Please enlarge your browser's window to experience the pleasure of this sweet little blog.

Windows (XP) and Sysprep.exe

Last week, I was helping-out on Thomas’ project at work, where I had to implement some stuff regarding Windows XP Mini-Setup with Sysprep.exe. He built an image which automatically started the mini-setup on the machine’s first boot and configured every parameter of the operating system the way he needed it. My job has been to check whether it’s possible to make the mini-setup run a custom script at its end and if possible activate RDP, open the firewall’s RDP port and add a domain group to the RDP-users.

The first two things weren’t that hard to realize. Sysprep actually runs every command contained in the Cmdlines.txt in \%sysprep%\i386\$oem$\ directory. Enabling RDP is possible using a simple reg-commandline which changes the value of the fDenyTSConnection key. Also opening the firewall’s port is trivial by using the netsh command. There seems to be some way by using a winnt.sif-file containing some parameters that should modify the firewall setup, unfortunately I didn’t manage to get that working in an reasonable amount of time. So I’ve just used the mentioned command to open the port in the firewall, for all profiles. The profile-argument is important, for me it did not work out without setting it to ALL.

Anyhow, the third ToDo was (and still is) tricky. The problem when using the net localgroup command to add the group to the local Remotedesktopusers-group is the following: While the mini-setup is running, the computer hasn’t got its future hostname and because of that it’s not yet joined to the domain. When trying to execute the net command for adding the domain-group to the local group it will of course fail. I searched for many different ways to do that, but each method I’ve found didn’t really work out for me:

autoexec.bat: Hacking the command to the autoexec.bat, so that it gets executed on the next reboot would be a way, unfortunately this file is ignore by every not-DOS-based Windows, like Windows XP is, for example.

win.ini: I’m not sure exactly why this didn’t work out, because the documentation says, that the Run-parameters configured in that INI will be run on Windows’ startup. In my case, the net command hasn’t seemed to be run. I think that the win.ini commands get executed before the connection to the domain has been established, so that the actual net command would have been run, but unsuccessful.

Run/RunOnce/RunService/RunServiceOnce-Keys: Would work out pretty good, if some user would log in. In my case, no user will log in until RDP is available to the specific domain-group.

And so on. I got pretty desperate, until I got an idea: A scheduled task! Windows supports adding scheduled tasks even from the commandline by using the schtasks command. I tried out the /sc onboot parameter, but unfortunately it seems to be working just like the win.ini, what cause the group not to be added. Then, I wrote myself a batch-script, which executes the net command for adding the domain-group, checks the command’s error code and if successful removes the scheduled task. The task itself I created using /sc minute /mo 1. By that, the task will be run every minute after the task-scheduler gets started on Windows’ boot and try to add the group. The whole schtasks /create thing works and even my script runs when I doubleclick it, but somehow the scheduler can’t run the script I passed to him while the mini-setup was running. I tried to same /create command within Windows XP and it worked out – my batch file got executed after one minute, added the group, saw that there was no error adding the group and removed the schtasks job.

Now I’m trying to understand, why the job does not work when I create it within the mini-setup. It’s really annoying, because Windows really does not provide any information below the basic output. There is no way (or at least none I would know of) to see what the schtasks daemon actually does when trying to run the script and fails. There is no strace. Nothing. Argh.

It really rankles me that the last piece doesn’t work the way it actually should, because the other implementations run pretty smooth and lasting. *beckon to Thomas*

Hmpf…

Posted on November 29, 2008 by Marius. Posted in Life itself, Programming and tagged with , , , , , , , , , , , , , , . Leave the first comment.

Have your say.

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>