Using Sysprep To Deploy Desktops
Why Use Sysprep?
You know that image-based deployments allow you to create a standardized desktop image by making a copy (or clone) of an existing computer. You then deploy that image to target computers with the same hardware extraction layer (HAL type). The biggest problem with this method is that the security identifiers (SIDs) associated with a computer are duplicated when a direct copy of a computer is made. But what if you could avoid this problem? You can, by using the Microsoft Sysprep tool to create and deploy your images.
Sysprep prepares a system for duplication by removing the original SIDs in the image. The shortened form of setup (Mini-Setup) creates a unique SID for each destination computer. Sysprep Mini-Setup takes 5 or 6 minutes instead of the usual 45 to 60 minutes. With Sysprep, you can also add additional drivers to the Sysprep image that are automatically detected during Mini-Setup.
After you prepare a system for duplication, you create an image of the computer by using Microsoft Systems Management Server (SMS) 2003 and the SMS Operating System Deployment (OSD) Feature Pack or non-Microsoft imaging tools. (The next version of the Microsoft Windows desktop operating system?Microsoft Windows Vista?will include an imaging tool called XImage. But this tool is not available with currently shipping Windows operating systems.)
Note: The images created by the SMS OSD Feature Pack and SMS 2003 are Sysprep images captured in a Windows Imaging (WIM) format.
The Microsoft Solution Accelerator for Business Desktop Deployment (BDD) Standard Edition Computer Imaging System Feature Team Guide and the Solution Accelerator for BDD Enterprise Edition Computer Imaging System Feature Team Guide include a wealth of information on Sysprep image creation. These guides also include a tool that can help you automate most of the creation of Sysprep images and reduce the amount of time required to create your images, thereby reducing the number of configuration errors.
Configure the Base Master Imaging Computer
Configuring the base master imaging computer is the first step in using Sysprep to deploy operating systems. The Computer Imaging System Feature Team Guides include information on creating your base master imaging computer. Using the Solution Accelerator for BDD guides (and the tools that ship with them) can make your desktop deployment process faster, simpler, and easier.
The ultimate goal in configuring your base master imaging computer is to ensure that the mastering computer is configured exactly as you want the targeted computers to be configured. This means you need to include only what you want to appear on all targeted computers. For example, you may want to remove certain Microsoft Windows XP accessories (such as Games or Hyperterm) based on your desktop standard. You can, of course, add these features back for exceptions to your desktop standard.
When configuring your base master imaging computer, consider the following best practices:
Keep your image sizes as small as possible. The smaller the image, the faster the deployment, so remove any unnecessary files. For example, removing the paging file before creating your Sysprep images can greatly reduce the size of your Sysprep image.
Use Volume License (VL) media versions of Windows XP. If you build a Sysprep image from a retail version of Windows XP, you can create an image from the retail version of Windows XP only three times. (After that, you will receive errors when you try to create an image.) In addition, the retail version must have a unique product key for each installation and requires individual product activation. As a best practice, you should use scripts to create baselines of your desktop images. In addition, use a VL media version of Windows XP when creating your master imaging computer so that you can deploy your Sysprep images as many times as you have licenses. (VL media versions use a single product key and don't require product activation.) To find out more about using Sysprep with retail and VL media versions of Windows XP, see the Microsoft Support article, How to use Sysprep with Windows Product Activation or Volume License Media to deploy Windows XP.
You may need to configure more than one base master imaging computer (for example, one for each hardware abstraction layer type in your organization) so that you can create multiple Sysprep images. Or you may have language-specific issues that require more than one Sysprep image. For more information on the number of Sysprep images (and subsequently the number of master imaging computers) you need, see the Microsoft article Managing Your Operating System Images.
Add Device Drivers
One advantage of using Sysprep is that one Sysprep image can be deployed to different computer hardware configurations. Sysprep can dynamically detect most hardware differences and install the corresponding device drivers during Mini-Setup.
A particular hardware device in your target computer may not exist in your base master imaging computer. As a result, you need to add the device drivers for these devices in your Sysprep image. The more device drivers you add to your image, the larger the number of computers that you can deploy by using the same image. Of course, adding drivers increases the size of the image you deploy, but this increase is typically minimal.
If you are using the SMS OSD Feature Pack together with BDD Zero Touch Install (ZTI) to create and deploy your images, ZTI provides methods to add and remove device drivers at deployment time after the image is applied to the hard disk, and before mini-setup is started. Traditional methods require that you recreate your images each time you update the device drivers on the master imaging computer.
Including applications in your Sysprep image helps you enforce your organization's desktop standard and can help reduce support and training costs. Typically, these applications are the line-of-business (LOB) or core applications that your organization uses.
Table 1 lists the advantages and disadvantages of including applications in your Sysprep image.Table 1. Advantages and Disadvantages of Including Applications in Your Sysprep Image
Applications are integral with the image and can be deployed simultaneously.
Image sizes increase for each application included in the image.
