Monday, April 2, 2012

Making SkipRearm work for you

So, one of the nice parts about virtualizing a Windows 2003 or XP system (other than the small resource footprint, compared to newer OS versions) was the quick, tidy way of cloning and generalizing them: clone it, run NewSID to give it a new SID and NetBIOS name. Done.

We can't do that anymore with Windows Server 2008 R2 and Windows 7 (nor Server 2008 and Vista): between licensing scheme changes and NewSID going the way of the dodo, there are only two ways to virtualize them: install from 'scratch', or clone/sysprep.

Microsoft has made huge strides in their install platform since it was introduced, and doing "from scratch" installs aren't that bad anymore; but if you've got a system that's set up just so, it's probably a lot more work to rebuild from scratch than to clone & generalize.

But that's what can cause problems: the default behavior of sysprep is to reset the product code and licensing activation state for the cloned machine. In and of itself, that's no great issue, but Microsoft built a hard limit into the number of times a system can be "rearmed" for licensing; if you reach that limit, there's no do-overs. You can't get sysprep to succeed.

There's a way to address this, too: Microsoft also recognized that there might be times when you need to leave the machine's licensing state alone, yet still generalize it. You can find articles around the 'net for the "SkipRearm" component of a sysprep answer file, and it does work. Mostly. If you do it correctly.

That's the point of this post: for every way that exists to do it correctly, there are probably 150 ways to do it incorrectly. I know: I spent several hours over the weekend trying to get it working.

I succeeded, but it wasn't quick. So what follows is the documentation for the method that worked for me...

To make shorter work of this, you'll need several things:

  1. Microsoft WAIK (Windows Automated Install Kit). It's an ISO that includes the installer for SIM (System Image Manager). The key item is SIM.
  2. Install image (WIM) from the OS you're trying to work with. It can be the base install.wim that comes on the distribution media, or an updated WIM that you used to create your "template" system.
  3. A VM with a fully-licensed OS. You'll want to run this VM on a hypervisor that will allow you to take snapshots (Type I or Type II, doesn't make a difference--it's the snapshot facility that we're after to make faster work of this).
  4. Text editor (Notepad is fine, but I like the highlighting in SciTE, the Scintilla Text Editor)
Assemble your toys, and take a snapshot of your VM so that you can roll it back to the state that exists prior to "messing" with it.
  1. Launch SIM and open your install image:
  2. Create or open an answer file:
  3. Expand the Components folder, right-click the Microsoft-Windows-Security-SPP component that is appropriate for your OS type, and select Add setting to Pass 3 generalize. Note: if you instead select the -SLC component, it will have a SkipRearm setting, but the program notes indicate that the setting has been deprecated. In practice, it means "this won't work on newer OSes."

    Additionally, if you're doing this preparation for a 32-bit OS (the screenshots are for Server 2008 R2, by definition a 64-bit OS), you will need to make sure you've selected the x86_ component, not the amd64_ as I've done in the examples. You will note that the Server 2008 R2 WIM doesn't include that option in the components list, but it is available in the 32-bit Windows 7 WIM.
  4. In the settings window, change the value for SkipRearm to 1
  5. Close the Windows image. This will remove any specific association to that image from your answer file.
  6. Save your answer file. Exit SIM. Open your answer file in a text editor.
  7. Note the details in the XML file entries. Those attributes of the component name are the piece that seem to be missing from all the other postings I've seen for this function. If you don't have them all—including that publicKeyToken attribute—your answer file will not work.
  8. If you're not going to play with SIM and try to add additional functionality to your answer file, copy the contents to a file on your VM.
  9. Sysprep can be found in c:\windows\system32\sysprep, which is not in the environment path, so you'll need to open a command shell and go to that directory to invoke it. Invoke it with the following command:
    sysprep /unattend:{answer file you created} /oobe /generalize /reboot
    Assuming your answer file was formatted and read correctly, sysprep will take care of generalizing the VM and rebooting. It will take a couple of reboot passes before it's ready for you to work on it, and the default "out of box experience" dialogs will request your attention; when that's complete, you should see that your VM:
    1. is still licensed
    2. has a new SID
    3. has the same number of "Remaining rearm count" as the source VM
  10. When you're through testing, revert your VM to the snapshot, delete the snapshot, then save the answer file to the base image.
Once you have an answer file saved to a base VM, it's trivial to clone, sysprep and be on your way with a minimum of effort.

4 comments:

  1. Just to let you know...Ghost Walker still works on both Windows 7 and Windows 2008 Server R2 for changing the SID.

    (Only if you are in a Workgrop configuration / NOT a Domain configuration - you can demote, run Ghost Walker and promote back to a Domain logon).

    ReplyDelete
  2. Your guide was the only one out of multiple that actually worked. Only complaint is I couldn't find a text copy of the skiprearm.xml, so I had to type it word for word by looking at the screenshot you gave us. If you could put a text copy somewhere for us to use, it would save a good 5-10 minutes :)

    Thank you!

    ReplyDelete
    Replies
    1. The screenshot was done intentionally: if you go through the process of using the WAIK, the XML is created for you. I've run into issues with other editions & distributions failing to work correctly because they used other tokens. Use the WAIK against your particular OS & version (this applies to all the Windows Activation OSes: vista, win7, 2008, 2008r2) and channel (oem, retail, volume, etc), without presuming that what you see here will automatically work.

      Delete