Subscribe RSS Feed | Follow on Twitter

Sysprep vs. Quickprep

with 6 comments

In a VMware View environment you can either use Microsoft Sysprep or VMware Quickprep for the personalization of your Linked Clone desktop pools, while you can only use Sysprep for the personalization of traditional desktop pools based on VM templates.

Every Windows operating system is generating a unique SID (Security Identifier) during the first installation of the system. This SID is used to clearly identify the operating system in a network environment. But this local SID is only used until the computer is a member is a Windows Workgroup only. As soon as you add the computer to a Active Directory domain a new SID for the computer account will be created and the local SID is no longer in use. The Microsoft Sysprep tool does change the SID for the operating system as the SID should be unique for each OS instance. The Sysprep operation needs several minutes to change the SID on a Windows OS as it needs to change all files on the hard disk drive.

The VMware Quickprep tools which comes with VMware View is used for the same reason but only with Linked Clone desktop pools. Quickprep is faster compared to Sysprep as is does not change all files on the hard disk. It does change the SID in the Active Directory which is only used as described above.

Also other software vendors use their own tools to change the SID on Windows instances, especially companies from the software deployment, like Altiris.

The Quickprep process is started by the View Composer during the creation of the Linked Clones. After the View Composer has created the replica disk and the Linked Clone own OS disk is mounted, the View Composer communicated with the Active Directory and creates a new computer account for the Linked Clone desktop and sets a random password. This process uses the standard Windows API interface and also the user account you’ve configured for the View Composer in the View Administrator GUI. If the configured user account does not have sufficient permissions the action will fail. If the action is successful, a configuration file which includes information about the desktop (hostname, domain and more) is created on the OS disk of the Linked Clone. After the file is written the desktops gets restarted. During the next boot process the View Agent hooks in. It does that in two modes. Firstly it runs in the native mode just before the Win32 subsystem is started. During that time it can still access system files which are usually locked. Secondly it starts the Service Agent which does the most tasks i.e. the communication with the View Server or writing to the Windows Registry. The native part of the agent reads the information which is written in the configuration file by the View Composer before and sets the hostname for the Windows operating system before the system comes up. After that the Service Agent writes the needed Windows domain information into the Registry.

Both applications, Sysprep and Quickprep give you the same result: A Windows desktops with a unique SID.

It’s a good decision to choose Quickprep for the Linked Clone pools because the personalization process is faster but there are also reasons for choosing Sysprep. Sometimes software products i.e. Antivirus software or network access control need a unique local SID. But anyway using vShield Endpoint is better than having a anti virus scanner in each desktop.

If you’re choosing Sysprep for your Linked Clone desktops please consider the following points.

  • All vSphere servers in your cluster must run a 4.0 or 4.1 version.
  • A recompose does force the system to create a new SID. (That takes a long time depending on the number of files in the VM)
  • The View Agent on the VM needs the View Composer component to be installed. (Usually this is the standard)
  • The Active Directory controllers must be reachable  from all the desktops.

Similar Posts:

Written by Christoph Harding

May 16th, 2011 at 9:00 am

  • Pingback: Using Symantec Endpoint Protection with Linked Clones at That's my View

  • Gjongeneel

    Quickprep does not change the CMID (Hardware ID) of a virtual desktop. In combination with a KMS server (licensing for Windows Vista or Windows 7), this can lead to problems as the the client count number will never reach the minimum of 25. This is the minimum number of clients that is required for activation to start.  

  • http://www.cd-k.de/ Christoph Harding

    Ok, any suggestions for that?

    2011/5/18 Disqus :

  • Karlochacon

    I dit not know about this difference thanks a lot for the info

    I go with quickprep since is faster and that’s what you need when you’re working with a lot of desktops..

  • Fatbastige

    ok, let me start out that when you say, “local SID is no longer in use” that is incorrect. This is a common mistake and even Mark

    The local SID is used for many things outside of Active Directory/operating system proper.

    MANY 3rd party apps use the local SID as a unique identifier. Symantec endpoint for instance will think all your deployed images are one single machine.

    The SID is also used in SMS Server as a unique ID as well as SCCM and SCVMM. Some network security scanners also make use of the local SID as a unique identifier.

    If you don’t take steps to change the SID on a newly deployed image, you will have problems at some point.

    Now, here is the kicker! Microsoft does not support changing the SID outside of the SYSPREP process. That means if you use any other 3rd party tool to change the SID Microsoft MAY tell you to rebuild the machine to receive support.

    This is a complicated issue and you can read what the Mark Says in his blog http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx?PageIndex=17#comments

    4 Nov 2009 9:12 AM
    It appears many readers are confusing machine-specific state, computer Domain SIDs, and machine SIDs. This article is only about machine SIDs. Having multiple computers with the same computer Domain SID will definitely cause problems. Further, some applications create per-machine state that they expect to be unique across systems and cloning a computer with that state will cause problems for those applications. As many have pointed out, Windows Server Update Services is one example.
    For those reasons, Microsoft’s official support policy will still require Sysprep to have been run on a cloned system.

  • http://www.twicethespeed.com/ how to run faster

    Nine times out of ten, the teams or athletes with the most speed are going to win. While some coaches get it and focus on developing the skill of speed as a primary element of their training, others haven’t caught on yet. Perhaps you’ve mistakenly bought into the idea that speed can’t be coached – that athletes are born with ‘it’ or they aren’t.