First published on TECHNET on Mar 27, 2012
Authored by Santos Martinez
Have you received this question? Let’s do some meditation on the Dojo about this.
Here is the answer. Like a Ninja on the Shadows.
There are multiple solutions to perform this capture. The fastest way is to create a Capture Media CD and perform the capture manually.
I also suggest reading the following documentation before continuing with this blog post.
Now that we understand a little bit more from the documentation library, let’s start working in the Automate Capture of the Reference Machine. To accomplish this we will build a task sequence to capture the Windows XP image from the Reference Machine.
The goal of this task sequence will be the following:
· Perform a capture of a domain joined Windows XP image
· Deploy the task sequence using the Configuration Manager Client
· Store the image on the source server for use with future task sequences
Based on the documentation, we can’t have the computer joined to the domain. We will create a task sequence step to remove the computer from the domain. Because the computer is joined to the domain, we also face another challenge. The local security policy “ Password must meet complexity requirements” is enabled which will prevent clearing the local Administrator password. We are also going to create a step to override this as part of our capture process. Now let’s start working on the actual steps. A total of six steps have been outlined here.
Step 1 Create a Windows XP Support Tools Package
This will be needed to remove the computer from domain and join the computer to a workgroup without the need of restarting the computer.
Extract the contents of WindowsXP-KB838079-SupportTool by executing the following command line
WindowsXP-KB838079-SupportTools-ENU.exe /c /t:c:TempXPSupportTools
This will extract four files:
We need to expand the support.cab into the apps source folder for our package.
Run the following command:
expand support.cab -f:* c:appsXPSupportTools
Now let’s create the package in Configuration Manager.
In the console, open Software Library Workspace
Expand Application Management > Packages
Right click Packages and then click Create Package
The Create Package and Program Wizard will appear. Fill in the details using the following screenshot as an example.
Once you have enter all the details click next
Select do not create a program and click next.
You have now built the XP Support Tools Package that will be part of our task sequence.
Step 2 Create a SecEdit .INF Package
This will be used to ensure the password complexity is not enabled.
We need to create a PassOverride.inf file with the following contents:
Description=this is to remove the password complexity requirements and the sysprep can reset the administrator password
MinimumPasswordAge = 30
MaximumPasswordAge = 42
MinimumPasswordLength = 0
PasswordComplexity = 0
PasswordHistorySize = 0
Attached here is a copy of the PassOverride.inf file.
Now let’s create a folder in our apps source named PassOverride and put the PassOverride.inf file in there so we can create a package.
To create the package, open Software Library Workspace in the console and expand Application Management and then Packages.
Click on Create Package.
Fill in the package details and point to the PassOverride folder we created for the package source files.
Select do not create a program and click next
Now we have created the package for the PassOverride function.
Step 3 Create the Sysprep Package
Since this is a Windows XP capture, we most include the Sysprep files so Configuration Manager can copy them into the c:sysprep at the moment of capture. Without these files you will not be able to capture the image.
Once you download the Deploy.cab you most expand this into the apps source folder. Create a new folder named WinXPSp3Deploy and execute the following command line:
expand deploy.cab -f:* c:appsWinXPSP3Deploy
Open Software Library Workspace and expand Application Management.
Right click on Packages.
Click Create Package.
Fill in the details for the Sysprep package, including the correct source path.
Select do not create program and click next twice.
You have now completed the Sysprep package.
Now we are going to begin the process of creating our task sequence.
Step 4 Create Task Sequence
The task sequence that we are going to create will be used to capture the Windows XP image.
Open Software Library Workspace and expand Operating System Deployment.
Right click on Task Sequence and click Create Task Sequence.
Wait for the Create Task Sequence Wizard to launch.
Select Create a custom task sequence.
Fill in the details and select the x86 boot image and click Next.
Click Next and Close
Now select the newly created task sequence, right click and click Edit.
The Task Sequence Editor will display Click Add > New Group.
Fill in the details for this new group as shown above and click the Options tab.
On the Options tab select Add Condition for Operating System and choose All Windows XP 32 bit.
Click Add > General > Run Command Line.
Change the name to Join Workgroup/Remove from Domain.
Enter the following command line:
c:_SMSTASKSEQUENCEPackagesPACKAGEIDnetdom.exe remove /d:%userdomain% %computername%
NOTE: Replace PACKAGEID with the one for the package you created.
