Microsoft Sysprep - Which Servers/Roles/Applications include support

This might not be big news to anyone reading this article but I just found out that Microsoft does not support using Sysprep on several of its own products.

I learned this while digging through the Lync 2010 documentation for a project that I'm currently working on. This got me thinking about other things that might not be supported when using Sysprep, until now I thought that as long as you used Sysprep you would not be compromising Microsoft support.

In this article I will try and list the details of what is and isn't supported by Microsoft when it comes to Sysprep. 

Microsoft does not support using Sysprep with Lync 2010, SQL Server 2008 Express and several other products, what does this mean? It means that you can use Sysprep to clone the Windows Operating system as long as you verify that no non-supported roles are enabled prior to cloning (see table below). It means do not have any of the non-supported application's components installed/configured prior to making the clone.

For Server 2008R2 only certain roles of the operating system support using Sysprep, in other words if you are going to clone a 2008 R2 machine, make sure none of the roles listed below that say no are enabled.
Server Role
Sysprep Support
Active Directory Certificate Server (AD CS)
Active Directory Domain Services (AD DS)
Active Directory Federation Services (AD FS)
Active Directory Lightweight Directory Services (AD LDS)
Active Directory Rights Management Server (AD RMS)
Application Server
DHCP Server
DNS Server
Fax Server
File Services
Network Policy and Access Services
Network Policy Routing and Remote Access Services
Print Services
Terminal Services
Not supported in scenarios where the master Windows image is joined to a domain.
UDDI Services
Web Server (Internet Information Services)
Does not support Sysprep with encrypted credentials in applicationhost.config.
Windows Deployment Services

Sharepoint 2010 - A Sysprep'd machine can be created with Sharepoint 2010 installed but must be prior to the configuration wizard being run.

SQL Server 2008R2 - There is an MSDN article explaining how to install SQL on a Sysprep'd image - Here

Microsoft Exchange Server - You cannot Sysprep an Exchange machine because of its integration with Active Directory. Recommended method would be to Sysprep the operating system and automate the installation.

Domain ControllersYou cannot deploy preconfigured domain controllers by using image-based installation with Sysprep. However, you can configure a domain controller by first deploying a member server and then automatically running a script that runs Dcpromo.exe, the Active Directory Installation Wizard.

Limited server configuration - According to Microsoft some server components must be installed and configured after an image-based installation with Sysprep is complete. These components include Certificate Services, Cluster service, and any software that is dependent on the Active Directory directory service. They also include any application or service that stores the computer name or the computer SID and cannot recover if the computer name or SID changes.

Security SettingsYou cannot use image-based installation with Sysprep to deploy computers that contain any files that are encrypted by using Encrypting File System (EFS). In addition, you cannot use image-based installation to deploy systems that have already been configured with NTFS security settings, such as file and folder permissions, unless the disk-imaging program supports the NTFS file system. However, you can use a script to configure these settings after the image-based installation is complete.

I usually opt to build fresh virtual machines and not Sysprep because of these kind of incompatibilities and to rule out strange behavior potentially caused by cloning machines.

I'll continue to update this post if I find any other incompatibilities, please feel free to respond if you know of any other incompatible software.

1 comment:

  1. That was interesting.I like your quality that you put into your post.Please do continue with more like this.
    domain service