Deploying Golden Images
      Back to home
      1. SiteManager Platform
      2. SiteDeploy
      3. Deploying Golden Images

      Understanding Sysprep Answer Files

      - What is a Sysprep Answer File?

      - Answer Files and Macrium SiteDeploy

      - Using a Custom Answer File

      What is a Sysprep Answer File?

      Once Sysprep has been run, the operating system will enter the first-time setup, also known as the Out of Box Experience, the next time that it is booted. The Out of Box Experience (OOBE) is run out of the box to set up the operating system, this is where options like the system locale and language are specified, and local accounts are created. The OOBE does not take too long when setting up a limited number of operating systems but can become very time-consuming when deploying an image to a larger number of endpoints. Additionally, when performing image deployment, it may be preferable that these options are decided before a user interacts with the system.

      A Sysprep Answer File is an XML file that specifies settings that are used during the OOBE. At its simplest, the answer file can be used to skip the OOBE and reduce the post-deployment configuration on an endpoint. More advanced use cases enable the endpoints to be renamed, default administrator accounts to be configured, and domain join the endpoints post-deployment.

      Answer files are an extremely powerful tool for deployment administrators and operators.

      Answer Files and Macrium SiteDeploy

      Macrium SiteDeploy contains a default answer file that can be found on the Site Manager server at C:\ProgramData\Macrium\SiteManager\UnattendTemplate-Example.xml. This answer file is designed to skip the OOBE and contains variables that can be specified during the centrally-initiated deployment (computer name and default administrator account password). For more information on specifying variables during deployment, see this article.

      The answer file is copied to the relevant location on the target endpoints post-deployment and pre-restart. The answer file will then be read by the operating system when the OOBE is reached. 

      The default answer file is shown below:

      <?xml version="1.0" encoding="UTF-8"?>
      <unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
       <!-- 
       EXAMPLE FILE - This file (UnattendTemplate-Example.xml) will be overwritten when SiteDeploy is upgraded. 
       
          PLEASE DO NOT EDIT THIS FILE. Instead, copy this file to C:\ProgramData\Macrium\SiteManager\UnattendTemplate.xml and
          make your edits and changes there. You can also supply your own sysprep template instead. 


       SiteDeploy will modify the template for each computer by making the following changes:
       
       Any section defined by the <MacriumTemplateSection> node will be removed if the SiteDeploy operation corresponding 
       to the 'condition' attribute is not set. 
       Available conditions are:
       computername - Set the name of this computer
       builtinadmin - Enable the built-in Administrator account and set the password for it
       newadminuser - Create a new local administrator user and set the password for it
       joindomain - Join the computer to a domain using the supplied credentials
       
       If the UI option for one of the conditions above is selected, any XML inside the MacriumTemplateSection node will be
       included in the answer file, otherwise it will be removed.
          
       Additionally, any text using one of the variables below will be replaced by the data entered in 
       the SiteDeploy deployment wizard
       
       $COMPUTERNAME$ - New name of the computer
       $BUILTINADMINPASSWORD$ - Password for the built-in Administrator account
       $NEWADMINUSER$ - Username for a new administrator account to create
       $NEWADMINPASSWORD$ - Password for the new administrator account
       $DOMAINTOJOIN$ - Active Directory to join this computer to
       $DOMAINJOINUSER$ - User used to authenticate the domain join
       $DOMAINJOINPASSWORD$ - Password of the domin join account
       
