Creating a Master Image to roll out to 30 new Machines Licensing Issues

Question

At my company we are buying 30 new Identical PC's from Dell so we have standard setup.

What i want to know is if its possible to configure one of these machines to our specification as a master and then create an image/clone of it to roll out to the rest of them. They will all come Licensed with Windows 10 Pro i assume OEM.

I would be using something like Clonezilla to create the clones/images which i have a little bit of experience with.

Is there any kind of techincal or legal issues when doing this ?

Will i need to retrieve the original OEM key from each machine before imaging them and then simply input it afterwards ? Or is it more complicated than that ?

Thanks in advance.

Answer 1

DON'T use CloneZilla or any other type of 3rd party tool, as they're not needed, will only result in lost time and inefficiency, coupled with likely causing licensing issues.

---

Deploying Windows is Natively Supported

Everything can be done via:

1. Generalizing: SysPrep
   • Generalizing an image is always required prior to capturing a WIM/ESD to be deployed on another machine; this can be automated via an answer file for the generalize configuration pass of Windows Setup
     
     
2. Imaging: DISM
   • The Windows Imaging File Format whitepaper explains the WIM format:
     • WIMs [Windows IMage] can capture an entire partition or individual folders/files
     • ESDs [Encrypted Software Distribution] can only capture an OS partition and must use /Compress:Recovery (algorithm is ~33% more efficient than /Compress:Max)
       • Windows ≥ 10: Can only be used for PBR [Push-Button Reset] exported images
   • ESDs/WIMs are smart compression image formats:
     • Only changed files are added to an ESD/WIM when a new image [index] is appended to it
     • Newly appended images utilize the same copy of unchanged files already contained within the image from the previous image(s) (hash verified), allowing for an image to remain small in relation to the data within
       
       
3. Deployment: ADK or MDT ^{(ADK required)}
   • ADK for the version of Windows installed
     ^{(Setup: Deployment Tools, ICD, Configuration Manager, USMT)}
   • ≥ v1809: Windows PE Add-On is a separate download
     
     

---

Method of Deployment Will Depend on Environment

• If wanting to install additional software so each workstation has the exact same setup, configuring a basic LTI / ZTI [Lite/Zero Touch Install] by Automating Windows Setup may be worth the time to configure:
  • If only needing to install programs/drivers, simply setting one system up, SysPrepping and Generalizing it, then creating a WIM of it, and answer file for it, to deploy to all other workstations will work great, requiring less set up time than a Deployment Share Task Sequence, also ensuring correct individual or volume license activation across each workstation
  • If requiring more granular control, an MDT [Microsoft Deployment Toolkit] Deployment Share Task Sequence (example) may be worth the time to setup and configure since it allows easy updating of the deployment image with updated software and drivers in an organized fashion, which can also be applied to individual workstations remotely (incl. via PXE)
    
    
• The SpiceWorks Forum is a great resource since many forum members work in IT and Systems Management, along with Microsoft Techs that are active on the site.
  
  

---

Don't Skimp on Licensing in a Business Environment

• If unsure about something license-related, contact the developer directly
  • Misconfigured licensing comes with a hefty bill when audits are conducted by the software developers, and they will audit at some point
• There's a slew of products that help with licensing (e.g. Belarc)
  
  

---

1. Generalizing

SysPrep the machine:

• Once the machine from which the deployment image will be captured has been fully configured with installed software and drivers, it needs to be SysPrep'd and immediately imaged prior to booting back into the OS:

  SysPrep /Generalize </Reboot|/Shutdown>
  

  • If not immediately imaged prior to booting back to Windows installed on the drive, it will boot to the specialize configuration pass, oobeSystem will be re-run, and it will need to be SysPrep'd again
  • See Configuring a ZTI to configure via an answer file, with SysPrep being performed within the generalize configuration pass
    
    

---

2. Imaging

_{(Powershell cmdlet)}

Capture or Append an image:

