Hướng dẫn chi tiết Sysprep Windows 10, 11

SysPrep (System Preparation Tool) is used to generalize the Windows 10/11 installation and prepare a customized reference Windows image for deployment to corporate computers. This allows administrators to quickly deploy a reference Windows image that includes all the all the necessary apps, drivers, settings, and security updates that your users need to get started.

What is Sysprep and how does it work?

The idea is that an administrator can prepare a reference Windows computer with all the necessary drivers, programs, and required system settings. This configured Windows image can then be captured and deployed to client computers. SysPrep is a built-in tool used to generalize the Windows image and remove computer-specific information (SID, GUID, etc).

This guide explains how to create a reference Windows computer, generalize it using SysPrep and capture the WIM image that will be installed on other computers. I will cover the following basic steps:

• Perform a clean installation of Windows 10/11 from the original ISO image on the reference computer.
• Use the SysPrep tool to put the Windows into the Audit Mode.
• Configure your Windows environment: install drivers, updates, language packs, apps, configure user personalization options, configure the Desktop, create shortcuts, set files and folder permissions, etc.
• Generalize the image using the SysPrep.
• Boot into Windows PE and capture an image using the DISM command.
• Copy the resulting WIM image to the installation media or use the deployment tools to install it on the users’ computers (such as MDT, WDS, DISM, or ImageX).

How to create a Windows 10 or 11 reference image

Download the latest Windows build (you can use the Media Creation tool to make Windows installation media) and perform a clean Windows installation on a reference computer or virtual machine. Do not connect the computer to the Internet at this stage (unplug the Internet connection (Ethernet) or disable your Wi-Fi adapter on your computer).

The reference builds for this article are Windows 10 22H2 or Windows 11 23H2.

Disable automatic updating of Microsoft Store apps (which can break the SysPrep process in Windows 10 and 11):

1. Open the Local Group Policy Editor (gpedit.msc) and go to Computer Configuration > Administrative Templates > Windows Components > Store;
2. Enable the policy Automatic Download and Install of updates;

Then configure the ImageState registry parameter:

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State" /v ImageState /t REG_SZ /d IMAGE_STATE_GENERALIZE_RESEAL_TO_OOBE /fCopyCopy

And make changes to the file C:\Windows\Setup\State\State.ini

[State]

ImageState=IMAGE_STATE_SPECIALIZE_RESEAL_TO_OOBECopyCopy

This will prevent SysPrep from failing when processing Microsoft Store apps.

Customizing Reference Windows Image in Audit Mode with SysPrep

The next step is to customize your reference Windows image in the Audit Mode. You can boot into Audin Mode from the OOBE screen (run CTLRL+Shift+F3) or open an elevated PowerShell console and run sysprep command:

C:\windows\system32\sysprep\sysprep.exeCopyCopy

Select the following options:

• System Cleanup Action: Enter System Audit mode;
• Shutdown Options: Reboot;
• Press the OK button.

Sysprep on Windows can be run from the command line with basic options:

sysprep.exe [/oobe | /audit] [/generalize] [/reboot | /shutdown | /quit] [/quiet] [/unattend:answer_file_name]CopyCopy

• /audit — boots Windows into audit mode. In this mode, you can install additional apps and drivers;
• /generalize — preparing Windows for image capture. All identifiers, logs, Event Viewer logs, and restore points are removed;
• /oobe — restarts the Windows in the Welcome screen mode. The Windows Welcome screen allows users to configure Windows operating system, create new accounts, rename the computer, and perform other tasks;
• /unattend:answer_file_name — allows you to apply the settings from the answer file to Windows during an unattended installation.

Note. In some cases, SysPrep returns the error: unable to validate your Windows installation. The cause of the error is listed in the %WINDIR%\System32\Sysprep\Panther\setupact file.

Refer to the article for other possible sysprep errors and fixes: Sysprep was not able to validate your Windows installation.

For other SysPrep errors, you can check the log files. Depending on the stage, Sysprep may write information to one of the directories:

• Generalize — %WINDIR%\System32\Sysprep\Panther.
• Specialize — %WINDIR%\Panther.
• Windows Unattended installation — %WINDIR%\Panther\UnattendGC.

The computer will automatically restart and boot into Audit Mode. Windows automatically logs on using the built-in administrator account (even if it was previously disabled). Windows will always boot into the Audit Mode until you explicitly switch your computer to Out-of-Box Experience (OOBE), Windows will always start in Audit Mode.

The only visible sign that you’ve entered audit mode is the Sysprep dialogue box in the center of the screen. Do not close the SysPrep window, just minimize it.

You are now ready to start customising your Windows. We will take a look at some popular steps that sysops most often configure in their reference image.

