page contents

About the Post

Author Information

Be careful using sysprep with Windows 2008 r2 in a cloud environment

First off, this is an excellent post on the new changes with sysprep with Windows 7/Windows 2008r2:

I could not write it better myself, so if you need help with sysprep and all the new changes, please review Brain Desmond’s blog on it. Instead, I want to highlight a key point, when you are using sysprep in a virtual world. (such as the cloud, VMWare or Hyper-V, etc.)

Rule number one: Thou shall test your unattend xml file on a newly unconfigured OS install before blaming the file.

Rule number two: Sysprep is NOT your friend, its more of the coworker you have to learn to get along with and it is not going away anytime soon. Please read: The Machine SID Duplication Myth (and Why Sysprep Matters)

Rule number three: The only way to reset the SID/RID is with the generalize option.

Rule number four: Sysprep with the generalize option will remove drivers by default. This is the most important rule and is the main point here.

I am on an EC2 Windows Server (AWS Cloud) and I am looking at the default sysprep unattend.xml file that is used by the EC2Config service. This is located by default in C:\Program Files\Amazon\Ec2ConfigService\sysprep2008.xml.

EC2 Config Service, where to find it and what to look for: 

First screen shot is where it is located on the start menu.

2nd screenshot shows you the bundle tab tab and radio button to select the details of the unattended file.

The last one shows you the location for sysprep.


Here is the default sysprep unattend.xml file:


As you can see Amazon has already set these 2 fields (PersistAllDeviceInstalls and  DoNotCleanUpNonPresentDevices) to true, which is recommended.

PersistAllDeviceInstalls, when set to FALSE, specifies that Plug and Play devices are uninstalled during the generalize pass and then reinstalled during the specialize pass. This is the default value.

DoNotCleanUpNonPresentDevices, when set to FALSE, then during the generalize configuration pass, plug and play device information is removed from the computer.

The thing to keep in mind here is that when you are doing a generalize option, it assumes that you are wanting a clean image, so that is why it will remove drivers that may not need to be installed on another server.

For example, you may be creating this image on an HP Proliant server that has a Smart Array controller driver, but you are deploying this image to your entire network, which also has Dell PowerEdge Servers that have a PERC Raid controller driver. If you set those 2 fields to false, it will remove the drive and force the install to do a plug play to load the proper and needed drivers. This is a nice feature because you do not have to bog down your system with a lot of unnecessary drivers.

However, in a virutalized world, this is bad, because you may be in a scenario such as with AWS EC2, where you are running Windows on a Linux host, which means that Windows can’t access the hardware. Instead it is relaying on a paravirtualization (PV) driver, like a popular one from RedHat, that presents a software interface to virtual machines that is similar but not identical to that of the underlying hardware. In essence you are waiting for a PV driver to tell the OS, what is the hardware it has available to it and is shielded from accessing the hardware.

There is no plug and play, so you get an OS that has no drivers… ouch!

Here is a simplified unattend .xml file for sysprep 64bit Windows Server in a virtual world:

  • PersistAllDeviceInstalls - device drivers are removed from the system when you generalize the system. If you set PersistAllDeviceInstalls to True in an answer file then Sysprep will not remove the detected device drivers. (
  • DoNotCleanUpNonPresentDevices – device drivers that are not detected during plug and play are removed from the system. When PersistAllDeviceInstalls is set to false, then during the generalize configuration pass, plug and play device information is removed from the computer.  This will lead to an operating system that will not boot as it is missing drivers to load the operating system. To protect yourself, please set this to true, so that the device information remains on the computer.  (
  • RunSynchronous – after sysprep the administrator account won’t be disabled.

I hope this helps you avoid running into an issue where you build an image from your infrastructure and then try to import it into Amazon or another cloud provider where it will never boot up.                        ——————————————————————————————

Tags: , , ,

One Response to “Be careful using sysprep with Windows 2008 r2 in a cloud environment”

  1. Brian #

    Great article! For RunSynchronous you mention that the administrator account will not be disabled. Can you provide the code for this?

    September 21, 2012 at 12:40 PM
Copy Protected by Chetan's WP-Copyprotect.