Using SYSPREP in Audit Mode Before Creating a System Image

SYSPREP is a Windows utility that allows a computer to be generalized. If you’re restoring system images (using Ghost or a similar technology) to multiple PCs on a network, then it is imperative that you first run SYSPREP to generalize the system.

SYSPREP in Audit Mode

SYSPREP in Audit Mode

Not doing this will not only result in several PCs with the same computer name, but their unique identifiers (used by Active Directory and others) will all be identical. As you can imagine, having multiple PCs with the same computer name can be a real issue for network admins. Running a SYSPREP allows the PC to be generalized with new unique IDs so that you get an “Out of the Box” experience (OOBE) on the next boot.  The next boot will bring you to the Windows Welcome Screen, where you’ll be prompted to accept the EULA (End User License Agreement) and enter an Administrator password (if running Windows Server).

Audit Mode is a special way to boot directly to the desktop before you get to the Windows Welcome screen.  This gives administrators or OEMs (original equipment manufacturers) the opportunity to install Windows Updates, drivers, and other software.  Audit Mode is completed when SYSPREP is run again.

There are two ways to get to audit mode:  Run SYSPREP with the “Enter System Audit Mode” option, or press <Shift> + <Ctrl> + <F3> at the Windows Welcome screen.

 

How to SYSPREP a Windows 7/8 PC or Windows Server 2008/2012 in Audit Mode:

  1. Browse to “C:\Windows\System32\Sysprep” folder and launch the SYSPREP executable.
  2. In the System Cleanup Action drop down select “Enter System Audit Mode”.
  3. Make sure to check the Generalize checkbox.
  4. In the Shutdown options I suggest selecting Shutdown. This way after the system is prepped, the PC will shutdown, and will be ready for you to create your master image.

 

How to SYSPREP a Windows 7/8 PC or Windows Server 2008/2012 in Audit Mode from Command Line:

  1. Open an Administrative Command Prompt.
  2. Type the following then press <Enter>:  CD \Windows\System32\Sysprep
  3. Type the following then press <Enter>: SYSPREP /generalize /audit /shutdown

 

Once your system has gone through the SYSPREP process, before the computer boots again, it is safe to create a master image using your imaging software.

 

Permanent link to this article: https://www.robertborges.us/2013/07/windows/using-sysprep-in-audit-mode-before-creating-a-system-image/

3 comments

1 ping

    • jason on January 8, 2014 at 6:45 pm
    • Reply

    HI, Thanks and I have a question. I am new to this whole sysprep and image creation but really want to understand the very first steps. so far i have done the following.

    Installed VM Workstation 10 on my Win 7 machine
    Installed the .ISO created from my OEM Windows 8 Pro DVD
    Going to update to get to 8.1 Pro then take a snapshot
    … Not sure what my next steps are out of the following items not sure which comes first? or if maybe i already missed a step?
    unattend file, autoanswer,audit mode, load drivers, software?

    need to send to mass deployment of machines very soon. Thanks for any help.

    • Angel Luigi on July 19, 2014 at 11:34 pm
    • Reply

    Hi Robert, excellent information. Robert I have most recently been asked to create a Windows 7 image for deployment in our Corporate Envirornment. Our computers are configured with Group Policy, very stricked policies, user only have access to the D:\drive partition. Even locked out of the desktop.
    I am confused in the process….
    Load OS, enter Audit Mode
    Configure the profile with software and configurations that users will see when they log on
    I create a “copyprofile.xml” which I run so the system with sysprep and then boots me to the administrator account, My question is – can I run sysprep without generalize since I have to run sysprep again when the system reboots with the user default user copied over into an account I injected in my copyprofile.xml, from there I activate my administrator profile, log in as my administrator and configure group policies, test domain etc, then SYSPREP again, this time with my unattend,xml
    Again, my question is can I run sysprep the first time (while in audit mode) without the generalize? The second sysprep, with my setupcomplete.cmd and my unattend.xml?
    When can I configure my policies so that when the image is deployed my default user profile is in place and group policies in full force? This is very confusing…I can follow all instructions and sysprep once and but my policies will not be in place when the image is deployed, and these is mass deployment to different parts of the country,,,hundreds of computers. Do I make any sense? Please reply,,,your help is greatly appreciated.
    Regards
    ALG

    1. If I am understanding you correctly, you are running SYSPREP on the image after you deploy it to a computer. While this accomplishes the task of generalizing the system (so you don’t have multiple computers with identical identifiers on your network), it is more work. Most of the IT Pros I know use the following method:
      1) Install OS and software on master PC. Get all of the Windows updates and any other software needed (PDF reader, etc.).
      2) Run SYSPREP with generalize checkbox checked
      3) Create image of master image using whatever image tool you desire (Ghost, etc…)
      4) Deploy image to each desired computer. On the first boot, Windows will create new identifiers for the system.

      If you do find that you need to run multiple SYSPREPs on a deployed system, due to your scripting requirements, you may be able to get away with only generalizing once if:
      a) You generalize just before creating your image. This way each computer, to which this image is deployed, has a generalized image and creates unique identifiers.
      b) If running SYSPREP after deploying the image to each computer, you only need to generalize once, as this will create unique identifiers on the next boot.

  1. […] Using SYSPREP in Audit Mode Before Creating a System Image […]

Leave a Reply

Your email address will not be published.