Configuring default settings for Windows image deployment


This post has been superseded by an updated post found here: http://blogs.technet.com/deploymentguys/archive/2009/10/29/configuring-default-user-settings-full-update-for-windows-7-and-windows-server-2008-r2.aspx.  Please update any links or favorites accordingly.


 


 


Disclaimer: The information on this site is provided “AS IS” with no warranties, confers no rights, and is not supported by the authors or Microsoft Corporation. Use of included script samples are subject to the terms specified in the Terms of Use. 


 


This post was contributed by Michael Murgolo a Senior Consultant with Microsoft Services, U.S. East Region.


 

Comments (72)

  1. Anonymous says:

    In my previous post on this topic, I mentioned that Windows XP Service Pack 2 will copy the Administrators

  2. Anonymous says:

    Cody,

    The tools are compatible with non-SP1 images, it seems that you have something else causing these issues.

    Have you tried changing the operating system deployed in the Task Sequence of your non-SP1 images?  If it works with that TS then you know the problem is in the TS for the SP1 image.

    Daniel

  3. Anonymous says:

    @William

    Hi William,

    Will the 6071-ADU take the 85 hz refresh rate if you set it manually?  Normally when I have had this problem it has been because the graphics card *or* the monitor could not display the settings I gave.

    HTH,

    Daniel

  4. Anonymous says:

    Emilios ( Theori),

    Unfortunately this blog is not a general MDT support forum.  Unless it is a question directly related to the post, we don't really have the time to investigate every issue.

    Please try asking your question at the Technet Forum for MDT: social.technet.microsoft.com/…/threads.

    Thanks,

    Michael Murgolo

  5. Anonymous says:

    Michael Murgolo did a great post on the different ways to adjust default settings when building an image

  6. Anonymous says:

    Hi Dan,

    SP1 should handle domain joins in the same manner. I have seen this error when the client does not have the required network drivers.

    Thanks,

    Ben

  7. Anonymous says:

    Hi Andrea,

    You should not be capturing an image that has bitlocker enabled. You should only enable bitlocker when you deploy the image.

    In order to use Bitlocker you need to have copied the bitlocker files to the tools folder in the distribution directory.

    D:DistributionToolsX86

                   Bdehdcfg.exe

                   BdeCfgLog.dll

    D:DistributionToolsX86en-us

                   DedHdCfg.exe.mui

                   BdeCfgLog.dll.mui

    Thanks,

    Ben

  8. Anonymous says:

    Hi Øystein,

    You simply need to populate the MachineObjectOU value in the customsettings.ini. MDT will then do the rest for you.

    Thanks,

    Ben

  9. Anonymous says:

    Thank you Michael. I think I got it.

    Now I have another problem. I am testing all my LiteTouchPE isos in vmware. The problem is that LiteTouchPE doesn’t include vmware network drivers.

    If I create my WinPE media I can include those drivers manually and everything works, but then I think I’ll lose the "task sequence" or will I not? LiteTouchPE is a prepared image and the boot.wim can’t be modified subsequently, nothing can’t be added to it. I don’t want to add them to add them to my "out-of-box drivers", as they will get included in the deployed operating system(is there a work around???).

    So you see my dilemma. Can I use a self-made boot.wim, customized after my own preferences, added to the LiteTouchPe.iso and preserving the "task sequence"?

    Greets

    Will it work?

  10. Anonymous says:

    Hi Ben

    It doesn’t work. None of the drivers get injected in the deployed os. None from "All Drivers" and none from "vmware" group. I’m doing something wrong here, but I don’t know what.

  11. Anonymous says:

    Hi Kelly,

    Is there any information in the logs?

    Thanks,

    Ben

  12. Anonymous says:

    Hi Adam,

    BDD simply uses a VB copy command to update deployment points.

    I tend to create the deployment point on the BDD server itself and then use another tool (DFS) to replicate the Deployment point to my sites. I find this easier to manage, espically when you have alot of sites to manage.

    Thanks,

    Ben

  13. Anonymous says:

    Hi Cody,

    Although those lines you included in your post state "error", they don’t reveal the reason for your error.  Go back a few lines in the log and you should see something more useful.  I know the log files from MDT are pretty verbose, but the information you need is in there, you just need to go back a few lines to find it.

    HTH,

    Daniel

  14. Anonymous says:

    Hi Andrea,

    You can specify the TPMOwnerPassword

    as a variable in the customsettings.ini file. You should not need to edit any scripts. Try adding the following line:

    TPMOwnerPassword=P@ssw0rd

    You should see some announcements soon regarding the availability of Vista SP1 and the MDT update.

    Thanks,

    Ben

  15. Anonymous says:

    Hi Atolica,

    The simple way to get around this is to use driver groups. Create one for drivers that you want to use during deployment and one for Windows PE. You then simply assign these groups to the appropriate areas.

    Thanks,

    Ben

  16. Anonymous says:

    Hi Atolica,

    You summation is correct :).

    Thanks,

    Ben

  17. Anonymous says:

    I was wondering if anyone tried testing SP1 for Vista and using BDD 2007 to create a custom deployable image?  

