In response to my article about Microsoft's free OS image preparation tools, a reader claimed that as a result of Mark Russinovich's famous SID duplication myth article, Sysprep would no longer be required. Mark argued in detail why SID duplications are, contrary to a widespread opinion, no problem in Windows networks. Since Mark is such a famous figure, I believe many admins have read his article and came to the same wrong conclusion that the Sysprep tool has now become obsolete. I think that this a big misunderstanding. Thus, it is important to get a few things straight about the System Preparation tool.
- Author and member of the year 2019 – Why DevOps still doesn't rule the IT world - Wed, Jan 1 2020
- Results of the 4sysops member and author competition in 2018 - Tue, Jan 8 2019
- Why Microsoft is using Windows customers as guinea pigs - Reply to Tim Warner - Tue, Dec 18 2018
First of all, those who read Mark's article to the end will have noticed that he still recommends using Sysprep. The problem is that his article is quite long and, I guess, many admins missed that part. Second, I disagree with Mark that duplicate SIDs are not an issue. I will provide my arguments in the next article. Today, I will explain why sysprepping your master image is essential even if we assume for a moment that unique SIDs are not required.
Not only does Sysprep remove the SID, it also provides the following functions:
- Removes the computer name; whereas a unique SID might not be required in some environments, unique computer names are certainly essential
- Removes the computer from the Windows domain; this is necessary because the computer has to be added to Active Directory with its new name
- Uninstalls plug and play device drivers, which reduces the risk of hardware compatibility problems; required drivers will be installed automatically on the target machines
- Can remove event logs (reseal parameter); this is useful if you have to troubleshoot a target machine
- Deletes restore points; if you have to use system restore on the target machine, you could run into problems if you use a restore point from the master PC
- Removes the local administrator's profile and disables the account; this ensures that you don't accidentally copy your files to the target machines and leave the admin account unprotected
- Ensures that the target computer boots to Audit mode, allowing you to install third-party applications and device drivers
- Ensures that mini-setup starts after booting up the first time, allowing you to configure the target computer's new name and other configurations
- Allows you to reset the grace period for Windows product activation (rearm) up to three times; this gives you more time to activate target computers
I think, these are the most important Sysprep features. Please tell me if I forgot something. These articles have more information about Sysprep: 1, 2, 3. In my next post, I will outline why unique SIDs are still necessary.
Update: A reader mentioned that Sysprep does even more than I outlined above. In Vista and above Sysprep is modular and comes with multiple "plug-ins", each of which is called for removing and reestablishing machine-specific details/identifiers/configurations. There is no official documentation, but more information is available in this Techent article where those modules are called "actions". The whole list of plug-ins can be found in this registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep