building windows 7 sp2
TRANSCRIPT
Har K’s
Building Windows 7 Unofficial SP2 A complete tutorial
August 2013
CONTENTS
1. Overview …………………………………………………………………………………………………………. 1 2. Understanding the benefits and shortcomings of this method………………………….. 1 3. Preparing our installation sources…………………………………………………………………….. 2 4. Downloading the updates………………………………………………………………………………….6 5. Organizing our next steps…………………………………………………………………………………14 6. Preparing the SP1-level disks…………………………………………………………………………… 17 7. Updating the SP1-level disks……………………………………………………………………………. 25 8. Final thoughts…………………………………………………………………………………………………..37
1
BUILDING WINDOWS 7 UNOFFICIAL SP2 by Har K (aka harkaz), August 2013
1. Overview
Windows 7 Unofficial SP2 is a “replacement” for Windows 7 SP2. It includes all Windows 7
updates released since Windows 7 SP1.
Windows 7 Unofficial SP2 is created with reverse integration of the updates. This means that
in order to create W7USP2 we first install the Windows 7 SP1 image on a virtual machine
and then install all patches and essential third-party apps. After that we prepare the image
for general distribution. We do this using the Sysprep utility. We also retain the original
activation data – an improvement I’ve discovered. We then capture an image of the virtual
system. This is the updated installation image. We also patch the Windows Preinstallation
Environment (PE) and the setup files. This is, in short, what one needs to do in order to
prepare Windows 7 Unofficial SP2.
2. Understanding the benefits and shortcomings of this method
Pros:
Minimal installation time
Original Windows Product Activation
Deployment to various hardware configurations
Support for in-place Upgrade installations
All OS files are pre-patched. Ideal for repair installations. Maximum reliability.
Ability to preinstall third-party apps
Ability to remove components offline (e.g. using RT Seven Lite) without disrupting
the installation process.
Install Win7 SP1 image
Patch the OS images and the WinPE images
Sysprep and Capture with original WPA
2
The minimum hard disk space requirements are reported accurately during
Windows Setup
Cons:
The captured image is big in size and may not fit in a single DVD.
Due to the size of the installation image, it may take longer to expand Windows
files.
The patches applied to Windows PE may increase the RAM requirements to run
WinPE.
3. Preparing our installation sources.
The first step is to download the official ISOs and tools we will use to build W7USP2.
We need:
Windows 7 SP1 or SP1-U (=SP1 + KB2534111) Ultimate ISOs (x86 and x64)
Windows 7 SP1 or SP1-U Enterprise ISOs (x86 and x64)
[OPTIONAL]: Windows 7 SP1 MSDN/Technet Language Packs ISOs (2 ISOs per
architecture) (x86 and x64)
[OPTIONAL]: Windows 7 SP1 MSDN/Technet Local Packs ISOs (x86 and x64)
VMWare
Windows AIK version 3.0
Windows AIK v3.0 SP1 Supplemental ISO
UltraISO or another ISO editing tool
All post-sp1 updates for x86 and x64
DaRT 7.0 files – I’ll provide download links in later chapter.
GImageX
After downloading all required tools (Google is your friend), let’s get started.
Organising the language packs: We will build 3 ISOs for the 36 languages. Let’s group the
languages to be included in each ISO. Local packs include locale-specific themes.
ISO #1: English, French, Greek, German, Italian, Spanish, Portuguese (Portugal), Portuguese
(Brazil), Swedish, Finnish, Hungarian, Danish, Dutch, Norwegian, Turkish
Required Local Packs: AU, CA, ZA, GB, US, IN, MX, ES, FR, NL, DE, IT, BR, TR
ISO #2: English, Arabic, Bulgarian, Croatian, Czech, Estonian, Hebrew, Latvian, Lithuanian,
Polish, Romanian, Russian, Serbian (Latin), Slovak, Slovenian, Ukrainian
Required Local Packs: AU, CA, ZA, GB, US, IN, PL, RU
ISO #3: English, Chinese (Simplified), Chinese (Traditional), Chinese (Traditional, Taiwan),
Japanese, Korean, Thai.
