Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


June 2002

Deploying PCs with Sysprep


From the June 2002 Edition
of Windows IT Pro
Sean Daily
Feature
InstantDoc #24877
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Administration Tools Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!
SideBar    XP and Win2K Sysprep Resources

Download the Code Here

Safely clone your XP, Win2K, and NT systems with this handy utility

Editor's Note: Portions of this article were adapted from The Definitive Guide to Windows 2000 Administration (Realtimepublishers.com).

Disk-cloning software represents a major step in the evolution of OS deployment automation. With disk-cloning tools, you can configure a master system, complete with configured OS and applications, create a binary image of the system installation (i.e., create a "picture" of the disk's contents), then duplicate that image on other systems. Some utilities even let you multicast an image over the network so that multiple PCs can simultaneously receive a disk image from one or more source servers.

Although these utilities have proven handy for many IT shops, they aren't problem free. Disk-cloning utilities raise concerns about security and machine uniqueness (e.g., SID duplication). Despite these concerns, the tools' overwhelming popularity within the IT community showed Microsoft that disk-cloning products (and their potential problems) aren't about to go away. So Microsoft has embraced the technology and developed the System Preparation tool (sysprep.exe). Sysprep augments rather than replaces the functionality of disk-cloning software and makes using disk-cloning software more efficient and safer.

Disk Duplication Demons
Disk-cloning utilities have been lifesavers for network administrators who need to deploy large numbers of workstations on their networks. But disk-cloning software presents two major problems. First, these utilities require the reference machine (i.e., the machine from which you create the image) to have a virtually identical hardware configuration to the target machine (i.e., the machine that receives the image). Otherwise, you're likely to see a blue screen when you start up the cloned machine. Considering the fairly short life cycle of most PC hardware and the variety of hardware that exists in most companies, this shortcoming limits the usefulness of disk-cloning software.

Second, and more important, disk-cloning software creates a significant security problem when you use it on Windows XP, Windows 2000, and Windows NT systems. When you install these OSs, the installation process assigns the system a unique SID. Because disk-cloning software duplicates the reference machine's disk image after that machine has been assigned a SID, the target machines' SID will be identical to the reference machine's SID.

To understand why SID duplication creates a security problem, consider that each system in an XP, Win2K, or NT environment generates a unique SID that's associated with all the local user accounts. Two machines that have the same SID would assign the same SID to all new user accounts you create on those machines. In this situation, Windows will see the resulting user accounts as being the same—regardless of any differences in the usernames. For example, if you gave the shipping clerk a machine based on the same disk image as the machine you gave to the head of your Accounting department and both users created a new local administrator account on their machine, the shipping clerk would have rights to access anything that the Accounting department head's local user account could access.

Postduplication SID Switching
Disk-cloning software vendors offer a solution to the SID-duplication problem: SID-changing utilities that can modify the SID on a cloned machine. However, I've found that many of these utilities cause residual problems, and many fail to change the SID that's referenced within the registry and file system.

Also, be aware that Microsoft supports cloned machines only under limited circumstances. You need to have cloned a machine before the SID assignment or in conjunction with Sysprep for Microsoft to support that machine. For more information about Microsoft's support of cloned systems, see the Microsoft article "Do Not Disk Duplicate Installed Versions of Windows" (http://support.microsoft.com/default.aspx?scid=kb;en-us;q162001).

Sysprep to the Rescue
Unlike postduplication SID-changing utilities (such as those that ship with most disk-cloning utilities), Sysprep restores machine uniqueness by letting you roll a reference machine back to its pre-SID state after you install all desired software. The first time you start a reference machine after running Sysprep on it, the machine will return to the last stage of the Windows setup process (i.e., the machine and network identification stage), in which the SID is assigned. (Don't run Sysprep on a production system: The utility removes critical configuration information and effectively rolls the system back to a state prior to setup completion. Run Sysprep only on reference systems that you've intentionally set up to provide a template system configuration.)

A benefit to using Sysprep with disk-cloning software is that Microsoft supports machines that you use this method to deploy, so you won't be out of luck if you need to call Microsoft Product Support Services (PSS) for help with a cloned system. I've found that systems cloned from Sysprep-prepared reference systems exhibit fewer problems than do machines created with the disk-cloning and SID-changer utility method.

