• Announcements

    • xper

      MSFN Sponsorship and AdBlockers!   07/10/2016

      Dear members, MSFN is made available via subscriptions, donations and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, become a site sponsor and ads will be disabled automatically and by subscribing you get other sponsor benefits.

The Art of OEM - nLite & OEM Preinstallation

Your opinion goes here   140 members have voted

  1. 2. Would you like for Windows Designer Studio to perform most of the operations described in this guide?

    • Yes, and I want more features too!
    • Yes
    • No, I'd rather stick with the plain old Windows Setup routine.
    • No, it's just a waste of time; nLite/vLite will always be enough for my needs.
  2. 3. Now that this guide is complete, are you happy with its contents?

    • Yes, it's a great idea!
    • Somewhat, I used some of the things described here.
    • Probably, but it is too complex for me to handle.
    • No
  3. 4. Which of these should benefit you the most and you'd like to see first in Windows Designer Studio? (more details soon)

    • Windows Setup SDK (Panther Engine) - WIM capture, Setup customization and ISO making, like in Parts 3 and 4
    • VKEY Explorer - an advanced tool to design the registry of the OS you are designing
    • Package Designer - a set of diff and compression tools to allow you to author/create/add/remove windows components and preinstalled apps
    • VM Workbench - an extension for the free VMware Player product to test the results of your work before finalizing

Please sign in or register to vote in this poll.

141 posts in this topic


HTML Version, PDF Version

- Part 1 covers the creation of your base install. In it you will learn how to create a lab environment, personalize Windows with nLite and test it in a controlled environment.

- Part 2 covers Microsoft Sysprep and resealing the nLited OS to make it ready for the end-user.

- Part 3 covers my research concerning imaging and V2P (virtual-to-physical) migration and imaging, the reverse process for VMware P2V.

- Part 4 covers various means of deploying the customized OS.

- Part 5 is a quick guide for workstations, covering concepts detailed in parts 1 and 2.

- Part 6 (latest) "Heroes Happen Here"

Edited by dexter.inside

Share this post

Link to post
Share on other sites

Part 1 - The Base Install

Featured: Windows 2003 Small Business Server

I will be using in this tutorial my own copy of Windows 2003 Small Business Server Edition, which is the most complex scenario that I could think of. Doing the same with Windows XP is much simpler. I chose SBS and, subsequently, WHS because they fit best the purpose of this 4-part guide. First, it involves many components that cannot be slipstreamed through unattended install. Second, it is one of the most undocumented SKUs of NT 5.2 up-to-date. Third, I want to demonstrate how to integrate a service pack, R2, Media Center 2005 (codenamed Freestyle), and Home Server (codenamed Quattro) on your installation media with minimal or no installation time penalties.

1.1. A few things you should know before starting

For Part 1, I have used the following:

- Windows 2003 Small Business Server Edition, build 3790.0, 3 CDs

- Windows 2003 R2 for SBS

- Windows 2003 Service Pack 2, standalone update pack (build 3790.3959)

- VMware Workstation 6

- nLite

- Business Desktop Deployment 2007 v3.0.141.0

- Total Commander 7

Also, I use these terms:

- technician's computer, the computer you are

using to modify the OS.

- distribution share, the folder (shared over intranet or not) that contains the OS files and folders. In this example, I:\temp\SBS

- lab, the computer that is used to test the OS, either physical or virtual.

- host, a physical machine that hosts one or more virtual machines. In my case, the technician's computer.

- guest, a virtual machine that is hosted by the host computer. In my case, the same as the lab computer.

It is a common OEM practice to use more than one computer for doing this. Because I know most of you do not have a domain server / home server or at least 2-3 computers available, this tutorial was done on only one computer.

Please remember that Windows Deployment Services through PXE boot, and not removable media, is the quickest solution in most of real scenarios.

1.2. The Distribution Share

Make sure you have enough space on the partition you are using. For this scenario, you will need 3 Gb of free space. I am doing the entire tutorial in a folder named I:\temp, which is physically a dynamic spanned partition with striping. RAID is by far the best choice. If your hard drive is slow, the operations described here will take a long time. Remember, snacks are good for you only with moderation.

First, you will have to add the files and folders from all the media in your distribution share. Mine is named I:\temp\SBS.


Picture 1 - Windows 2003 SBS CD1


Picture 2 - required from Windows 2003 SBS CD2


Picture 3 - required from Windows 2003 SBS CD3

Afterwards, also add R2. It is a common mistake to presume that R2 is SKU-independent. Each Server 2003 edition has its own R2. For example, in Picture 3 you can see the R2 for Enterprise Edition. You cannot use it with SBS.


Picture 4 - Windows 2003 R2

Note that it contains a file called WIN52IA.R2, "ia" meaning Enterprise Edition. You can see the SKU in SLIPSTREAM.INF. The correct R2 for SBS should contain "il", like in Picture 5.


Picture 5 - SLIPSTREAM.INF, for SBS

This is the resulting distribution share.


Picture 6 - My Distribution Share

1.3. nLite the Distribution Share (1)

Even if there are other methods of slipstreaming a service pack, doing

it with nLite certainly looks better. In case your edition is not

already slipsteamed, use this:


Picture 7 - Service Pack 2

So, here goes:


Picture 8 - nLite Welcome Screen

Select your distribution share in nLite:


Picture 9 - Windows Installation Location

You will need nLite twice, first with these 2 options.


Picture 11 - Task selection

Edited by dexter.inside

Share this post

Link to post
Share on other sites

Here you select the location of the Service Pack


Picture 12 - Service Pack

Which will produce a warning, because there are some leftovers on the SBS I used.


Picture 13 - Warning


Picture 14 - Location of Service Pack


Picture 15 - Extracting files


Picture 16 - Update share


Picture 17 - Finished

The slipstream process has updated the distribution share. Service Pack 2 covers all the hotfixes for Server 2003. Besides it, you may need Terminal Services Client 6.0 and Internet Explorer 7.

You must slipstream SP2 in a non-trial edition of Server 2003 (either gold or SP1). The process will not work if the trial 360-day timebomb is present. Also, you have to do the slipstreaming before adding any other hotfixes / add-ons.

You can see here the build version for Service Pack 2 - v3959, information updated in nLite after slipstream. Windows Server 2003 is NT 5.2 build 3790.


Picture 18 - Status in nLite

You can now continue with other stuff.


Picture 19 - Add-ons


Picture 20 - Choose the add-on

In this tutorial, I've added just IE7. Remember, adding stuff this way will increase setup time. In Part 2 of this tutorial, I will describe a more efficient way to add stuff to your OEM image, with little or no install-time penalty, even for dozens of programs. The "vanilla" unattended method used by nLite was introduced several years ago when there were no other alternatives available.


Picture 21 - Internet Explorer 7

Edited by dexter.inside

Share this post

Link to post
Share on other sites


Picture 22 - Advanced Options


Picture 23 - Perform Operations


Picture 24 - Finished


Picture 25 - The Result

At this point I also add extra stuff:


Picture 26 - Extra Stuff

1.4. Slipstreaming XPize


Picture 27 - XPize Welcome Screen


Picture 28 - Create ISO


Picture 29 - Select Distribution Share


Picture 30 - Patching

Edited by dexter.inside

Share this post

Link to post
Share on other sites


Picture 31 - Finished

1.5. nLite the Distribution Share (2)

This time I will use nLite to remove unneeded stuff in my distribution share.


Picture 32 - Distribution Share


Picture 33 - Task Selection

Business Desktop Deployment 2007 is the most efficient way to manage your drivers today. It has a workbench that quickly adds/removes drivers from it's own distribution share. Sorting, efficient renaming and detailed info makes it a must-have for windows reinstallation geeks out

there. Note that you will also need a copy of Windows Automated Installation Kit (WAIK), preferably the one for Vista RTM.

In this case, I only have loaded Mass Storage PnP drivers. If you intend to try out Part 2 of this tutorial, don't add non-PnP drivers at this stage. BDD Workbench stores these drivers in \Distribution\Out-of-Box Drivers.


Picture 35 - Driver Pane

You will need to add to nLite hdc, SCSIAdapter and System driver collections from BDD Workbench. Due to the fact that I only have this folders loaded in this tutorial, I add the entire Out-of-Box Drivers folder.


Picture 36 - Multiple Driver Folder

You should not add 64-bit Mass Storage drivers in 32-bit editions of windows. Most likely you'd get UNMOUNTABLE_BOOT_VOLUME BSoD.


Picture 37 - Drivers to integrate

So, this is my final list of Mass Storage drivers I will add:


Picture 38 - Final list of drivers

To be able to perform Part 2 of this tutorial, you will need to keep Windows Update, Sysprep and OOBE compatibility.


Picture 39 - Compatiblity Removal

Here you remove what you don't want in your base install image.


Picture 40 - Components

Edited by dexter.inside

Share this post

Link to post
Share on other sites

As you are not yet performing OEM preinstallation in this part of the tutorial, you should keep it Disabled. Loading extra non-PnP drivers when booting may be needed in certain scenarios.

In order to perform Part 2, you will need either 32-bit ACPI hardware abstraction layer (HAL) for 32-bit windows, or 64-bit ACPI for 64-bit windows (like Windows XP SP2 x64). I will be using a method that relies on this HAL in Part 2, to make your windows device-independent, like it happens when you install Vista.

My SBS R2 license key covers 50 CALs (client access licenses). You should choose what's most suitable for your standalone server/domain controller/test scenario.


Picture 41 - Unattended General

Add here whatever cleanup / registry operations you want to perform with elevated privileges.


Picture 42 - RunOnce


Picture 43 - Users

I added the Media Center 2006 theme Royale Noir here.


Picture 44 - Desktop Themes


Picture 45 - Automatic Updates


Picture 46 - Display

I am configuring IIS and SCW after installation. To save install time, I've disabled them.


Picture 47 - Components

I am merging SP2.CAB and DRIVER.CAB without high compression. The resulting DRIVER.CAB is ~120 Mb. Also, the Classic setup theme is a bit faster (I don't like the billboards from XP setup).


Picture 48 - General Options

You will need to disable SFC in this tutorial. If you do not, it may corrupt many of the advanced modifications I'm doing later on.


Picture 49 - Patches

Personalize here the desktop experience you need.


Picture 50 - General Tweaks

At this point, changes you do here will have no effect, because OEM Preinstall is turned off. What you change here will be enforced by what you will do in Part 3, during the virtual-to-physical (V2P) migration.

Edited by dexter.inside

Share this post

Link to post
Share on other sites


Picture 51 - Services


Picture 52 - Processing


Picture 53 - Finished

Don't create the ISO just yet if you want to add other tweaks like 2003 server-to-workstation or any Transformation Pack.


Picture 54 - Bootable ISO

1.6. Slipstreaming Vista Transformation


Remember that OEM Preinstall is disabled, so themes will not be properly loaded on Server 2003 just yet. (the service will stay disabled).


Picture 55 - Vista Transformation Pack


Picture 56 - Transform setup files


Picture 57 - Resolution and DPI


Picture 58 - Distribution Share


Picture 59 - Apply transformation


Picture 60 - General system UI

Edited by dexter.inside

Share this post

Link to post
Share on other sites


Picture 61 - Application UI


Picture 62 - Interface


Picture 63 - Toolbar


Picture 64 - Copying


Picture 65 - Updating resources


Picture 66 - Finished

You can see here some of the files that were added by VTP6.


Picture 67 - Files were added

1.7. Build the Base Install ISO

As the distribution share is ready, it is time to create the ISO:


Picture 68 - ISO Location


Picture 69 - Preparing

If you are not happy with the ISO creation feature in nLite for some reason, you can try OSCDIMG from Windows AIK.


Picture 70 - Writing

Edited by dexter.inside

Share this post

Link to post
Share on other sites

Wow Dexter GREAT guide. I've seen your name on a few builds online. I wont say where but awesome builds. We need more brain power in this forum. A lot of the masters dont seem to be around here anymore. The ones that are dont seem to care to much.

This guide is so detailed, hope you finish it soon. Amazing stuff, I have a few questions.

Edited by Madhits45

Share this post

Link to post
Share on other sites


Picture 71 - Finished

1.8. Lab Configuration

In this tutorial I am using VMware Workstation 6.

If you get freaky because of fragmentation levels on your beautiful partitions, remember that this operation causes a lot of fragmentation. In order to maximize disk I/O in VMware you should either defragment at this point, or use contig.exe from Sysinternals to keep your VMDKs contiguous. I use Diskeeper 2007 Server Enterprise.


Picture 72 - Massive fragmentation

Here's my edition of VMware. If you are using a Debug (checked) release, you should swap the contents between the bin and bin-debug folders in your VMware installation, otherwise performance will be very poor.


Picture 73 - About VMware

This is how VMware Workstation looks like when there are no virtual machines configured.


Picture 74 - VMware

I have detailed below the best practice for creating a suitable lab for testing the image you built in this part of the tutorial.


Picture 75 - New Virtual Machine Wizard


Picture 76 - Custom VM


Picture 77 - Workstation 6

Windows Home Server is also built on the Small Business platform.


Picture 78 - Guest OS


Picture 79 - Name


Picture 80 - Memory

Edited by dexter.inside

Share this post

Link to post
Share on other sites


Picture 81 - Network


Picture 82 - Disk Controller


Picture 83 - New Disk


Picture 84 - LSI Logic Ultra320 SCSI


Picture 85 - Disk Size


Picture 86 - Disk Location


Picture 87 - Initial Config


Picture 88 - Settings

Use the ISO you made to boot.


Picture 89 - Options


Picture 90 - Final VM Config

Edited by dexter.inside

Share this post

Link to post
Share on other sites

1.9. Lab Deployment

The initial deployment is done with removable media in this tutorial.


Picture 91 - BIOS


Picture 92 - Boot


Picture 93 - Text-mode Setup


Picture 94 - Copying files


Picture 95 - Windows Logo

1.10. Windows Setup


Picture 96 - Installing Devices


Picture 97 - Name and Organization


Picture 98 - Product Key


Picture 99 - Computer


Picture 100 - Date and Time

Edited by dexter.inside

Share this post

Link to post
Share on other sites

Please continue! I had no idea that BDD2007 offered updated drivers for Windows installations, let alone a way to edit Windows installation sources. I really should have known this, what with being an OEM and all :) Very Cool guide.


Share this post

Link to post
Share on other sites
I had no idea that BDD2007 offered updated drivers for Windows installations

Actually BDD2007 does not offer any drivers, those are my drivers from my collection, which I manage with BDD.

I will continue when I have the necessary screenshots, this is intended to be a visual-oriented guide.


Share this post

Link to post
Share on other sites

I realized that when I went through all the steps. I ended up using BDD to manage some driverpacks I got from driverpacks.net, which works really well. In any case, I had no idea that BDD was a decent piece of management software for these sorts of things.


Share this post

Link to post
Share on other sites

I made an install similar to Dexter.inside using server 2003. i made it into a ghost image that should work on any PC. it doesn't contain driver packs so it fits on 1 bootable ghost cd (475) heres a screen shot.



Share this post

Link to post
Share on other sites

Yes, at a first glance Norton Ghost is a good solution, but Microsoft has developed the WIM format specifically for this purpose. I am almost done gathering data for continuing my tutorial, and I will present my research in the next few days.

The main advantages are single instance storage over one and/or multiple sysprep resealed images and using a real Microsoft-written setup routine (with actual partitioning options, not with unattended diskpart).


Share this post

Link to post
Share on other sites

Part 2: Road to the End-User

In Part 2 of this tutorial, I will continue with Windows Home Server (codenamed Quattro), and how can you use nLite to improve your Home Server experience. Later on, I will explain the sysprep -reseal technique and deploy your nLited windows distributions after further tweaking them in a controlled environment. You can learn here the advantages of OEM software preinstallation (a rather unfamiliar procedure AFAIK) over unattended software installation, to which most of you are already acquainted with (very well covered by nLite I might add).