The complexity of deploying your desktop standard is reduced. (You can use a single image to deploy the majority of your desktop standard).
Any changes in the applications require that you recreate the Sysprep images.
For more help in determining which applications you want to include in your Sysprep image, see the following resources:
Selecting The Best Method For Deploying Office 2003
Solution Accelerator for BDD Standard Edition Core Applications Feature Team Guide
Solution Accelerator for BDD Enterprise Edition Core Applications Feature Team Guide
Automate Sysprep Mini-Setup
After you have determined the contents of your image (but before you create your image), you must determine to what extent you will automate Sysprep Mini-Setup. You can fully automate Mini-Setup, or you can leave a pause for the information technology (IT) professional or user installing the image to fill in the appropriate responses.
The Sysprep.inf file is the answer file for the Sysprep.exe program. You can place the Sysprep.inf file in the %systemdrive%\Sysprep\ folder on the master imaging computer, or you can place it on a floppy disk (although this method is not recommended because it creates another item that you must be track, version, and manage). You make modifications to the Sysprep.inf file to automate Mini-Setup.
If you're using Zero Touch Installation (ZTI) in the Solution Accelerator for BDD, ZTI can automatically populate the appropriate information to complete Mini-Setup. You can find out more about configuring ZTI to fully automate your operating system deployment in the Solution Accelerator for BDD Zero Touch Installation Deployment Feature Team Guide.
To what extent you automate Mini-Setup depends on these factors:
The individual installing the operating system. If an IT professional is installing the image, you could have him or her complete most of the Mini-Setup settings (such as computer name and the Microsoft Active Directory directory service domain). Conversely, if a user is going to complete Mini-Setup, you may want to automate the process so that the user is prompted only for his or her user name.
How many of the configuration settings you know in advance. You can't automate what you don't know. For example, if you don't know the computer name in advance, you can't populate that information in the Sysprep.inf file.
The primary rule of thumb is, automate as much as you can to reduce possible configuration errors.
Test Sysprep Deployments
Testing is the most important aspect to deploying your operating system by using Sysprep. The more stringent your tests, the more likely you'll have a successful deployment. Most Sysprep-related issues can be identified and mitigated through thorough testing.
Create a lab test environment by using a combination of physical computers and virtual computers (using Microsoft Virtual PC 2004 or Virtual Server 2005). You need to do a lot of testing on the client side with physical computers to ensure that the proper device drivers are detected and installed correctly. You can use virtual computers for your network infrastructure (such as SMS 2003 servers). For more information on using Virtual PC with the Solution Accelerator for BDD, see Deployment Testing with Virtual PC 2004 by Jerry Honeycutt. For more information about using Virtual Server 2005 with the Solution Accelerator for BDD, see Jerry Honeycutt's Using Virtual Server 2005 in Desktop Deployment.
After achieving successful results in your test environment, conduct one or more pilot deployments. Pilot deployments are performed on a selected subset of computers on your production network. Perform the first few pilot deployments to a very small number of computers. Refine your process (and images) to reduce any deployment problems. Then, continue to broaden the number of computers in each deployment as you gain more and more success.
You may be asking the big question, "I'm investing a lot of time up front: What's the return on this investment"? Table 2 lists each step discussed previously and some ideas about how much time you can expect to invest in each process.Table 2. Steps in Using Sysprep and Their Estimated Time Requirements
Number of Hours
Configure the base master imaging computers (per imaging computer)
Add device drivers to the base master imaging computers (per imaging computer)
Add applications to the base master imaging computers (per imaging computer)
Automate Sysprep Mini-Setup
Test Sysprep deployments in a lab environment
Test Sysprep deployments in pilot deployments
The times in Table 2 are estimates based on my experience. Your actual time requirements may vary based on the complexity of your hardware and devices you support and to what extend you automate Sysprep Mini-Setup.
Regardless of all that, here’s the take-away: After you invest the 84 hours of work, you can deploy a fresh desktop in less than 40 minutes. Considering the time you would have to spend to complete that process manually, you could recoup your time investment in as little as three or four deployments.
And by using Sysprep, your newly deployed desktops are standardized, making them easier to support and maintain. Again, you reduce the amount of time you spend after deployment, which in turn makes that up-front investment an even better proposition.
For More Information
Discussions in Desktop Deployment
Ask your desktop deployment questions here. Discuss deployment tips and best practices with your peers, and give feedback on articles that are featured in the Desktop Deployment Center.
About the Author
Douglas Steen is an architect, consultant, technical trainer, and author who focuses on Microsoft products and integration technologies. Doug has been designing and creating hardware and software solutions since 1975 and has written several training courses, books, and online articles. Most recently, Doug wrote most of the IIS 6.0 Deployment Guide for Microsoft Press, a series of white papers for Microsoft about Active Directory, and portions of the Solution Accelerator for Business Desktop Deployment Enterprise Edition. You can contact Doug at firstname.lastname@example.org.