I have a computer at work that needs to be lightning-fast. It won't be part of the domain, but it will have access to the network. It's also going to be locked-the-hell-down. I have one other machine in a public place that I installed the Microsoft Shared Computer Toolkit on and locked it down that way. You can run Internet Explorer, you can run Word, Excel or Powerpoint, you can use Notepad & Calculator, but that's it. EVERYTHING else is locked down. If the machine is idle for 15 minutes, it logs off. When it logs off it also reboots. When it reboots, the Windows Disk Protection flushes out the temporary files and when they get the logon screen, it's exactly as it was when I said "lock it down". The only support call I've received from that location since then was a forgotten password.
This new installation was mandated to be LOCKED-THE-HELL-DOWN as well, but also stripped down Windows-wise. Unneeded services and unneeded files were to be blown away, the system was to be tuned for fast logon and fast operation with no extraneous services crudding things up. I spent three days fine-tuning and researching each and every service that was set to automatic and testing the one application that was to run on these machines for functionality after turning the service off.
Finally, I was ready. I had Ghost ready to go, all I needed to do was run sysprep, make the ghost image, then I could apply that installation to all ten computers. Activate Windows, do the WGA BS dance to make the Shared Computer Toolkit work, assign the printers then turn on windows disk protection and reboot. After that, the computers would run flawlessly, and fast. If some "Bart Simpson" manages to figure out how to get around any of the safeguards in place and run a browser, get past the ISA server and get to a site that has malware on it and infect the machine... reboot and it's gone.
The problem arose when I tried to sysprep the machine. I ran Sysprep and got an error that said There is an incompatibility between this tool and the current operating system.
WTF?! I downloaded the latest deployment tools from Microsoft and tried it again. Same error. This is not good... I NEED sysprep to run on this machine! The Microsoft Shared Computer Toolkit documentation specifically talks about SysPrep and disk imaging solutions such as Ghost. I typed the whole error message
into Google and got a whole bunch of hits. Good start.
The first result was an article at Windows IT Pro magazine's website. Unfortunately, you can't read the article and 90% of the comments were from people who were using Sysprep and shouldn't, asking for advanced tech support help on a magazine's comment section. Here's your sign.
The second result was a blog of a guy named Mark Wilson
in the UK. His blog post
from about two years ago outlined pretty much the same problem I was having. His solution was slightly different from mine, he re-enabled file and printer sharing to make it work. Mark found out that Sysprep uses the Server service to query what version of Windows is running (XP or Server 2003) so he re-installed file & print sharing, started sysprep and then while it was running, uninstall file & print sharing.
All I did was open the Services MMC and set the Server service to
manual and start it. That would prevent it from running again AFTER the
reboot, but left it running while Sysprep queried the computer to find out what it needed. After that, the machine shut down and it's sitting there awaiting me to run Ghost to create the image, then burn it to a bootable DVD and go apply it to the rest of the machines.