If you support NT machines and want to use Sysprep, you'll find that getting the NT 4.0 version of Sysprep (Sysprep 1.0) isn't easy. Although the utility is free, Microsoft doesn't make Sysprep 1.0 available for public download from the company's Web site, forcing users to submit a special request for the utility. Furthermore, only Enterprise and Select Agreement customers are eligible to use Sysprep 1.0. If your organization is an Enterprise or Select Agreement customer, take one of the following steps to obtain Sysprep 1.0 for NT:

  • Make a request on Microsoft's Request License for System Preparation Tool Web page (http://www.microsoft.com/ntworkstation/deploy/deploytools/requestlicense.asp).
  • Fax a request to Windows Deploy Tool License Agreement Request at 206-285-4403 (United States and Canada only).
  • Leave a voicemail message with your request by calling 800-394-9621 (United States and Canada) or 206-378-5544 (international).
   Previous  [1]  2  3  Next 


Top Viewed ArticlesView all articles
CES 2009: Ballmer Announces Windows 7, Windows Live, Live Search Milestones

During his first-ever Consumer Electronics Show (CES) 2009 keynote address last night in Las Vegas, Microsoft CEO Steve Ballmer announced the pending public availability of a feature-complete Windows 7, the final version of Windows Live Essentials, and ...

10 Reasons to Deploy Windows Vista

The decision to upgrade your XP systems to Vista is simple when you consider features such as easier backup, a great desktop search, and vastly improved security options. ...

Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...
Windows OSs Whitepapers Why SaaS is the Right Solution for Log Management
Related Events Virtualization Forum: Optimizing Storage, Networks, Desktops, and Security

Cloud Computing Forum: Integrating Software, Server and Storage as a Service into Your Enterprise IT Delivery Model

Virtualization Forum: Optimizing Storage, Networks, Desktops, and Security

Check out our list of Free Email Newsletters!
Windows OSs eBooks Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys

SQL Server Administration for Oracle DBAs
Related Windows OSs Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.



ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Download Data Protection Manager 2007
Disaster recovery at a low cost

Maximize speed, performance and reliablity of your PCs and servers—automatically!
Speed Up Your PC! Try Diskeeper 2008 with InvisiTasking Free Now!

Microsoft Learning Snack - Green IT Through Virtualization
Many organizations face rising operating costs caused by excessive energy consumption. Virtualization and "Green IT" can help cut these costs. Get the information you need to bring Green IT savings to your business.

Order Your Fundamentals CD Today!
Register today for your in-depth copy of one of three Fundamental CDs on the following topics – Exchange, SQL, and SharePoint.

Microsoft Learning Snack - Virtualization With Windows Server 2008
Windows Server 2008 includes virtualization technology that allows many operating systems - including open source - to run on a single host. Come learn the basics of implementing these features.

Microsoft Learning Snack - Virtualization Basics
With virtualization, computing components essentially become on-demand services, freeing each element of a system from the others. This short video explains the needs, benefits, and technologies behind virtualization.


Microsoft Learning Snack - Virtualization Basics
With virtualization, computing components essentially become on-demand services, freeing each element of a system from the others. This short video explains the needs, benefits, and technologies behind virtualization.

Microsoft Learning Snack - Virtualization With Windows Server 2008
Windows Server 2008 includes virtualization technology that allows many operating systems - including open source - to run on a single host. Come learn the basics of implementing these features.

Empower Your Processes with PowerShell 201
Paul Robichaux delves deep into PowerShell how-tos in 3 informative lessons, each followed by live Q&A—all on your own computer! Register today!

Microsoft Learning Snack - Green IT Through Virtualization
Many organizations face rising operating costs caused by excessive energy consumption. Virtualization and "Green IT" can help cut these costs. Get the information you need to bring Green IT savings to your business.

New Release: Windows IT Pro Master CD
13 years of content archives, fast answers with advanced search tools, and full access to WindowsITPro.com—order today!
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2009 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing