Hello world!

Welcome to WordPress.com. This is your first post. Edit or delete it and start blogging!

Posted in Uncategorized | 1 Comment

How to attach Vdisk automaticly before logon on Windows 7

如何在Windows 7启动前自动加载vdisk


1. 创建Vdisk。


2. 写diskpart 脚本,另存为c:\diskpart.script
select vdisk file="c:\downloads.vhd"
attach vdisk

3. 写启动脚本,另存为 c:\logon.cmd
diskpart /s c:\diskpart.script

4. 编辑组策略加载diskpart 脚本
记算机配置-> Windows 设定 -> 脚本 -> "启动脚本",选择 c:\logon.cmd

OK 完工了:)

Posted in Win7 | Leave a comment

How to read the small memory dump files that Windows creates for debugging

Article ID: 315263 – Last Review: March 4,
2009 – Revision: 5.3

How to read the small memory
dump files that Windows creates for debugging

This article was previously published under Q315263

To continue receiving security
updates for Windows, make sure you’re running Windows XP with Service
Pack 3 (SP3).
For more information, refer to this Microsoft web page: Support
is ending for some versions of Windows


On This Page


This step-by-step article describes how to
examine a small memory dump file. Yo…

This step-by-step article describes how to examine a small memory dump
file. You can use this file to determine why your computer has stopped

Small memory dump

A small memory dump file records the smallest set of useful information
that may help identify why your computer has stopped unexpectedly. This
option requires a paging file of at least 2 megabytes (MB) on the boot
volume. On computers that are running Microsoft Windows 2000 or later,
Windows create a new file every time your computer stops unexpectedly. A
history of these files is stored in a folder.

This dump file type includes the following information:

  • The Stop message and its parameters and other data
  • A
    list of loaded drivers
  • The processor context (PRCB) for the
    processor that stopped
  • The process information and kernel
    context (EPROCESS) for the process that stopped
  • The process
    information and kernel context (ETHREAD) for the thread that stopped
  • The
    Kernel-mode call stack for the thread that stopped

The small memory dump file can be useful when hard disk space is
limited. However, because of the limited information that is included,
errors that were not directly caused by the thread that was running at
the time of the problem may not be discovered by an analysis of this

If a second problem occurs and if Windows creates a second small memory
dump file, Windows preserves the previous file. Windows gives each file a
distinct, date-encoded file name. For example, Mini022900-01.dmp is the
first memory dump file that was generated on February 29, 2000. Windows
keeps a list of all the small memory dump files in the
%SystemRoot%\Minidump folder.

Configure the dump

To configure startup and recovery options to use the small memory dump
file, follow these steps.

Note Because there are several
versions of Microsoft Windows, the following steps may be different on
your computer. If they are, see your product documentation to complete
these steps.

  1. Click Start, point to Settings, and then click Control
  2. Double-click System.
  3. Click
    the Advanced tab, and then click Settings under Startup
    and Recovery
  4. In the Write
    debugging information
    list, click Small
    memory dump (64k)

    To change the folder location for the small memory dump files, type a
    new path in the Dump File box (or in the
    Small dump directory box, depending on
    your version of Windows).

Tools to read the
small memory dump file

You can load small memory dump files by using the Dump Check Utility
(Dumpchk.exe). You can also use Dumpchk.exe to verify that a memory dump
file has been created correctly. The Dump Check Utility does not
require access to debugging symbols. The Dump Check Utility is included
with the Microsoft Windows 2000 Support Tools and the Microsoft Windows
XP Support Tools.

For additional information about how to use the Dump Check Utility in
Windows 2000 and in Windows NT, click the following article number to
view the article in the Microsoft Knowledge Base:



How to use Dumpchk.exe to check a memory dump file

For additional information about how to use the Dump Check Utility in
Windows XP, click the following article number to view the article in
the Microsoft Knowledge Base:



How to use Dumpchk.exe to check a memory dump file

Note The Dump Check Utility is not included in the
Microsoft Windows Server 2003 Support Tools. To obtain the Dump Check
Utility if you are using Microsoft Windows Server 2003, download and
install the Debugging Tools for Windows package from the following
Microsoft Web site:

You can also read
small memory dump files by using the WinDbg tool or the KD.exe tool.
WinDbg and KD.exe are included with the latest version of the Debugging
Tools for Windows package.
This Web page also provides access to the
downloadable symbol packages for Windows. To use the resources, create a
folder on the disk drive where the downloaded local symbols or the
symbol cache for symbol server use will reside. For example, use
C:\Symbols. You can use the following symbol path with all the
commands that are described in this article:


If you download the symbols to a local folder, use the path of that
folder as your symbol path.

For more information about the dump file options in Windows, click the
following article number to view the article in the Microsoft Knowledge



Overview of memory dump file options for Windows Server 2003, Windows
XP, and Windows 2000

Install the
debugging tools

To download and install the Windows debugging tools, visit the following
Microsoft Web site:

Select the Typical installation. By default, the installer installs the
debugging tools in the following folder:

C:\Program Files\Debugging Tools for Windows

Open the dump file

To open the dump file after the installation is complete, follow these

  1. Click Start, click Run, type cmd,
    and then click OK.
  2. Change to the
    Debugging Tools for Windows folder.

    To do this, type the following at the command prompt, and then press

    cd c:\program
    files\debugging tools for windows
  3. To load the dump file into a debugger, type one of the following
    commands, and then press ENTER:

    windbg -y SymbolPath -i ImagePath
    -z DumpFilePath
    kd -y SymbolPath -i ImagePath -z

The following table explains the use of the placeholders that are used
in these commands.

this table
Expand this table
Placeholder Explanation
SymbolPath Either
the local path where the symbol files have been downloaded or the
symbol server path, including a cache folder. Because a small memory
dump file contains limited information, the actual binary files must be
loaded together with the symbols for the dump file to be correctly read.
ImagePath The path of these files.
The files are contained in the I386 folder on the Windows XP CD-ROM.
For example, the path may be C:\Windows\I386.
DumpFilePath The path and file name
for the dump file that you are examining.

Sample Commands

You can use the following sample commands to open the dump file. These
commands assume the following:

  • The contents of the I386 folder on the Windows CD-ROM are copied
    to the C:\Windows\I386 folder.
  • Your dump file is named

Sample 1:

kd -y
srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i
c:\windows\i386 -z c:\windows\minidump\minidump.dmp

Sample 2. If you prefer the graphical version of the debugger instead of
the command line version, type the following command instead:

windbg -y
srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i
c:\windows\i386 -z c:\windows\minidump\minidump.dmp

Examine the dump

There are several commands that you can use to gather information in the
dump file, including the following commands:

  • The !analyze -show command
    displays the Stop error code and its parameters. The Stop error code is
    also known as the bug check code.
  • The !analyze -v
    command displays verbose output.
  • The lm N T command
    lists the specified loaded modules. The output includes the status and
    the path of the module.

Note The !drivers
extension command displays a list of all drivers that are loaded on the
destination computer, together with summary information about their
memory use. The !drivers extension is obsolete in Windows XP and
later. To display information about loaded drivers and other modules,
use the lm command. The lm N T command displays
information in a format that is similar to the old !drivers

For help with other commands and for complete command syntax, see the
debugging tools Help documentation. The debugging tools Help
documentation can be found in the following location:

C:\Program Files\Debugging Tools for

Note If you have symbol-related issues,
use the Symchk utility to verify that the correct symbols are loaded

For additional information about using Symchk, click the following
article number to view the article in the Microsoft Knowledge Base:



Use the Microsoft Symbol Server to obtain debug symbol files

Simplify the commands by using a batch file

After you identify the command that you must have to load memory dumps,
you can create a batch file to examine a dump file. For example, create a
batch file and name it Dump.bat. Save it in the folder where the
debugging tools are installed. Type the following text in the batch

cd "c:\program
files\debugging tools for windows"

kd -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i
c:\windows\i386 -z %1

When you want to examine a dump file, type the following command to pass
the dump file path to the batch file:

dump c:\windows\minidump\minidump.dmp

Posted in TechNet | Leave a comment

VMware Labmanager 无法查看新添加的存储

最近新添加的存储,在vc 中已经可以查看到,(同时该存储被关联在Labmanager 所使用的resouce pool中).
在Labmanager中刷新,查看resouce pool中存储属性也无法查看到。
解决方法: restart "VMware vCenter Lab Manager Monitor"服务即可
VMware vCenter Lab Manager Monitor:
Checks managed server connectivity and performs storage garbage collection.
Posted in VMWare Labmanager | Leave a comment

[转]Microsoft: RDP to Windows 2003 R2 fails – Protocol error

Last week I got some trouble to connect a Windows 2003 R2 32-Bit VM
by using RDP.. I received this error:

Because of a protocol error, this session will be
disconnected. Please try connecting to the remote computer again.


To resolve this issue you can delete the “MSLicesing” key/folder in
the register. Goto:

MSLicesing folder and reconnect the server.

Posted in Uncategorized | Leave a comment

Sysprep Command-Line Syntax

Sysprep Command-Line Syntax

This topic describes the command
line syntax for the Windows Vista version of Sysprep.

If you
intend to transfer a Windows image to a different computer, you must run
sysprep /generalize, even if the computer has the same hardware
configuration. The sysprep /generalize command removes unique
information from your Windows installation, which enables you to reuse
that image on different computers.
The next time you boot the Windows image, the specialize configuration
pass runs. During this configuration pass, many components have actions
that must be processed when you boot a Windows image on a new computer.
Any method of moving a Windows image to a new computer, either through
imaging, hard disk duplication, or other method, must be prepared with
the sysprep /generalize command. Moving or copying a Windows image to a
different computer without running sysprep /generalize is not

Sysprep Command-Line Options

The following command-line
options are available for Sysprep:

sysprep.exe [/oobe
| /audit] [/generalize] [/reboot
| /shutdown | /quit] [/quiet]


Option Description


Restarts the computer into audit mode. Audit mode enables
you to add additional drivers or applications to Windows. You can also
test an installation of Windows before it is sent to an end user.

an unattended Windows setup file is specified, the audit mode of
Windows Setup runs the auditSystem and auditUser configuration passes.


the Windows installation to be imaged. If this option is specified, all
unique system information is removed from the Windows installation. The
security ID (SID) resets, any system restore points are cleared, and
event logs are deleted.

The next time the computer starts, the
specialize configuration pass runs. A new security ID (SID) is created,
and the clock for Windows activation resets, if the clock has not
already been reset three times.


Restarts the computer into Windows Welcome mode. Windows
Welcome enables end users to customize their Windows operating system,
create user accounts, name the computer, and other tasks. Any settings
in the oobeSystem configuration pass in an answer file are processed
immediately before Windows Welcome starts.


the computer. Use this option to audit the computer and to verify that
the first-run experience operates correctly.


down the computer after Sysprep completes.


Sysprep without displaying on-screen confirmation messages. Use this
option if you automate Sysprep.


Closes Sysprep after running the specified commands.


Applies settings in an answer file to Windows during
unattended installation.


Specifies the
path and file name of the answer file to use.

Posted in Windows Deployment | Leave a comment


PsGetSid v1.43

By Mark Russinovich

December 4, 2006

 Download PsTools (1.31 MB)


allows you to translate SIDs to their display name and vice versa. It
works on builtin accounts, domain accounts, and local accounts.


copy PsGetSid onto your executable path, and type "psgetsid".


psgetsid [\\computer[,computer[,…] | @file] [-u username [-p
password]]] [account|SID]

If you want to see a computer’s
SID just pass the computer’s name as a command-line argument. If you
want to see a user’s SID, name the account (e.g. "administrator") on the
command-line and an optional computer name.

Specify a user name
if the account you are running from doesn’t have administrative
privileges on the computer you want to query. If you don’t specify a
password as an option, PsGetSid will prompt you for one so that
you can type it in without having it echoed to the display.




(1.31 MB)

Posted in Windows Deployment | Leave a comment


NewSID v4.10

By Mark Russinovich and Bryce Cogswell

November 1, 2006

NewSID has been retired and is no longer available for download. Please
see Mark Russinovich’s blog post: NewSID
Retirement and the Machine SID Duplication Myth


SIDs, Microsoft does not support images that are prepared using NewSID,
we only support images that are prepared using SysPrep. Microsoft has
not tested NewSID for all deployment cloning options.

For more
information on Microsoft’s official policy, please see the following
Knowledge Base article:


organizations use disk image cloning to perform mass rollouts of
Windows. This technique involves copying the disks of a fully installed
and configured Windows computer onto the disk drives of other computers.
These other computers effectively appear to have been through the same
install process, and are immediately available for use.

While this
method saves hours of work and hassle over other rollout approaches, it
has the major problem that every cloned system has an identical
Computer Security Identifier (SID). This fact compromises security in
Workgroup environments, and removable media security can also be
compromised in networks with multiple identical computer SIDs.

from the Windows community has lead several companies to develop
programs that can change a computer’s SID after a system has been
cloned. However, Symantec’s SID Changer andSymantec’s Ghost Walker are
only sold as part of each company’s high-end product. Further, they both
run from a DOS command prompt (Altiris’ changer is similar to NewSID).

is a program we developed that changes a computer’s SID. It is free and
is a Win32 program, meaning that it can easily be run on systems that
have been previously cloned.

Please read this entire article
before you use this program.

Version Information:

  • Version
    4.0 introduces support for Windows XP and .NET Server, a wizard-style
    interface, allows you to specify the SID that you want applied, Registry
    compaction and also the option to rename a computer (which results in a
    change of both NetBIOS and DNS names).
  • Version 3.02 corrects a
    bug where NewSid would not correctly copy default values with invalid
    value types when renaming a key with an old SID to a new SID. NT
    actually makes use of such invalid values at certain times in the SAM.
    The symptom of this bug was error messages reporting access denied when
    account information was updated by an authorized user.
  • Version
    3.01 adds a work-around for an inaccessible Registry key that is created
    by Microsoft Transaction Server. Without the work-around NewSID
    would quit prematurely.
  • Version 3.0 introduces a SID-sync
    feature that directs NewSID to obtain a SID to apply from
    another computer.
  • Version 2.0 has an automated-mode option, and
    let’s you change the computer name as well.
  • Version 1.2 fixes a
    bug in that was introduced in 1.1 where some file system security
    descriptors were not updated.
  • Version 1.1 corrects a relatively
    minor bug that affected only certain installations. It also has been
    updated to change SIDs associated with the permission settings of file
    and printer shares.

and Alternate Rollout Methods

One of the most popular ways of
performing mass Windows rollouts (typically hundreds of computers) in
corporate environments is based on the technique of disk cloning. A
system administrator installs the base operating system and add-on
software used in the company on a template computer. After configuring
the machine for operation in the company network, automated disk or
system duplication tools (such as Symantec’sGhost,
, and Altiris’RapiDeploy)
are used to copy the template computer’s drives onto tens or hundreds
of computers. These clones are then given final tweaks, such as the
assignment of unique names, and then used by company employees.

popular way of rolling out is by using the Microsoft sysdiff
utility (part of the Windows Resource Kit). This tool requires that the
system administrator perform a full install (usually a scripted
unattended installation) on each computer, and then sysdiff
automates the application of add-on software install images.

the installation is skipped, and because disk sector copying is more
efficient than file copying, a cloned-based rollout can save dozens of
hours over a comparable sysdiff install. In addition, the system
administrator does not have to learn how to use unattended install or sysdiff,
or create and debug install scripts. This alone saves hours of work.

SID Duplication Problem

The problem with cloning is that it is
only supported by Microsoft in a very limited sense. Microsoft has
stated that cloning systems is only supported if it is done before the
GUI portion of Windows Setup has been reached. When the install reaches
this point the computer is assigned a name and a unique computer SID. If
a system is cloned after this step the cloned machines will all have
identical computer SIDs. Note that just changing the computer name or
adding the computer to a different domain does not change the computer
SID. Changing the name or domain only changes the domain SID if the
computer was previously associated with a domain.

To understand
the problem that cloning can cause, it is first necessary to understand
how individual local accounts on a computer are assigned SIDs. The SIDs
of local accounts consist of the computer’s SID and an appended RID
(Relative Identifier). The RID starts at a fixed value, and is increased
by one for each account created. This means that the second account on
one computer, for example, will be given the same RID as the second
account on a clone. The result is that both accounts have the same SID.

SIDs aren’t an issue in a Domain-based environment since domain
accounts have SID’s based on the Domain SID. But, according to Microsoft
Knowledge Base article Q162001, "Do Not Disk Duplicate Installed
Versions of Windows NT", in a Workgroup environment security is based on
local account SIDs. Thus, if two computers have users with the same
SID, the Workgroup will not be able to distinguish between the users.
All resources, including files and Registry keys, that one user has
access to, the other will as well.

Another instance where
duplicate SIDs can cause problems is where there is removable media
formated with NTFS, and local account security attributes are applied to
files and directories. If such a media is moved to a different computer
that has the same SID, then local accounts that otherwise would not be
able to access the files might be able to if their account IDs happened
to match those in the security attributes. This is not be possible if
computers have different SIDs.

An article Mark has written,
entitled "NT
Rollout Options
was published in the June issue of Windows
NT Magazine
. It discusses the duplicate SID issue in more detail,
and presents Microsoft’s official stance on cloning. To see if you have a
duplicate SID issue on your network, use PsGetSid
to display machine SIDs.


is a program we developed to change a computer’s SID. It first
generates a random SID for the computer, and proceeds to update
instances of the existing computer SID it finds in the Registry and in
file security descriptors, replacing occurrences with the new SID. NewSID
requires administrative privileges to run. It has two functions:
changing the SID, and changing the computer name.

To use NewSID’s
auto-run option, specify "/a" on the command line. You can also direct
it to automatically change the computer’s name by including the new name
after the "/a" switch. For example:

newsid /a [newname]

have NewSID run without prompting, change the computer name to
"newname" and have it reboot the computer if everything goes okay.

If the system on which you wish to run NewSID is running
IISAdmin you must stop the IISAdmin service before running NewSID.
Use this command to stop the IISAdmin service: net stop iisadmin /y

SID-synchronizing feature that allows you to specify that, instead of
randomly generating one, the new SID should be obtained from a different
computer. This functionality makes it possible to move a Backup Domain
Controller (BDC) to a new Domain, since a BDC’s relationship to a Domain
is identified by it having the same computer SID as the other Domain
Controllers (DCs). Simply choose the "Synchronize SID" button and enter
the target computer’s name. You must have permissions to change the
security settings of the target computer’s Registry keys, which
typically means that you must be logged in as a domain administrator to
use this feature.

Note that when you run NewSID that the
size of the Registry will grow, so make sure that the maximum Registry
size will accomodate growth. We have found that this growth has no
perceptible impact on system performace. The reason the Registry grows
is that it becomes fragmented as temporary security settings are applied
by NewSID. When the settings are removed the Registry is not

Important: Note that while we have
thoroughly tested NewSID, you must use it at your own risk. As
with any software that changes file and Registry settings, it is highly
recommended that you completely back-up your computer before running NewSID.

Moving a BDC

are the steps you should follow when you want to move a BDC from one
domain to another:

  1. Boot up the BDC you want to move and log
    in. Use NewSID to synchronize the SID of the BDC with the PDC
    of the domain to which you wish to move the BDC.
  2. Reboot the
    system for which you changed the SID (the BDC). Since the domain the BDC
    is now associated with already has an active PDC, it will boot as a BDC
    in its new domain.
  3. The BDC will show up as a workstation in
    Server Manager, so use the "Add to Domain" button to add the BDC to its
    new domain. Be sure to specify the BDC radio button when adding.

How it Works

starts by reading the existing computer SID. A computer’s SID is stored
in the Registry’s SECURITY hive under SECURITY\SAM\Domains\Account.
This key has a value named F and a value named V. The V value is a
binary value that has the computer SID embedded within it at the end of
its data. NewSID ensures that this SID is in a standard format
(3 32-bit subauthorities preceded by three 32-bit authority fields).

NewSID generates a new random SID for the computer. NewSID‘s
generation takes great pains to create a truly random 96-bit value,
which replaces the 96-bits of the 3 subauthority values that make up a
computer SID.

Three phases to the computer SID replacement follow.
In the first phase, the SECURITY and SAM
Registry hives are scanned for occurrences of the old computer SID in
key values, as well as the names of the keys. When the SID is found in a
value it is replaced with the new computer SID, and when the SID is
found in a name, the key and its subkeys are copied to a new subkey that
has the same name except with the new SID replacing the old.

final two phases involve updating security descriptors. Registry keys
and NTFS files have security associated with them. Security descriptors
consist of an entry that identifies which account owns the resource,
which group is the primary group owner, an optional list of entries that
specify actions permitted by users or groups (known as the
Discretionary Access Control List – DACL), and an optional list of
entries that specify which actions performed by certain users or groups
will generate entries in the system Event Log (System Access Control
List – SACL). A user or a group is identified in these security
descriptors with their SIDs, and as I stated earlier, local user
accounts (other than the built-in accounts such as Administrator, Guest,
and so on) have their SIDs made up of the computer SID plus a RID.

first part of security descriptor updates occurs on all NTFS file
system files on the computer. Every security descriptor is scanned for
occurrences of the computer SID. When NewSID finds one, it
replaces it with the new computer SID.

The second part of security
descriptor updates is performed on the Registry. First, NewSID
must make sure that it scans all hives, not just those that are loaded.
Every user account has a Registry hive that is loaded as HKEY_CURRENT_USER
when the user is logged in, but remains on disk in the user’s profile
directory when they are not. NewSID identifies the locations of
all user hive locations by enumerating the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
key, which points at the
directories in which they are stored. It then loads them into the
Registry using RegLoadKey under HKEY_LOCAL_MACHINE and
scans the entire Registry, examining each security descriptor in search
of the old computer SID. Updates are performed the same as for files,
and when its done NewSID unloads the user hives it loaded. As a
final step NewSID scans the HKEY_USERS key,
which contains the hive of the currently logged-in user as well as the
.Default hive. This is necessary because a hive can’t be loaded twice,
so the logged-in user hive won’t be loaded into HKEY_LOCAL_MACHINE
when NewSID is loading other user hives.

Finally, NewSID
must update the ProfileList subkeys to refer to the
new account SIDs. This step is necessary to have Windows NT correctly
associate profiles with the user accounts after the account SIDs are
changed to reflect the new computer SID.

NewSID ensures
that it can access and modify every file and Registry key in the system
by giving itself the following privileges: System, Backup, Restore and
Take Ownership.

Posted in Windows Deployment | Leave a comment

Microsoft Assessment and Planning Toolkit


Microsoft Assessment and Planning Toolkit

Published: July 13, 2009   |   Updated: November 24. 2009


Download This Solution Accelerator

the download of the Microsoft Assessment and Planning Toolkit.

the download of the sample documents created by the Microsoft
Assessment and Planning Toolkit

more related resources for the Microsoft Assessment and Planning

About This Solution Accelerator

The Microsoft® Assessment and Planning (MAP) Toolkit makes it easy
to assess your current IT infrastructure and determine the right
Microsoft technologies for your IT needs.

MAP is a powerful inventory, assessment, and reporting tool that
can securely run in small or large IT environments without requiring the
installation of agent software on any computers or devices. The
inventory and assessment capabilities provided by this Solution
Accelerator can significantly simplify the planning process for
migrating your laptops, desktops, and server computers to Windows® 7,
Windows Server® 2008 R2, Windows Server 2008, Windows Vista® and
Microsoft Office 2007. The server virtualization scenarios help you
identify underutilized resources and the hardware specifications needed
to successfully consolidate your servers using Microsoft Hyper-V
technology. Additionally, the toolkit can help you identify unmanaged
assets, Microsoft SQL Server® components and virtual machines in your

Included in the Download

The Microsoft Assessment and Planning Toolkit includes the
following components:

  • Microsoft_Assessment_and_Planning_Toolkit_Setup.exe. The
    installation package includes the tool, release notes, Getting
    Started Guide
    , and toolkit help (chm file). Download
  • Release_Notes_en.htm. Provides information you
    should read before installing the MAP Toolkit, including installation
    prerequisites, and known issues. Available as a separate download. Download
  • Getting_Started_Guide.en.doc. Provides
    information about installing the tool, describes supported assessment
    scenarios, and shows how to use the results. Available as a separate
    download. Download
  • MAP Sample Documents.zip. Contains sample
    reports and proposals that the MAP tool generates in Word and Excel
    formats. Available as a separate download. Download

Feature Overview

MAP performs three key functions: inventory, compatibility
analysis, and readiness reporting.

Microsoft Assessment and Planning

Figure 1. Three Key Functions of Microsoft
Assessment and Planning Toolkit

Secure and Agentless Inventory

MAP provides secure, agentless, and network-wide inventory that
scales from small business to large enterprises. It collects and
organizes system resources and device information from a single
networked computer. Assessment tools often require users to first deploy
software agents on all computers to be inventoried, but this tool does
not. MAP uses technologies already available in your IT environment to
perform inventory and assessments. These technologies include Windows
Management Instrumentation (WMI), the Remote Registry Service, Active
Directory Domain Services, and the Computer Browser service.

You can use MAP to inventory the following platforms:

  • Windows 7
  • Windows Vista
  • Windows XP® Professional
  • Windows Server 2008 or Windows Server 2008 R2
  • Windows Server 2003 or Windows Server 2003 R2
  • Windows 2000 Professional or Windows 2000 Server
  • VMware ESX
  • VMware ESXi
  • VMware Server

Note   To see a list of platforms
on which MAP can be installed, refer to the “Installation Prerequisites”
section of the MAP Release Notes.

Comprehensive Data Analysis

MAP performs a detailed analysis of hardware and device
compatibility for migration to Windows 7, Windows Server 2008 R2,
Windows Server 2008, Microsoft Office 2007, Microsoft Application
Virtualization, and Windows Vista. The hardware assessment looks at the
installed hardware and determines if migration is recommended. If it is
not recommended then the reports tell you why it is not.

The device assessment looks at the devices installed on a computer
and reports availability of drivers for those devices. Device
assessment is provided for Windows 7, Windows Server 2008 R2, Windows
Server 2008, and Windows Vista migration scenarios.

For customers interested in server consolidation and
virtualization through technologies such as Hyper-V and Virtual Server
2005 R2, this tool helps to gather performance metrics and generate
server consolidation recommendations that identify the candidates for
server virtualization and how the physical servers might be placed in a
virtualized environment.

In-Depth Readiness Reporting

MAP generates reports containing both summary and detailed
assessment results for each migration scenario. The results are provided
in Microsoft Excel workbooks and Microsoft Word documents. Reports are
generated for the following scenarios:

  • Identification of currently installed Windows client operating
    systems, their hardware, and recommendations for migration to Windows 7
    and Windows Vista. The tool also reports if desktops have anti-virus and
    anti-malware programs installed and if the Windows Firewall is turned
  • Identification of currently installed Windows Server operating
    systems, their hardware, and recommendations for migration to Windows
    Server 2008 R2 and Windows Server 2008.
  • Identification of currently installed Microsoft Office software
    and recommendations for migration to Microsoft Office 2007.
  • Detailed assessment and reporting of server utilization gathered
    using the Performance Metrics Wizard.
  • Recommendations for server consolidation and virtual machine
    placement using Hyper-V or Virtual Server 2005 R2.
  • Assessment of client machines, servers, and the technology
    environment for the implementation of Microsoft Application
    Virtualization (formerly SoftGrid).
  • Identification of machines where Microsoft SQL Server components
    are installed.
  • Identification of virtual machines, their hosts, and details
    about each.
  • Power Savings Assessment: Create a proposal to identify server
    and client machines running in your environment and understand the power
    management capabilities available.

Related Resources

Community and Feedback

To interact with other members of the Microsoft Assessment and
Planning community, learn more about the tool, and get help with
questions, visit the Microsoft Assessment and Planning forum on TechNet
at http://go.microsoft.com/fwlink/?LinkID=110990.

To send feedback or suggestions for improving the Microsoft
Assessment and Planning Toolkit (MAP), send e-mail to mapfdbk@microsoft.com.

About Solution Accelerators

are authoritative resources that help IT pros plan,
deliver, operate, and manage IT systems that address real-world
scenarios. Solution Accelerators provide free, prescriptive guidance and
automation to accelerate cross-product integration, core infrastructure
development, and other enhancements.

to receive the Solution Accelerator Notifications
newsletter so that you can stay informed about new Solution Accelerator
releases and updates. The newsletter covers such areas of interest as:

  • Communication and collaboration
  • Security, data protection, and recovery
  • Assessment and planning
  • Deployment
  • Operations and management

Download This Accelerator

the Microsoft Assessment and Planning Toolkit

Posted in Windows Deployment | Leave a comment

How Sysprep Works


How Sysprep Works

The System Preparation tool, Sysprep.exe, is used to
prepare an installation of Windows for imaging or delivery to a

This topic includes:

  • Sysprep Executable
  • Sysprep Processes
  • Using an Answer File with Sysprep
  • Resetting Windows Activation
  • Detecting the State of a Windows Image
  • Sysprep Log Files

Sysprep Executable

Sysprep.exe is the main program
that calls other executable files that prepare the Windows
installation. Sysprep.exe is located in the %WINDIR%\system32\sysprep
directory on all installations. Sysprep must always be run from the
%WINDIR%\system32\sysprep directory and must run on the version of
Windows with which it was installed.


When Sysprep
runs, it goes through the following process:

  1. Verifies that Sysprep can run. Only an administrator can run Sysprep,
    and only one instance of Sysprep can run at a given time. Also, Sysprep
    must run on the version of Windows with which it was installed.
  2. Initializes logging.
  3. Parses command-line arguments.

    If no command-line arguments were provided, the Sysprep window appears
    that enables users to specify Sysprep actions.

  4. Processes Sysprep actions, calls appropriate .dll files and executable
    files, and adds actions to the log file.
  5. Verifies that all .dll files have processed all their tasks, and then
    either shuts down the system, restarts the system, or exits Sysprep.

Using Answer Files with Sysprep

You can use an answer file with
Sysprep to configure unattended Setup settings. The following sections
describe some of the considerations and processes for using answer files
with Sysprep.

Applying Settings in the
generalize, auditSystem and auditUser passes

all configuration passes run during Windows Setup. Some configuration
passes are only available when you run Sysprep. The generalize,
auditSystem and auditUser passes are available only by running Sysprep.
If you add settings to your answer file in these configuration passes,
you must run Sysprep to apply these settings:

  • To apply the settings in auditSystem and auditUser, you must boot to
    Audit mode by using the sysprep/audit
  • To apply the settings in the generalize pass, you must generalize the
    Windows image by using the sysprep/generalize

For more information, see How
Configuration Passes Work
. For more information about Sysprep
command-line options, see Sysprep
Command-Line Syntax

Caching Answer
Files to the Computer

If you install
Windows by using an answer file, that answer file is cached to the
system so when subsequent configuration passes run, settings in the
answer file are applied to the system.

Because this answer file is
cached, when you run Sysprep, settings in the cached answer file are
applied. If you use the settings in a different answer file, you can
specify a separate Unattend.xml file by using the sysprep
filename option. For more information, see Sysprep
Command-Line Syntax

For more information about using
implicit answer file search, see How
Windows Setup Works

Plug and Play Device Drivers during generalize

You can persist device drivers when you run the sysprep
command by specifying the
PersistentAllDeviceInstalls setting in the Microsoft-Windows-PnPSysprep
component. During the specialize pass, Plug and Play scans the computer
for devices and installs device drivers for the detected devices. By
default, these device drivers are removed from the system when you
generalize the system. If you set PersistAllDeviceInstalls to True
in an answer file, Sysprep will not remove the detected device drivers.
For more information, see the Unattended Windows Setup

RunSynchronous Actions in an Answer File

Audit mode, you can view the status for RunSynchronous commands that
run during auditUser. The AuditUI window displays the status for
commands and provides:

  • Visual progress to indicate that an installation is continuing and not
  • Visual indication of when and where failures occur. This provides quick
    diagnosis if log files are not created by the command.

there are RunSynchronous commands in the answer file in the auditUser
configuration pass, a list of the commands are displayed in the AudiUI
window in the order specified by
RunSynchronous/RunSynchronousCommand/Order. Each list item in the UI is
either the string from:

  • RunSynchronous/RunSynchronousCommand/Description (if present)


  • RunSynchronous/RunSynchronousCommand/Path

RunSynchronous commands are processed in order. If the command succeeds,
then its related list item is annotated with a green checkmark. If the
command fails, then its related list item is annotated with a red X. If a
reboot is requested, the AuditUI is redisplayed after the boot but only
unprocessed list items are displayed. Previously processed items no
longer appear in the AuditUI. If the list of items in the AuditUI
exceeds the height of the display, then the list is clipped to the
display and does not scroll. As a result, some items might not be

Windows Setup interprets the zero and nonzero return
codes as status values in the AuditUI. A zero value indicates a success,
while a nonzero value indicates a failure. The return value of the
command might affect the behavior of the Setup, depending on the value
of the RunSynchronous/RunSynchronousCommand/WillReboot command.

RunSynchronous/RunSynchronousCommand/WillReboot is set to Always,

  • If the command returns 0, its related list item is annotated with a
    green checkmark. A reboot immediately occurs.
  • If the command returns nonzero, its related list item is annotated with a
    red X. A reboot immediately occurs.

RunSynchronous/RunSynchronousCommand/WillReboot is set to Never,

  • If the command returns 0, its related list item is annotated with a
    green checkmark.
  • If the command returns nonzero, its related list item is annotated with a
    red X. A nonzero return value is not treated as a fatal error when
    WillReboot is set either to Always or Never.

RunSynchronous/RunSynchronousCommand/WillReboot is set to OnRequest,

  • If the command returns 0, its related list item is annotated with a
    green check mark.
  • If the command returns 1, its related list item is annotated with a
    green check mark. A reboot immediately occurs.
  • If the command returns 2, its related list item is temporarily annotated
    with a green checkmark. A reboot immediately occurs. Following the
    reboot, the related list item is displayed again in the AuditUI without
    annotation because the command is still in process.
  • If the command returns other values, then a fatal error occurs and a
    blocking dialog is displayed. If the Errorhandler.cmd file is present,
    no dialog is displayed. For more information about Errorhandler.cmd, see
    a Custom Script to Windows Setup

Resetting Windows Activation

When you install Windows with a
single license product key, you have 30 days during which you must
activate that installation of Windows. If you do not activate Windows
within the 30 day period and do not reset the activation clock, Windows
will enter RFM (Reduced Functionality Mode). This mode prevents users
from logging on to the computer until Windows is activated.

is no limit to the number of times Sysprep can run on a computer.
However, the clock for Windows Product Activation begins its countdown
the first time Windows starts. You can use the sysprep
command to reset Windows Product Activation a
maximum of three times. After the third time you run the sysprep
command, the clock can no longer be reset.

you run the sysprep /generalize command, the
activation clock will automatically reset. You can bypass resetting the
activation clock by using the SkipRearm setting in the
Microsoft-Windows-Security-Licensing-SLC component. This enables you to
run Sysprep multiple times without resetting the activation clock. For
more information about this setting, see the Unattended
Windows Setup Reference

If you anticipate running Sysprep multiple times on a single computer,
you must use the SkipRearm setting in the
Microsoft-Windows-Security-Licensing-SLC component to postpone resetting
the activation clock. Because you can reset the activation clock only
three times, if you run Sysprep multiple times on a computer, you might
run out of activation clock resets. Microsoft recommends that you use
the SkipRearm setting if you plan on running Sysprep multiple times on a

License and OEM Activation Requirements

volume licenses, activation clock reset behavior is different,
depending on the type of license.

  • Activation can be reset an unlimited number of times for an activated
    Key Management Service (KMS) clients. For non-activated KMS clients, the
    activation clock can be reset only up to three times, the same as a
    single license.

    Microsoft recommends that KMS clients use the sysprep
    command where the value of the SkipRearm setting is
    equal to 1. After capturing this image, use the sysprep
    command where the value of the SkipRearm
    setting is equal to 0.

  • For Multiple Activation Keys (MAK) clients, the recommendation is to
    install the MAK immediately before running Sysprep the last time before
    delivering the computer to a customer.

Activation licenses, activation is not required. OEM Activation is
available only to royalty OEMs.

Windows before Shipping to a Customer

customers can easily manage activation after receiving their computers.
But if you prefer, you can activate the software on behalf of your
customers, making it easier for them to start using their new computers.
After activation is completed, most users will not need to activate
their installation again.

To activate Windows for your customer,
use the unique Product Key from the certificate of authenticity (COA)
label that is affixed to the specific computer, and activate the
computer on behalf of the end user. Run the sysprep /oobe
command to prepare the computer for delivery to the customer.

You cannot make an image of an activated Windows installation and
duplicate that image to another computer. If you do, Windows fails to
recognize the activation and forces the end user to reactivate the
installation manually.

Booting to Audit Mode or Windows Welcome

When Windows Vista boots, there
are two modes in which the computer will start:

  • Windows
    Windows Welcome, also called Machine OOBE (out-of-box
    experience), is the first user experience and enables end users to
    customize their Windows installation. End users can create user
    accounts, read and accept the Microsoft Software License Terms, and
    choose their language and time zones.

    By default, all Windows installations boot to Windows Welcome first.

    The oobeSystem configuration pass runs immediately before Windows
    Welcome starts. For more information about this configuration pass, see oobeSystem.

  • Audit
    . Audit mode enables OEMs and corporations to add
    customizations to their Windows images. Audit mode does not require
    settings in Windows Welcome to be applied. By bypassing Windows Welcome,
    you can access the desktop quicker and perform your customizations. You
    can add additional device drivers, install applications, and test the
    validity of the installation.

    In Audit mode, settings in an unattended answer file in the auditSystem
    and auditUser configuration passes are processed. For more information
    about these configuration passes, see auditSystem
    and auditUser.

    If you are running in Audit mode, to configure the installation to boot
    to Windows Welcome, run the sysprep /oobe command. OEMs
    are required to run sysprep /oobe before shipping a
    computer to an end user. In a default Windows Vista installation, after
    installation completes, Windows Welcome starts. However, you can skip
    Windows Welcome and boot directly to Audit mode by pressing Ctrl+Shift+F3
    at the first Windows Welcome screen.

    For unattended installation, you can configure Windows to boot to Audit
    mode by using the Microsoft-Windows-Deployment | Reseal setting in an
    answer file. For more information, see the Unattended
    Windows Setup Reference

For more
information about Audit mode, see Customize
Windows in Audit Mode

Detecting the
State of a Windows Image

can identify the state of a Windows image, whether it will boot to
Audit mode, Windows Welcome, or if the image is still in the process of
installation. For more information, see Windows
Setup Installation Process

Log Files

Sysprep logs
Windows setup actions in different directories, depending on the
configuration pass. Because the generalize pass deletes certain Windows
Setup log files, Sysprep logs generalize actions outside the standard
Windows Setup log files. The following table shows the different log
file locations that are used by Sysprep.


Item Log Path





Unattended Windows setup actions


Posted in Windows Deployment | Leave a comment