[This is Part 5 of 7]
Check out other parts:
Boot Reference Machine in Audit Mode
So now the Windows will enable the disabled built in administrator account and log you on. Audit mode is a special mode where the windows will enable the default built in administrator account and log on to its profile with some limited functionality.
Now that you are in Audit Mode, make sure you are still connected to the Internet without Proxy connection, and make sure the Windows is not activated and do not ever try to open any Metro Apps.
Tip: In Audit Mode, you can perform something called Profile Customization, in which you customize the profile that you are currently logged on in Audit mode (which is the default Built in administrator). This is exactly what we will do here.
So now that you are in Audit Mode, I start by doing the following Customization:
- Change the desktop background.
- Opening IE and click (use recommended settings) for the prompt that appears when you open IE for the first time.
- Go to IE > IE Internet Options > Security > Local Intranet, I added *.contoso.com.
- I add Google as the default search provider in IE.
- I set www.contoso.com as the default home page in IE.
- I go to Control Panel > Default Programs > Set your default programs, and I change the defaults for (Adobe as the default application for pdf files, Windows Media Player as the default application for all media files, Windows Photo Viewer as the default application for photos)
- I opened MMC > Certificates> Local Computer> Trusted Root Certificate, and I added my internal root CA public key certificate as a trusted root authority.
- I go to C:\Users and I delete the profile of the user that get created when I first installed Windows 8.1 on the Reference Machine. Then I go to Computer Management and I delete that user. This way, you will have only the default administrator and guest accounts.
- Place some corporate internal portals in the IE favorites or tabs.
- I delete the Event Viewer log files, by going to event viewer mmc, and right click Application, Security, and System categories and clear them. This way, the reference image will not have old events.
- Open IE, and clear history, passwords and cookies. Close IE and do not open it again.
- Go to Control panel> Credential Manager, and make sure no stored credentials are available there.
- Place handy shortcuts on the desktop if you like.
Tip: When you are in Audit Mode, any move you make will affect the customized profile that you are in. For example, when you are in audit mode, and you open c:\windows\web\ from windows explorer, then this path will get cached. When you deploy the image, users who start browsing the file system, will get suggestions to open c:\windows\web. So try not to browse any registry paths or file system paths while in audit mode to prevent windows to cache those paths and make them appear as a suggestion for all users. I usually use CMD and copy command to browse and copy files while in audit mode.
Note: I made a mistake once that while being in audit mode, I opened the registry editor, and I browsed to strange path and I closed the registry editor. After deploying the image to users, whenever someone tries to open the registry editor, he will find himself inside that strange path. So consider the previous tip seriously.
Now the final thing is to customize the start screen. It is very important to notice that since the machine is not licensed or activated yet, you cannot customize everything. Windows will show most of the customization options as grayed because Windows is not activated. It is absolutely OK. Do not try to be clever and tweak things. Just customize the look of things that can be customized.
Tip: I saw people and even myself, trying to search for the registry keys or file paths that allow us to do more customization and bypass the grayed settings that is caused by the fact that Windows is not activated yet. Sometimes, those files are located in hidden folders and even the SYSTEM or Built-in administrators cannot access. Only a special SID called (TRUSTED INSTALLER) have access to those files. Do not try to be smart and take ownership of those hidden folders and change things. Just do the customization of the look and feel of Windows that Windows allows you to do while it is not activated or you will screw things up, believe me.
Now it is time to customize the start screen. In my case I do the following:
- The first thing that matters to users is to find the shutdown, restart and logoff keys, so I downloaded this PowerShell script to help creating those tiles for me.
- From your personal machine, download a script zip file called (CreateWindowsTile) from here: http://gallery.technet.microsoft.com/scriptcenter/Create-a-ShutdownRestartLog-37c8111d
- Take only the CreateWindowsTile.PS1 and copy it to a USB and move it to the reference machine while you are in Audit mode and past it to the desktop.
- From the reference machine, open PowerShell using Run as administrator and type:
- Set-ExecutionPolicy unrestricted
- C:\users\administrator\desktop\ CreateWindowsTile.ps1
- By running that script, three tiles will be created for you
- Set-ExecutionPolicy restricted.
