Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Windows 11

Using SYSPREP in Windows 11

Deploying Windows 11 to hundreds or even thousands of devices can be automated if you have a system image that you can clone. To create an image for cloning, you first install Windows 11 on a device or virtual machine (VM), and then configure the operating system to your requirements. For example, you might decide to install certain applications or change default Windows configuration settings.

You can create images with a light touch, where only a minimum of changes are made to the out-of-box OS configuration. The result is known as a ‘thin image’. Or organizations might decide to go the whole hog and install and configure everything required for a set of users, creating a ‘fat image’.

Generalizing a Windows 11 system

Windows must be ‘generalized’ before you can use it as an image for cloning. When Windows is installed, it creates unique security identifiers (SID) that must not be used on other Windows devices. The process of ‘generalizing’ the operating system removes the unique SIDs assigned to the installation. And it is performed using a program called SYSPREP.

Once Windows is generalized, it is returned to a state where if the image is booted, it will run through the Out-of-Box Experience (OOBE) again and reassign unique SIDs to the installation.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

The generalization process also removes all hardware devices. So that you can use the image to deploy Windows to different hardware, devices are redetected when the image is booted after generalization. Generalization also removes system restore points and event logs. But by default, it doesn’t remove device drivers.

If you are going to use your generalized image to deploy Windows on identical hardware, you can change the default behavior so that generalizing the image doesn’t remove hardware devices.

Booting Windows 11 into Audit Mode

Audit Mode in Windows 11 is used for making online customizations to a Windows image. There are a few things you should bear in mind when running Windows 11 in Audit Mode. You should not:

  • Use Windows Update to install patches. It will likely result in an error when running SYSPREP.
  • Connect the device to the Internet.
  • Install apps from the Microsoft Store.
  • Join the computer to a domain.

The easiest way to boot into Audit Mode is using the SYSPREP command, which is located in the following path C:\Windows\System32\Sysprep\

  1. Click the Start menu on the taskbar.
  2. Type command and then, making sure Command Prompt is highlighted on the left, click Run as administrator in the pane on the right of the search results.
Using SYSPREP in Windows 11 (Image Credit: Russell Smith)
  1. Give consent or provide an administrator username and password as prompted.
Using SYSPREP in Windows 11 (Image Credit: Russell Smith)
  1. In the command prompt window, run the command below to change the working directory to SYSPREP.
cd c:\windows\system32\sysprep
  1. To enter Audit Mode, run SYSPREP with the /audit switch as shown below.
sysprep /audit

Using SYSPREP in Windows 11 (Image Credit: Russell Smith)

Generalize an image using SYSPREP

After a few seconds, Windows 11 will shut down. Start the device again and it will boot into Audit Mode. And you will automatically be logged in using the default Administrator account.

Using SYSPREP in Windows 11 (Image Credit: Russell Smith)

When you reach the desktop, SYSPREP should already be open. You can go ahead and make any required customizations to Windows 11. When you are finished, use SYSPREP to generalize the image.

Using SYSPREP in Windows 11 (Image Credit: Russell Smith)
  1. In the SYSPREP window, make sure that Enter System Out-of-Box Experience (OOBE) is selected from the System Cleanup Action menu and that Generalize is checked.
  2. In the Shutdown Options menu, select Shutdown if you plan to use the image to deploy Windows on other devices.
Using SYSPREP in Windows 11 (Image Credit: Russell Smith)
  1. Otherwise, you can select Reboot, and the device will reboot to the OOBE experience.
  2. Now click OK.
  3. SYSPREP will now generalize the installation, which may take a few minutes.
Using SYSPREP in Windows 11 (Image Credit: Russell Smith)

The device will either shut down or reboot depending on what you selected in step 2 above. Once you have generalized the image, you can then distribute it for wide deployment. You might use a cloning tool or capture the image using the DISM command-line tool. When the image is used on the same or other device, it will be booted into OOBE setup. Any customizations and software you installed on your custom image will be maintained.

Using SYSPREP in Windows 11 (Image Credit: Russell Smith)

SYSPREP command line options

The SYSPREP GUI operation that we performed above can also be run from the command line:

sysprep /generalize /shutdown /oobe

If you are running Windows in a VM, you can also generalize the OS for deployment on other VMs. VM mode only works if you are running SYSPREP in a VM.

sysprep /generalize /oobe /mode:vm

VM mode generalizes a virtual hard disk (VHD) for deployment as a VHD on the same VM or hypervisor. The hypervisor and hardware profile must be identical to those that the image was created on.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.