• Specify exclusions or exceptions by creating a WimScript.ini config file, with /ScratchDir being required in WinPE since it only has 32MB of scratch [temp] space by default:
  • Even though /CheckIntegrity and /Verify extend processing time, they should always be used since they prevent corruption from occurring within the WIM/ESD
    
    
• Capture Image:

  Dism /Capture-Image /ImageFile:"Z:\Base.wim" /CaptureDir:"C:" /Name:"Deployment Image" /Description:"Base Image 2020.08.29 @ 11:30" /Compress:Max /CheckIntegrity /Verify /ScratchDir:"Z:"
  

  • ESDs have a compression ratio 33% more efficient than WIMs:

    Dism /Capture-Image /ImageFile:"Z:\Base.esd" /CaptureDir:"C:" /Name:"Deployment Image" /Description:"Base Image 2020.08.29 @ 11:30" /Compress:Recovery /CheckIntegrity /Verify /ScratchDir:"Z:"
    

    To export from a WIM:

    Dism /Get-ImageInfo /ImageFile:"Z:\Base.wim"
    Dism /Get-ImageInfo /ImageFile:"Z:\Base.wim" /Index:<#>
    Dism /Export-Image /SourceImageFile:"Z:\Base.wim" /SourceIndex:<#> /DestinationImageFile:"Z:\Base.esd" /DestinationName:"Deployment Image" /Compress:Recovery /CheckIntegrity /Verify /ScratchDir:"Z:"
    

    
    
• Append Image:

  Dism /Append-Image /ImageFile:"Z:\Base.wim" /CaptureDir:"C:" /Name:"Deployment Image: Update 1" /Description:"Updated Applications: 2021.08.29 @ 12:00" /CheckIntegrity /Verify /ScratchDir:"Z:"
  

  • Compression is locked to the value set when the base image was captured
  • Individual indexes can be deleted via /Delete-Image or exported to their own image via /Export-Image
    
    

---

3. Deployment

Partition deployed machine's drive and apply image:

• See Configuring a ZTI to configure via an answer file within the windowsPE configuration pass (both for partitioning and applying the ESD/WIM)

1. Configure partitions on a new drive via DiskPart:

   1. DiskPart
      ::# List disks:
          Lis Dis
      ::# Select OS drive # the image is being applied to:
          Sel Dis #
      ::# Wipe partition table (assumes no data on drive is being preserved)
          Clean
      

      UEFI:

      Convert GPT
      

      
      
   2. Create boot partition:
      • BIOS:

        Cre Par Pri Offset=1024 Size=100
        Format Quick Fs=NTFS Label="Boot"
        Assign Letter=Y
        Active
        

      • UEFI:

        Cre Par EFI Offset=1024 Size=100
        Format Quick Fs=FAT32 Label="EFI"
        Assign Letter=Y
        Cre Par Msr Size=16
        

        
        
   3. Create OS partition:
      • Rest of the drive as the OS partition:
        If C: can't be assigned, change 3 & 5 to another letter
        BIOS:

        Cre Par Pri
        Format Quick Fs=NTFS Label="OS"
        

        UEFI:

        Cre Par Pri Id=ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
        Format Quick Fs=NTFS Label="OS"
        Assign Letter=C
        

      • Additional partitions after the [200GB] OS partition:
        If storing User Data directories on a partition other than C: (recommended), max size required is ~300GB (multiply size wanted by 1024: 200*1024=204800)
        BIOS:

        Cre Par Pri Size=204800
        Format Quick Fs=NTFS Label="OS"
        

        UEFI:

        Cre Par Pri Size=204800 Id=ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
        Format Quick Fs=NTFS Label="OS"
        Assign Letter=C
        

        
        
   4. Create WinRE partition:
      (should have minimum 320MB free for future WIM size increases)
      • BIOS:

        Shrink Desired=1024 Minimum=1024
        Cre Par Pri id=27
        Format Quick Fs=NTFS Label="WinRE"
        

      • UEFI:

