Building A Master Image - Part 2: Preparing Windows XP

Part 1 of this 3 part series covered setting up VMWare to start building a master image for use in your organization. This article should serve everyone regardless of whether or not you're using VMWare.

Continuing on from Part 1 we have a vanilla installation of Windows XP with Service Pack 2 installed. Ahh yes, how nice a fresh copy of Windows XP is:

Sure it's lean, but it can get better and I'm here to show you how.

Click to view.

Install all Windows Updates

The first thing you want to do with this image is install all of the windows updates to bring the machine up to date. Visit the windows update website and then go hang out somewhere, they can take a bit of time. Also I would not advise building your image the day before patch Tuesday, no need to build an image and then have it out of date a day later.

A word before we continue

Before we continue I just want to say that you do not have to do all (or any) of these to successfully deploy this image to multiple types of hardware. I offer only suggestions on things that you can do to make your image smaller, less resource intensive, and also easier to troubleshoot. There are some preference things in this article as well as things that I think everyone should do, feel free to pick through the article and take what you like. Also, all of this is done with the computer off the domain. Don’t go installing any drivers; with the except of the NIC if Windows can’t plug and play it, leave it uninstalled.

Uninstall the Games

Yes, the people probably like me less because they can’t start their day fresh with a game of Minesweeper or waste their lunch period on solitaire but I uninstall the games from XP. You want to head to the control panel and once there you will probably want to click on “Switch to classic view” on the left side to get a bigger list of control panel objects. Click on “Add or Remove Programs” and once that opens you have some icons on the left side of that dialog. You want to select “Add/Remove Windows Components” and then select “Accessories and Utilities”, click on “Details” and then uncheck “Games” and click “Ok”. The games will now be gone from the installation and should remain that way unless someone gets ahold of the Windows XP disk and wants to reinstall them.

Click to view.

Uninstalling MSN Explorer/Messenger

While I’m in the Add/Remove windows components dialog I scroll down the list and remove MSN Explorer and MSN Messenger. I also choose to uninstall Outlook Express from here as anyone who has an email account gets Office 2003 which contains Outlook 2003. If you are wanting to monitor the computers via SNMP you add that functionality from here by selecting “Management and Monitoring Tools” and checking “Simple Network Management Protocol”.

Rename the Administrator Account

If you are not renaming your administrator account, you should start doing so. Someone who wants to break into one of your systems needs 2 things: A username and a password. By not renaming the administrator account you’ve done half the work for them. Also make sure that before the machines are getting deployed that the Administrator account has a good password. Right click on my computer and select “Manage” and expand “Local Users and Groups”. Click on the “Users” folder and then right click on the Administrator account and select “Rename”. I would assume that you want to make the Administrator account the same on all machines so that anyone working on the system has a backdoor if they need to locally login to the machine. If you’ve had a lot of turnover in the IT/IS department and you’ve been using the same Administrator account name and password for some time, perhaps it is time to change this. *Important Note: If you wish to specify the administrator password through the sysprep.inf file, you should leave the administrator password blank for now.

If it wasn't a security risk, it would be funny to see what kind of weird names people give their admin accounts.

Click to view.

You also want to double check that the Guest account is disabled. Some people might use the Guest account but I do not see a need for it, therefore I make sure it is disabled. If you wanted another layer of security in your organization, you could also rename the Guest account even though you disable it. These steps should help to ward of anyone trying to remotely comprise your systems.

Disable the Themes Service

This choice could go either way. I chose to disable the Themes service, you may wish to leave it on and let the users decide, that decision is up to you. The Themes service controls the basic look of Windows XP, the cartoony blue “Luna” theme is the default look. If you wish to disable it, and save yourself a few MB of RAM follow these steps: Right click on My Computer and select “Manage”. Expand “Services and Applications” and click on “Services”. Scroll down to the Themes service and double click it and select “Disabled” from the startup type dropdown menu. Also you need to click “Stop” under that dropdown menu to go ahead and stop the service.

Click to view.

You will now notice your Taskbar now looks a bit more bland, well some say bland, I enjoy the lack of themes possibly do to the fact that I’m a minimalist.

Click to view.

Stop those BSODs!

OK, I was a bit deceptive with that headline. I wish there was a way to forever rid the world of the dreaded BSOD but I have yet to figure out how. One thing I do know how to do however is to make the computer display the BSOD until you reboot it. By default when a BSOD occurs in Windows XP it flashes the BSOD and then immediately reboots. This behavior is unwanted most of the time. Right click My Computer and select “Properties”. Go to the “Advanced” tab, click “Settings” on the “Startup and Recovery” section.

