最後更新: 2027-03-16

目錄

• Windows 2003
• Windows Server 2008 R2
• OOBE / Audit Mode 與 Generalize
• Windows System Image Manager (WSIM)
• Unattend.xml

 

---

Windows 2003

 

Install:

安裝完 WindowsServer2003-KB926028-v2-x86-ENU 後在 C:\WINDOWS\system32\deploy.cab 內

CD/Support/Tools/Deploy.cab

安理會後獲得 File:

• setupmgr.exe
• sysprep.exe
• setupcl.exe

Usage:

Step1:

setupmgr.exe    -- create  --->   sysprep.inf   (非必要的)

Step2:

sysprep -reseal -bmsd -activated

-bmsd - Populates all the available mass storage devices in the [SysprepMassStorage] section.
-reseal - Clears the Event Viewer logs
-nosidgen - Runs the Sysprep.exe file without generating new SIDs
-activated - Do not reset the grace period for Windows product activation.

P.S.

過程需要入 SN

 

---

Windows Server 2008 R2 ( sysprep preinstalled by default )

 

Location:

%windir%\System32\sysprep\sysprep.exe

Usage:

# removes unique information from a Windows installation so that you can reuse that image on different computers.

sysprep /generalize /reboot

# you can preserve the device-drivers installation in a Windows image.

PersistAllDeviceInstalls

** Not all server roles support Sysprep

For the Server Roles that do not support Sysprep,

you must enable the server role and configure the role settings after imaging and deployment.

• AD
• DNS Server
• DHCP server
• IIS7

 

---

OOBE / Audit Mode 與 Generalize

 

Out-Of-Box Experience (/oobe)

The OOBE enables end users to customize their Windows installation. End users can create user accounts,
read and accept the Microsoft Software License Terms, and select their language and time zones.

By default, all Windows installations boot to OOBE first.

OOBE prompts the user for a product key.
Audit mode does not require that you apply settings in OOBE.
By bypassing OOBE, you can access the desktop more quickly and perform your customizations.

Before Boot

After Boot

 

Audit mode (/audit)

Audit mode enables you to install third-party applications and device drivers,
as well as to test the functionality of the computer.

Audit mode enables OEMs and corporations to quickly customize a Windows installation.

You can install applications, add device drivers, run scripts, and test the validity of a Windows installation.

Audit mode does not require settings in Windows Welcome to be applied.

---

Typically, Windows starts Windows Welcome immediately after installation.

However, by booting to Audit mode, you can bypass Windows Welcome and boot the computer immediately to the desktop.

This enables you to start your customization process as quickly as possible.

---

Also, Audit mode enables you to verify that a computer is functional before it is delivered to a customer.

You can verify that the end user's first boot experience runs as expected,
and OEM customizations and information about your company's support options are present.

---

When Audit Mode starts the sysprep window is always shown.

Also, if you have not chosen to exit Audit Mode, PC will after reboot be back in Audit Mode
and the sysprep window shown.

 

Generalize (/generalize)

Prepares the Windows installation to be imaged.

Sysprep removes all unique system information from the Windows installation.

Sysprep resets the security ID (SID), clears any system restore points, and deletes event logs.

Generalizing a Windows installation uninstalls configured devices, but does not remove device drivers from the PC.

If you're deploying an image to computers that have identical hardware and devices as the original PC,
you can keep devices installed on the computer during system generalization by using an unattend file with

Microsoft-Windows-PnPSysprep | PersistAllDeviceInstalls set to true.

Unattend.xml

...
  <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>
  <DoNotCleanUpNonPresentDevices>true</DoNotCleanUpNonPresentDevices>
...

Other Opts

• /shutdown
• /reboot
• /unattend:filename

Example

%windir%\System32\sysprep\sysprep.exe /oobe /generalize /shutdown

會有一個 Title: "Sysprep is woking ..." window 仔彈出來, 行 10 分鍾後就會關機.

 

---

Windows System Image Manager (WSIM)

 

要安裝 WAIK 才會獲得 WSIM, 不過它成 1.7 GB !!