Click on Run this step as the following account and enter the admin credentials that you will use to perform this task. The admin rights are required to remove the machine from the domain.
Q. Why do I want to use Netdom and not the default step to join computer to domain?
A. The join computer to domain step will trigger a restart to make the change effective and we don’t want this to happen at this point of the task sequence. Netdom provides the ability to join the computer to the workgroup without requiring a restart.
Click Add > General > Run Command Line.
Change the name to Running PassOverride – SecEdit
Enter the following command line:
c:windowssystem32secedit.exe /configure /db secedit.sdb /cfg “c:_SMSTaskSequencePackagesPackageIDPassOverride.Inf” /quiet
Click on Run this step as the following account and enter the admin credentials that you will use to perform this task. The admin rights are required to override the current GPO.
Q: Why do I need to run this secedit command to capture the Windows image?
A: Based on the TechNet article we reviewed at the beginning of this post, the policy Password must meet complexity requirements is enabled and will prevent sysprep from clearing the local administrator password. This step will remove the policy and allow sysprep to complete successfully. If this step is not performed you most manually change the policy to disabled.
The error related to this policy found in the SMSTS.log
“Failed to reset the administrative password, NetAPI Error = 2245”
The Prepare Windows for Capture task sequence step attempts to reset the local administrator password on the reference computer to blank before running Sysprep. If the local security policy Password must meet complexity requirements is enabled, then this task sequence step fails to reset the administrator password. In this scenario, disable this policy before running the task sequence.
Because we use the /quiet switch, there will not be a return code from this command line. Therefore, you must click continue on error on the options tab.
Click Add > Images > Install Deployment Tools
Append – Sysprep to the current name.
Browse and select the Sysprep package we created.
Q: Why I need Sysprep for Windows XP?
A: Sysprep is required so the machine can be generalized and avoid duplicate SIDs on cloned systems. When the image gets deployed we will avoid any future problems. This is not required for Windows 7 as it’s included by default. This will also copy the contents of the package to C:sysprep
Now that we add the final three steps to complete the Windows XP capture task sequence.
Click Add > Images > Prepare ConfigMgr Client for Capture
Click Add > Images > Prepare Windows for Capture
Click Add > Images > Capture Operating System Image
Now on the Capture Operating System Image enter the destination: Path to your server share.
Account: you must enter the account that will have permissions to save the .wim to your server.
The task sequence has been completed; make sure you hit apply to save your task sequence.
Make sure to stage the content to the distribution points before performing the deployment of the task sequence.
Right click on task sequence and click Distribute Content. Follow the instructions on the wizard and complete the Staging process.
Step 5 Deploy Task Sequence to Capture OS Collection
On the Task Sequence right click on Capture Windows XP Image and click Deploy.
The Deploy Software Wizard will pop-up and you must select the targeted Collection. In this example, I am pointing to the collection named Capture OS. Click Next
This task sequence is set to available so the ConfigMgr Admin must manually initiate the process.
Click on Show Task Sequence progress and click Next
Leave the Default Settings and Click Next.
Click Next and on the next screen once completed click Close.
Step 6 Capture the image on the Windows XP Machine
Now that you have deployed the task sequence to capture the image, go to the workstation you want to capture and open Software Center. You should see the deployment. Click Install.
Once you have clicked install you will need to confirm this process. Click Install Operating System.
Wait for the Task Sequence to download.
Now the Task Sequence will launch.
The Join Workgroup Step will execute now.
The PassOverride with the secedit commands will execute.
Prepare the ConfigMgr Client for Capture Step will run.
The Prepare windows for Capture will run and download the boot image to boot the machine into Windows PE.
Sysprep is preparing the machine for the capture.
The Machine is ready to capture and will restart now.
Note: If you don’t want to wait the time for restart you can click on Restart Now.
Windows PE is starting and the capture process will continue.
The Capture Operating System Image process has started.
Scanning volume 1 of 1.
Capturing image from volume 1 and storing the image on the server.
This process can take some time. Please be patient while this process completes.
If any failures occur during this process please check SMSTS.log for details about any failure.
PassOverride PassOverride Txt To Inf
Hope this post helps you if so please Rate it 5 star. If you have any questions feel free to comment here or send me a message. Also I want to Thanks David Le Noir Premier Field Engineer for his review of this post.