2.1. A few things you should know before starting

For Part 2, I have used the following software:

- Windows 2003 Small Business Server (from Part 1)

- Windows Home Server CTP, build 06.00.1371

- VMware Workstation 6

- nLite

- Total Commander 7

2.2. Preparing the distribution share

Copy the contents of the Windows Home Server Installation DVD to your distribution share. Mine is named I:\temp\WHS.

This is the layout of WHS folders:

- BOOT, the boot code for Windows PE 2.0 that is used to deploy WSH. In it you can find the BCD registry hive, that controls booting the DVD. You can edit it by using Microsoft's BCDEDIT.EXE or by loading it in your registry from REGEDIT.

- DOCS, the EULA and documentation.

- FILES, installer logic that installs Codename Quattro over the base install.

- REDISTR, redistributable applications required by Quattro runtime code.

- SOURCES, containing the BOOT.WIM file, in which the base WinPE 2.0 is stored (build 6.0.6000 from the WAIK).

- SVR_2003, the first CD from Windows 2003 Small Business Server with SP2, v3790.2959. This is your nLite target. WSH installer logic generates a headless install for it the first time it runs.

- WHS, specific hotfixes and MSI packages to be added on top of SBS CD1 after install.

- WHSSUPPORTTOOLS, runtime tools for the WHS app.

- WINDOWS, the WinPE Shell that installs WHS.

This is how the BCD looks like.

Don't forget to unload the hive after you're done.

AUTORUN.INF contains:

open=files\install\qs.exe -autorun

and, as you can see, the DVD is tagged just like SBS, with WIN52IL.SP2.

Edited by dexter.inside

Share this post

Link to post
Share on other sites

2.3. nLite your WHS Core

Just like in Part 1, use nLite on the \SVR_2003 folder.

Up to this moment, I am unsure on what components to keep in order not to break the WSH installer or functionality. For starters, remember to keep Sysprep and Activation Compatibility, IE Compatibility, and IIS 6.

Remember that in order to complete this tutorial, you will have to disable OEM and use the Advanced Configuration and Power Interface (ACPI) PC HAL in your nLite unattended settings.

This is what I used:

Env = 1.3 - 2.0.50727.42.Microsoft Windows NT 5.2.3790 Service Pack 2, v.2845
Target = Windows Server 2003 for Small Business Server SP:2 - 5.2.3790.3959 - English (United States)

Remove Components
Unattended Setup

;# Applications #
Accessibility Options
;# Multimedia #
Mouse Cursors
Music Samples
Old CDPlayer and Sound Recorder
Speech Support
Windows Sounds
;# Network #
Communication tools
;# Operating System Options #
16-bit support
Color Schemes
Disk Cleanup
Document Templates
DR Watson
FAT to NTFS converter
Search Assistant
Shell Media Handler
Symbolic Debugger (NTSD)
Zip Folders
;# Services #
Beep Driver
Removable Storage
;# Compatibility #



ProfilesDir = "%SystemDrive%\Documents and Settings"
TargetPath = "WINDOWS"
temp_dir = %SystemDrive%\WINDOWS\Temp