Step 1 (Optional): Install OEM Information and Logo

Set your company branding info. In this example, we will set the OEMLogo, Company name, tech support website, and working hours. Create a text file oem.reg, and copy the following code into it:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation]

“Logo”=”C:\\WINDOWS\\oem\\OEMlogo.bmp”

“Manufacturer”=”TheITBros, LLC”

“Model”=”Windows 10 Pro 22H2”

“SupportHours”=”9am to 5pm ET M-F”

“SupportURL”=”https://theitbros.com”CopyCopy

Note. Create the graphic file C:\WINDOWS\oem\OEMlogo.bmp with your company logo.

To apply the REG file, double-click it, and accept the registry changes. This will import these settings into the registry.

After restarting, check your branding information in the System Properties dialog:

Step 2: Install the Drivers and Apps

Install all the required drivers and third-party programs you would like to see in your Windows 10/11 image.

Install all the necessary drivers for all the computers and laptop models on which you want to deploy this reference Windows image. Extract the driver files (including the *.inf files) to the local folder and use PowerShell to inject all the drivers from the source folder into the Windows image:

Get-ChildItem "C:\Drivers\" -Recurse -Filter "*.inf" |

ForEach-Object {PNPUtil.exe /add-driver $_.FullName /install}CopyCopy

Then you can download and install apps manually, or use the built-in WinGet package manager to install software from the WinGet repo. Let’s say, we want to install Opera, Google Chrome, VLC media player, Adobe Acrobat Reader DC, 7Zip, K-Lite Codec Pack Full, and Zoomit. Open the elevated PowerShell prompt and run the command:

winget install --id=7zip.7zip -e && winget install --id=Opera.Opera -e && winget install --id=Google.Chrome -e && winget install --id=VideoLAN.VLC -e && winget install --id=Adobe.Acrobat.Reader.32-bit -e && winget install --id=CodecGuide.K-LiteCodecPack.Full -e && winget install --id=Zoom.Zoom –eCopyCopy

Note. Don’t install or update any Microsoft Store apps on a reference computer.

If you need to reboot Windows to install the application or update, you can do so. After reboot, the system will return to audit mode.

Step 3: Install Windows Security Update in Audit Mode

Windows will not allow you to install updates in audit mode by using the Windows Update section of the Settings panel since the OOBE phase is not complete.

Use the PSWindowsUpdate module from PowerShell Gallery to install the security updates from the command prompt.

1. Install the PSWindowsUpdate module:

   Install-Module -Name PSWindowsUpdateCopyCopy

2. Automatically download and install all the available Windows updates:

   PowerShell -ExecutionPolicy RemoteSigned -Command Import-Module PSWindowsUpdate;
   
   Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoRebootCopyCopy

3. Check again for available updates:

   Get-WindowsUpdateCopyCopy

Step 4 (Optional): Uninstall Built-in Microsoft Store Apps

Also, you can uninstall built-in Microsoft Store (UWP apps), but it’s really up to you. So, if you don’t want to uninstall built-in apps, just skip this step.

You can remove pre-installed Microsoft Store apps in Windows 10 22H2 and Windows 11 23H2 using the following PowerShell commands:

#News app

Get-AppxPackage *BingNews* | Remove-AppxPackage

#Weather

Get-AppxPackage *BingWeather* | Remove-AppxPackage

#PowerShell

Get-AppxPackage *PowerShell* | Remove-AppxPackage

#Music app

Get-AppxPackage *ZuneMusic* | Remove-AppxPackage

#Movies and TV

Get-AppxPackage *ZuneVideo* | Remove-AppxPackage

#MS Office

Get-AppxPackage *MicrosoftOfficeHub* | Remove-AppxPackage

#People app

Get-AppxPackage *People* | Remove-AppxPackage

#Maps

Get-AppxPackage *WindowsMaps* | Remove-AppxPackage

#Help and tips

Get-AppxPackage *GetHelp* | Remove-AppxPackage

#Voice Recorder

Get-AppxPackage *WindowsSoundRecorder* | Remove-AppxPackage

#Sticky Notes

Get-AppxPackage *MicrosoftStickyNotes* | Remove-AppxPackage

#PowerAutomate

Get-AppxPackage *PowerAutomateDesktop* | Remove-AppxPackage

#Xbox and related apps

Get-AppxPackage *Xbox* | Remove-AppxPackage

#Feedback Hub

Get-AppxPackage *WindowsFeedbackHub* | Remove-AppxPackage

#Microsoft To-Do

Get-AppxPackage *Todos* | Remove-AppxPackage

#Calculator

Get-AppxPackage *WindowsCalculator* | Remove-AppxPackage

#Alarms and Clocks

Get-AppxPackage *WindowsAlarms* | Remove-AppxPackage

#Teams/Chat

Get-AppxPackage *Teams* | Remove-AppxPackage

#Your Phone

Get-AppxPackage *YourPhone* | Remove-AppxPackage

#Spotify

Get-AppxPackage *SpotifyAB.SpotifyMusic* | Remove-AppxPackage

#Screen & Sketch/Snipping tool

Get-AppxPackage *ScreenSketch* | Remove-AppxPackage

#Solitaire Collection

Get-AppxPackage *MicrosoftSolitaireCollection* | Remove-AppxPackage

#Photos

Get-AppxPackage *Windows.Photos* | Remove-AppxPackage

#OneDrive

Get-AppxPackage *OneDriveSync* | Remove-AppxPackage

#Skype

Get-AppxPackage *SkypeApp* | Remove-AppxPackage

#Xbox Console Companion

Get-AppxPackage *GamingApp* | Remove-AppxPackageCopyCopy

Note. An error may occur during Sysprep after you are removing some of the built-in Microsoft Store apps (check c:\Windows\Panther\setuperr.log):

Error SYSPRP Package <PackageFullName> was installed for a user, but not provisioned for all users. This package will not function properly in the sysprep image.
Error SYSPRP Failed to remove apps for the current user: 0x80073cf2.

This is a known Windows 10/11 issue and you can fix it according to the guide.

Generalizing Windows image using SysPrep

If your computer has a static IP address, change the configuration to get it automatically (from a DHCP server). Open the network adapter settings, select the IPv4 protocol properties and select Obtain an IP address automatically.

Or, you can use the following PowerShell script to automatically get an IP address from a DHCP server:

$IPType = "IPv4"

$adapter = Get-NetAdapter | ? {$_.Status -eq "up"}

$interface = $adapter | Get-NetIPInterface -AddressFamily $IPType

If ($interface.Dhcp -eq "Disabled") {

If (($interface | Get-NetIPConfiguration).Ipv4DefaultGateway) {

$interface | Remove-NetRoute -Confirm:$false

}

$interface | Set-NetIPInterface -DHCP Enabled

$interface | Set-DnsClientServerAddress -ResetServerAddresses

}CopyCopy

Now cleanup your image:

1. Use the Disk Clean-up tool (cleanmgr.exe) to remove junk and unnecessary files from your computer’s hard disk;
   
2. Empty the Recycle Bin;
3. Remove temporary files and folders (%LocalAppData%\temp, C:\Windows\Temp, etc.);
4. Delete all local user profiles, except for the Administrator and Default profiles.
5. Clean up the Web Cache files in the Administrator and Default profiles:

   rd /s /q "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache"
   
   rd /s /q "C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache"
   
   del /f /q /a:sh "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCacheLock.dat"
   
   rd /s /q "C:\Users\Default\AppData\Local\Microsoft\Windows\WebCache"
   
   rd /s /q "C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache"
   
   del /f /q /a:sh "C:\Users\Default\AppData\Local\Microsoft\Windows\WebCacheLock.dat"CopyCopy

   After everything is configured, you can expand the SysPrep windows and select the options:

• System Cleanup Action: Enter System Out-of-Box Experience (OOBE);
• Shutdown Options: Shutdown;
• Check the Generalize option.

Once the Windows image has been generalized, it will start in Out-of-Box Experience (OOBE) mode and reassign unique SIDs.

Using Answer Files with Sysprep for Unattended Windows 10/11 Installation

SysPrep allows using an answer file for unattended Windows installation. This step is optional (used to specify various image deployment options). You can skip this step, and go straight to the step of capturing a Windows image.

The answer file can contain the answer to any question you are asked during Windows Setup (region, language, product key, keyboard, account, and privacy setting, etc.). You can use the answer file to skip some of the steps during the out-of-box experience (OOBE).

How to create Windows Answer File using Windows System Image Manager

The answer file is a file with XML syntax. The preferred tool for generating the correct answer file is the Windows System Image Manager (Windows SIM).

Download the Windows Assessment and Deployment Kit (ADK) for Windows 10 or ADK for Windows 11. Use the ADK version for the Windows version you want to deploy.

Run the adksetup.exe file as an administrator. Then select Deployment Tools to install (it includes the latest version of DISM and Windows SIM).

You will need the install.wim file with the Windows image you want to deploy. You can copy the install.wim file from the sources directory on the installation Windows ISO image. If only the install.esd file is available in the sources directory, you can convert ESD to WIM to get install.wim.

Let’s create an answer unattended file for Windows 10 22H2.

Run the Windows System Image Manager as an administrator (C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\WSIM\imgmgr.exe). Select File > New Answer File.

