We all know that there's a host of different ways and technologies available to mass deploy PCs, but thought I'd go over what I've recently done to prep a roll-out of new laptops for my organization. My main objective was to get these set up and configured on the wireless- no hard wires! So that will be my focus of this post.
These will be win 7 units, so sysprep is involved. Although we are a MS shop, we have not used WDS and MDT to any real extent. Still sticking to Ghost, being that we have a heavy investment of ghost images already.
Since I wanted the machines to join one of our SSIDs automatically at post image startup- this is what I came up with.
First, you join a machine to the SSID of choice, and use the Netsh wlan command to export your WLan profile to a config file
A great resouce for the syntax and options can be found here: http://technet.microsoft.com/en-us/library/cc755301(v=ws.10).aspx#bkmk_wlanExportProf
netsh wlan export profile folder= "C:\Wireless\MyWlanProfile.xml"
You can check existing profiles you have with the show profiles command
netsh wlan show profiles
Now you have your exported xml file that looks something like this:
<?xml version="1.0" ?>
<name>MyWlanProfile</name>
<connectionType>ESS</connectionType>
<connectionMode>auto</connectionMode>
</WLANProfile>
What you'll need to do is change your very long WPA2 key material string to the clear text key that matches your pass phrase. And...change the protected tag to false. Reason being, after importing the file, you won't be able to connect on a different laptop other than the one you originally created the file on. And actually, that didn't even work for me. Obviously, your WPA2 phrase sitting around in clear text is not desirable..so we'll take care of that later in the process.
Next, I placed my xml file in a folder on the c drive of my imaging model laptop. I simply restricted access to the folder and xml file to only the system and administrator accounts- no access for anything else.
Now- -to import your file at the miniset up after you've modeled your image unit and ran sysprep, you can use the FirstLogonCommands as shown below. You'll have 2 netsh wlan lines- one to import the Profile from the profile xml file your exported earlier, and one to connect to your SSID.
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<CommandLine>netsh wlan add profile filename="C:\wireless\MyWlanProfile.xml
</CommandLine>
<RequiresUserInput>false</RequiresUserInput>
<Order>1</Order>
<Description>Add MyWLanProfile</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>netsh wlan connect name="MySSID"</CommandLine>
<RequiresUserInput>false</RequiresUserInput>
<Order>2</Order>
<Description>Connect MyWLanProfile Profile</Description>
</SynchronousCommand>
</FirstLogonCommands>
What you'll need to do is change your very long WPA2 key material string to the clear text key that matches your pass phrase. And...change the protected tag to false. Reason being, after importing the file, you won't be able to connect on a different laptop other than the one you originally created the file on. And actually, that didn't even work for me. Obviously, your WPA2 phrase sitting around in clear text is not desirable..so we'll take care of that later in the process.
Next, I placed my xml file in a folder on the c drive of my imaging model laptop. I simply restricted access to the folder and xml file to only the system and administrator accounts- no access for anything else.
Now- -to import your file at the miniset up after you've modeled your image unit and ran sysprep, you can use the FirstLogonCommands as shown below. You'll have 2 netsh wlan lines- one to import the Profile from the profile xml file your exported earlier, and one to connect to your SSID.
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<CommandLine>netsh wlan add profile filename="C:\wireless\MyWlanProfile.xml
</CommandLine>
<RequiresUserInput>false</RequiresUserInput>
<Order>1</Order>
<Description>Add MyWLanProfile</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>netsh wlan connect name="MySSID"</CommandLine>
<RequiresUserInput>false</RequiresUserInput>
<Order>2</Order>
<Description>Connect MyWLanProfile Profile</Description>
</SynchronousCommand>
</FirstLogonCommands>
I have an auto login directive in my unattend.xml file- the machine will login as the local administrator and the FirstLogonCommands will execute before the desktop is presented.
Now...what if you want to join the domain, or activate windows etc at mini-setup? Well you could put those commands here in the above FirstLogonCommands of your unattend.xml right? Well, they won't work. Not if your only network connection is the Wlan. The thing is, even though the Netsh commands are executed before the desktop appears, the wireless network connection does not connect until the desktop is loaded...which is well after the FirstLogonCommands execute. At least this was my experience.
And what about the %WINDIR%\Setup\Scripts\SetupComplete.cmd that mini-setup will execute if it exists? Same thing-- it executes too early- before the WLan is connected.
