My preferred method when creating images is to build the machine in a virtual environment using a fully automated build and capture task sequence in SCCM or MDT. This makes the images consistent, repeatable and reliable which are all good, things to consider if you think ahead are the settings which can be applied, these can include the following.
- Regional Settings
- Installed features
- Custom Themes
- Firewall
To make sure the image is created with full UK English (A common requirement for me) the following is added to the unattend.txt
[RegionalSettings]
InputLocale_DefaultUser=0809:00000809 ; Specifies the Inputlocal and keyboard setting for default user
UserLocale_DefaultUser=00000809 ; Locale ID for default User
InputLocale=0809:00000809 ; Locale\Keyboard combinations to be installed
Language=00000809 ; Lanugage locale to be installed
LanguageGroup=1 ; Language Group to be installed
SystemLocale=00000809 ; System Locale to be specified
UserLocale=00000809 ; User Locale setting
A good starting point for a corporate desktop that require no extra stuff such as games or windows media player a good starting point is this.
[Components]
AccessOpt = on ; accessibility wizard
Calc = on ; calculator
CertSrv = off ; certificate services compontents of the certificate server
CertSrv_Client = off ; web client components of the certificate server
CertSrv_Server = off ; server components of the certificate server
CharMap = off ; enables insertion of symbols and characters into documents
Chat = off ; chat client
Clipbook = on ; clipboard viewer
Complusnetwork = off ; COM+ network access
DeskPaper = off ; desktop wallpaper
Dialer = off ; phone dialer
Dtcnetwork = off ; DTC network access
Fax = off ; Fax components
fp_extensions = off ; Front Pager Extensions
fp_vdir_deploy = off ; Visual Interdev RAD remote deployment
freecell = off ; freecell game
hearts = off ; hearts game
hypertrm = on ; hyperterm
IEAccess = on ; installs visible entry points (shortcuts) for IE
IEHardenAdmin = off ; harden IE for administrators, power users
IEHardenUser = off ; harden IE for users
Iis_Common = off ; common set of files needed by internet information services
Iis_Ftp = off ; ftp service
Iis_Htmla = off ; html based administration tools for iis
Iis_Inetmgr = off ; microsoft management console based administration tools for iis
iis_nntp = off ; NNTP server.
iis_nntp_docs = off ; NNTP server docs.
iis_pwmgr = off ; personal web manager, valid only for w2k professional
iis_smtp = off ; SMTP server.
iis_smtp_docs = off ; SMTP server docs.
iis_www = off ; www service
iis_www_vdir_printers = off ; Web printing components
iis_www_vdir_terminalService = off ; Installs terminal Services Active X control into the virtual directory
IisDbg = on ; script debugger
indexsrv_system = off ; indexing services, requires iis_common, iis_inetmgr, iis_www and com = on
inetprint = off ; internet printing, requires iis_common, iis_inetmgr, and iis_www
LicenseServer = off ; Disable Terminal Services licensing.
media_clips = off ; Sample Sounds
Media_Utopia = off ; utopia sound scheme
minesweeper = off ; game
mousepoint = off ; mouse pointers
Mplay = off ; Windows media player
msmq_ADIntegrated = off ; Integrates MSMQ into AD
msmq_Core = off ; MSMQ core components
msmq_HTTPSupport = off ; Enables MSMQ to use HTTP
msmq_LocalStorage = off ; Allows messages to be stored locally
msmq_MQDSService = off ; Provides AD and site recognition
msmq_RoutingSupport = off ; Provides MSMQ routing
msmq_TriggerService = off ; associates message arrival with com objects
msnexplr = off ; Installs MSN Explorer
MsWordPad = on ; Word Pad
NetCis = off ; microsoft com internet services, requires iis_common, iis_inetmgr, iis_www and com = on
NetOc = on ; additional optional networking components, requires [NetOptionalComponents] section
ObjectPkg = off ; object packager
OEAccess = off ; hide Outlook Express icons
Paint = on ; MS Paint
pinball = off ; game
rec = on ; sound recorder
reminst = off ; remote installation services
rootautoupdate = on ; OCM update root certificates
RStorage = off ; remote storage services enable the use of tape libraries as extensions of ntfs volumes
solitaire = off ; Solitaire game
spider = off ; spider game
Templates = on ; document templates
TerminalServer = off ; Installs Terminal Services on SERVERs only
TsClients = off ; if TsEnable = On then tsClient files for creating client disks, appx 10MB
TsWebClient = off ; Installs the ActiveX component for terminal services. requires IIS
vol = on ; volume control
wmaccess = off ; show Windows Messenger shortcuts
wmPOCM = off ; show Windows Media Player shortcuts
Wms = off ; windows media technologies components
Wms_Admin_asp = off ; windows media technologies server administration tools web components
wms_admin_mmc=off ; Windows Media MMC snap in
Wms_Server = off ; windows media technologies server, requires Wms_Admin
zonegames = off ; Installs MS Game Zone internet games
When the default theme is out of favour some like the Classic Theme, however other themes can be created and copied in the task sequence. Make sure that any spaces are wrapped in quotes (speaking from experience here) as this will make the unattend.txt corrupt/unusable.
[Shell]
DefaultStartPanelOff = yes ; No = use XP start panel, Yes= Use classic windows with icons on desktop
DefaultThemesOff = yes ; No means use XP Themes Yes means us Windows Classic themes
CustomDefaultThemeFile="c:\windows\Resources\Themes\Windows Classic.theme"
Although I would never advocate turning of the Windows Firewall if you wish to do this then it can also be added to the unattend.txt
[WindowsFirewall]
Profiles = WindowsFirewall.TurnOffFirewall
[WindowsFirewall.TurnOffFirewall]
Mode = 0
John Riseam
System Center Consultant
Risual Ltd