    If you are trying to create a custom deployable image and you updated ie7 or windows defender, it will cause your image to fail during the build creation process in BDD 2007.  Will SP1 have this same effect?

    thanks

    -Charles

  18. Anonymous says:

    Hi Atolica,

    There is not a default way of doing this.

    I think you would have to write a custom partitioning script to perform this task. I am not sure how easy/difficult this would be.

    Thanks,

    Ben

  19. Anonymous says:

    Hello Cusefan44,

    These are ‘normal’ warnings. MDT is telling you that is has recognised that this entry is a password. Rather than write it out in plain text for all to see it has suppressed it.

    This helps to preserve security.

    regards,

    Richard Trusson

  20. Anonymous says:

    Hi Atolica,

    The process you are following should work.

    Here are the steps you need to follow:

    1. Add the drivers to the VMware group – This must be done per driver

    2. Create a driver group for the other drivers

    3. Add all drivers to the new driver group.

    4. Select the vmware driver group on the Windows PE TAB for your distribution point.

    5. Select the new driver group on the distribution point.

    6. Update the deployment point.

    Thanks,

    Ben

  21. Anonymous says:

    Hi Cosmo,

    I would add this step into the state restore phase. You will want to make the changes to the Administrator profile as these will be copied to the default profile in the sysprep process.

    Thanks,

    Ben

  22. Anonymous says:

    Hi Øystein,

    The OU setting is read by the ZTI configure script.

    Have you read the following blog about how rules work? It covers this topic.

    http://blogs.technet.com/benhunter/archive/2007/03/17/understanding-bdd-rule-processing.aspx

    Thanks,

    Ben

  23. Anonymous says:

    I’m using MDT 2008.  When performing a refresh of the OS I get the following warning in the deployment summary:

    <Message containing password has been suppressed>  Does anyone have any idea what might be going on?  There are numerous entries throughout the log containing this message but I currently have 3 that show up as warnings.

  24. Anonymous says:

    Hi David,

    This is the default behaviour since XP SP2. During the sysprep process it copies the administrator profile over the Default USer profile.

    Thanks,

    Ben

  25. Anonymous says:

    Hi Ben

    Thank you for your quick reply. I think I have to roam through the documentation a little bit more to figure out how to create a driver group.

    I started last night to build a distribution for deploying Windows Xp with SP3 integrated,  as I am very fond of the imaging part. It doesn’t work. When it reaches the  product key entering part it doesn’t recognize the PK from the sysprep.inf or unattended. I get "A problem is preventing Windows from accurately checking the license for…. ERROR Code: 0x8004005.

    I read somewhere that replacing pidgen.dll from a WXP SP2 cd will work. But it doesn’t. Somehow SP2 product keys don’t work with WXP+SP3. Someone said that it might be due to the fact that SP3 is just in not officially released, thus not supported yet.

    The PK I use is a valid genuine volume key that activated thousands of times before and works flawlessly with WXP SP2, unattended. I want to deploy on just 10 machines, for testing purposes.

    I tried everywhere plus technet SP3 support forum, but no go. I even tried to replace the PID number from setupp.ini in i386 folder. Doesn’t work. As I see it, WXP+SP3 can’t be deployed just yet. Or do you know a secret?

    Greetings!

  26. Anonymous says:

    Hi,

    Great site Ben, you truly are a genius!

    I just resently installed the Windows Deployment system, and I have two questions.

    1. I have tried the SkipWelcomescreen option with no luck. Is there a way to not show the welcomescreen, (just set the locale and domain somewhere) and only ask for username and password ?

    2. Is there a way of telling the system (by script or other means) to create the computer account in the same OU as the user running the installation ?

    Best regards

    Øystein

    – keep up the excelent work ! –

  27. Anonymous says:

    Hi All

    Sorry to mail you directly but I have just started having an issue with getting  blank custom background bitmapfile even though the properties of the media deployment point in MDT 2010 states a bitmap and the location is accessible.

    I look in the litetouch_x64.xml in the boot folder of the deployment point and the is a line saying the following

    <Copy source="E:BUILD_x64Resources1280x10241280x1024OSPhase_Dev.bmp" dest="Windowssystem32winpe.bmp" hash="A616D06C8D5BF97557501F04272BDF3A" />

    I then open the Litetouch_x64.wim file and look for the filename winpe.bmp and it does not exisit

    Any ideas?

    Thanks

    Emilios

  28. Anonymous says:

    Hi Ben,

    I’ve been getting return codes: -1073741818 during one of my ZTIApplications.wsf installs. It is one the second last application I have in the database for that make/model.

    I used Richard’s method of putting the error code in the calculator in scientific mode and converting to Hex, it returns a last digit of 6. However, I haven’t been able to find an explanation for return code 6. Would you happen to know where I could find information on it?

    Thanks

  29. Anonymous says:

    Hi Ben

    Is there a way to modify the task sequence so I can chose what disk and partition to format, and where to start th deployment?

    The default task as it is set, formats the whole drive or lets me specify how much of the drive to be formated, but doesn’t let me select previous created partitions where to install the os. I don’t want to wipe the whole drive. It would be nice at that step to have the default partitioning wizard back. Even if I set "AutoPartition=0" in "unattend.txt" file, I don’t think it’ll work as the whole task is controlled by "TS.xml". Can you clarify this for me?

    Thak you!

  30. Anonymous says:

    Hi Ben,

    I have put the following into my customsettings.xml file:

    KeyboardLocal=0481:00000481

    TimeZone=290

    TimeZoneName=New Zealand Standard Time

    UserLocale=mi-NZ

    UILanguage=mi-NZ

    UserLocalAndLang=mi-NZ,mi-NZ

    These settings are ignored by MDT 2008 and Windows Deployment Wizard Locale Selection screen only allows a choice a numereous English variations.

    When I put in the fowlling into the customsettings.xml file, English (New Zealand) is selected without a problem.

    KeyboardLocal=1409:00001409

    TimeZone=290

    TimeZoneName=New Zealand Standard Time

    UserLocale=en-NZ

    UILanguage=en-NZ

    UserLocalAndLang=en-NZ,en-NZ

    I would ideally like to just have the machine configured for Maori with the Maori keyboard.

    Could you let me know if there is a way to do this.

  31. Anonymous says:

    Hi Ben

    I updated to MDT 2008 and tried to build a new deployment point. The problem is that comparing to the previous version, this doesn’t work. The server name(in this case my pc named HARDKORN) is not recognized. I get a red exclamation mark "Server is invalid or unreachable". None of the deployment point types work. This didn’t come up with the previous version.

    Can you help me out here?

    Greets

  32. Anonymous says:

    Hi Ben,

    I got it working, I had to remove the boot image compleatly from WDS and add it as a new one to get it updated.

    In regards to the second challenge all I need to do is query for the users OU and use the result as the value for Organizational Unit.

    Could you point me in the right direction as to exactly where the join domain function is executed ?

    Thx.

    B.r.

    Øystein

    ———

  33. Anonymous says:

    First of all, great blog, thx for this.

    During the past few days I have set up the Windows Deployment system, but now I have two questions that I guess shouldn’t be placed here, but I can’t figure out where the right place would be so please bear with me.

    1. Is there a way to remove the welcomescreen.

    I have tried The SkipBDDWelcome=YES option with no luck. Is there a way to skip the welcomescreen and just ask for username and password. (I would like to set the domain fixed also).

    2. When the computer is joined to the domain I would like it to create the computer account in the same OU as the user running the installation ? Is there a way of telling the system to do this ?

    B.r.

    Øystein

    ———

  34. Anonymous says:

    Hi Cosmo,

    I didn’t realise you meant settings that weren’t moved :).

    The administrator profile gets copied over the default user profile during the mini setup phase of the sysprep process. This means that you will want to apply the changes during the state restore phase of the image deployment(not capture), as you correct surmised.

    Thanks,

    Ben

  35. Anonymous says:

    Hi Ben

    So let me see if I understand. I created a driver group, in this case named "vmware". I added the vmware drivers to that group.

    Then in "Deployment Points" category I see the last two tabs. One "Driver Groups" with two subcategories: 1. All Drivers and 2. Vmware. The first category (All drivers) is ticked.

    I see another tab named WinPe where I selected "vmware" as the "Driver Group" and at "Driver injection" I selected just the first check box from the four available. Is this corect?

    I want the vmware drivers used just for the winpe and not injected in the distribution.

    Let me know if I am right here!

    Thank you!

    Atolica

  36. Anonymous says:

    Hi Øystein,

    The SkipBDDWelcome setting should work. You need to make sure that this is included in the bootstrap.ini file and that you update you boot images.

    Creating the account in the same OU as the user may be a bit more diffcult. You would need to write a script to do this. I have written a couple of blogs on about how to move a computer to a staging OU during deployment, these may give you some ideas. I think this may require alot of work to get going :(.

    Good luck,

    Ben

  37. Anonymous says:

    Is there a way to insert a wait command before running sysprep so I could make some modifications? I want to change windows update settings the way I like them. Or better.

    Can windows Update settings be altered without my intervention by using a script? I searched in all those scripts but couldn’t find anything.

  38. Anonymous says:

    Hi Wael,

    That general process should work. You really need to post your customsettings.ini file before we can help you anymore.

    Thanks,

    Ben

  39. Anonymous says:

    dg,

    If you add CopyProfile to the unattend.xml associated with the task sequence (TS properties, OS Info tab, Edit Unattend.xml button), then those changes would not be necessary.

    Yes, I agree having better contol over which profile is used for the copy would be nice.  I’ll try to feed this back to the product group.

    Finally, since this post has been superseded by a newer one (see link at top), please post any new comments to that one.

    Thanks,

    Michael Murgolo

  40. Anonymous says:

    Josh,

    I have been using the CopyProfile setting with LTI and ZTI since Windows Vista shipped without a problem.  I have never had it "ruin" an image or deployment.

    And if you read the updated version of this post (see link at top), you will notice that I don’t recommend that you use the setting when you run Sysprep.  Since this is ZTI, use CopyProfile in the answer file used with the Apply Operating System step in the ConfigMgr task sequence.

    Michael Murgolo

  41. Jaimie says:

    Thanks for this.  Default User profile is usually a hot point of debate. Group Policy Preferences is going to be fantastic.

  42. AdamR says:

    I hope you don’t mind a random question here, but I am having trouble finding an answer.

    I just need to know what ports BDD uses or what program (xcopy, vbscript, etc.) to update Deployment Points over a network. Just need to make sure the firewall has the correct ports open so BDD can update the DP. I think it is just SMB (port 445)… Any help would be appreciated as I can’t find any documentation…

  43. Andrea says:

    I have to agree that managing settings becomes easier using GPO’s, power config can be done three ways- unattend settings, run command, or GPO. At least with GP’s they are easily managed or changed down the road.

    But my newest challenge is Bitlocker- Help! I’ve been reading everything I can find on doing a task sequence and Bitlocker enabled. I know I’m missing something. I have TPM activated and I can’t get it to work- I’ve tried to do tpm management and set a password. , but nothing I do ends up with Bitlocker enabled. The task sequence ends with an error.If I try to enable Bitlocker in Vista it gives me the hard drive isn’t connfigured correctly even though the drives does actually get partitioned correctly.Do I need to edit a script and put the tpm startup password in there? What am I missing? I’ll be deploying to new machines.

    On another note, I’ve downloaded the WAIK 1.1, but was going to wait until the update to the Microsoft deployment toolkit is out, could you post online whwn that is available? Any issues with installing the newer waik now, prior to that update?

    Also, I’m concerned about Vista SP1 and when that will be a finished product what with seeing the issues with some drivers. I eventually want to build my task sequences using media that has sp1 already in it adn wondering when that media will be available on the e-open site, any insight on that?  

  44. Øystein says:

    Hi Ben,

    I have sevreal OU’s for different departments.

    Different Departments get different GP’s that deploy all the software etc.

    Therefore I need to manipulate the OU setting. Maybe I got it wrong but I belive I will not work to manipulate CS.ini during the install prosses.(after entering username and password) because it will not be reread by the installer prosess.

    When is the OU setting actaly read from the CS.ini file ?

    B.r.

    Øystein

    ——–

  45. Andrea says:

    Ben- thanks for the info on the TPMOwnePassword=blah, but I’m still having issues. Here’s the testing I’ve done. I cleared TPM, then saved bios settings, then set TPM to active. I then tried to deploy a captured reference image (apps installed) and enabling Bitlocker and using TPM only. I set the TPMOwnerpassword in the custon settings ini file. I gotthe dsame errors I had been getting – Unable to find BDEcfgHD.exe, RC=1. So then I decided to try eliminating the captured image part and deployed Vista using the out of box wim, well not to my surprise I did not get any errors in the task sequence, but again, when I looked at Bitlocker it was not enables and the message this drive is not configured for Bitlocker, adn then no way to get it going. The drive has a 2GB partion frmo the image process (that part does work) and the normal c OS drive. I really need to get this going so I can evaluate BitLocker. Another concern from my boss who isn’t altogether sold on Vista to begin with. Any help or direction would be GREATLY appreciated asap.I’ve read everything I can find on BitLocker, even the BitLocker blog site, adn nothing.

  46. Wael says:

    I have a problem using Capture Image,

    I used the product Help and followed the below steps:

    1.Create a deployment point that is configured to capture an image

    2.Started the computer to be captured using LiteTouchPE_86.wim

    3.Start the deployment wizard,

    4.Chose to join to WORKGROUP not a domain

    But  specify whether  to capture an image page doesn’t appear!!

    What I missed to make this page appear to can capture an Image?

  47. Andrea says:

    Ben- Thanks,I really appreciate you being there to help with this stuff! I’ll test today. I didn’t capture an image with Bitlocker enabled- Only apps installed.Getting closer!

    Andrea

  48. Andrea says:

    Ben- Is there some secret over at microsoft? i thought the tools would be easy to get. I spent a good part of yesterday trying to locate them. I am now on the phone with a second customer support (kb 930063)for software assurance, and am now being transferred to the Bitlocker support group. The software assurance support knows nothung about this tool or download. Is it hiding somewhere where I could of actually found it more readily? I can’t even think to tell my boss this one, may set him over the edge. why isn’t it included in the MDT?

    Andrea

  49. Andrea says:

    Ben- TI did finally get someone from support for the Bitlocker team who was very helpfull in getting me the Bitlocker drive prep tools. I copied the files as instructed but am still getting errors. I’ve looked at the log files but all they say to me are the same errors I see at the TS detail screen.

    This is from the BDDLog file:

    2008" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    <![LOG[Running: \WS4401Distribution$ToolsX86BdeHdCfg.exe -target D: merge -quiet]LOG]!><time="23:50:42.000+000" date="02-26-2008" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    <![LOG[About to run command: \WS4401Distribution$ToolsX86BdeHdCfg.exe -target D: merge -quiet]LOG]!><time="23:50:42.000+000" date="02-26-2008" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    <![LOG[Return code from command = -2147009791]LOG]!><time="23:50:43.000+000" date="02-26-2008" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    <![LOG[Unable to merge BDE partition BdHdCfg Code:-2147009791]LOG]!><time="23:50:43.000+000" date="02-26-2008" component="ZTIBde" context="" type="3" thread="" file="ZTIBde">

    <![LOG[Unable to merge BDE partition]LOG]!><time="23:50:43.000+000" date="02-26-2008" component="ZTIBde" context="" type="3" thread="" file="ZTIBde">

    <![LOG[ZTI ERROR – Non-zero return code by ZTIBde, rc = 1]LOG]!><time="23:50:43.000+000" date="02-26-2008" component="ZTIBde" context="" type="3" thread="" file="ZTIBde">

    <![LOG[Non-zero return code executing command "C:MININTToolsX86TsmBootstrap.exe" /env:SAContinue, rc = -2147467259]LOG]!><time="23:50:43.000+000" date="02-26-2008" component="LiteTouch" context="" type="2" thread="" file="LiteTouch">

    <![LOG[LTI deployment failed, rc = -2147467259  0x80004005]LOG]!><time="23:50:43.000+000" date="02-26-2008" component="LiteTouch" context="" type="1" thread="" file="LiteTouch">

    <![LOG[Property RetVal is now = -2147467259]LOG]!><time="23:50:43.000+000" date="02-26-2008" component="LiteTouch" context="" type="1" thread="" file="LiteTouch">

    <![LOG[CleanStartItems Complete]LOG]!><time="23:50:43.000+000" date="02-26-2008" component="LiteTouch" context="" type="1" thread="" file="LiteTouch">

    <![LOG[About to run command: MSHTA.exe "C:MININTScriptsWizard.hta" /definition:Summary_Definition_ENU.xml]LOG]!><time="23:50:43.000+000" date="02-26-2008" component="LiteTouch" context="" type="1" thread="" file="LiteTouch">

    <![LOG[Property WizardComplete is now = N]LOG]!><time="23:50:44.000+000" date="02-26-2008" component="Wizard" context="" type="1" thread="" file="Wizard">

    This is from the ZTIbde log:

    <![LOG[The task sequencer log is located at C:UsersADMINI~1AppDataLocalTempSMSTSLogSMSTS.LOG.  For task sequence failures, please consult this log.]LOG]!><time="23:50:42.000+000" date="02-26-2008" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    <![LOG[Starting search for removable drive]LOG]!><time="23:50:42.000+000" date="02-26-2008" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    <![LOG[The search for a USB drive failed]LOG]!><time="23:50:42.000+000" date="02-26-2008" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    <![LOG[sOSDBitLockerMode=TPM]LOG]!><time="23:50:42.000+000" date="02-26-2008" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    <![LOG[sOSDBitLockerWaitForEncryption=False]LOG]!><time="23:50:42.000+000" date="02-26-2008" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    <![LOG[sOSDBitLockerStartupKeyDrive=C:]LOG]!><time="23:50:42.000+000" date="02-26-2008" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    <![LOG[sOSDBitLockerTargetDrive=]LOG]!><time="23:50:42.000+000" date="02-26-2008" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    <![LOG[<Message containing password has been suppressed>]LOG]!><time="23:50:42.000+000" date="02-26-2008" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    <![LOG[OS drive encryption requested. Drive:C:]LOG]!><time="23:50:42.000+000" date="02-26-2008" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    <![LOG[====== Current disk information ======]LOG]!><time="23:50:42.000+000" date="02-26-2008" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    <![LOG[Disk 0 (removable = False) contains drive C: which is 74245MB and NTFS, bootable = True]LOG]!><time="23:50:42.000+000" date="02-26-2008" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    <![LOG[Disk 0 (removable = False) contains drive D: which is 2046MB and NTFS, bootable = False]LOG]!><time="23:50:42.000+000" date="02-26-2008" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    <![LOG[====== End of current disk information ======]LOG]!><time="23:50:42.000+000" date="02-26-2008" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    <![LOG[Total Disk size in bytes79999073280]LOG]!><time="23:50:42.000+000" date="02-26-2008" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    <![LOG[Found existing BDE Drive at D:]LOG]!><time="23:50:42.000+000" date="02-26-2008" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    <![LOG[Attempting to merge]LOG]!><time="23:50:42.000+000" date="02-26-2008" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    <![LOG[Running: \WS4401Distribution$ToolsX86BdeHdCfg.exe -target D: merge -quiet]LOG]!><time="23:50:42.000+000" date="02-26-2008" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    <![LOG[About to run command: \WS4401Distribution$ToolsX86BdeHdCfg.exe -target D: merge -quiet]LOG]!><time="23:50:42.000+000" date="02-26-2008" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    <![LOG[Return code from command = -2147009791]LOG]!><time="23:50:43.000+000" date="02-26-2008" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">

    <![LOG[Unable to merge BDE partition BdHdCfg Code:-2147009791]LOG]!><time="23:50:43.000+000" date="02-26-2008" component="ZTIBde" context="" type="3" thread="" file="ZTIBde">

    <![LOG[Unable to merge BDE partition]LOG]!><time="23:50:43.000+000" date="02-26-2008" component="ZTIBde" context="" type="3" thread="" file="ZTIBde">

    <![LOG[ZTI ERROR – Non-zero return code by ZTIBde, rc = 1]LOG]!><time="23:50:43.000+000" date="02-26-2008" component="ZTIBde" context="" type="3" thread="" file="ZTIBde">

    I though maybe it was becasue it couldn’t find a removeable drive, so at this moment I’m trying it with it in there.

    Any suggestions?

    Varon from tech support (the person who got me the tools) is going to call me tomorrow to see how far I’ve gotten.

    Do you think I’m getting closer?

    Thanks for getting me closer to my goal!

    Andrea

    Andrea

  50. DavidM says:

    Hi Ben,

    I have a XP SP2 image that has copied the default location to save in the administrator/desktop for any new user.  Have you ever seen this happen after sysprep?

  51. Hi DavidM,

    Was an old-style manual profile copy done before running Sysprep?  This is listed as one of the symptoms of a method "A" profile copy (item 2. e. in that section above).

    Mike

  52. DavidM says:

    Hi Mike,

    No, an older style copy wasn’t done before.  This was a fresh image and collection process using Sysprep 2.0.  What I believe happened after thinking about it for a while, was that I downloaded adobe reader or something else I shouldn’t have done with the pre-imaged machine and brought along the "HKCUSoftwareMicrosoftInternet ExplorerDownload Directory" key from the administrator profile.

    This seems to make since with the way Sysprep 2 works (thanks Ben).  I deleted the key from the image offline, and the issue went away.

    David

  53. Dan Baker says:

    I am having issues getting custom Vista SP1 imaged deployed and unattended join of the domain.  If I do an unatended of the install disk of Vista with SP1 everythin works fine.

    I can then make a custom image and everything is fine, but somewhere in the process of updating that custom image (deploying it, adding additional software, syspreping etc) I can deploy the image, but it wont do an unattended join to our domain and give the following messages in the "Panther/UnattendGC/setupact.log"

    2008-03-10 14:16:28, Info                         [unattendedjoin.exe] Unattended Join: Joining domain [ursulinestl]…

    2008-03-10 14:16:28, Info                         [unattendedjoin.exe] Unattended Join: Calling DsGetDcName for ursulinestl…

    2008-03-10 14:16:43, Warning                      [unattendedjoin.exe] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x79, will retry in 5 seconds…

    2008-03-10 14:17:03, Warning                      [unattendedjoin.exe] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x79, will retry in 5 seconds…

    2008-03-10 14:17:23, Warning                      [unattendedjoin.exe] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x79, will retry in 5 seconds…

    2008-03-10 14:17:43, Warning                      [unattendedjoin.exe] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x79, will retry in 5 seconds…

    2008-03-10 14:18:03, Warning                      [unattendedjoin.exe] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x79, will retry in 5 seconds…

    2008-03-10 14:18:23, Warning                      [unattendedjoin.exe] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x79, will retry in 5 seconds…

    2008-03-10 14:18:43, Warning                      [unattendedjoin.exe] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x79, will retry in 5 seconds…

    2008-03-10 14:19:03, Warning                      [unattendedjoin.exe] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x79, will retry in 5 seconds…

    2008-03-10 14:19:23, Warning                      [unattendedjoin.exe] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x79, will retry in 5 seconds…

    2008-03-10 14:19:43, Warning                      [unattendedjoin.exe] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x79, will retry in 5 seconds…

    2008-03-10 14:20:03, Warning                      [unattendedjoin.exe] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x79, will retry in 5 seconds…

    2008-03-10 14:20:23, Warning                      [unattendedjoin.exe] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x79, will retry in 5 seconds…

    2008-03-10 14:20:43, Warning                      [unattendedjoin.exe] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x79, will retry in 5 seconds…

    2008-03-10 14:21:03, Warning                      [unattendedjoin.exe] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x79, will retry in 5 seconds…

    2008-03-10 14:21:23, Warning                      [unattendedjoin.exe] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x79, will retry in 5 seconds…

    2008-03-10 14:21:43, Warning                      [unattendedjoin.exe] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x79, will retry in 5 seconds…

    2008-03-10 14:22:03, Warning                      [unattendedjoin.exe] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x79, will retry in 5 seconds…

    2008-03-10 14:22:23, Warning                      [unattendedjoin.exe] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x79, will retry in 5 seconds…

    2008-03-10 14:22:43, Warning                      [unattendedjoin.exe] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x79, will retry in 5 seconds…

    2008-03-10 14:23:03, Warning                      [unattendedjoin.exe] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x79, will retry in 5 seconds…

    2008-03-10 14:23:23, Warning                      [unattendedjoin.exe] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x79, will retry in 5 seconds…

    2008-03-10 14:23:28, Error                        [unattendedjoin.exe] Unattended Join: NetJoinDomain failed error code is [1355]

    2008-03-10 14:23:28, Error                        [unattendedjoin.exe] Unattended Join: Unable to join; gdwError = 0x54b

    2008-03-10 14:23:28, Info                         [unattendedjoin.exe] Unattended Join: Exit, returning 0x0

    I have posted this on several sites and have gotten NO where – if anyone has seen this before let me know what to do – we had/have no problems with our non SP1 images and I can update and redeploy non SP1 all day :)

    SP1 seems to be handling something with domain joining a little odd…

    if you want you can even email me at

    dbaker [at] ursulinestl [dot] org

    Thanks,

    Dan

  54. Atolica says:

    Hi

    I am having the same problem as Wael.

    When I get to the "Capture" step, I just get the network wizard for specifing what network I have and nothing else. The system doesn’t restart as it should.

    My CutomSettings.ini looks like this:

    [Settings]

    Priority=Default

    Properties=MyCustomProperty

    [Default]

    OSInstall=Y

    And nothing else. What am I doing wrong here?

    Thanks.

  55. Atolica says:

    Hi

    Is there a way to use custom commands for the capture process. For example I want to use the "/compress max" flag when capturing. Can it be done?

    Thanks

  56. Ben Hunter provided a suggestion for pausing a Task Sequence on another forum:

    —————-

    The way I pause the task sequence is by creating a task that launches notepad, when I want to resume the process I simply close notepad, Here are details on how to do this:

    To do this I create an application that includes the text file and a VB script containing the lines below  and then add this application to the task sequence:

    set oShell= CreateObject("Wscript.Shell")

    oShell.Run " C:windowsNotepad.exe ManualTasks.txt ",3,True

    —————-

    However, you configure the Automatic Updates agent in a numbers of automated ways.  The best method is Group Policy.  But you can also set the registry directly.  Both methods are documented in the WSUS deployment doc.  The latest version is here: http://go.microsoft.com/fwlink/?LinkId=79983.

    Mike

  57. Andrea says:

    Ah, great idea. I saw another way in the documentation, but this is sooo much easier! Thanks for the tip! I need to do this too.

  58. Cosmo says:

    At which step in an MDT Task Sequence for capturing an XP reference image would one insert the script for customizing the default user hive (Method C above)? If inserted before the sysprep step, I suppose the settings would be overwritten with the administrator’s profile?

  59. Cosmo says:

    Hi Ben,

    thanks for your help, but as Michael has stated in the above blog entry (Section B "Automated profile copy after sysprep") not all administrator settings are propagated to the default user profile. That was also my experience.

    So, Michael describes that he has used method C (mount ntuser.dat from default user, cutomize and unmount) successfully and I wonder, where in the build/deployment process one would run such a script.

    As I understand it, the default user profile gets copied over during sysprep, so it has to run after LTISysPrep.wsf. Because after executing sysprep the network connection to distribution$ is lost I tried copying the script locally ($OEM$). The script runs successfully if I put it between LTISysPrep and Restart in the TS, but after deployment the customizations are gone.

    Maybe this kind of default user customization would only work during the state restore phase of a deployment, not a reference capture?

  60. Cosmo says:

    Thanks again!

    Unfortunately, customer wants a base image including default user customizations. So, there goes Method C, moving on to Method D 😉

  61. StefanW says:

    I also face problem with the "copyprofile" setting in the unattend.xml. When running sysprep /generalize, not all customizations are passed to the Default User. (Theme is not, quickLaunch is not, desktop icons are)

    Another useless setting int he unattend.xml is "CustomDefaultThemeFile". Altough the customized theme is selectable in the pull-down menu, the installation and the sysprep always put the Vista Theme as the default one.

  62. Cody says:

    I am having some problems with LTI and enabling bitlocker since upgrading to MSD 2008.

    I have my tasks sequence set to automatically enable bitlocker, but I keep receiving this error:

    <![LOG[Non-zero return code executing command “C:MININTToolsX86TsmBootstrap.exe” /env:SAContinue, rc = -2147467259]LOG]!><time=”10:20:43.000+000″ date=”04-14-2008″ component=”LiteTouch” context=”” type=”2″ thread=”” file=”LiteTouch”>

    <![LOG[LTI deployment failed, rc = -2147467259  0x80004005]LOG]!><time=”10:20:43.000+000″ date=”04-14-2008″ component=”LiteTouch” context=”” type=”1″ thread=”” file=”LiteTouch”>

    Any Ideas how to fix this?

    Thanks,

    Cody

  63. Cody says:

    Hi Daniel,

    Thanks for the response. Going back a bit further I see [Failed find a TPM instance in the provider class.].

    I have both Vista SP1 Images and non-SP1 images. When I restore a SP1 image it restores successfully, when I try to restore a non-SP1 image I get this error.

    I am using MSD 2008 and WAIK 1.1. When using the previous versions I didn’t get this error with non-SP1 images.

    Looks like the new tools aren’t completely compatible with non SP1 images?

    Thanks,

    Cody

  64. This post is for Cosmo.  Sorry about the delay in replying, but I’ve been trying to get some deliverables out for a project.

    To get method C to work on Windows XP SP2, you have to install the hotfix from this KB article: http://support.microsoft.com/?kbid=887816.  (My bad for forgetting to mention this.)  You will have to request this from Customer Support.  This hotfix reverts XP to not doing the profile copy by default.  You would then do the Default User hive registry edit before Sysprep runs.   (I never understood why they made the new profile copy the default with no builtin way to disable it.  They saw the error of their ways with Windows Server 2003 and Vista, which have to have the profile copy enabled in the answer file.)

    Michael Murgolo

  65. Cosmo says:

    Wow, thanks for the reply and for taking the time to blog about all this and to answer so many questions here and elsewhere (to all of you d-guys).

    I was already aware of the hotfix and I’m still thinking wether to use it. In the meantime I tried to figure out what exactly gets copied from the admin profile to the defuser profile during minisetup, but this is really a tedious task. As you already mentioned, there is no reliable way of telling why a specific setting does not get carried over.

    Also, there are some areas that are really not designed for this sort of registry hacking (explorer view details, toolbars, setting a jpg wallpaper, …) and getting these to work can be quite time-consuming.

    Anyway, thanks again!

  66. William Turgeon says:

    Hi,

    I have been browsing the web to try and find an answer to a deploy problem.

    I have a client who is using a sysprepped image to deploy XP to three different models of machine…all are Lenovo.

    The drivers are all installed correctly on each model of machine. However, on the Lenovo M57 Type : 6071-ADU machines, the screen settings set in Sysprep do not stay set.

    The pertinent section reads:

    [Display]

    BitsPerPel=32

    Xresolution=1024

    YResolution=768

    VRefresh=85

    and works for the other two models but not this one. The video settings revert back to ‘optimum’ for this model.

    Any ideas would be helpful here…this is getting quite annoying.

    Thaks for your assistance.

    BillT

  67. Attila says:

    The same happened in one of our computer. After the uninstallation of Office Communicator 2007 and reinstallation of the Windows Messenger 5.1 we get this exit code.

    We used a wse for the installation and SMS for that.

    Thanks a lot in advance!

  68. Dave says:

    Attn: Ben

    I have setup a Vista platform and have customized many settings within the Built-In Administrator account and have set the "copyprofile" command in the unattend.xml file to "True".

    The Bottom Line:

    The "copyprofile" setting in the unattend.xml has issues. The copyprofile setting DOES NOT work on some settings. When running the following command,there are "many" customizations that not copied to the "Default" profile:

    "sysprep/generalize /oobe /shutdown /unattend:c:windowssystem32sysprepunattend.xml"

    There are certain settings that DO work (ex: desktop icons that are setup on the Built-In Administrator accounts are transferred to a the "Default" profile), but there are many other settings that are not passed to the "Default" NTUSER.DAT file.

    It almost seems like the "copyprofile" feature refuses to copy the Built-In Administrator’s NTUSER.DAT file to the "Default" profile.

    If I manually load the "Default" NTUSER.DAT hive, make the customizations, and unload the hive….then run sysprep…then all the settings stick and everything is customized the way it is suppose to be.

    Quite frankly, I think the "copyprofile" setting is quite useless because it doesn’t work. It’s junk.

    Frustrated to say the least…

    Thanks, Dave

  69. Josh says:

    I am working on the windows 7 deployment for my company and this problem is seriously holding back my progress. I actually have nearly every part of a ZTI reinstall process working except copyprofile. It is extremely frustrating because when I run sysprep with copyprofile enabled, it completely ruins the image. Luckily I backed up the system before sysprep, but it is still extremely time consuming to test. Even if it doesn’t completely copy all settings, it should at least run properly. The same xml file works with the option disabled. I also checked for the bad user accounts in the registry (which wouldn’t have a reason to be there anyhow).

  70. dg says:

    I accept that copyprofile does work with W2k8R2, however I could not make this work with MDT until I modified the following line in LTISysprep.wsf to specify the unattend.xml file that gets copied in

    ORIGINAL

    ‘ Run sysprep

    sCmd = oEnv(“SystemRoot”) & “system32sysprepsysprep.exe /quiet /generalize /oobe /quit”

    MODIFIED

    ‘ Run sysprep

    sCmd = oEnv(“SystemRoot”) & “system32sysprepsysprep.exe /quiet /generalize /oobe /quit /unattend:” & oEnv(“SystemRoot”) & “system32sysprepunattend.xml”

    And there is at least one massive caveat to copyprofile in w2k8 – It would appear to copy the user profile with the latest timestamp, not the local administrator

    So if you install some software in your basebuild that has a service running as a custom local user (in my case citrix offline plugin), even if you stop the service before running sysprep, it would seem that the service starts before copyprofile is run in the specialize phase, therefore as the service account profile was created from the original defaul profile, you have achieved nothing.

    Would be better is sysprep always copied the local admin profile, or if you could specify in the unattend.xml which profile to copy

  71. dg says:

    Hi Michael,

    I posted here, because

    "New Comments to this post are disabled"

    on the updated blog

    I agree that I should not have to modify LTISysprep, but having run through this about 20 times this was the only way I could make copyprofile work with MDT2010, ignoring the user service problem.

    I appreciate that the unattend.xml, associated with the deploy image TS, is copied in before the OS starts and that should contain copyprofile for the specialise phase.

    To be clear

    I do an unatteded install using MDT to create initial server. I read that the unattend.xml is cached so I put copyprofile=true in this xml file

    Make my build changes

    Run sysprep and capture task (with modified ltisysprep)

    Deploy image

    I make sure that copyprofile is in all three xml files involved.

    This suggests to me that there is some sort of dependency on the genreralize and specialize phases.

    I dunno – I’m still scuppered by the service user having the latest timestamp

    Thansk for the response

  72. Mark says:

    I have been receiving the following error MDT 2012: "Failed to find a TPM instance in the provider class". This has been working fine but it just stop working. Also get the code 6734 but that does not tell me much.