What I did was add a setupcomplete.cmd file to the Startup folder of the local administrator account as I was modeling the image unit.....pre-sysprep. (Path below on Win7)
"%userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup
With the script in the Startup folder, it will get execute AFTER the desktop sets up- which is what we want. Below is my file....I added ping delays to slow down the script down in places....giving it time to get the WLan connected before executing commands that are dependent on the network.
echo off
echo 30 Second Delay
ping 1.1.1.1 -n 1 -w 30000 >NUL
echo.
echo.
echo Join Domain
netdom.exe join %computername% /Domain:yourdomain.com /UserD:user1 /PasswordD:password
echo.
echo.
echo Activate Windows
ping 1.1.1.1 -n 1 -w 5000 >NUL
cscript c:\windows\system32\slmgr.vbs /ato
echo Activate Office
ping 1.1.1.1 -n 1 -w 5000 >NUL
cscript "c:\Program Files (x86)\Microsoft Office\Office14\ospp.vbs" /act
echo.
echo.
echo "Note: If setup script is not deleted from the Startup folder of the Default user profile
echo "for whatever reason, it will get copied to, and run on all subsequent user logins!"
echo.
echo.
ping 1.1.1.1 -n 1 -w 7000 >NUL
echo Remove Startup Scripts and Restart
shutdown -r -t 60
echo Deleting SetupComplete.cmd from Default Profile
ping 1.1.1.1 -n 1 -w 5000 >NUL
del "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.*" /F /Q
echo Deleting MyWlanProfile.xml
ping 1.1.1.1 -n 1 -w 5000 >NUL
del C:\wireless\MyWlanProfile.xml /F /Q
echo Deleting SetupComplete.cmd from Current Profile
ping 1.1.1.1 -n 1 -w 5000 >NUL
del "%userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\*.*" /F /Q
Exit
Some things to note: I use Netdom to join the domain- I could never get my unattend.xml to do it-- even with a wired connection.
You'll want to have those delete lines at the end to cover your tracks so to speak and get rid of the sensitive setup files from prying eyes. The last one being the SetupComplete.cmd file itself
Now...what if you want to join the domain, or activate windows etc at mini-setup? Well you could put those commands here in the above FirstLogonCommands of your unattend.xml right? Well, they won't work. Not if your only network connection is the Wlan. The thing is, even though the Netsh commands are executed before the desktop appears, the wireless network connection does not connect until the desktop is loaded...which is well after the FirstLogonCommands execute. At least this was my experience.
And what about the %WINDIR%\Setup\Scripts\SetupComplete.cmd that mini-setup will execute if it exists? Same thing-- it executes too early- before the WLan is connected.
What I did was add a setupcomplete.cmd file to the Startup folder of the local administrator account as I was modeling the image unit.....pre-sysprep. (Path below on Win7)
"%userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup
With the script in the Startup folder, it will get execute AFTER the desktop sets up- which is what we want. Below is my file....I added ping delays to slow down the script down in places....giving it time to get the WLan connected before executing commands that are dependent on the network.
echo off
echo 30 Second Delay
ping 1.1.1.1 -n 1 -w 30000 >NUL
echo.
echo.
echo Join Domain
netdom.exe join %computername% /Domain:yourdomain.com /UserD:user1 /PasswordD:password
echo.
echo.
echo Activate Windows
ping 1.1.1.1 -n 1 -w 5000 >NUL
cscript c:\windows\system32\slmgr.vbs /ato
echo Activate Office
ping 1.1.1.1 -n 1 -w 5000 >NUL
cscript "c:\Program Files (x86)\Microsoft Office\Office14\ospp.vbs" /act
echo.
echo.
echo "Note: If setup script is not deleted from the Startup folder of the Default user profile
echo "for whatever reason, it will get copied to, and run on all subsequent user logins!"
echo.
echo.
ping 1.1.1.1 -n 1 -w 7000 >NUL
echo Remove Startup Scripts and Restart
shutdown -r -t 60
echo Deleting SetupComplete.cmd from Default Profile
ping 1.1.1.1 -n 1 -w 5000 >NUL
del "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.*" /F /Q
echo Deleting MyWlanProfile.xml
ping 1.1.1.1 -n 1 -w 5000 >NUL
del C:\wireless\MyWlanProfile.xml /F /Q
echo Deleting SetupComplete.cmd from Current Profile
ping 1.1.1.1 -n 1 -w 5000 >NUL
del "%userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\*.*" /F /Q
Exit
Some things to note: I use Netdom to join the domain- I could never get my unattend.xml to do it-- even with a wired connection.
You'll want to have those delete lines at the end to cover your tracks so to speak and get rid of the sensitive setup files from prying eyes. The last one being the SetupComplete.cmd file itself