- Next, I populate the start screen with Office applications, control panel icon, and (Notepad, Paint, Sticky note, CMD, calculator, RDP)
Tip: do not try to be smart from your first try and download special tools to create customize tiles that look nice and put them in your image. Keep it simple and design the start screen with basic things that your users need only. You do not have to include everything here, after all, users can search for things but what we are trying to do here, is to make it one step easier by putting say the top 10 application shortcuts.
Finally, empty the recycle bin and move to the next step.
Sysprep while in Audit Mode
Now, it is time to sysprep every application that you have installed in your reference image. You have to check with the software provider how to sysprep their applications and if they support to have their software to be captured as an image to avoid duplicate IDs. I will list couple of applications that I have in my reference machine that needs sysprep:
How to sysprep SCCM?
If you have SCCM in your reference machine, you have to sysprep it while in audit mode. You do this by doing the following:
- Stop the SMS Agent Host Service.
- Go to computer certificate store and delete the two signing and encrypting certificates under SMS store.
- If exists, delete the %SystemRoot%\SmsCfg.
- Make sure to capture the image before the service starts or the system reboots.
Note: Tested with SCCM 2007 Agent
How to rearm Microsoft Office 2013?
- We need to do something called REARM. When this happen, the grace period of office is frozen and the Office client machine ID (CMID) is reset.
- To rearm office, go to C:\Windows\Program Files\Microsoft Office\Office15 and run CMD as administrator on this path and run ospprearm.exe. Don’t open the office application after Rearm operation. Do not restart the machine.
How to sysprep Symantec Antivirus?
- To clone Symantec installation, we need to run a cloning exec before taking the image:
- It should be done as the last step in the image preparation process, before running sysprep and/or shutting down the system. If the system is rebooted or the Endpoint Protection client services are restarted then new identifiers will be generated and you must re-run the tool before cloning.
Booting the Reference Machine into Windows PE
After you have sysprep everything in audit mode, and while you are in audit mode, copy the CopyProfileunattend.xml that has been created on the ADK machine, to the reference machine D:\ drive. (remember that the reference machine has D drive with 20 GB capacity).
Now while in audit mode, and form the reference machine, open cmd as administrator, browse to c:\Windows\System32\sysprerp, and run this:
sysprep.exe /generalize /oobe /shutdown /unattend:D:\CopyProfileunattend.xml
Windows then will sysprep the operating system and shutdown.
Now connect the WinPE ISO image to the reference virtual machine DVD drive , and boot the machine from the DVD. If for any reason, you could not catch to press F2 to boot from the DVD and the machine booted from its hard disk, then you need to do all the application sysprep steps and run (sysprep.exe /generalize /oobe /shutdown /unattend:D:\CopyProfileunattend.xml) again.
Once you are in WinPE, note that all drive letters are changed most of the cases. For example, you may find that the G drive is now the C drive. So to identify the new volume names, we will use diskpart command line. So on the WinPE command prompt, type:
- List disk
- List volume
From the output you can map what drive letter is for your reference machine C drive and what drive letter is for your reference machine D drive. For simplicity, I will assume that the drive letters are not changed at this point.
Now run this command:
DISM /Capture-Image /CaptureDir:C:\ /ImageFile:D:\MyImage.wim /Name:”corporate win8.1 Image v1” /description: “Corporate Image user type”
Let us describe the options here:
- CaptureDir: is the directory of the reference machine C drive. Again, you should use the previous diskpart to identify if C is still that drive or not.
- ImageFile: is the drive to store the captured image. In my case it should be the D drive of the reference machine.
- /Name : is the name of the image. When you browse the WIM file in the future, this name will appear.
- /Description: sometimes if you do not supply this field, you will get errors in future steps.
Once the capture is done, reboot the reference machine and complete the wizard that windows will show because you are in the OOBE experience now, and then browse to the D drive and copy MyImage.wim to the ADK machine.
Check out my YouTube Windows 8 Advertisement 2 minute Video :