Why Sysprep is a necessary Windows deployment tool - Part 1: All the important Sysprep functions

sysprep In response to my article about Microsoft's free OS image preparation tools, a reader claimed that as a result of Mark Russinovich's famous SID duplication myth article, Sysprep would no longer be required. Mark argued in detail why SID duplications are, contrary to a widespread opinion, no problem in Windows networks. Since Mark is such a famous figure, I believe many admins have read his article and came to the same wrong conclusion that the Sysprep tool has now become obsolete. I think that this a big misunderstanding. Thus, it is important to get a few things straight about the System Preparation tool.

First of all, those who read Mark's article to the end will have noticed that he still recommends using Sysprep. The problem is that his article is quite long and, I guess, many admins missed that part. Second, I disagree with Mark that duplicate SIDs are not an issue. I will provide my arguments in the next article. Today, I will explain why sysprepping your master image is essential even if we assume for a moment that unique SIDs are not required.

Not only does Sysprep remove the SID, it also provides the following functions:

  • Removes the computer name; whereas a unique SID might not be required in some environments, unique computer names are certainly essential
  • Removes the computer from the Windows domain; this is necessary because the computer has to be added to Active Directory with its new name
  • Uninstalls plug and play device drivers, which reduces the risk of hardware compatibility problems; required drivers will be installed automatically on the target machines
  • Can remove event logs (reseal parameter); this is useful if you have to troubleshoot a target machine
  • Deletes restore points; if you have to use system restore on the target machine, you could run into problems if you use a restore point from the master PC
  • Removes the local administrator's profile and disables the account; this ensures that you don't accidentally copy your files to the target machines and leave the admin account unprotected
  • Ensures that the target computer boots to Audit mode, allowing you to install third-party applications and device drivers
  • Ensures that mini-setup starts after booting up the first time, allowing you to configure the target computer's new name and other configurations
  • Allows you to reset the grace period for Windows product activation (rearm) up to three times; this gives you more time to activate target computers

I think, these are the most important Sysprep features. Please tell me  if I forgot something. These articles have more information about Sysprep: 1, 2, 3. In my next post, I will outline why unique SIDs are still necessary.

Update: A reader mentioned that Sysprep does even more than I outlined above. In Vista and above Sysprep is modular and comes with multiple "plug-ins", each of which is called for removing and reestablishing machine-specific details/identifiers/configurations. There is no official documentation, but more information is available in this Techent article where those modules are called "actions". The whole list of plug-ins can be found in this registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep

Want to write for 4sysops? We are looking for new authors.

Read 4sysops without ads and for free by becoming a member!

  1. KIp 10 years ago

    A nice article. We are getting ready to start our Windows 7 images and your information will prove very useful. One question I have regarding sysprep disabling the admin account? Our organisation like to have the admin account enabled and with a secure password in place. How would I stop sysprep doing this or should I simply re-enable later?


  2. Enabling the local administrator account is a big security risk. It is better to create a new account with admin rights. I've described how to enable the local administrator account before, if you really need it.

    Setting a local admin password makes sense. There are many tools out there which allow you to reset the password network wide. For example: AutoAdministrator, ManageEngine Desktop Central, or Passgen.


  3. ben 9 years ago

    Microsoft didn't like NEWSID, so they forced him into it. dupe SIDS cause major problems if you have exchange servers
    just give me a version of NEWSID for all versions of windows. When I make a image all I want to do when deplying is to change the computer name and the SID, after that I add it to the domain.


  4. Luis lopez 9 years ago

    Is there a way to undo the sysprep changes on the master PC?


Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2020


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account