Download

1. https://www.microsoft.com/en-US/download/details.aspx?id=5753
2. https://www.microsoft.com/zh-hk/download/details.aspx?id=5188

 

---

Unattend.xml

 

"/unattend:filename" 時用到的 File

Doc

https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/

CLI

C:\Windows\System32\sysprep\sysprep.exe /generalize /oobe /reboot /unattend:C:\Unattend.xml

Unattend.xml

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">

    <settings pass="generalize">
        <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64"
                   publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" >
            <SkipRearm>1</SkipRearm>
        </component>        
        <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64"
                   publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" >
            <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>
            <DoNotCleanUpNonPresentDevices>true</DoNotCleanUpNonPresentDevices>
        </component>
    </settings>    

    <settings pass="specialize">
        <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" 
                   publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" >
            <SkipAutoActivation>true</SkipAutoActivation>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64"
                    publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" >
            <ComputerName>Tim-PC</ComputerName>
            <TimeZone>China Standard Time</TimeZone>
        </component>
    </settings>

    <settings pass="oobeSystem">

        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" 
                   publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" >
            <InputLocale>1033:00000409</InputLocale>
            <SystemLocale>en-US</SystemLocale>
            <UILanguage>en-US</UILanguage>
            <UserLocale>en-US</UserLocale>
        </component>

        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" 
                   publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
            <RegisteredOwner>admin</RegisteredOwner>
            <OOBE>
                <HideEULAPage>true</HideEULAPage>
                <NetworkLocation>Work</NetworkLocation>
                <ProtectYourPC>3</ProtectYourPC>
                <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
                <SkipMachineOOBE>true</SkipMachineOOBE>
                <SkipUserOOBE>true</SkipUserOOBE>
            </OOBE>
            <DisableAutoDaylightTimeSet>true</DisableAutoDaylightTimeSet>
            <AutoLogon>
                <Password>
                    <Value>test</Value>
                    <PlainText>true</PlainText>
                </Password>
                <Enabled>true</Enabled>
                <Username>admin</Username>
            </AutoLogon>
            <UserAccounts>
                <LocalAccounts>
                    <LocalAccount wcm:action="add">
                        <Password>
                            <Value>test</Value>
                            <PlainText>true</PlainText>
                        </Password>
                        <Description>test</Description>
                        <DisplayName>admin</DisplayName>
                        <Group>Administrators</Group>
                        <Name>admin</Name>
                    </LocalAccount>
                </LocalAccounts>
            </UserAccounts>
        </component>
    </settings>

    <settings pass="offlineServicing">
        <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" 
                   publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" >
            <EnableLUA>false</EnableLUA>
        </component>
    </settings>

</unattend>

 

Format: processorArchitecture, publicKeyToken, language, versionScope

<settings pass="generalize">
<component name="Microsoft-Windows-Security-SPP"
processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" >
<SkipRearm>1</SkipRearm>
</component>
</settings>

attributes are primarily intended to describe packages accompanying the unattend file rather than configuration directives contained within, it's easy to see why they don't make a whole lot of sense in relation to these directives, and also why they appear to be, as you say, "magical constants"

So to dig in to what Language, VersionScope, and PublicKey Token mean, we need to look at them in the context of the packages they describe. Obviously Language describes the applicability of a locality-specific package. PublicKey Token is defined by Microsoft here as "the last 8 bytes of the SHA-1 hash of the public key under which the assembly is signed."

As for VersionScope, while there is no concrete definition offered by Microsoft, we can assume this has to do with whether the package in question utilizes the Windows Component Store and Side by Side (SxS) assemblies. If you're not a programmer, what this actually entails can be a bit confusing, but check out the Wikipedia article on the topic.

Side-by-side assembly (SxS, or WinSxS on Microsoft Windows)

https://en.wikipedia.org/wiki/Side-by-side_assembly

注釋

SkipRearm

specifies whether to reset the Windows licensing state when you generalize a computer.

EnableLUA

specifies whether Windows User Account Controls (UAC) notifies the user when programs try to make changes to the computer.

 

Windows Answer File Generator

A simple website that provides similar functions to Windows System Image Manager (SIM).

http://www.windowsafg.com/