Scripted OS Install - Part 6: Tweaking Windows (Round 2)
In the last article we continued our scripted Windows XP install. We learned that we can add a folder called $OEM$ into the I386 folder. Of course, we first have to copy our Windows XP CD onto our local computer, then we can create the $OEM$ folder. We discussed indepth that we can place a file called CMDLINES.TXT in the $OEM$ folder that we install programs and settings into the Default User account. The Default User account is the template for all accounts that are created on the computer. Thus, after Windows has finished installing itself each user account is set up already.
There are a few more things that we can use the $OEM$ folder to do. Let's spend a few more minutes talking about them.
More $OEM$ Goodness:
Here is a picture of my $OEM$ folder. Please pay attention to the path to the folder.
You can see what we talked about in the last article. Near the top is the CMDLINES.TXT file. You can also see all of the registry files that I run, and are added to the Default User account. There is also a CMD file that is run. There was one pretty sweet thing that I do that I wanted to mention. Here it is:
As apart of my image I have a few default users that I need to create. This is a good point to create these accounts. It is pretty straight forward. If you would like more info on user creation, check out this article: The Ins and Outs of User Creation
As you can see above, there is a a file called localuser.cmd. I include a line in my CMDLINES.TXT. This is what it looks like:
[COMMANDS] "localuser.cmd" Check out the contents of the localuser.cmd account: @ECHO OFF ECHO Creating Localuser account... net user localuser password /add /passwordchg:no nopwdexp.vbs /domain:%computername% /user:localuser net localgroup "Administrators" "localuser" /add net localgroup "Users" "localuser" /add net localgroup"PowerUsers" "localuser" /delete ECHO Autologin to Localuser account... regedit /s "localuserautologin.reg"
Lets break it down:
- net user localuser password /add /passwordchg:no
- This is the command that actually creates the account
- nopwdexp.vbs /domain:%computername% /user:localuser
- One of my coworkers found this file (Thanks Jason). It makes it so the password on the account does not expire. I have attached the file to this article.
- net localgroup "Administrators" "localuser" /add
- I add the user to the Administrators group
- net localgroup "Users" "localuser" /add
- I add the user to the Users group
- net localgroup "PowerUsers" "localuser" /delete
- I delete the user from the PowerUsers group
- regedit /s "localuserautologin.reg"
- This registry key makes it so the computer will log into this account after installing
This is what is inside the localuserautologin.reg:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultUserName"="localuser" "DefaultPassword"="password" "AutoAdminLogon"="1"
Now, when Windows is done installing, it will log into localuser.
The $1 Folder:
I briefly talked about this folder in Part 4. Basically you can use this folder to copy files to your default drive (most of the time this is the C:\ drive). You can think of the $1 folder as C:\. Any files placed in the root of the $1 folder will be copied to the root of the C:\ drive during the Windows installation. This function is very useful if you have default files that need to be copied on the computer. In Part 4, we used this function to copy the driver files to the following path: C:\Drivers. Here is what the contents of my $1 folder looks like:
As you can see, because the Drivers folder is in the root of the $1 folder, it will be copied to C:\Drivers. You can also build in structure for other paths in the computer, like I did with the Program Files folder. Lets take a look inside that folder:
I want the contents of Mapping and Resources to C:\Program Files. While Windows is installing, it creates all of the folder structure and copies the files to the appropriate locations. To me, this is a great feature. I can copy files, vital to our environment, using a built in function. There are no mistakes and no problems.
The $$ Folder:
The $$ folder is very similar to the $1 folder. It is basically a file redirect that occurs during the install process. Here is a picture of what mine looks like:
You can probably guess where the folders and files in the $$ folder get copied. You guessed it, it copies them to the C:\Windows folder. We could have put a folder in the $1 folder named "Windows" and the files would have made it into the appropriate folder. I like using seperate folders just to keep things organized. I would like to use Windows take care of all my install needs.
Just as a side note, I did a quick search and I found out that I am not doing things completely correctly. Here is the link that I found: $OEM$ Distribution Folders. This is how the folder should work:
Basically, everything you want to be copied to the C:\Program Files folder should be in the $Progs. Also, anything you would like copied to the C:\Documents and Settings folder should be in the $Docs folder. Don't worry, I have made the swap in my own files.
There are a few other things that you can do with the $OEM$ folder. Check out these links:
- Customizing and Automating Installations
- Understanding Distribution Shares and Configuration Sets
- How to Add OEM Plug and Play Drivers to Windows XP
I think with some poking around, you will find some more features that I was unaware of.
There are a few other unique things that I do with this great feature. In order to get Windows to look and feel the way I want it to, I include my own theme. It is stored in the $$\Resources\Themes folder. As you know, the files in this folder are copied to the C:\Windows\Resources\Themes folder. Here is how you can create a theme:
- Right click on the desktop
- Go to Properties
- Click on the Desktop tab
- Carefully go through all of the settings found under this tab (including the "Customize Desktop" button)
- Next, click on the Screen Saver tab
- Please note that the Power button is not included as apart of the theme.
- Now, click on the Appearance tab
- I usually don't change anything on this tab, but you can
- Finally, we can Click on the Themes tab. Under the Theme drop down, it should say Modified Theme. If you click on the "Save As..." button you can save all of your theme settings. All you have to do is place it in the appropriate place in the $OEM$ folder and you are in business
There is one more thing that you have to make sure you do. You have to tell Windows to use your theme file in the answer file:
[Shell] DefaultStartPanelOff = no DefaultThemesOff = no CustomDefaultThemeFile = "C:\WINDOWS\Resources\Themes\Custom.theme"
If you change your theme to use a specific image, or use a screen saver that uses images you will have to make sure to include these images in the $OEM$ distribution folder.
That is all you need to do.
Tweaking Individual Accounts:
So far we have added settings to the Default User account, or the template for all created users. That way each user will inherit each account gets everything that has been added to the CMDLINES.TXT. That can be useful to a point. When I usually install Windows I set up an Adminsitrators account, and then an account that everyone else uses. Of course, I want the Administrator account to have access to everything, but I don't want the user account to have full access. There are several ways to tweak accounts. The key is that after Windows has installed, it logs into the localuser account. You can have it files because we included the following entry in the answer file:
Right after Windows logs the user in, it will run the BAT file above. That file can install programs, run registry files, or set the theme. Basically what ever you want. You can also have that file install the AClient. Check out this article to learn how to script an install: Silently Installing Altiris Agent.
If you have the AClient installed, you can create jobs to install all desired applications, push out layers to the computer and do much more.
As you can see, the $OEM$ distribution folders have a lot of power built in. Only after I included that in my scripted Windows install was I able to really reach Windows full install potential. Once I discovered that Windows would copy all of my needed files while it was installing, it really streamlined my image creation process. In the next article we will talk a little more about installing programs after Windows has been installed.