        Shrink Desired=1024 Minimum=1024
        Cre Par Pri Id=de94bba4-06d1-4d40-a16a-bfd50179d6ac
        Format Quick Fs=NTFS Label="WinRE"
        Gpt Attributes=0x8000000000000001
        

        
        
   5. Create boot files:

      BcdBoot C:\Windows /s Y: /f <BIOS|UEFI>
      

      • If booted to WinPE/WinRE on deployed machine:
        BIOS:

        BootRec /FixMBR && BootRec /FixBoot && BootRec /RebuildBCD
        

        UEFI:

        ::# Create EFI directories and enter:
            MkDir "Y:\EFI\Microsoft\Boot"
            Cd /d "Y:\EFI\Microsoft\Boot"
        ::# Create EFI boot structure:
            BootRec /FixBoot
        ::# If Access Denied error occurs (C: is applied image):
            BcdBoot C:\Windows /s Y: /f UEFI
        
        
        ::# Resolve any other boot issues:
            BootRec /FixMBR && BootRec /RebuildBCD
        

        
        
   6. Remove boot partition mountpoint:

      DiskPart
      Sel Vol Y
        Remove
        Exit
      

      
      
2. Apply Image: (C: is the deployed OS partition)

   Dism /Apply-Image /ImageFile:"Z:\Base.wim" /Index:1 /ApplyDir:"C:" /CheckIntegrity /Verify /ScratchDir:"Z:"
   

   • Prior to applying, get Image Info, ensuring correct index is being applied:

     Dism /Get-ImageInfo /ImageFile:"Z:\Base.wim"
     

     
     

---

Accessing data within an ESD/WIM

1. Read-only:
   1. Mount Image: (as /ReadOnly)

      Dism /Mount-Image /ImageFile:"Z:\Base.wim" /Index:2 /MountDir:"C:\Mount" /Optimize /CheckIntegrity /ReadOnly
      

      • In lieu of this, I prefer opening the ESD/WIM within the 7zip GUI
   2. Unmount Image: (/discard changes)

      Dism /Unmount-Image /MountDir:"C:\Mount" /CheckIntegrity /Discard
      

      
      
2. Make changes, or add data, to an image [index]:
   1. Mount Image:

      Dism /Mount-Image /ImageFile:"Z:\Base.wim" /Index:2 /MountDir:"C:\Mount" /Optimize /CheckIntegrity
      

   2. Unmount Image: (/Commit changes)

      Dism /Unmount-Image /MountDir:"C:\Mount" /CheckIntegrity /Commit
      

      • To save changes as a new appended image, add /Append

Answer 2

You cannot use an OEM image to cast onto other systems. Microsoft does not permit this and it is possible (if you try) that the systems will fail activation.

You need to get a Windows 10 Volume License for 30 users, make your image, and then use Microsoft tools (including Sysprep) to put the image on the remaining machines.

Answer 3

You can use any cloning software you like, although I don't advise using Linux-based utilities such as Clonezilla. But only do so after each computer's Windows license is activated.

You need to boot up each computer, let Windows start and activate, so that Microsoft will store the hardware fingerprint of the computer in its licenses database.

It is possible that the OEM license is burnt into the BIOS of each computer. But if it is not, doing the activation will avoid 30 computers trying to use the same license and getting it black-listed by Microsoft.

Using sysprep requires some knowledge and mistakes are possible (see issues on our site). Cloning is just a matter of pressing the button, no learning curve at all. Many companies use cloned hard disk as the simplest solution, even using specialized cloning devices for mass production. When the OEM license is burnt into the BIOS, this is by far the simplest solution.

Answer 4

Depending on what exactly you're needing to customize, you may be able to avoid all of the licensing problems by using a setup script instead of re-imaging the systems. Systems of the same model coming from a manufacturer will all come with the same image on them. Create a PowerShell script or write a short program that modifies a system to meet your requirements (install/remove software, modify registry, configure system settings, etc etc). Your systems would start in the same state and run the same script, so they should end up in the same state. But, by avoiding imaging, you've also avoided the headache that is Windows licensing.