Specify the path to your install.wim for which you want to create an answer file for.

Wait for the SIM to mount the Windows installation image and create the catalog file (.clg). This will take some time, after which the install_Windows 10 Pro.clg file will appear in the directory with the install.wim file.

Note. If you try to open the install.wim file of your Windows 10 build using WSIM from an older version of the ADK, you may receive an error message:

Windows SIM was unable to generate a catalog.

In order to fix this error, you need to install the latest ADK and WSIM available for your Windows build.

Select your Windows 10 edition. If there is only one edition of Windows in your install.wim file, it will be selected automatically.

Using WSIM, you can configure various parameters for the answer file. For example, you can configure the Windows product key (if you are using KMS server or MAK keys), time zone, organization and owner info, default language and region settings, input locales, etc.

First of all, we need to do the most important thing: tell Sysprep to copy all our customizations to the default user profile.

To do this, find the amd64_Microsoft-Windows-Shell-Setup__neutral in the Windows Image section. Right-click on it and select Add Setting to Pass 4 specialize.

Then, in the Answer File panel, expand section 4 Specialize > amd64_Microsoft-Windows-Shell-Setup__neutral. Set the CopyProfile value to TRUE.

Additionally, you can configure the following options in the Answer file.

Pass 1 Windows PE

Choosing an installation language in WinPE:

Microsoft-Windows-International-Core-WinPE

InputLocale: en-US;

SystemLocale: en-US

UILanguage: en-US

UserLocale: en-USCopyCopy

Pass 7 oobeSystem

Create a local administrator account and set a password for it:

Microsoft-Windows-Shell-Setup –> UserAccounts –> LocalAccounts -> Insert New Local Account

Name: admin

Group: AdministratorsCopyCopy

All empty (blank) answer file parameters must be removed.

To check the settings in answer file, select in Tools > Validate Answer File option. If you configured everything correctly, a message should appear in the Messages console: No warning or errors.

Save the answer file by choosing File > Save Answer File As > autounattend.xml.

Now you can close WSIM.

Generalize Windows Image Using Answer File

Now you can use your autounattend file to Sysprep your Windows image. Run the command in the elevated command prompt (replace the path to autounattend.xml with yours):

c:\windows\System32\Sysprep\sysprep.exe /generalize /oobe /shutdown /unattend:C:\ps\autounattend.xmlCopyCopy

Hint. If you want to capture a Windows image running in a virtual machine, you can use the special Sysprep switch /mode:vm:

C:\windows\system32\sysprep\sysprep.exe /generalize /oobe /mode:vm /shutdown /unattend:C:\ps\autounattend.xmlCopyCopy

With the /generalize option the Sysprep will remove unique computer data. This allows you to safely deploy this reference Windows image on other workstations or laptops. After executing the command, the computer will shut down.

Capture Reference Windows 10/11 Using DISM

After shutting down your computer, you can capture a customized Windows image. You can use special tools to capture a Windows image (such as MDT) or use DISM. Below we will consider the DISM option.

Boot the reference computer into Windows PE. The easiest way to access WinPE is to boot the computer from the Windows 10/11 installation media, or recovery drive.

Press Shift + F10 on the first setup screen.

Type Diskpart command. Use the list vol command to identify the drive letters. In this example, the installed Windows image is located on drive D.

Capture the image with the command:

dism /capture-image /imagefile:E:\win10referenceimg.wim /capturedir:d:\ /name:"Win10 Pro reference image"CopyCopy

• /Capturedir — the reference Windows folder.
• /imagefile — the target WIM image file you want to create. Connect an additional disk or USB flash drive to the computer and save the image to it (do not specify the Windows partition drive letter here);
• /Compress — use the /compress:maximum option for best WIM image file reduction (this will increase the image capture time, but save a disk space).

Hint. You can capture your reference Windows image and immediately save it to a shared network folder on your file server (or MDT host). To do this, you need to mount a network drive in WinPE before running the dism /capture-image command:

1. Initialize network in WinPE and get IP address from DHCP server:

   wpenitCopyCopy

2. Map a shared network folder using the net use command:

   Net use E: \\192.168.31.20\shareCopyCopy

   

3. Provide user credentials to access shared folder;
4. Now you can capture an image to a shared folder over the network.

Note. Note that the reference WIM image you get may be significantly larger than the clean Windows 10 or 11 installation image.

Copy the reference WIM image you’ve got to the installation drive media (copy and replace file ..\sources\install.wim), or put it into your deployment software (MDT, SCCM).

Now you can deploy your customized Windows image to computers across the company using MDT, WDS, SCCM, etc.

 

Link: https://theitbros.com/sysprep-windows-machine/