TcpIp = 100


Boot and Shutdown-Ctrl-Alt-Del at logon-Disabled
Boot and Shutdown-Disable saving Last Good state at boot
Boot and Shutdown-Disable Shutdown Tracker
Boot and Shutdown-Logon Page-Welcome screen
Boot and Shutdown-Numlock-Off
Boot and Shutdown-Setup Prefetch-Cache-Applaunch and Boot enabled
Boot and Shutdown-Status Messages-Extended
Desktop-Internet Explorer icon-Show
Desktop-My Computer icon-Show
Desktop-My Documents icon-Hide
Desktop-My Network Places icon-Hide
Desktop-Recycle Bin icon-Hide
Desktop-Show Windows version on Desktop
Explorer-Add 'Command Prompt' to folder context menu
Explorer-Advanced Search: preconfigure options
Explorer-Classic Control Panel
Explorer-Disable Autorun
Explorer-Disable Beep on errors
Explorer-Disable Prefix: Shortcut to
Explorer-Display the contents of system folders
Explorer-Recycle Bin: allow to rename and delete
Explorer-Recycle Bin: delete files directly
Explorer-Remove Send To on context menu
Explorer-Show Drive Letters in front of Drive Names
Explorer-Show extensions of known file-types
Explorer-Show hidden files and folders
Explorer-Show Map Network Drives buttons in Explorer bar
Explorer-Show protected operating system files
Explorer-Show Statusbar in all windows
Explorer-Show the full path in the Address Bar
Explorer-Show the full path in the Title Bar
Internet Explorer-Disable Go Button
Internet Explorer-Disable Market Place bookmark
Internet Explorer-Disable Media Player 6.4 created bookmarks
Internet Explorer-Disable sound when popup is blocked
Internet Explorer-Enable Google URL-Search
Internet Explorer-Keep IE URL-History for-20 Days (default)
Internet Explorer-Set Homepage-about:blank
Internet Explorer-Set IE-Cache limit to-20 MB
Internet Explorer-Set Internet Explorer to accept 10 connects at a time
My Computer-Add Administrative Tools
My Computer-Add Control Panel
My Computer-Add Control Panel to Context Menu
My Computer-Add Device Manager to Context Menu
My Computer-Add Folder Options
My Computer-Add Fonts Folder
My Computer-Add My Network Places
My Computer-Add Network Connections
My Computer-Add Printers and Faxes
My Computer-Add Recycle Bin
My Computer-Add Scheduled Tasks
My Computer-Add Services to Context Menu
My Computer-Add Software to Context Menu
My Computer-Add Taskbar Settings
Network-Allow receiving Remote Assistance-Disable
Network-Disable administrative shares
Network-Remote Desktop-Enable
Network-Set TCP/IP Priority to 1
Performance-Disable Info Tips on Files and Folders
Performance-Disable Last accessed Timestamp on files
Performance-Disable Optimize harddisk when idle
Performance-Disable paging of kernel and core-os
Performance-Disable Tracking of Broken Shortcut Links
Performance-Disable Warn on low disk space
Performance-Disable WBEM logging
Performance-Do not cache thumbnails
Performance-Processor scheduling-Programs
Privacy-Disable Driver Update Internet prompt
Privacy-Disable Error Reporting
Privacy-Disable File MRU-List
Privacy-Disable Tracking of most used programs
Privacy-Remove Alexa
Security-Always show Updates under Software
Security-Disable Screensaver
Security-Disable Web Open With prompt
Security-Screensaver Password-Protection-Disabled
Start Menu-Add Administrative Tools menu
Start Menu-Clear most recently opened documents list on logoff
Start Menu-Control Panel-Display as a menu
Start Menu-Disable Highlight newly installed programs
Start Menu-Disable popup on first boot
Start Menu-Expand Network Connections
Start Menu-My Computer-Display as a menu
Start Menu-My Documents-Display as a menu
Start Menu-My Music-Display as a menu
Start Menu-My Network Places-Display as a menu
Start Menu-My Pictures-Display as a menu
Start Menu-Network Connections-Link to Network Connections folder
Start Menu-Number of programs on Start menu-6
Start Menu-Printers and Faxes-Display as a menu
Start Menu-Reduce popup delay
Start Menu-Remove Search For People from Search
Start Menu-Remove Search the Internet from Search
Start Menu-Remove Set Program Access and Defaults
Start Menu-Remove Windows Catalog shortcut
Start Menu-Remove Windows Update shortcut
Start Menu-Scroll Programs
Taskbar-Disable Hide inactive icons
Taskbar-Lock the Taskbar-Yes
Visual Effects-Active window tracking speed-Fast
Visual Effects-Animate windows when minimizing and maximizing-Disable
Visual Effects-Combo box animation-Disable
Visual Effects-Cursor shadow-Enable
Visual Effects-Fade out selection-Disable
Visual Effects-Gradient captions in windows-Enable
Visual Effects-Keyboard shortcut underline-Enable
Visual Effects-Menu animation-Disable
Visual Effects-Menu shadows-Disable
Visual Effects-Menu style-Normal
Visual Effects-Show translucent selection rectangle-Enable
Visual Effects-Show window contents while dragging-Disable
Visual Effects-Slide taskbar buttons-Disable
Visual Effects-Smooth edges of screen fonts-ClearType
Visual Effects-Smooth-scroll list boxes-Disable
Visual Effects-Tooltip animation-Disable
Visual Effects-Use a background image for each folder type-Disable
Visual Effects-Use drop shadows for icon labels on the desktop-Enable
Windows Media Player-Accept Privacy Statement
Windows Media Player-Disable auto-add music to library
Windows Media Player-Disable license backup prompt
Windows Media Player-Disable silent acqusition
Windows Media Player-Disable starting with Media Guide
Windows Media Player-Do not show anchor in Designmode
Windows Media Player-Optimize fullscreen mode behavior
Windows Media Player-Remove all context menu entries
Windows Media Player-Zoom video to windowsize

ComputerType = Advanced Configuration and Power Interface (ACPI) PC
Resolution = 800x600
BitsPerPel = 32 bit (True Color)
MaximumDataStorePercentOfDisk = 12
RestorePointLife = 30
DesktopTheme = Default||
SCWInstall = 2
AutoUpdates = 3
AutoUDay = 5
AutoUHour = 15
ProgFilesPath = "\Program Files"

connname = ""
macaddress = ""
ipaddress = ""
subnetmask = ""
defaultgateway = ""
dnsserver1 = ""
dnsserver2 = ""
winsserver = ""
netbiossetting = "0"
ipxnetworknumber = "00000000"
ipxnetworkframetype = "0xFF"




I have also unhidden stuff from SYSOC.INF:

Signature = "$Windows NT$"

IndexSrv_System = setupqry.dll,IndexSrv,setupqry.inf,,7
TerminalServer=TsOc.dll, HydraOc, TsOc.inf,,2


WindowTitle="Windows Server Setup"
WindowTitle_Standalone="Windows Components Wizard"

; Customized by nLite - www.nliteos.com


Share this post

Link to post
Share on other sites

2.4. Testing nLited WHS

2.4.1. Build the DVD

Using OSCDIMG.EXE, build it with the following settings (the distribution share is the current path).

The -m switch is for making DVDs instead of CDs.

Due to some bugs in the WinPE-based install of Windows Home Server, I will use a manual installation procedure. If you can boot from the first image without receiving the "Could not initialize UI subsystem" you can proceed directly to the next chapter; however most of us are not that lucky.


So, if you get this error, use nLite to create an ISO from the \SVR_2003 folder. If not, jump to section 2.4.6.

2.4.2. VMware Configuration.

I am using VMware Workstation 6 ACE Edition build 44426. The Guest operating system is Windows Server2003 Small Business (LSI Logic compliant). You need to create a non-preallocated non-independent virtual disk that is larger than 32 Gb. (the setup requires it to be this way, otherwise it will fail). Don't worry, it will never use more than ~4 Gb on your disk. You also need to use at least 512 Mb of memory, as required by Windows PE 2.0.