Required Local Packs: AU, CA, ZA, GB, US, IN, CN, TW
3
Preparing the installation sources: The first step to create W7USP2 is the careful
modification of the original ISOs. Specifically, we will first prepare an AIO ISO including
Starter, Home Basic, Home Premium, Professional, Ultimate and Enterprise editions and we
will do the “WPA trick” – that is a prerequisite to complete sysprep later with the original
activation data.
i) Preparing the AIO ISO
To create the ISO we first extract the sources\install.wim and the
sources\product.ini files from the SP1 Ultimate ISO to the root of the D:
drive (for example). We also extract the sources\install.wim file from the
Enterprise ISO (of the same architecture with the Ultimate ISO we just
processed) and rename it to install_ENT.wim (for example). We place it in
the root of D: drive.
After that, we launch GImageX with administrative privileges. We select the
export tab. The input file is D:\install_ent.WIM and the target file is
D:\install.wim. We also check the “Check” checkbox. Select “Maximum”
compression. Without changing any other settings we proceed with the
export process. As soon as the process is complete, we close GImageX.
We now open the product.ini file in Notepad. We add the following text at
the final line of the file:
,ENTERPRISE
For example, in the case of the 32-bit ISO the final line should now be:
staged = STARTER,HOMEBASIC,HOMEPREMIUM,PROFESSIONAL,ULTIMATE,ENTERPRISE
We save changes.
ii) The “WPA trick”
The WPA trick is based on deleting the HKLM\SYSTEM\WPA key from offline registry, for
each Windows edition in the install.wim installation image file. We mount each index of
the install.wim, modify the offline registry and then unmounts it. We repeat this process
for each image index. This trick is not working with Windows 8 or later.
The 32-bit install.wim (AIO) contains 6 image indexes while the 64-bit install.wim (AIO)
contains 5 image indexes.
Create an empty folder named D:\mount. We will use this folder to mount
images.
From an elevated command prompt we repeatedly run the necessary sets of
commands for all index numbers. For example, to apply the “WPA trick” to
the third index of install.wim we have to run this set of commands:
dism /mount-wim /Wimfile:D:\install.wim /index:3 /mountdir:d:\mount
reg load HKLM\MY_SYSTEM “D:\mount\Windows\System32\config\SYSTEM”
reg delete HKLM\MY_SYSTEM\WPA /f
reg unload HKLM\MY_SYSTEM
dism /Unmount-wim /Mountdir:d:\mount /commit
4
A special note about the first index: When we’ve mounted the first index
(executed the first line of code above, with an index number 1 of course), a
good idea is to get the winRE.wim (the Windows Recovery Environment
image) from the mounted image. Because the winRE.wim file is the same for
all the indexes of the same architecture, we need to get one winRE.wim per
architecture. Using Windows explorer, browse to:
D:\mount\Windows\System32\Recovery
Copy-Paste winRE.wim to the root of D: drive. We will service (=update,
modify) this image later. Close Windows Explorer window. Note that if there
are any open windows or apps accessing files in the mounted image, it won’t
be successfully unmounted.
Finally we rebuild the installation image. The rebuild process is required
every time we mount an image and make changes to it offline to ensure that
its size is reported correctly and that all changes are properly committed.
The process is the same for all images. We will show it once here and then
consider it as known.
Rebuilding an image means exporting all its indexes to a new image file
without losing their exact sequence: the first index is exported first, the
second index is exported second, and so on. Moreover, we should maintain
the image attributes: Compression, Name–Description data, Check and
Boot. All Windows images typically have the “Check” option enabled, so we
should enable it during the export process. We should select the Maximum
compression. Additionally, if we are rebuilding a Windows PE image (the
boot.wim and winRE.wim image files – Windows Setup and Windows
Recovery Environment respectively) we should also check the “Boot” option,
to mark the image as bootable.
In the case of install.wim:
Launch GImageX and get to the export tab.
The input image is the D:\install.wim file that we want to rebuild
The output image is the new install.wim file after rebuild. For our
convenience, we name it as install.new.wim
Check the “Check” checkbox.
Select “Maximum” compression.
Leave the “Name” field blank – we retain the original Name data.
Leave the Image number at 1 – we are about to export the first
index.
Click the Export button.
Wait until process is complete, then close the dialog and return to
GImageX main window.
Select image number 2. Click the Export button. We are exporting
the second index with the same settings.
5
Let’s repeat this same process for indexes: 3,4,5,… in this exact
sequence. If something goes wrong, we’ll have to start all over
again. When we have exported all indexes, we can close GImageX.
Finally, let’s delete the original install.wim and rename the rebuilt
install.new.wim to install.wim. We’re done rebuilding the image.
Saving changes to the ISO: Now, using replace the \sources\install.wim and the
\sources\product.ini files with the ones you just modified. Also, delete the \sources\ei.cfg
file in the ISO. Save changes.
The importance of the WPA trick
After employing the WPA trick, we will be able to rearm (=refresh) the Windows 30-day
activation grace period for five times. The default number of rearms is three. You can
confirm this on a running system running the slmgr –dlv command.
The sysprep application, which we’ll use to prepare our patched image for generalized
deployment, rearms the 30-day grace period, thus reducing the remaining Windows rearm
count by one. This breaks the “originality” of the installation image and imposes limitations
on the end user. For example, in this scenario, the end user won’t be able to sysprep more
than 2 times. With the WPA trick, we have more than the default number of rearms in the
virtual environment. We have 5 remaining rearms. To bring this number down to the default
– that is 3 – we have to run the slmgr –rearm command once (and reboot the VM) just
before running Sysprep. This will bring the remaining rearms down to 4 before Sysprep and
to 4-1=3 (default) after Sysprep. Now, the end user will have a 30-day grace period and
he/she will be able to rearm 3 times and thus run sysprep for 3 times. (A note for advanced
users: 3 times without the SkipRearm=1, 8 times with the SkipRearm=1). Taking things one
step further, because the official ISO is actually a syspreped image, one could employ the
same strategy to sysprep a system an infinite number of times. We will discuss Sysprep in
further detail later. For the moment, let’s proceed with downloading of the updates.
6
4. Downloading the updates
The post-sp1 updates for Windows 7 can be divided – for the purposes of this tutorial – into
these categories:
Critical OS Updates – These hotfixes address critical OS bugs and performance
issues. They are available from Windows Update.
Security Updates – These updates address security vulnerabilities found in the
Windows OS components. They are available from Windows Update.
Request-only hotfixes – These hotfixes address specific issues and are normally
available only if a user requests them by Microsoft. These hotfixes are bundled in
the Service Packs.
We need an automated way to download all these updates. An excellent solution I stumbled
across recently is McRip’s Repository. McRip is a member of My Digital Life forums who
maintains and updates on a monthly basis an outstanding collection of the most recent (=
not superseded) hotfixes for Windows 7 x86 and x64.
More information can be found on these links:
http://forums.mydigitallife.info/threads/19461-Windows-Hotfix-repository – TIP: Keep an eye on this link, you may find special info about installing the McRip’s updates, or even about updates that are redundant or even missing from the repository. http://forums.mydigitallife.info/threads/44645 To download these updates from McRip’s server, you have to download the latest version of
the Windows Hotfix Downloader, found at the second link above.
After downloading the archive, we extract the WindowsHotfixDownloader.exe file and
execute it.
From the drop-down list “Please Select Updates” we select the update set we want to
download. For example, for Windows 7 x64 we select “Windows 7 x64”.
7
The update list is being populated. When all updates show up, right click on the list and click
Select all. When all updates have been selected click the “Download” button.
Let the downloader do its job. Return to your machine when it’s done.
NOTES: 1) Check the Release Date column to ensure you’re downloading the latest
updates and hotfixes.
2) The default download path is [working_directory]\Updates, where [working_directory]
is the directory where the hotfix downloader executable resides (where we’ve extracted
it). In this example, that is the root of the D: drive, so the download path is D:\Updates.
When updates have completed downloading, close the downloader and browse to the
download folder.
8
In the Updates folder you can see the Windows 7 x64 folder which contains the downloaded
64-bit updates. Let’s discuss the folder structure.
9
The 2 subfolders in the “Windows 7 x64” folder are: “Main Updates” and “Additional”. This
categorization of the updates is straightforward. We will discuss the installation sequence
later more specifically later.
The main updates folder contains 3 folders and the updates in MSU format. The MSU format
is self-extracting, that is you can double-click the update in MSU format and install it
immediately. We also need the updates in MSU format to integrate them in Windows PE
images. However, the updates shouldn’t be in MSU format when we’re attempting to
integrate them in installation images. We will discuss this parameter later.
Except for the MSU files there are some additional files we should examine:
Update Changelog.txt – Created by McRip and shows the changes committed to the updates
folder over its various releases.
