One of the missing options of sysprep in my opinion is to just generalize an installation. Alternatives are to use third-party utilities to reset the computers' SID, but since it's not an official solution, I will show you how to do it the 'official way' by using an answer file. The only two options available in the sysprep utility are:
- The out-of-box experience: this will reinitialize the screens that you will usually see when you first start a new computer.
- The audit mode: this mode allows you to add things to your reference image (programs, configurations, et cetera) before you deploy it.
This guide doesn't require you to install any tools, all you need to do basically is create a file called deploy.xml and put the following content in it:
<?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="oobeSystem"> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <OOBE> <HideEULAPage>true</HideEULAPage> <HideLocalAccountScreen>true</HideLocalAccountScreen> <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> <HideOnlineAccountScreens>true</HideOnlineAccountScreens> <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> <NetworkLocation>Home</NetworkLocation> <ProtectYourPC>3</ProtectYourPC> <SkipMachineOOBE>true</SkipMachineOOBE> <SkipUserOOBE>true</SkipUserOOBE> <UnattendEnableRetailDemo>false</UnattendEnableRetailDemo> </OOBE> </component> </settings> </unattend>
Next up is to perform a sysprep like this (run this in a cmd window or from a run box):
C:\Windows\System32\Sysprep\sysprep.exe /oobe /generalize /unattend:C:\path\to\deploy.xml
Please note that if you want to use this on a 32-bit image, you need to replace amd64 with x86 in the deploy.xml file.
Let me explain what this does and how it works. Basically, the deploy.xml file contains everything to override anything that has to do with OOBE. This will essentially render the oobe flag useless, so you pratically have just geleralized an image without having the somewhat annoying OOBE screens.
What is this solution good for?
It's a great alternative for manually resetting the SID of a computer without using any third party tools. I have checked it and this method actually resets the SID after running the sysprep. Great!
Why should I reset my SID with this method?
It's actually pretty fast. Way faster than other tools like sidchg by Stratesave Systems, as far as I have tested. Since no third party tools are involved, you can rely on Microsoft and the reliability of sysprep. Nice!
What OSes are supported/tested?
Any version of Windows 10 and Windows Server 2016, but older versions might work too. I've tested those two operating systems and it works perfectly on there.
How do I automate this in bulk deployments?
Just create a new REG_SZ (string) value in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce and give it any name you want. The value needs to be written down in this format:
"C:\Windows\System32\Sysprep\sysprep.exe" /oobe /generalize /unattend:C:\path\to\deploy.xml
This will execute once when the admin logs in for the first time on the machine. You can also use the
/reboot flag to reboot the machine once the sysprep process is finished.
I hope that this article is useful for you, and if you have any questions: don't hesistate to ask them in the comment section. Thanks for your time and have a nice day!