful for troubleshooting issues with security audits, Windows server and domain migrations.
The format of an SID can be illustrated using the following example: "S-1-5-21-3623811015-3361044348-30300820-1013";
S 1 5 21-3623811015-3361044348-30300820 1013
The string is a SID. The revision level (the version of the SID specification). The identifier authority value. domain or local computer identifier a Relative ID (RID). Any group or user that is not created by default will have a Relative ID of 1000 or greater.
Possible identifier authority values are:
  • 0 - Null Authority
  • 1 - World Authority
  • 2 - Local Authority
  • 3 - Creator Authority
  • 4 - Non-unique Authority
  • 5 - NT Authority
  • 9 - Resource Manager Authority 

 

Sysprep deployment


  1. On a reference computer, install the operating system and any programs that you want installed on your destination computers.
  2. Click Start, click Run, type cmd, and then click OK.
  3. At the command prompt, change to the root folder of drive C, and then type md Sysprep.
  4. Insert the Windows XP operating system CD into the appropriate CD-ROM or DVD-ROM drive, and then open the Deploy.cab file in the \Support\Tools folder.
  5. Copy the Sysprep.exe file and the Setupcl.exe file to the Sysprep folder.
  6. Remove the Windows XP operating system CD.
  7. At the command prompt, type cd Sysprep to change to the Sysprep folder.
  8. To run the Sysprep tool, type the following command at the command prompt:
    Sysprep /optional parameter
    Note For a list of parameters, see the "Sysprep parameters" section.

    If you run the Sysprep.exe file from the %systemdrive%\Sysprep folder, the Sysprep.exe file removes the whole folder and the contents of the folder after it finishes.
  9. Microsoft recommends that after you run the Sysprep.exe file on a reference computer, isolate the reference computer from the local network where the image will be subsequently deployed to avoid any NetBIOS conflicts. This permits the Sysprep tool to complete the Setup program, join the domain that is specified, and use the new computer name that is specified in the Sysprep.inf answer file.


No comments: