Jump to content

[Video] Windows 7 AIK/OPK deployment 101 (Updated)


ricktendo

Recommended Posts

  • 1 month later...
  • 2 weeks later...

Thanks for your reply. Now drivers and updates are clear to me. I'm trying to understand from the 2nd video the changes that are made directly on the mounted image(install.wim)

@Ricktendo64

Thanks for the tutorials, very, very helpful. I just load boot.wim (index 2 for Ultimate/Enterprise; index 1 for all others) and integrate my Intel RAID drivers using DISM-works flawlessly

Link to comment
Share on other sites

If I remember correctly, the boot.wim image 1 is the recovery console (safe-mode), & image 2 is the normal setup for all editions. Normally you would inject mass storage drivers (or LAN also) into boot.wim image 2. Attempting to inject drivers into image 1 would corrupt it.

Edited by Mr_Smartepants
Link to comment
Share on other sites

  • 5 months later...
  • 2 weeks later...
  • 2 weeks later...

Hey Tricky,

I didn't get back here for so long because I had a lot of things to figure out in my custom sysprep of which very few went smoothly. Some was software related; ie: PerfectDisk corrupts the bootcfg file and after installing it and rebooting to exit and seal I can't log on anymore because the admin account is locked out. No fix or repair could get me in....had to blow the partition and start again after 4 hours of gpedit and custom configure etc.

This is frustrating enough, but, add to this the fact that for 2 days I struggled to manipulate sysprep to accept all my settings both in GUI and Group Policy without having to resort to manipulating the wim registry after capture-either manually or using a batch to mount and merge custom reg files via reg.exe; without total success; or to have to run copy profile in Autounattend which reboots into audit mode before GUI during install....messy and F****d

Three or four times I initiated the shutdown to seal after all was said and done-group policy set, gui set-ensuring GP matched GUI in every detail, right down to machine and user permissions/settings each and every time, all apps installed and configured/registered, only to have the PC hang immediately before it would have shutoff. Part, or most, of the reason for this is disk I/O due to Windows 7 penchant for populating log files, error report queque's-which I disable in GP, volume cache indexes-which it deletes anyways while sealing etc. so that the admin profile does not unload correctly, and file corruption. You can actually see all this in Resource Monitor.

Finnally, after getting an image sealed and captured, all drivers etc. loaded via DISM I copy to a bootable USB only to have none of my software settings saved; not WinRAR, 7-zip, EmEditor, uTorrent, notepad2 still launches as the default text editor, but, for some reason sysprep deletes the INI file in appdata so that one has to reinstall so settings are saved. The Quick Launch is totally unpopulated and a number of the user GUI settings go to default-totally ignoring alot of my GP entries. Further, it retains the file source drive letter from which one installs whatever so that you end up with, in my case, about 300 useless pointers in the NTUSER.DAT and SOFTWARE hives; I mean....

So, if one goes through all this and then merges some "patch" reg files into the wim for another fresh install to test, most of the customizations are trashed-conflict between this and the hives sysprep has cached during install.

Therefore, the only way I can see to make gp settings stick one and all is to run from a server and merge managed GP xml's from the console, and to apply any reg tweaks at all after capture in the wim, ensuring you save all the software %userprofile% configerations in reg files to merge with the others into a loaded wim using reg.exe. Too bad, because I was hoping after my long sojourne from sysprep that M$ would have tended to some of this. That is why I think sysprep is broken. If you run on a VM and sysprep, all the GP settings at least should stick. Group Policy is the admins' admin.