It's best to use a network shared folder, like this:

Workstation 6 compatible VMs also introduced a great feature, you can now mount a virtual partition just like a real one and map a drive letter to it in your host machine when the VM is turned off. Of course, you have to partition the virtual disk first inside the VM.

Edited by dexter.inside

Share this post

Link to post
Share on other sites

2.4.3. Manual WHS Installation

From the second image you've created, install Windows in your new virtual machine. Create a 10 Gb C:\ partition for this install. You'd get this as a typical first boot:

Now it's a good opportunity to install VMware Tools, activate windows and make other minor adjustments to the base install. VMware snapshots will easy allow you to roll back to this point if you get something wrong along the way.

2.4.4. Installing WHS components

Point your virtual CD-ROM to the location of the first DVD you made.

First use Microsoft Update to get the latest stuff, then install the redist components, from \REDISTR.

As for components specific to WHS, they are in the \WHS folder:

1) These are the Home Server hotfixes. Most likely you can add them in nLite to the base install.

- Home Server Activation Component, UMAS.EXE

- Home Server Certificate Enrollment, UMCENROLL.EXE

- Home Server Certificate Enrollment (Public Service), UMCENROLLID.EXE

- Home Server Certificate Enrollment (Setup Module), UMCENROLLSETUP.EXE

- Home Server Transport Service, UMCONNECTOR.EXE

- Home Server Console, UMCONSOLE.EXE

- Home Server Dynamic DNS Service, UMDDNS.EXE

- Home Server Drive Extender, UMDE.EXE

- Home Server Diagnostics, UMDIAG.EXE

- Home Server Event Parser, UMMSGLOG.EXE

- Home Server Notification Service, UMNOTIFY.EXE

- Home Server OOBE Setup Module, UMOOBE.EXE

- Home Server Backup Service, UMBACKUP.EXE

- Home Server Port Forwarding Service, UMPF.EXE

- Home Server Software Development Kit, UMPSDK.EXE

- Home Server Storage Service, UMQSM.EXE

- Home Server Remote Access (Base), UMRABASE.EXE

- Home Server Remote Access (Public), UMRAHOME.EXE

- Home Server Remote Access (RWW), UMRAREMOTE.EXE

- Home Server UPnP and Media Connect, UMUPNP.EXE

- Home Server Preserver, UMWHSARCH.EXE

Restart to enable the installed services.

2) Home Server components:

- Windows Server System UPnP Stack, UPNP.MSI. Installs Universal Plug and Play.

- Backup Server, BACKUPSERVERINSTALL.MSI. The backup engine for Home Server.

- Drive Extender, DE.MSI. Also installs a driver for this function.

- Home Server Dynamic DNS Service, DDNS.MSI.

- Home Server Diagnostics, DIAGNOSTICS.MSI.

- File Checker Service, FILECHECKSERVICE.MSI.

- Home Server Health, HEALTH.MSI.

- Home Sever Password Filter, PASSWORDFILTER.MSI.

- Server System Port Forwarding Service, PORTFORWARDING.MSI.

- Home Server Remote Access, REMOTEACCESS.MSI.


- Home Server Preserver, WHSARCH.MSI.

- Home Server Event Parser, WHSMSGLOG.MSI.

- Home Server OOBE, WHSOOBE.MSI.

Feel free to skip unwanted functionality.

3) Windows Home Server console will start with some errors about built-in music, videos and photos not found. Ignore them.

At this point it's best to turn off and remove the previous snapshot if you got everything right, in order to save disk space and performance. VMware will perform needed cleanup on the disk, thus commiting all changes you made to the initial virtual disk (snapshots use a different place to store files that you add, and dynamically maintains the filesystem presented to the running OS updates).

Edited by dexter.inside

Share this post

Link to post
Share on other sites

2.4.5. Windows Services specific for Home Server

Most of there rely on the IPSEC Service, so don't disable it. Home Server also adds UPnP and SSDP Discovery, specific for Windows XP (These not being present on the server system have prevented Microsoft in releasing Windows Media Player 11 on Server 2003).

- FileChecker Service

Check the files in the share folder for Codename Quattro. Result is in \Documents and Settings\All Users\Application Data\Microsoft\Windows Home Server\logs\FileChecker.

- SBCore Service

Provides server core services.

- Windows Home Server Computer Backup

Enables back up of computers to this home server. If this service is stopped, computers will not be able to back up to this home server. If this is not working, network status appears "critical" in the console.

- Windows Home Server Drive Letter Service

Maintains drive letters for folders managed by Windows Home Server Storage Manager.

- Windows Home Server Storage Manager

Manages storage allocation for your server.

- Windows Home Server Transport Channel

Provides Home Server transport channel to the clients as well as some background tasks. This is also a great expansion of functionality for IPSEC.

2.4.6. Preinstalling Applications

The purpose of this operation is to create a windows distribution that contains all the programs you need. Feel free to install whatever apps you will need before beginning sysprep.

If you have manually installed Home Server, do not add the windows drive to the Storage.

Use the shared folders, in the guest OS they are in \\.host\Shared Folders.


Share this post

Link to post
Share on other sites

2.5. Sysprep

2.5.1. History

Users of Windows NT4 needed a way to properly duplicate installations of Windows and programs onto other computers. This was a task that would save time and reduce monotony for IT staff that needed to do such things as set up 30 identical computers in a computer lab. Programs existed at the time such as Binary Research's Ghost, which was later sold to Norton in July of 1998, that could duplicate the exact software structure of one computer onto another.

