For the past several months we have received several mass deployment related queries for EWF. Many customers had skipped or were unaware of the Sysprep requirement. To help customers we have compiled a checklist for use during mass deployment of images containing EWF. Hope it helps!
1. Install and fine tune the master image. Disable HORM and EWF. Restart the machine.
2. Sysprep (available in %WINDIR%\System32\Sysprep directory) the image by running <sysprep.exe /generalize /oobe /shutdown>. This will generalize the image and render all system components (including write filters) and settings suitable for mass deployment. Upon completion the machine will be shutdown.
Last week at the Screenmedia Expo Europe 2010 in London, Intel® and Microsoft announced the commercial availability of their joint platform for Digital Signage media players, and the availability of the Digital Signage Evaluation Kit (DSEK-10). The DSEK is a reference platform that is designed to help digital signage developers quickly prototype and develop digital signage solutions. The DSEK is based on an Intel® Core i5-based reference design and Windows Embedded Standard 7 OS.
The device itself is made up of:
As mentioned in the blog articles “Image Builder Wizard – Quick and Easy Embedded OS Creation – Part 1” written by Robert and “BitLocker in Windows Embedded Standard 2011” written by Hema – the BitLocker feature requires two partitions. The first partition is a system partition contains the BCD (Boot Configuration Data) store and remains unencrypted. The second partition is the partition that contains Windows, programs, etc and can be encrypted. IBW does a good job in ensuring that the user is required to partition with a separate system partition if the user has added the BitLocker feature. It is able to do that because it has an awareness of whether the feature is added by the user.
What’s the “Gotcha” you may ask? Well, during Mass Deployment scenarios, such as using WDS or IBW to deploy a custom WIM, the disk partitioning dialog has no awareness of whether the BitLocker feature is in the image. That means that it is possible under these circumstances to create a system with the BitLocker feature and only have one partition. This is not a supported setup for BitLocker and the feature will not enable or allow the Windows partition to become encrypted.