Anyways, I have figured it all out what works for me and have sysprepped another wim...so I am off for about an hour or so to install real time...I'll let ya' know :)

Link to comment
Share on other sites

If you want your registry settings and ini files to carry over you have to set CopyProfile to true in your autounattend.xml

    <settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<CopyProfile>true</CopyProfile>
</component>
</settings>

Dont go too crazy with your software preinstall, I stick to the basics: directx, dotnet4, office2k10, silverlight, vcruntimes, waik+sup+docs, mssceces, playready, wlm, msxml4, orca, wudt, acroreadr, jre, flash, shockwave, 7zip, skype, nvidia physx, and thats pretty much what I install along with a few shell extension tools and regtweaks

I only had a problem with one program and that was Win7codecs (BTW thanks for reporting your experience with PerfectDisk, I was just thinking of including it)

Link to comment
Share on other sites

If you want your registry settings and ini files to carry over you have to set CopyProfile to true in your autounattend.xml

    <settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<CopyProfile>true</CopyProfile>
</component>
</settings>

Dont go too crazy with your software preinstall, I stick to the basics: directx, dotnet4, office2k10, silverlight, vcruntimes, waik+sup+docs, mssceces, playready, wlm, msxml4, orca, wudt, acroreadr, jre, flash, shockwave, 7zip, skype, nvidia physx, and thats pretty much what I install along with a few shell extension tools and regtweaks

I only had a problem with one program and that was Win7codecs (BTW thanks for reporting your experience with PerfectDisk, I was just thinking of including it)

That's the point; I do have just "CopyProfile" in an unattend.xml located in the root of the Sysprep folder in system32. When one executes the OOBE audit and shuts down most of the settings are fransfered to Default profile, but, even when group policy is thoroughly and comp-letely customized all does not work out. It is severely flawed in that all the default folders do not get written over, but, added to so that I'm confronted with a real mess, especially in the taskbar/startmenu-a known issue. One has to lock down the GUI in group policy so tight just to get any results in this area that by the time one fresh installs and "undoes" some of the lockdown so there is a reasonably functioning GUI you might as well customise by merging reg files into the wim. One of the most prevalent issues is a great number of Quick Launch links are not carried over even though they are present in correct location in the sysprepped image. On fresh install none of them show up. I found the only way to ensure some consistant success is to open the finished image in DISM and manually go about deleting/creating custom links. M$ knows and basically your on your own to find alternate solutions to retaining desktop, startmenu/taskbar customizations in Default:

here:

http://support.microsoft.com/kb/973289

and here:

http://blogs.technet.com/b/askcore/archive/2010/07/28/customizing-default-users-profile-using-copyprofile.aspx

Still, I love your video and am off to try another sysprep with a few changes.

Link to comment
Share on other sites

If you want your registry settings and ini files to carry over you have to set CopyProfile to true in your autounattend.xml

    <settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<CopyProfile>true</CopyProfile>
</component>
</settings>

Dont go too crazy with your software preinstall, I stick to the basics: directx, dotnet4, office2k10, silverlight, vcruntimes, waik+sup+docs, mssceces, playready, wlm, msxml4, orca, wudt, acroreadr, jre, flash, shockwave, 7zip, skype, nvidia physx, and thats pretty much what I install along with a few shell extension tools and regtweaks

I only had a problem with one program and that was Win7codecs (BTW thanks for reporting your experience with PerfectDisk, I was just thinking of including it)

Add jv16 PowerTools and MaxRegistryCleaner to the list> (found this out the hard way also)

Link to comment
Share on other sites

You can customize the right region of the start menu but I dont think you can with the left or with the taskbar (pinned stuff), for pining stuff to them I again use my autounattend.xml


<StartPanelLinks>
<Link0>%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk</Link0>
<Link1>%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk</Link1>
<Link2>%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk</Link2>
<Link3>%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk</Link3>
<Link4>%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Microsoft Windows AIK\Deployment Tools Command Prompt.lnk</Link4>
</StartPanelLinks>
<TaskbarLinks>
<Link0>%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Media Center.lnk</Link0>
<Link1>%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC\Virtual Machines.lnk</Link1>
<Link2>%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk</Link2>
</TaskbarLinks>

Have you tried taking a unattended.xml and applying it to your mouted wim?

Link to comment
Share on other sites

You can customize the right region of the start menu but I dont think you can with the left or with the taskbar (pinned stuff), for pining stuff to them I again use my autounattend.xml...Have you tried taking a unattended.xml and applying it to your mouted wim?

I won't use the links option because it is restricted to a predefined set of icons which I don't care about and won't fix what is the underlying problem-overwriting the Default profile. Anyways, a word of advice:) stay completely away from anything to do with Content Advisor-11/2 days grief learning that lesson.

UPDATE March 6: I got copytoprofile to consistantly work well 3 different times on three different wim configurations.

Programs that installed without difficulty:

all Windows Explorer context menu additions

Notepad2

CopyPath

CabMaker3

pdfind (to replace M$ search-which is disabled)

Reg2Inf

hashchk

SoLor's .NET 4 plus all current hotfixes AIO

all Microsoft Visual C++, Microsoft Visual Studio, Microsoft SQL Server, Sync Framework redistributables/runtimes

Microsoft PlayReadyPC (x86 and x64)

Java (x86 and x64)

DirectX

AdobeSVGViewer

Adobe Flashplayer (32 and 64-bit)

Adobe Reader1001

Terabyte Image for Windows (Console)

Terabyte TBIView

7-zip

WinRAR

InstaEdit

EmEditor Pro

DriverCleaner

Paint.NET

Windows 7 WAIK plus:

Windows 7 AIK SP1_Supplement

Updated Help Files

USMT 4.0 files 64-BIT

USMT 4.0 files 32-BIT

shark007 codec packages:

Win7codecs_v278

x64Components_v282

...for the majority of the above copyprofile has to be set in order for the sendto and program options settings to carry over into realtime install.

In order to prevent any Quick Launch concerns I found the trick is to not pin anything to the Taskbar that is not there by default; install any apps and then pin all after realtime install.

Below will disable UAC properly (the way it's done in GP) and Hybernate:

; DISABLE UAC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000000
"EnableInstallerDetection"=dword:00000000
"EnableLUA"=dword:00000000
"EnableSecureUIAPaths"=dword:00000000
"PromptOnSecureDesktop"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000000
"EnableLUA"=dword:00000000
"PromptOnSecureDesktop"=dword:00000001

; DISABLE HIBERNATION
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power]
"HibernateEnabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Power]
"HibernateEnabled"=dword:00000000

Edited by RickSteele
Link to comment
Share on other sites

  • 2 weeks later...

Many thanks ricktendo64 for the Video!:thumbsup_anim:

I've integrated Windows 7 SP1 successfuly inside my Windows 7 DVD, like you have explained inside your video using "sysprep".

I've created first a second partion on my HDD and followed your explainations!

All works fine!

I've deleted the "backup files" inside the new install.wim captured after mounting this one inside a temp folder (C:\work), with:

Dism /Image:"C:\work" /Cleanup-Image /spsuperseded /hidesp

Of course, the new install.wim size is a little bigger after Unmount /Commit , but the backup files have been successfuly deleted!

Windows 7 DVD x86 only with one image Ultimate keeped only and with

install.wim with SP1 captured => 2.58 Go

After using Dism to delete backup files => 2.59Go

http://blogs.technet.com/b/joscon/archive/2011/02/15/how-to-reclaim-space-after-applying-service-pack-1.aspx

The installation do not need the KB947821 (System Update Readiness Tool) with Windows Update!

Cheers and thanks again!

*Edit: post updated

Edited by myselfidem
Link to comment
Share on other sites

When I integrated SP1 I tried cleaning the sp files the /online method but it did not work, dism said that it could not work in safe mode or something

What you can do is rebuild your wim, this will shrink it a bit

imagex /export /compress maximum "<path_to_wim>\install.wim" * "<path_to_different_place>\install.wim"

You can specify a single image you want to export, but if you use "*" it will export all images

I do the same with boot.wim (saves 3 megs)

Link to comment
Share on other sites

When I integrated SP1 I tried cleaning the sp files the /online method but it did not work, dism said that it could not work in safe mode or something

What you can do is rebuild your wim, this will shrink it a bit

imagex /export /compress maximum "<path_to_wim>\install.wim" * "<path_to_different_place>\install.wim"

You can specify a single image you want to export, but if you use "*" it will export all images

I do the same with boot.wim (saves 3 megs)

Thanks for the tip! ;)

I remenber trying to delete the backup files with DISM, and you've right didn't work in SAFE MODE!

But works after with DISM with the new captured install.wim mounting inside a temp folder (C:\work), you can use the command

for the mounted image offline:

Dism /Image:"C:\work" /Cleanup-Image /spsuperseded /hidesp

The backup files will be deleted successfuly!

Tested your command and works fine!

Thanks again mate!

post-23163-0-80627900-1300031775_thumb.j

Edited by myselfidem
Link to comment
Share on other sites

Updated...added final version of new tuto 1st video, I talk aobut preinstalling apps and capturing the image (also check out all the other tutorials under the video)

Gonna redo the rest in the next few weeks

Great job as always, Rick... Looking forward to the new videos.

Link to comment
Share on other sites

...I only had a problem with one program and that was Win7codecs.....

@ Ricktendo64

Go here:

http://shark007.net/

and download/install his codec solutions. I've just completed a sysprep with both his (x86 and x64) solutions preinstalled without issue. They are really good...can play anything in either WMP or Windows Media Center-which I disable.

Link to comment
Share on other sites

Thats the one I used...I think the problem is that after installed the codec pack(s) (x86/x64) I opened the settings app and messed with it (I notice it disables/renames mfds.dll, this may be the reason I got the error)

Strange, I used the front GUI for both and set the preferences to associate all with WMP 12-x86 and x64-plus clicked "shark recommended settings". All went well. Perhaps it's because I don't load Windows Media Center-find no need for it anymore.

Link to comment
Share on other sites

I feel like I'm missing something critical.

I can't get my setupcomplete.cmd to execute.

I have it in my %cdrom%\sources\$oem$\$\Setup\scripts\setupcomplete.cmd

It's in the same folder as my OOBE.cmd (auto-activating OEM script).

OOBE.cmd executes just fine, but setupcomplete.cmd does not.

What the hell am I doing wrong?

setupcomplete.cmd

@echo off
for %%i in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do if exist %%i:\sources\install.wim set CDROM=%%i:
echo Found CD-Rom as drive %CDROM%
::Begin hotfix install
:Root Certificates
echo Installing Root Certificates
start /wait %CDROM%\updates\rootsupd.exe /Q
:Malicious software removal tool
echo Installing Malicious Software Removal Tool
start /wait %CDROM%\updates\windows-kb890830-v3.17.exe /Q
:DirectX
echo Updating DirectX
start /wait %CDROM%\updates\dxsetup-jun2010-x86.exe /Q
:NET Framework 4
::start /wait Client\netfx_core_x64.msi EXTUI=1
::start /wait Extended\netfx_extended_x64.msi EXTUI=1
start /wait %CDROM%\updates\dotNetFx40_Full_x86_x64.exe /passive /norestart
start /wait %CDROM%\updates\NDP40-KB2416472-x86.exe /passive /norestart
start /wait %windir%\Microsoft.NET\Framework\v4.0.30319\ngen executequeueditems
start /wait %windir%\Microsoft.NET\Framework64\v4.0.30319\ngen executequeueditems

:options
::Requires .NET 4
echo Installing Super Calendar
start /wait %CDROM%\updates\WinCal-Win7-x86-en-us.exe /S /v/qb
echo Installing Pinball
start /wait %CDROM%\updates\WinPinball-en-us.exe /S /v/qb
::start /wait %CDROM%\updates\ /silent

:WPIW
::Begin WPIW
echo Starting Windows Post-Install Wizard
pause
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /V "Disable Script Debugger" /T "REG_SZ" /D "no" /F
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /V "DisableScriptDebuggerIE" /T "REG_SZ" /D "no" /F
Start %CDROM%\WPI\wpi.hta

del %0

Double clicking the setupcomplete.cmd works just fine once at the desktop, so the contents of the .cmd work fine, I just can't get it to execute on it's own.

Actually, if I could just get WPI to execute properly at first login with admin privileges I'd just move all the installers to WPI.

Another thing that bothers me is the DXsetup isn't silent. It halts the install to ask the user questions. Very annoying.

Edited by Mr_Smartepants
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...