But, in the case of Windows NT4 this created extreme driver problems that would either crash the replicate computer or impair specific devices, such as the network card. This was in contrast to Windows 95 or Windows 98 that when duplicated reacted in a much more manageable way, and basically this means they would go through a hardware redetection process. Even worse, a Windows NT4 computer has a built-in security identifer (SID) that is generated only on the installation of the operating system. This SID is used by domain controllers to internally identify workstations and servers, and if this code was duplicated then it would confuse domain servers since multiple computers would in effect have the same name.

Luckily Microsoft, for once, actually listened to the needs of its customers. And their response was the release of a free resource utility called the Microsoft System Preparation Tool versioned as 4.0.1381.123. This program was designed for Windows NT4 Workstation and Windows NT4 Server and provided a fix for the largest complaints. When you were ready to duplicate a computer you would run this program and it would follow rules defined in a script file (answer file) that you created. And after duplication it would execute those rules while running through a short mini-setup that recreated the security identifer (SID) and forced a hardware remapping sequence. It still would not allow duplication across variable hardware, but it would make exact computer duplications a much easier task.

Since then there have been numerous releases of SysPrep for all Windows NT based operating systems and SysPrep has become a common tool for IT administrators.

2.5.2. Process Overview

SysPrep is designed to be run manually before imaging a computer and automatically after a computer has been imaged. Most of advanced system management tools today rely heavily on it to do their dirty work, but also most of them cost hundreds of dollars. Some of you may be familiar with software like Symantec Backup Exec, that are used precisely for this purpose. Reconstructing a carefully-built domain controller can take weeks and lots of money. Reconstructing it from a sysprepped image only takes the time required to copy the files from the backup.

And there's more good news - there's a new method that benefits the most from sysprep. it's called V2P.

VMware's P2V (physical-to-virtual) was a revolutionary tool that allowed you to migrate existing OSes in virtual machines. Useful for corporate purposes but not to the end-user. Now, due to some less-documented Vista technology, it is possible to do the opposite, virtual-to-physical migration. Unuseful for corporate purposes but very useful for people that read this forum, as it allows you to repackage a carefully-designed OS from a virtual machine, and install it on any kind of physical hardware. Neat, huh? Part 3 covers this technique I've been working on for some months now in great detail.

So, here's the global picture on how to do that yourself, presented here in Part 2 of this tutorial:

1. nLite the official setup disc.

2. Install Windows with the desired ACPI HAL (either 32-bit or 64-bit)

3. Apply other operating system patches

4. Configure the administrator account to your needs

5. Create a template user account

6. Install programs under the template user account

7. Configure all programs and settings under the template account (also works with Administrator)

8. Restart the computer. If you don't restart then step 9 may be unsuccessful because files may be locked.

9. Log in as the main administrator account.

10. Copy the settings of the template account into the "Default User" account

11. Remove the template account

12. Apply finishing touches

13. Create a directory for SysPrep (typically this is c:\sysprep)

14. Copy in the required files for SysPrep

15. Create a drivers directory for SysPrep (typically this is c:\drivers)

16. Create a SysPrep script (sysprep.inf) in the SysPrep directory

17. Add a generic mass storage section to the sysprep.inf

18. Add additional mass storage drivers

19. Execute SysPrep

20. Image the computer

21. Duplicate the image onto other computers

If you performed the steps above properly then you would have a working image that you can duplicate onto any computers that conform to the settings you provided in the sysprep configuration file (sysprep.inf).

This guide covers only the -reseal capabilities of sysprep. Once you apply sysprep to an installation of Windows it should be set to shut down. You have to be careful though because the next time Windows starts up it will execute sysprep. At this point sysprep will run the computer through a mini-setup that will detect any new hardware, redetect network settings, set the timezone and a few other things. After you have executed sysprep you need to image the computer so make sure you don't start the computer accidentally as that will invalidate your sysprep and you will need to do it again. VMware solves most of the problems that can occur along this procedure.

Thus, it is best that you take a snapshot of the virtual machiner before you execute sysprep manually. SysPpep makes several changes to the operating system that could build up over time and create problems down the line if you continually update the same image. This issue is generally related to older versions of windows, like Windows 2000. Once you make a good image, you will most likely need to add programs or need to apply security patches later on. So, if you make an image, sysprep it, store it, then need to update it then you will need to run sysprep on it again.

2.5.3. The Hardware Abstraction Layer (HAL)

The hardware abstraction layer (HAL) is a kernel level driver that provides an interface between the operating system and the system architecture. There are several HALs that Windows can use and they impact available features and performance depending on which systems they are used on. The Advanced Configuration and Power Interface (ACPI) PC is the most compatible, so it's by far the best choice for 32-bit systems. It should be noted that multiprocessor computers can also use this HAL, however they will only make use of a single processor. This HAL can also be used with hyperthreading without any problem.

Similarly, the ACPI Multiprocessor PC is a HAL designed for multiprocessor computers. It is the main advantage of Windows XP/2003 64-bit editions, as memory operations receive a 10-15% performance boost and it fully implements hyperthreading.

To make your image as compatible as possible you should use the "Advanced Configuration and Power Interface (ACPI) PC" HAL. You can specify this in the Windows setup by using the F5 key during the part where you can use F6 to choose mass storage device drivers, or you can view and change your HAL from within Device Manager by changing the "computer" driver.

Edited by dexter.inside

Share this post

Link to post
Share on other sites

2.5.4. How sysprep.inf made winnt.sif obsolete

As you all should know my now, SIFs have become obsolete on the new NT 6 kernel. I'd say that the most advanced feature in Vista is the setup and the imaging technology, both secrets well guarded between 2003 and 2006. The text-mode setup is now gone, and with it a lot of legacy impediments. You've all had your fair share of head ache from it by now - some registry tweaks work, other don't or just behave unpredictable. You want to remove a file from the setup, and to do so you have to use all sorts of ugly hacks. You want to have your favourite app installed silently, you have to make a package yourself. You finally get all working to reach yet another stupid error and so forced to throw away another disc.

Well, those days are nearly gone. Sysprep has become very important for Vista, since early 2004. As the Microsoft.NET technology gets closer to maturity (10 years), older methods of doing stuff become very unsuitable. Of course, Vista got all the goodies during the its beta, and XP Service Pack 3 was left out cold.

So, I decided to skip ahead and retrace the steps that were made to create the Longhorn 4xxx builds, which are very similar to today's products like Windows Home Server, for example. The results were quite surprising, and that you'll see for yourself if you decide to actually try to do what I describe in this tutorial.

Back in 2003, a lot of .NET supra-structure was added to the initial XP codebase, rolled up to NT 6.0.4008, the last milestone based on the text-mode setup. The multilingual separation (those MUI files) had nearly doubled the time of the text-mode setup, and most of the beta team was probably fed up with throwing away tons of DVDs due to faulty I/O. So, they took the logical step of refurbishing sysprep to do the dirty work for them.

Instead of rebuilding the entire XP/2003 setup folder structure and coresponding SIFs+INFs each time they incremented the kernel / file version, they decided to do that only once and then use sysprep to clone that installed Longhorn prototype from the developer's machine to the entire beta network. This reduced install time from ~90 minutes to arround 15. A new setup based on Visual C++ Redist and .NET was made, and a new imaging format was tailored to suit this process. Thus, WIMs were used to store the sysprepped image and a setup was written to mount that WIM and read from it instead of regular install media. Avalon, later known as Windows Presentation Foundation, was the first to benefit, as it was nearly as complex as the entire Media Center, that took several months to integrate in XP. Adding it to the WINNT.SIF would have been out of the question. The same reason why Media Center never got integrated tightly in the XP codebase.

Then another problem came up. Sysprep had a limitation, it couldn't change the existing HAL. As you may have found out, changing motherboards would usually result in a BSoD on any normal Windows installation. So they came with a quick hack, "ACPI Pick-Up", for the new setup routine. The new setup logic became like this: Windows PE started, setup.exe was loaded, it chose the proper HAL and ntoskrnl startup parameters, allowed the user to partition / format and choose the destination, unpacked the WIM to that destination, and apply the HAL pick-up trick.

Later on, when the 4xxx series were scrapped in favor of the NT 5.2 codebase, they invented WINLOAD and BOOTMGR, the neat way of doing this, and sysprep became able to transparently generalize hardware (as the drivers were no longer packed in CABs). Due to "popular" demand, that Beta 2 project was rushed in what you now know as Vista RTM, and research went again into silence inside the Windows Server 2008 project. (Codename Longhorn Server).

Ironically, the Microsoft WAIK is capable of doing largely the same thing with Windows XP/2003, but Microsoft never bothered to update the ancient setup routines with the new stuff. Quite normal, that would cost money for "no good reason". So we are left to do that ourselves. With SIFs becoming obsolete, tweaking NT 5.x based OSes will become much more pleasurable in the near future. Main reason: the registry is no longer being constructed during setup, because it is already present in the image. Sysprep only does minor adjustments to it to start the mini-setup.

If you are curious how that works, try this on Vista: sysprep -generalize -activated.

At this point, the technique that I am describing here is the only reasonable way of making new nLited versions of Home Server or Windows Server 2003 Media Center Edition. Sysprep is a great complement to what nLite can do, and the reasons will become quite obvious in Part 3 of this tutorial.

2.5.5. SETUPMGR.EXE - Microsoft's Idea of Unattended

The sysprep.inf file contains the unattended logic of sysprep, specifically the instructions that it will use during the mini-setup process. The sysprep.inf file is broken up into several sections following the layout of an INI file. However, this file is called sysprep.inf and not sysprep.ini. Please be very certain that you have it named properly or it will not work.

The sysprep.inf file is not really required but if it isn't included then the user will be prompted for answers to questions on the execution of the mini-setup on the first boot following running sysprep. In most situations this is not desired especially since the default configuration will not duplicate well across computers. In other words you can't automate sysprep unless you provide a valid sysprep.inf. Unlike Vista, where sysprep is specifically built to work without a custom made sysprep.inf.

The good news about the sysprep.inf it that you don't have to edit the entire thing yourself. Microsoft wrote a program called the Microsoft Setup Manager Wizard (setupmgr.exe). The purpose of this program is to create sysprep.inf answer files from a GUI. It doesn't have all of the options that you will most likely need, but it does give you a way to create a skeleton answer file that you can then edit and fill the rest of the information into. I highly suggest that you use the Setup Manager Wizard first and play around with it and then check the sysprep.inf file to see how changing different options alters the sysprep.inf file. And then once you have you have a template answer file then you modify it to your needs.

I will continue by showing how I do this on the Home Server. If you haven't run nLite yet and/or haven't installed it on your lab machine, I suggest you do so now, as you must do the following operations on it.


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.