Controlling Sysprep to Not Reset Local Accounts on Windows 7 x64

[magsombol]

So, I'm creating Offline Deployment Media using SD version 1.1.1990. Using a Windows 7 x64 image, I've noticed that after Sysprep, Windows 7 will ask for a password to a newly created administrator account, and that the Admin 0 account is set to disabled. The Admin 0 account was not disabled prior to creating the .wim file. Is there a way to prevent Sysprep from NOT creating the new administrator account, and not disabling the Admin 0 account? Our requirement is to make sure that the Admin 0 account is not disabled until it is joined to the domain.

[Erik]

So, I'm creating Offline Deployment Media using SD version 1.1.1990. Using a Windows 7 x64 image, I've noticed that after Sysprep, Windows 7 will ask for a password to a newly created administrator account, and that the Admin 0 account is set to disabled. The Admin 0 account was not disabled prior to creating the .wim file. Is there a way to prevent Sysprep from NOT creating the new administrator account, and not disabling the Admin 0 account? Our requirement is to make sure that the Admin 0 account is not disabled until it is joined to the domain.

By default when deploying an image of Windows 6.x sysprep will disable the built-in administrator account. If you go to advanced options in the Deploy Wizard and select Enable administrator account it will try and enable the "Administrator" account. Since you have the administrator account renamed this results in creating a new administrator account. What you can do is leave the enable administrator account check box unchecked and create a task to enable your admin account. You can follow the steps below to do so.

1. From the Deploy Wizard select Advanced
   
2. Select the Tasks tab
   
3. Select Add to create a new task
   
4. Enter "Net user (your admin account user name) /active:yes"
   
5. Change the phase to Specialized / Mini-Setup
   
6. Complete your deployment
   

Once the image is deployed the renamed admin account should be activated and you should not be prompted for a new password.

[magsombol]

By default when deploying an image of Windows 6.x sysprep will disable the built-in administrator account. If you go to advanced options in the Deploy Wizard and select Enable administrator account it will try and enable the "Administrator" account. Since you have the administrator account renamed this results in creating a new administrator account. What you can do is leave the enable administrator account check box unchecked and create a task to enable your admin account. You can follow the steps below to do so.

1. From the Deploy Wizard select Advanced
   
2. Select the Tasks tab
   
3. Select Add to create a new task
   
4. Enter "Net user (your admin account user name) /active:yes"
   
5. Change the phase to Specialized / Mini-Setup
   
6. Complete your deployment
   

Once the image is deployed the renamed admin account should be activated and you should not be prompted for a new password.

So with the "Net user..." command I am able to get the Administrator 0(user account renamed to sysadmin) account not disabled. However, sysprep is creating a 2nd account called Administrator. If I were to rename sysadmin back to Administrator

1. Would sysprep still create a 2nd administrator account?

2. Is there a command during sysprep to rename the Administrator 0 account to a different username?

I would like to make sure that there is only 1 administrator account in Windows 7.

3. How do I get the Guest account to be renamed during sysprep? Originally, the image file has this guest account renamed, and I am assuming that the sysprep process is reverting the guest account to the original guest username.

thanks

[Erik]

So with the "Net user..." command I am able to get the Administrator 0(user account renamed to sysadmin) account not disabled. However, sysprep is creating a 2nd account called Administrator. If I were to rename sysadmin back to Administrator

1. Would sysprep still create a 2nd administrator account?

2. Is there a command during sysprep to rename the Administrator 0 account to a different username?

I would like to make sure that there is only 1 administrator account in Windows 7.

3. How do I get the Guest account to be renamed during sysprep? Originally, the image file has this guest account renamed, and I am assuming that the sysprep process is reverting the guest account to the original guest username.

thanks

It looks like the Administrator account is being recreated based on the answer file passed to sysprep by the Deploy Wizard. You can simply delete it "Net user administrator /delete" using a task like was done to enable the built-in administrator account. The easiest solution would probably be to just leave the administrator account disabled, and create a new administrator account named sysadmin but the net user commands will work as well.

In regards to the built-in guest account it is being renamed by default sysprep behavior. If you wish to have it renamed you can run "wmic useraccount where name="Guest" call rename name="Your Guest Account Name"". This task will not run during Specialize / Mini-Setup and will need to be run at the First boot as system or First logon phase.

[magsombol]

In regards to the built-in guest account it is being renamed by default sysprep behavior. If you wish to have it renamed you can run "wmic useraccount where name="Guest" call rename name="Your Guest Account Name"". This task will not run during Specialize / Mini-Setup and will need to be run at the First boot as system or First logon phase.

This isn't working with either the First boot as system or First logon phase. Is it because the Guest account is disabled? In fact, I get an error with having quotes around "Guest" or "Your Guest Account Name", so I have to remove the quotes.

[Erik]

In regards to the built-in guest account it is being renamed by default sysprep behavior. If you wish to have it renamed you can run "wmic useraccount where name="Guest" call rename name="Your Guest Account Name"". This task will not run during Specialize / Mini-Setup and will need to be run at the First boot as system or First logon phase.

This isn't working with either the First boot as system or First logon phase. Is it because the Guest account is disabled? In fact, I get an error with having quotes around "Guest" or "Your Guest Account Name", so I have to remove the quotes.

The command will fail without the quotes around the usernames. You can simply put this command into a batch file with the quotes, then run the batch file. The batch file will need to be available locally when the machine is in the first boot phase, so you will either need to copy it over after the image is deployed or add it to your image.

[magsombol]

The command will fail without the quotes around the usernames. You can simply put this command into a batch file with the quotes, then run the batch file. The batch file will need to be available locally when the machine is in the first boot phase, so you will either need to copy it over after the image is deployed or add it to your image.

So this worked using single quotes ' versus the "

First boot at system

Command:

wmic useraccount where name='Guest' call rename name='Your Guest Account Name'