Install.cmd – A batch file by McRip to help offline integration of the updates. WE WON’T USE
IT.
KB2798897-rvkroots.exe – We will run this EXE file later to update the Untrusted Root
certificates.
Rootsupd.exe – We will run this EXE later to updated Trusted Root Certificates.
ONLINE KB2775511(..).REG – We will merge this reg file to registry after installing the
KB2775511 (the March 2013 enterprise hotfix rollup).
10
Windows6.1-KB2732072.reg – We will merge this reg file to registry after installing the
KB2732072.
Also, go to http://support.microsoft.com/kb/2801244/EN to download the KB2801244
hotfix (Connection to a DAV server cannot established on a computer that is running
Windows 7 SP1) and the http://support.microsoft.com/kb/2534111/EN to download the
KB2534111 installation hotfix if you’re not installing from SP1-U installation media . Save the
MSU files in the Main Updates folder.
As for the folders in the Main Updates folder:
KB2737681-french-Enterprise-only – Contains the MSU file for the KB2737681 hotfix (You
cannot deploy a client agent by using System Center 2012 Configuration Manager on a
computer that is running the French version of Windows 7). It is applicable only on Enterprise
edition with the French language pack installed.
KB2835174-Polish-only – Contains the MSU file for the KB2835174 hotfix (Incorrect
disclaimer is displayed in the Product Activation wizard in the Polish version of Windows 7
SP1 and Windows Server 2008 R2 SP1). It is applicable only if you have installed the Polish
language pack.
WU_Satisfy – The purpose of these updates is given in the ReadMe.txt file in that folder:
“These updates must be installed in GDR mode to satisfy Windows Update. Use these
updates only when you installed all other updates in LDR/QFE mode.”
For W7USP2, we will install them after all other main updates have been applied.
Now let’s go to the Additional folder.
The Additional folder contains various folders.
BallotScreen – The browser choice update. We won’t use the MSU file provided here but
we’ll use Windows Update instead.
BeforeInstallSP1 – Prerequisites before applying SP1 on Windows 7 RTM. Since we’re using a
SP1 disk as a source we won’t need this folder.
DCA – Installer MSU for DCA (DirectAccess 2.0). We will install this in the first wave of
updates.
IE10 – IE10-related packages(=updates). The Prerequisites folder contains prerequisite
updates to be installed before IE10 is applied1. The cabinet file contains the IE10 with the
latest security updates pre-integrated. The Updates folder contains the latest cumulative
security update for IE10 in MSU format.
1 At the time of writing, Internet Explorer 10 (IE10) was the latest version of Internet Explorer for Windows 7 SP1. There may be newer versions of Internet Explorer in the future. In any case, one should install ONLY the latest version of IE directly on top of IE8.
11
IIS – Updates for Internet Information Services (IIS) 8.0 Windows Component, in MSU
format. They should be applied after all Main Updates have been completely installed.
Integrate to installation media – These updates are special and require integration to the
installation media as well. Let’s examine them one-by-one.
KB2023591
The KB article description: Information about the User State Migration Tool
(USMT) 4.0 update
Integration:
The update is available in CAB format.
We should install this CAB file in Virtual machine along with other updates. We also
need to update the installation media with the updated files found in this hotfix.
To do this we’ll have to open the CAB archive with 7-zip and extract the migapp.xml
and migcore.dll files found there to the \support\migwiz folder. We’ll replace the
existing files found there.
KB2495879
The KB article description: Enable Windows Deployment Services to support the
SSM protocol in Windows Server 2008 R2.
Integration:
The update is available in CAB format. We will install it in Virtual Machine along
with other updates.
McRip has also extracted the wdstptc.dll file, which is affected by this hotfix. We
need to copy this file to the \sources folder of the installation disk and replace the
existing file.
KB2521168
The KB article description: "My Language is" is not translated into Chinese when
you install Windows 7
Integration:
This installation hotfix is specific for Chinese (traditional, Hong Kong). It should be
applied only if you have integrated the Chinese, Traditional language pack.
We should apply the Cab to VM we are about to sysprep as well as the Windows PE
images – boot.wim and winRE.wim. McRip has extracted the uxlibres.dll.mui file,
which is affected by this hotfix. We should also replace the existing file found in
\sources\zh-hk (if we’ve integrated the Chinese-HK language pack to installation
media).
KB2525084-v2
The KB article description: Imagex.exe cannot capture an image in Windows PE 3.0
on a computer that is running Windows 7 or Windows Server 2008 R2
We don’t need to integrate this update somewhere.
KB2673007
The KB article description: "TFTP download failed" error message during a PXE boot
on a client computer that connects to a Windows Server 2008 R2-based Windows
Deployment Services server
12
Integration:
The update is available in CAB format. We should integrate this update to boot.wim
indexes 1 and 2 and winRe.wim index 1.
KB2757588
The KB article description: “Boot program fails when you try to install Windows by
using a WDS server that is running Windows Server 2008 R2”
Integration:
Add this update to VMs and WinPE images.
NOTE: This is an EFI update. You have to update all Boot & EFI files in the
installation media after applying all updates to the Virtual Machine. We will
discuss this aspect later.
KB890830.Microsoft.Windows.Malicious.Software.Removal.Tool – This folder contain the
MRT executable. We will use Windows Update to install MRT properly. This EXE will be
redundant for us.
KB947821.System.Update.Readiness.Tool – This folder contains the System Update
Readiness Tool. It is recommended to run this update after installing all OS components and
updates – including .NET 4.x and Silverlight. After running this tool, execute the sfc /scannow
command in VM. These two steps will ensure that the OS files are “in good health”.
KB2506143.Windows.Management.Framework.3.0.CTP – This folder contains Windows
Management Framework 3.0 and its hotfixes. The Windows6.1-KB2506143-x64.msu is the
main package for installing WMF 3.0 and we should install this before applying the other
hotfixes found in this directory.
TWO IMPORTANT NOTES ABOUT WMF 3.0:
1. Install the latest version of .NET Framework 4.x and its updates BEFORE installing
WMF 3.0
2. Install WMF3.0 and all of its updates in VM before installing Windows
Management Framework 4.0. After installing WMF4.0, install WMF4.0 updates. In
this scenario, the end user will be able to get back to WMF3.0 by simply
uninstalling WMF4.0.2
KB2646060.Disable.AMD.Core.Parking – Run this EXE file after installing all updates to
disable Core Parking in AMD processors (http://support.microsoft.com/kb/2646060/en) and
thus enhance performance.
KB2724074MicrosoftBitLockerAdministrationAndMonitoring – Update description: You
cannot retrieve the BitLocker recovery key for disk recovery in BitLocker Administration and
Monitoring. Install this update after all other updates have been installed in Ultimate and
Enterprise editions of Windows.
2 We prefer this scenario, because specific applications are incompatible with every other version of WMF except version 3.0. Unless the issues are fixed with WMF4.0 Final, we should give the end-user the option to downgrade to WMF3.0 from WMF4.0.
13
MSMQ – Install MSU updates for Microsoft Message Queue.
MSXML4 – Install MSXML4 SP3 parser, after all main updates.
NFS – Updates related to NFS, in MSU format.
Not integratable to Offline image – These MSU updates should be installed along with the
other Main Updates. They are separated because they can’t be injected offline. Since we use
VMWare to patch the OS images, we perform the patching online, so this is no problem.
PreSP1.Packages.for.Post.SP1 – Some optional OS components that should be applied in the
first wave of updates. These updates are:
KB943790 – Windows File Management API. There is 1 subfolder with a relevant
name and it contains one MSU file.
KB969168 – Microsoft Agent. There is 1 subfolder with a relevant name and it
contains 1 MSU file.
KB974405 – Windows Identity Foundation. There is 1 subfolder with a relevant
name. This subfolder contains the main MSU and the WIF hotfixes in the “Hotfixes”
subfolder. These hotfixes should be applied after WIF is installed.
NtBackup – Optional, install the ntbackup application. This is NOT included in
W7USP2.
RemoteDesktopProtocol8.0 – Install RDP 8.0 on VM. Apply the KB2574819 and KB2592687
updates in the first wave of updates. Install KB2847932 in the second wave of updates.
RSAT – Install Remote Server Administration Tools in VM. Can be installed on Professional,
Ultimate, Enterprise editions. We will install the KB958830-RefreshPkg and the KB975541
(AD LDS) packages first. Then we will install the remaining MSU files.
Silverlight – Install Silverlight EXE file. We won’t use this EXE to install Silverlight. Instead, we
will use Microsoft Update.
SNMP – Updates for SNMP.
