Capture a Windows Image with ImageX – Simplified
Capture a Windows Image with ImageX – Simplified
A recent email from a former student asked, “ Is it possible to have you show me how to capture an image using Imagex?”
My first thought was ‘Happy to aim you in the proper direction’. This is easy – wait – imageX is deprecated in Windows 8/8.1. DISM serves as the replacement tool in Windows 8/8.1. Technet documentation may be hard to follow. The entire process requires two or more days of a weeklong Windows 7 or Windows 8 deployment course to teach in detail. While the overall process is rather simple, each step enables alternatives that can make the process appear far more complex. I describe each piece in my Windows 7 Enterprise Deployment video series and provide updates in the Introduction subset of my Windows 8 Installation and Management videos. Microsoft also has a 2 minute overview video Preparing an Image Using Sysprep and ImageX. Lots of details to sort.
Despite all the details, one can actually perform the entire capture process in about 30 minutes, if a couple of the steps are conducted simultaneously.
For the sake of simplicity, let me set the stage. Let’s eliminate some of the alternatives.
- You want to capture an image of an installed and functional Windows Operating system.
The OS has current patches, drivers, and desired applications installed. It may also be network and domain attached. One or more user accounts may also be presented and configured. In other words, the system you plan to capture has all of the desired components installed and operational. (Microsoft documentation calls this a reference system.)
- You don’t plan to modify registry or driver settings during the capture process, or filter any system content.
You could use the System Image Manager (SIM) to create an ‘answer file’(typically named unattend.xml) or modify the .wim File Exclusion list to alter the image content during capture or deployment. You aren’t making any changes to your image during capture, so you avoid this step and use of the related tool(s).
- You are creating a new, single Windows Image (.wim) file.
You are not adding or appending information to an existing .wim file, or creating a differencing file. You don’t need to be concerned with numbering or naming of existing .wim indexed images, or overwriting, auditing, or confirming changes to an existing image. Since you are creating a single, unique image, you may use default options for numbering and labeling.
- You are not trying to capture a full image for diagnostic purposes.
You could use the following process to capture an entire image, including security identifiers, MAC, host name, user data, temporary files and other unique information by skipping the Sysprep step. The captured image could not be multiply deployed without being modified first, but you could deploy it to a Virtual image for diagnostic purposes. The capture steps are the same, but the deployment steps would be very different and might influence configuration switches that you use during capture.
- You have captured the unique identifiers, licenses, host name and other settings on the system before capture, or you are prepared to recreate them manually after you complete the capture process.
Once you run Sysprep, the system will be generalized for capture and deployment. Minimally, basic installation and configuration questions will have to be answered once the captured system is rebooted before it can be used again in a production environment. Several manual or automated processes, not included in this blog would be necessary to capture system information, if you want to place it directly back into production after image capture.
- You have a technician system with either the Windows Automated Installation Kit (WAIK) or the Windows 8/8.1 Assessment and Deployment Kit (ADK) installed.
You need the WAIK or the ADK installed on a system to get current copies of CopyPE, ImageX or DISM for image capture. These need to be installed on a technician’s system, and NOT on the system to be captured. You really don’t want all the WAIK or ADK content taking up space in your captured .wim file.
- You know the BIOS and OS image for the system being captured.
The WAIK and ADK tools within the suites are often specific to the BIOS platform, for instance Amd64, x86, arm. You need to be sure to use the correct tools or switches for compatibility with your target system(s).
Getting ready to capture that system image. Gather a set of DVD’s or an NTFS configured USB drive. Make sure you have identified a storage repository with 30-60 GB storage minimum for the captured .wim file.
The high level process outline looks like the following:
1. Identify or select the system from which you want to capture a Windows Operating System image.
- Use SYSPREP to prepare the system for capture.
Run C:\Windows\System32\Sysprep\Sysprep.exe and select the generalize and shutdown options.
(Detailed Sysprep information)
- Turn off the PC.
2. Create Pre-Execution bootable media using the COPYPE command on the technician PC (with WAIK or ADK).
- Launch the Deployment Tools Command Prompt with run as administrator.
- From the Deployment Tools command prompt run CopyPE.(Copype Command-Line Options)
Copype amd64 c:\winpe64
(Note: x86 or alternate switches might be needed if target is not a 64 bit system, and I selected the folder name to easily identify this as a Windows 64 PE image.)
- Once the PE file structure with boot files is created at c:\winpe64, add tools like ImageX and DISM.
Copy Imagex.exe from within the WAIK or ADK directory …\tools\amd64\imagex.exe to c:\winpe64\iso\
Copy other tools that you want on your PE media to the same folder.
- Use OSCDIMG.exe (Oscdimg Command-Line Options) to create bootable PE media.
Oscdimg –n bC:\winpe\iso\etfsboot.com c:\winpe64\iso c:\winpe64\winpe.iso
Burn the winpe.iso image to bootable DVD or USB media using your preferred burning tool.
(I wrote a prior blog offering simplified media creation alternatives … Simplify your Windows 8 Evaluation install)
3. Boot the system with the OS to be captured using the newly created PE media.
- Insert the PE media into the system to be captured. (BIOS needs to point to the media location whether DVD or USB in the boot sequence so that it is recognized BEFORE the hard drive).
- Turn on the system.
- The system should boot to the Command prompt for PE, identified as X:\
4. Prepare the media location to which the image will be captured.
- Map a Network Drive or
- Prepare a CD or DVD or USB device to hold the image or
- Select an alternate partition on the host system on which to write the .wim image file. (NOT the C: drive)
- Note the letter for the image capture. We will call it “W” but you may use any letter or path you desire other than X: or C:.
5. Run ImageX with the capture command
- Imagex /capture C: W:\myimage.wim “My Capture Image”
Choose your own .wim file name, and provide an internal index name that you can easily identify later.
That’s the simple process.
With Windows 8/8.1 and the ADK, you simple substitute DISM for ImageX, and the process works identically.
For those who have taken our 20687C/D course, the digital copy of the Microsoft Official Curriculum through Skillpipe offers DISM related examples within Module 2, Lesson 3 – Customizing and Preparing a Windows 8.1 image for deployment.
You May Also Like
In this recorded Windows 10 webinar from December 1,2015, Windows Instructor Steve Fullmer presents the navigation and some of the new features associated with Windows 10 including Sysinternals Tools for Windows Client, Windows core concepts, exploring Process Explorer as well as some of the features that are not yet ready for prime time but will … Continue reading Windows 10 Features and Navigation – December 1, 2015
One of the coolest new features in Window Server 2012 and Windows Server 2012 R2 is the ability to clone a Domain Controller. In the past, if we had virtualized Domain Controllers and we actually took a snapshot of it and then rolled back to that snapshot, it would break the logon service on that … Continue reading How to clone a Windows Server 2012 or 2012 R2 Domain Controller
How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015