       Passwords are not stored in the template direactly to reduce any exposure due to having plain-text passwords in files
       -->
       <settings pass="offlineServicing"/>
       <settings pass="windowsPE"/>
       <settings pass="generalize"/>
       <settings pass="specialize">
       <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
       <MacriumTemplateSection condition="computername">
       <ComputerName>$COMPUTERNAME$</ComputerName>
       </MacriumTemplateSection>
       </component>
       <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
       <MacriumTemplateSection condition="computername">
       <ComputerName>$COMPUTERNAME$</ComputerName>
       </MacriumTemplateSection>
       </component>
       <component name="Microsoft-Windows-Deployment" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
       <MacriumTemplateSection condition="builtinadmin">
       <!-- Set the 'order' of this command to higher than any custom commands, this will preserver ordering when you do/do not want to use the built in admin account -->
       <RunSynchronous>
       <RunSynchronousCommand>
       <Order>1</Order>
       <!-- Without this command, the Administrator account will be disabled -->
       <Path>net user Administrator /ACTIVE:YES</Path>
       </RunSynchronousCommand>
       </RunSynchronous>
       </MacriumTemplateSection>
       </component>
       <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
       <MacriumTemplateSection condition="builtinadmin">
       <!-- Set the 'order' of this command to higher than any custom commands, this will preserver ordering when you do/do not want to use the built in admin account -->
       <RunSynchronous>
       <RunSynchronousCommand>
       <Order>1</Order>
       <!-- Without this command, the Administrator account will be disabled -->
       <Path>net user Administrator /ACTIVE:YES</Path>
       </RunSynchronousCommand>
       </RunSynchronous>
       </MacriumTemplateSection>
       </component>
       <MacriumTemplateSection condition="joindomain">
       <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
       <Identification>
       <Credentials>
       <Domain>$DOMAINTOJOIN$</Domain>
       <Password>$DOMAINJOINPASSWORD$</Password>
       <Username>$DOMAINJOINUSER$</Username>
       </Credentials>
       <JoinDomain>$DOMAINTOJOIN$</JoinDomain>
       </Identification>
       </component>
       <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
       <Identification>
       <Credentials>
       <Domain>$DOMAINTOJOIN$</Domain>
       <Password>$DOMAINJOINPASSWORD$</Password>
       <Username>$DOMAINJOINUSER$</Username>
       </Credentials>
       <JoinDomain>$DOMAINTOJOIN$</JoinDomain>
       </Identification>
       </component>
       </MacriumTemplateSection>
       </settings>
       <settings pass="auditSystem"/>
       <settings pass="auditUser"/>
       <settings pass="oobeSystem">
       <component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
       <!-- Set US locale, language and keyboard settings -->
       <InputLocale>0409:00000409</InputLocale>
       <SystemLocale>en-US</SystemLocale>
       <UILanguage>en-US</UILanguage>
       <UILanguageFallback>en-US</UILanguageFallback>
       <UserLocale>en-US</UserLocale>
       </component>
       <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
       <!-- Set US locale, language and keyboard settings -->
       <InputLocale>0409:00000409</InputLocale>
       <SystemLocale>en-US</SystemLocale>
       <UILanguage>en-US</UILanguage>
       <UILanguageFallback>en-US</UILanguageFallback>
       <UserLocale>en-US</UserLocale>
       </component>
       <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
       <UserAccounts>
       <MacriumTemplateSection condition="builtinadmin">
       <AdministratorPassword>
       <Value>$BUILTINADMINPASSWORD$</Value>
       <PlainText>true</PlainText>
       </AdministratorPassword>
       </MacriumTemplateSection>
       <MacriumTemplateSection condition="newadminuser">
       <LocalAccounts>
       <LocalAccount wcm:action="add">
       <Password>
       <Value>$NEWADMINPASSWORD$</Value>
       <PlainText>true</PlainText>
       </Password>
       <Description/>
       <DisplayName>$NEWADMINUSER$</DisplayName>
       <Group>Administrators</Group>
       <Name>$NEWADMINUSER$</Name>
       </LocalAccount>
       </LocalAccounts>
       </MacriumTemplateSection>
       </UserAccounts>
       <OOBE>
       <HideEULAPage>true</HideEULAPage>
       <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
       <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
       <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
       <NetworkLocation>Work</NetworkLocation>
       <SkipUserOOBE>true</SkipUserOOBE>
       <SkipMachineOOBE>true</SkipMachineOOBE>
       <ProtectYourPC>3</ProtectYourPC>
       </OOBE>
       </component>
       <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
       <UserAccounts>
       <MacriumTemplateSection condition="builtinadmin">
       <AdministratorPassword>
       <Value>$BUILTINADMINPASSWORD$</Value>
       <PlainText>true</PlainText>
       </AdministratorPassword>
       </MacriumTemplateSection>
       <MacriumTemplateSection condition="newadminuser">
       <LocalAccounts>
       <LocalAccount wcm:action="add">
       <Password>
       <Value>$NEWADMINPASSWORD$</Value>
       <PlainText>true</PlainText>
       </Password>
       <Description/>
       <DisplayName>$NEWADMINUSER$</DisplayName>
       <Group>Administrators</Group>
       <Name>$NEWADMINUSER$</Name>
       </LocalAccount>
       </LocalAccounts>
       </MacriumTemplateSection>
       </UserAccounts>
       <OOBE>
       <HideEULAPage>true</HideEULAPage>
       <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
       <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
       <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
       <NetworkLocation>Work</NetworkLocation>
       <SkipUserOOBE>true</SkipUserOOBE>
       <SkipMachineOOBE>true</SkipMachineOOBE>
       <ProtectYourPC>3</ProtectYourPC>
       </OOBE>
       </component>
       </settings>
      </unattend>

      Using a Custom Answer File

      Users can also specify their own custom answer files. These answer files can be edited to perform a variety of steps during the OOBE. However, it is important to note that the default answer file is overwritten by the SiteDeploy installer, meaning that the default answer file will be recreated during upgrades. To avoid this, custom answer files should be named UnattendTemplate.xml and placed in the C:\ProgramData\Macrium\SiteManager folder. The full path to the custom answer file will be C:\ProgramData\Macrium\SiteManager\UnattendTemplate.xml. Macrium SiteDeploy® will first attempt to use the custom answer file, if this cannot be found, SiteDeploy® will fall back to using the default answer file.

      The variables $COMPUTERNAME$ and $ADMINPASSWORD$ can be used in the custom answer file. If these variables are used, they will be replaced by values that the user specifies on the 'Options' page of the deployment wizard.