Windows 7 semi-unattended deployment

[valkenaer]

Our desktop support team use a basic but effective combination of imagex.exe and a winpe pxe boot image to deliver Windows XP SP3 to new computers.

The process is as follows:

* prepopulate computer account in Active Directory

* PXE boot, choose image from menu

* apply sysprepped wim image to computer (ComputerName is not provided in sysprep.inf)

* have end user supply computer name in mini-setup

* automatic domain join, reboot, gpo software installation and everything is hunky dory :-)

I would like to use the exact same method for deploying Windows 7. The first question: is that even possible? It looks like providing a plain text password to join Windows 7 to the domain in the unattended/sysprep file is frowned upon. Does anyone have experience in this "basic" deployment or should I not bother and just use Windows AIK to help design, configure and deploy the Windows 7 images.

[Tripredacus]

Sure you can use an unattend that leaves out the computer name. Then when the system boots from OOBE you will get a computer name prompt and nothing else.

As far as the password, if you are specifying it in your answer file, then just let WSIM encrypt it. The only reason you don't want a plain text password is because the XML will remain on the system after deployment. Devious employees might go and look for it and be able to get the password out. Do you really want your employees to have access to an account with admin priveledges? That's the only real reason. But if you want to run the risk, its totally up to you.

[valkenaer]

Thanks for moving my question to the correct forum; I'll try and see if can wrangle a sysprep answer file that fits my needs out of WSIM. I assume there's a way of deleting the xml file after setup? Bless Microsoft for supplying the admin with tools to fully customize the Windows installation and deployment, but I definitely preferred the simple unattended approach used in the XP/2003 family :-)

[Tripredacus]

Well you can do a FirstLogonCommands to delete the XML file, but the log files (and modified XML) will show up in the various Panther folders anyways.

Or you can put your XML into a folder that is accessable by the system but not by users. That way the unattend should work but users can't get into the folder without proper permissions.