In this dialog box, uncheck “Automatically Restart” this makes it so if (when) you get a BSOD the computer will not automatically reboot but instead will stay up so you can troubleshoot or hopefully get a decent report from an end user.

Click to view.

Tweak the Performance Options

XP has some visual “eye-candy” options you can disable that not only make the system run a bit speedier but free up just a bit more RAM. By right clicking on My Computer and clicking “Properties” and then clicking “Settings” under the Performance section you can view these options. I keep a few of them checked which are: Show translucent selection rectangle, smooth edges of screen fonts, smooth-scroll list boxes, user common tasks in folders, and use drop shadows for icon labels on the Desktop. You don’t have to enable to disable any of these, again I am leading you to the water, I can’t make you drink it, that’s what management is for.

These settings affect the "responsiveness" of Windows XP. You just have to experiment to see what each one does.

Click to view.

Disable the Paging File

We want our image to be as small as possible when we seal it with sysprep. Turning off the page file saves you some space and don’t worry, sysprep will re-enable it for us. Right click My Computer and select “Properties” and click the “Advanced” tab. Next, hit the “Change” button under the virtual memory section and then click on “No Paging File” and click “Set”. You will have to restart the computer for this to take effect. Also note that you should’ve given your VM for this at least 512MB of RAM to avoid conflicts with no paging file while you work with the OS. I had one set to 256MB awhile back that worked well and only gave me one prompt for a low virtual memory error, as always your mileage may vary.

In Part 3 we will cover the sysprep setting to re-enable this.

Click to view.

Turn Off System Restore

Along with the whole idea of saving space in our image, turning off system restore helps us with that goal. Right click My Computer and select “Properties” and click on the system restore tab. Check the box that says “Turn off system restore”. System restore will be enabled again by sysprep when the machine is deployed.

Click to view.

Install Common Applications

The next step is to install any programs you want included with your image. These programs should be programs that you are certain anyone getting a computer with this image are going to need. In my case the only program I installed was our corporate antivirus. Once again, less is more. I do not install my Aclient into the image, some people do, some people don’t. I prefer to install my Aclient from the cmdlines.txt which we will get into in part #3. If you’re installing the NS Agent (Altiris Agent) in your image, be sure to clear the GUIDs which you can find here:

[HKEY_LOCAL_MACHINE/SOFTWARE/Altiris/Altiris Agent] 
"MachineGuid"="" 

[HKEY_LOCAL_MACHINE/SOFTWARE/Altiris/eXpress] 
"MachineGuid"="" 

[HKEY_LOCAL_MACHINE/SOFTWARE/Altiris/eXpress/NS Client]
"MachineGuid"=""

Any software that you install that also contains a GUID or other unique identifier will also need its GUID cleaned.

Final Steps

Once you get all the preferences for folder views perhaps a homepage for IE set, and all the other settings just as you want them we need to copy them to the default user so that anyone who uses the machine will inherit those settings. You need to make sure that you have “View hidden files and folders” turned on in order for this to work. Right click my computer and select “Properties” and go to the “Advanced” tab. From there, click on “Settings” under the User Profiles section. Next, click on the account that you have been using and then click on “Copy To”. In the dialog box that comes up, click “Browse” and go to C:/Documents and Settings/Default User and then click “Ok”. If you want more information on this you can view this Microsoft KB article. You may also want to read this KB that discusses and issue with the profile copying not working.

Clean Up

Yes after any project you always get shafted with the clean up, this is no different. You want to go in and clear out any temp files, cookies, internet history, etc that you have. Also empty the recycle bin and clear any recently used programs or documents. You can also browse to C:/WINDOWS/Prefetch and clear the files out of here. The prefetch folder contains links to programs that you use often, it makes them launch faster but sometimes causes Windows to boot slower.

Defrag, Defrag, Defrag

With all the moving of files and preferences, deleting files etc that has gone on our drive might have picked up some fragmentation. There is no reason to pass this fragmentation on in your image. First run disk cleanup on the drive and then run a defrag on the drive. If you’re using VMWare as I suggested in part 1 of this article then you can shutdown the machine after the defrag and open the settings for the virtual machine. Click on the Hard drive and then you should see a utilities button, hit that and select “defragment”. I generally run defrag 3-5 times before I sysprep a box and capture it’s image, it’s up to you, I like to have a clean efficient image.

Click to view.

Final Thoughts

This article should help anyone out who is looking to build a better image for deployment. Part 3 should be along soon and it will cover using sysprep on the installation and using the deployment server to capture it's image. Feel free to leave any comments with extra tips that you like to do with your image(s). See you soon.

你可能感兴趣的:(Building A Master Image - Part 2: Preparing Windows XP)