New Question

To sysprep or to not?

asked 2016-10-03 17:41:26 +0300

jrack gravatar image

Put on the side Microsoft "support", but thinking of minimizing the image update pipeline where I can crack the volume, add patches, close the volume for the next cycle. I know I can avoid the 3x rearm, but feels like I will be chasing that noise for a while.

What is the teams experience?

edit retag flag offensive close merge delete

2 answers

Sort by » oldest newest most voted

answered 2016-10-05 21:58:03 +0300

alexpilotti gravatar image

updated 2016-10-05 22:43:15 +0300

Russinovich wrote in this Microsoft blog post from 2009 most of what needs to be known around SIDs, debunking the myths around SID duplication:

Limiting this discussion to technical standpoints and assuming that Microsoft support is not a requirement, here's what I'd recommend (caveat emptor: this is not a Microsoft endorsed opinion):

  1. Sysprep is not needed for imaging
  2. Sysprep is not needed for AD joining cloned instances
  3. Avoiding Sysprep does not have security implications for local or remote ACLs (except non particularly significant concerns for external storage connected to a host)
  4. the unique ID used by WSUS can be regenerated by deleting the following key before cloning: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdate
  5. being unsupported territory, excluding reverse engeneering, there's no way to determine what can break with every new Windows release, beside empirical observation (aka trial and error).
  6. IMHO the advantages given by skipping sysprep in a cloud environment (significantly faster boot times, to begin with), outweigh by far the disadvantages
edit flag offensive delete link more


Agreed a lot of the reasons we required generalizing the image seem to be paper tigers. One of the reasons I started the thread.. could Cloudbase help provide guidance when sysprep makes sense and when it may not? BTW can we get comment limit expanded I only have a few left!! ;-)

jrack gravatar imagejrack ( 2016-10-05 22:06:07 +0300 )edit

I added to the reply some additional notes, or "unsupported guidance", if you prefer. :-)

alexpilotti gravatar imagealexpilotti ( 2016-10-05 22:47:30 +0300 )edit

Love it. And 100% agree... the party line is sysprep is life, but sometimes watching those minutes tick by is painful. I have a feeling you see more of this debate than many so your empirical experience is highly valuable. Will make template lifecycle 10x easier in a hyp consistent cloud.

jrack gravatar imagejrack ( 2016-10-05 22:48:46 +0300 )edit

answered 2016-10-05 17:40:57 +0300

avladu gravatar image


syspreping is very important for an image that will be deployed on heterogeneous environments, as there are options to not persist the drivers from the last run (let s call it the generation run). This makes sense if you want to deploy the same Windows image on baremetal (where the chance of having different hardware depending on the node is high).


Adrian Vladu

edit flag offensive delete link more


So if the template was going to stay on a homogeneous environment (like a /mode:vm) param you are not sold on the value? <snip>

jrack gravatar imagejrack ( 2016-10-05 18:24:28 +0300 )edit

Now if I am using the same image in Glance for KVM and Hyper-V than I don't think that skipping hw detect is an option, but it is a cost especially as you open/reseal beyond 3x. <snip>

jrack gravatar imagejrack ( 2016-10-05 18:25:32 +0300 )edit

Now since I likely will have an image for VHDX and one for RAW/QCOW2 there still might be an option for mode:vm or no sysprep since the fileType has a hypervisor affinity. <snip>

jrack gravatar imagejrack ( 2016-10-05 18:25:45 +0300 )edit

For a cloudbase-init though you are comfortable that the uniqueness it injects is good enough?

jrack gravatar imagejrack ( 2016-10-05 18:26:02 +0300 )edit

Lots of debate about SIDs in this theme where folks seem unsure on their role in the last couple years.

jrack gravatar imagejrack ( 2016-10-05 18:26:12 +0300 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

[hide preview]

Question Tools


Asked: 2016-10-03 17:41:26 +0300

Seen: 87 times

Last updated: Oct 05 '16