Updating / Maintaining our Windows image

I just realised that I’ve never written about “regular maintenance” on our Windows 7/8.1 images. That said, I’ll try to write a short recap about the process. This procedure can be done in many different ways, but I’ll present my way of doing it. I’ll also write about an alternative (easier) method using sysprep and capture via MDT. Steps:

  • Started VMware and powered up a virtual machine with the old out-dated image. You should always use a virtual machine when making a golden image so you won’t end up with unnecessary drivers etc. in the image. Drivers will instead be added via MDT during deployment.
  • Ran Windows update. Updated everything.
  • Updated other software such as Firefox, Chrome, Skype and so on. My image-type is “fat”, so most of the programs are already in the image and won’t be added during deployment. This is a matter of taste though.
  • Didn’t change any local policies as they were up2date. This would be the time to change them if needed (using gpedit.msc)
  • Didn’t join the domain because none of the settings/changes needed domain membership. (The computer should NOT be domain joined when sysprepping either).
  • Took a snapshot in VMware before sysprepping. This step is important as you can repeat the steps above whenever you feel like making a new updated image. (You can only sysprep an already sysprepped image three times so snapshotting is your friend).
  • Ran sysprep from an administrative command prompt (Fig 1). If you’re interested in all the sysprep command line options, have a look at: http://technet.microsoft.com/en-us/library/cc721973%28v=ws.10%29.aspx. My command: sysprep.exe /generalize /oobe /shutdown /unattend:myfile.xml. There’s some stuff in myfile.xml that is specific to our University, but I won’t go into those details here. We sometime deploy computers manually (without MDT), so an unattend-file is needed. If you are interested in making your own unattend-file, look at http://technet.microsoft.com/en-us/library/cc748874%28v=ws.10%29.aspx or http://emeneye.wordpress.com/2012/02/23/building-an-unattended-answer-file-for-windows-7-2/ for examples.


          Fig 1. Sysprep

  • After this step the virtual machine is in a shutdown state. I will power on the virtual machine again, but this time choose to boot from the network (Fig 2; Windows Boot Manager has been loaded from the WDS server). The vm is connected to the same physical network as the WDS/MDT server.


          Fig 2. Windows Boot Manager.


          Fig 3. Mounting the Deployment share from WinPE.

  • After the Deployment share is mounted, the next step is to capture the current image onto the share. The following command was used: imagex.exe /compress maximum /capture d:\ z:\win7image.wim “Image 29.8.2014” (Fig 4). The drive letters often gets mixed up in WinPE, so be sure to check that you are capturing the correct drive. In my case “the usual c:\” was mapped as d:\ , and therefore I’,m using the /capture d:\ -command above.


          Fig 4. Capturing the image. It’ll take  a while…

  • After a while you’ll have a captured image that you can add to your MDT-server (or just deploy manually with a WinPE Boot CD for example).
  • That’s it. Just add/import the newly created image to MDT (Fig 5, Fig 6) and remember to update the Task Sequence to use the newly created image (Fig 7).


          Fig 5. Adding the image to MDT.


          Fig 6. Importing… it’ll take a while.


          Fig 7. Updating the Task Sequence to use the new image

  • You can now revert your snapshot in VMware and do the above steps over and over again 🙂 (I reverted before I wrote the following chapter about the alternative method for example).
  • Deploy!


Alternative method:

With this method you’ll capture an image from an updated, “ready to be imaged” virtual machine with the following steps:

  • Start MDT and create a new Task Sequence. Select “Sysprep and Capture”. Fill in the fields with the needed information. Most of this information is already pre-stored in the image/vm that will be sysprepped and captured, but you’ll have to at least fill in Name and Organization. The product key will be taken from KMS, so no need to specify that in my case. The admin password can be specified or non-specified according to taste. However, when you deploy the image it  will still have a disabled administrator account. (A script renames and disables the admin account during deployment in my case).
  • Verify/Edit the MDT rules. SkipCapture should be set to NO (Fig 8). I also set SkipDeploymentType=NO so that the wizard will ask me to capture an image (and also ask what to do with it). This setting was changed after the screenshot though.


           Fig 8. SkipCapture=NO

  • Move away from MDT and head back to your client.
  • Instead of manually entering the sysprep.exe –command, mount the MDT network share (\\WDSSERVER\DeploymentShare$) from your running non-domain joined virtual machine. After mounting the MDT share, navigate to the Scripts -directory and run “LiteTouch.vbs” (Fig 9).


           Fig 9. Mounting Scripts folder and running LiteTouch.vbs

  • Choose the Sysprep and Capture Task Sequence that you created earlier (Fig 10).


           Fig 10. Sysprep and Capture Task Sequence

  • Specify that you want to Capture an image of this reference computer (Fig 11). The default “Captures”-location is fine. Click next.


           Fig 11. Capture an image of this reference computer

  • Sysprep starts and does its magic (Fig 12). After this the computer automatically restarts into WinPE and captures the image (Fig 13).


           Fig 12. Sysprepping


           Fig 13. Capturing the image (wim).


That’s it! Image is now captured and you are ready to deploy it.

You’ve now witnessed image making/capturing in two different ways. Even though Deployment is something I often work with, I can’t remember everything. I refreshed my memory with a little bit of help from http://www.vkernel.ro/blog/sysprep-and-capture-a-windows-image-with-mdt-2012.

As usual, if you are interested in the whole deployment process, read my earlier (popular) post Deploying Windows 7/8 with Microsoft Deployment Toolkit (MDT) 2012 Update 1 and Windows Deployment Services (WDS).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s