Sysprep Training
-
I learned the Why the hard way when I tried to build an AD environment cloned from the same base VM.
-
@alexntg said:
I learned the Why the hard way when I tried to build an AD environment cloned from the same base VM.
That is why I believe the HOW and the WHY are equally important. I have found several non-sysprepped PCs in AD, lately.
-
@scottalanmiller said:
Haven't seen anything like that. Maybe a video that you make yourself.
I am not a great teacher.
-
OK I have to ask.. what's the WHY problem?
-
@Dashrender said:
OK I have to ask.. what's the WHY problem?
I'm a bit curious on that as well. It's just a matter of not having 2 machines with the same SID in a single AD environment.
-
Which is, of course, a big deal. But simple to understand and only takes that one sentence.
-
@alexntg said:
@Dashrender said:
OK I have to ask.. what's the WHY problem?
I'm a bit curious on that as well. It's just a matter of not having 2 machines with the same SID in a single AD environment.
This has actually been disproven (I only found out this year though). The machine SID has very little to do with the Domain SID when it comes to the domain itself. It is possible that a software vendor is relying on unique SIDs but Windows Domains do not.
-
Here's Mark Russinovich's blog on the matter.
http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx
-
This line
Note that Sysprep resets other machine-specific state that, if duplicated, can cause problems for certain applications like Windows Server Update Services (WSUS), so MIcrosoft's support policy will still require cloned systems to be made unique with Sysprep.
Will probably be the single one that most people will glom onto. So while we don't need to be worried about duplicate machine SIDs anymore, we still need to run sysprep before deploying images so that WSUS works.
-
@Dashrender said:
@alexntg said:
@Dashrender said:
OK I have to ask.. what's the WHY problem?
I'm a bit curious on that as well. It's just a matter of not having 2 machines with the same SID in a single AD environment.
This has actually been disproven (I only found out this year though). The machine SID has very little to do with the Domain SID when it comes to the domain itself. It is possible that a software vendor is relying on unique SIDs but Windows Domains do not.
Sysprepping does more than just change the SID. The use of NEW SID has been deprecated, but not Sysprep
-
@scottalanmiller said:
Which is, of course, a big deal. But simple to understand and only takes that one sentence.
Exactly, but if the techs dont understand it. They wont care to do it.
-
@IRJ said:
@Dashrender said:
@alexntg said:
@Dashrender said:
OK I have to ask.. what's the WHY problem?
I'm a bit curious on that as well. It's just a matter of not having 2 machines with the same SID in a single AD environment.
This has actually been disproven (I only found out this year though). The machine SID has very little to do with the Domain SID when it comes to the domain itself. It is possible that a software vendor is relying on unique SIDs but Windows Domains do not.
Sysprepping does more than just change the SID. The use of NEW SID has been deprecated, but not Sysprep
I wasn't implying that you shouldn't sysprep. In fact my followup comment specifically mentions the need to sysprep to make WSUS work.
-
@Dashrender said:
@IRJ said:
@Dashrender said:
@alexntg said:
@Dashrender said:
OK I have to ask.. what's the WHY problem?
I'm a bit curious on that as well. It's just a matter of not having 2 machines with the same SID in a single AD environment.
This has actually been disproven (I only found out this year though). The machine SID has very little to do with the Domain SID when it comes to the domain itself. It is possible that a software vendor is relying on unique SIDs but Windows Domains do not.
Sysprepping does more than just change the SID. The use of NEW SID has been deprecated, but not Sysprep
I wasn't implying that you shouldn't sysprep. In fact my followup comment specifically mentions the need to sysprep to make WSUS work.
You arent dead in the water with WSUS if you dont sysprep. A simple script can fix it.
I am more concerned with driver issues it causes. Also our techs are imaging PCs that are joined to domain which is wreaking even more havoc.
-
What method of cloning are you using?
-
@alexntg said:
What method of cloning are you using?
Disk to Disk. We have a very fast disk copier. It takes about 5 minutes to copy a 500GB SATA drive. Our new PCs all have 240GB SSD drives, it only takes 90 seconds to copy those.
We only have three different PCs out in the wild HP PRo 6200sSFF, HP Pro 6300 SFF, and HP Elite Desk Microform Factor.
-
I'm not sure how many computers you have out there, but have you considered SCCM? It'll deploy your base image and do all the rest for you. You can go from bare metal to ready-to roll in a couple of clicks.
-
@alexntg said:
I'm not sure how many computers you have out there, but have you considered SCCM? It'll deploy your base image and do all the rest for you. You can go from bare metal to ready-to roll in a couple of clicks.
I have considered that and FOG. Our probably is we have a bunch of small local branch locations connected by a T1 line. If I were to image over the network, it would kill the branch completely.
