What is Sysprep (System Preparation Tool)?
Sysprep is Microsoft's System Preparation tool intended to duplicate, test and deliver new installations for the Windows operating system based on an established installation. It is a command-line tool that can be run manually or through a script.
Sysprep is used to clone an existing Windows installation across multiple PCs. Cloning Microsoft Windows without first running Sysprep would be problematic because Windows 10, Windows Server and other versions of Microsoft Windows include security identifiers (SIDs) that must be unique from one computer to the next. Sysprep generalizes Windows by removing the security identifiers and other computer-specific information.
Features of Sysprep
Sysprep features a few different ways to clone and customize a Windows image after generalizing it.
First, Sysprep can be used to duplicate an established Windows image across many identical PCs. This is known as a build-to-plan or BTP image.
For example, a company that builds a high volume of identical PCs (such as Lenovo or Dell) might use Sysprep to establish a baseline Windows configuration. It could then test or update the baseline configuration and prepare an identical installation image for distribution to PCs using the same hardware configuration or model. Similarly, a business might use Sysprep to establish a standard desktop image using a prescribed mix of drivers and applications, and then use that image for all identical PCs provided to employees.
Second, Sysprep can use the same established Windows image as a foundation for many different PCs, adding desired drivers and applications for each unique system. A hardware provider could then create a distinctly different image for installation on that specific system. This is called a build-to-order or BTO image. For example, a small custom PC builder that creates new systems on request might modify a basic Windows image with hardware-specific drivers and customer-requested applications. With those, it could create a finalized Windows installation image for a particular machine.
The third feature of Sysprep is audit mode, which customizes the Windows image. Audit mode allows the addition of applications, drivers and scripts. Audit mode also supports testing to ensure that the image will install properly, and the system will operate as expected. Once the Windows image is customized and tested, the sysprep /oobe command tells Windows to start the installation on the next boot cycle.
How does Sysprep work?
The first step in the process is to install either Windows 10 or Windows Server. Users can do this with either a physical computer or a virtual machine, but Microsoft generally recommends using a virtual machine for this deployment. This installation will act as a reference operating system (which is sometimes called the sample operating system). The Microsoft Windows operating system should not be joined to a Windows Active Directory domain.
The next step in the process is to run the Sysprep utility. To do so, you will need to open a Command Prompt window and navigate to the Sysprep folder, which is located on the computer's system disk at %SystemRoot%\System32\Sysprep.
At this point, simply enter the Sysprep command. This will cause the Sysprep graphical user interface (GUI) to load. Assuming that the goal is to create a Sysprep deployment that is suitable for cloning, you will need to set the System Cleanup Action to Enter System Out of Box Experience (OOBE), select the Generalize checkbox, set the Shutdown Options to Shutdown, and click OK. Sysprep will generalize the operating system and then shut down Windows. The Sysprep deployment can now be safely cloned.
Benefits of Sysprep
If a user were to boot a physical computer or a virtual machine from a sysprepped clone, Windows would walk them through the normal setup process. One of the main benefits to using Sysprep is that users can completely automate Setup by providing the Sysprep deployment with an answer file. The answer file provides answers to the questions that Windows normally asks during Setup. Using an answer file allows Setup to run in an unattended mode, installing Windows in a predetermined way.
The answer file is created by using the Windows System Image Manager (which is sometimes referred to simply as the System Image Manager). This sys tool provides answers to the questions that are normally asked during Setup. The answers to those questions are then written to a text file named Unattend.xml. This text file acts as the answer file.
When a Sysprep image is used in conjunction with an answer file, Windows is installed to the computer's system disk in accordance with the answer file's parameters. The answer file may also automate ancillary tasks such as joining the computer to a Windows Active Directory domain. Joining the system to the Active Directory allows group policy settings to be applied to the machine and allows it to be managed alongside the organization's other Windows machines.
Limitations of Sysprep
Remember that Sysprep should only be used when creating an image that will be used in setting up new Windows installations -- it should never be used to change a Windows setup that is already deployed and running, because doing so will destroy the operating system.
Sysprep can only be used up to eight times for a given Windows image. After the eighth time, the user must recreate the Windows image.
Differences between NewSID and Sysprep
Sysprep is not the only tool that system administrators have used to generalize Windows operating systems for cloning. Another popular tool was Sysinternals' NewSID, which was created to be run against a computer whose operating system had been cloned, assigning the OS a new SID.
NewSID was designed because Sysprep was not able to change the SIDs of computers that had already installed applications. At the time of NewSID's creation, it was believed that having duplicate SIDs in a network would pose a security threat.
Since the release of version 4.0, which was designed for use with Windows XP, Microsoft has stopped supporting NewSID. This is because it was eventually found that multiple Windows machines having the same SID was a non-issue because the SID is almost never exposed outside of its computer. Currently, Sysprep is the only OS image preparation tool supported by Microsoft.