Subsystem-for-UNIX-based-applications – Updates for UNIX subsystem
VPC – The Windows Virtual PC application. Optional, won’t be included in W7USP2.
Windows.Update.Agent – The updates to the Windows Update Agent. We will use Windows
Update to install this update.
WMSRSAT – Remote Server Administration Tools. These updates are to be installed with the
first wave of updates in Professional, Ultimate, Enterprise.
In addition, create an empty folder named IE8 (inside the Additions folder). Search the latest
Cumulative Security Update for Internet Explorer 8 for Windows 7. Save it here. We will
integrate the downloaded MSU file in the WinPE images. Also, download the latest DX redist
After taking a look at the downloaded updates, let’s start organizing our next steps.
14
5. Organizing our next steps
This is the most critical part of building W7USP2. The quality of the W7USP2 ISO is
dependent on the planning we are about to do right now.
First rule in organizing the rest of the process:
Always install the language packs before installing any updates.
A good idea to organize our next steps is creating 3 MUI ISOs per architecture at SP1 level.
That means we will create 3 MUI ISOs per architecture without updates, only with SP1 and
language packs integrated. We will use these ISOs as a starting point and we will update
them each time we want to create updated MUI ISOs, saving us time.
5a. Building MUI Disks
Steps involved:
Integration of language packs to install.wim
Integration of local packs to install.wim
Integration of language packs & DaRT to winRE.wim
Integration of language packs to boot.wim
Integration of language packs to installation media
After successfully building the MUI disks, we will proceed with the English-only version
5b. English-Only Version
We should integrate DaRT in boot.wim and winRE.wim images. Optionally, we can add
optional components to WinPE images. (We won’t do this in MUI versions and 32-bit WinPE
images, to minimize RAM requirements and boot time of Windows PE). We won’t add DaRT
in boot.wim index 1; it’s redundant.
We will use the SP1-level ISOs we created earlier as a starting point to integrate monthly
updates and easily keep W7USP2 up-to-date, without losing too much time.
5c. Keeping W7USP2 up-to-date
After creating the SP1-level ISOs, let’s design the updating process.
We will process each architecture seperately. Supposing we’ll start from 64-bit:
The winRE.wim we have already extracted is the same on all Windows 7 editions of the
same architecture.
Consequently, we will start the process from the winRE.wim file.
15
winRE.wim Integrate OS updates (Main Updates + IE8 update)
Update Sweeper definitions (Sweeper is part of DaRT v7.0)
Integrate the latest boot-critical drivers.
Next step is the OS images. This is the sequence we should follow to install the updates:
Install "Integrate to installation
media" updates
Disable AMD Core Parking
Install MSXML4 SP3 Parser
Install .NET Framework 4.x and all updates
Install WMF3.0
Install WMF3.0 Updates
Install WMF4.0 + Updates
DX Latest Redist
Install Bitlocker Administration and Monitoring
Update
Run Windows Update
repeatedly until no updates show
up.
Enable Microsoft Update and
install Silverlight.
Run Windows Update
repeatedly until nothing shows
up
4. Install Additional Updates
Stage about 60 updates at a time, reboot
and continue. Don't forget the non-integratable updates and the
SP1-U setup hotfix
When you've installed all
hotfixes, apply registry changes
required by specific hotfixes
Install the latest version of Internet Explorer
Install rootsupd.exe, rvkroots.exe
Install edition- and language-
specific hotfixes
Install WU_Satisfy
updates last.
3. Install Main Updates
WIF Hotfixes
MSMQ hotfixes
IIS hotfixes
NFS Hotfixes
RDP8.0 Hotfixes
RSAT Hotfixes
SNMP hotfixes
UNIX Subsystem
Hotfixes
Any other optional
components hotfixes
2. Install hotfixes for optional compoents
Microsoft Agent
WinHelp Update
(KB917607)
Windows Identity
Foundation
FMAPI (KB943790)
DCA (KB2666914)
RSAT (KB958830 + KB975541)
WMSRSAT (KB970985)
RDP8.0 (KB2574819
and KB2592687)
1. Install optional components
16
After that, we will pre-install third-party drivers. Finally, we will copy the updated
winRE.wim file to the OS version we will be updating.
The logic is the same with all Windows 7 editions. We will start from Starter (32-bit only),
then proceed with Home Basic (x86/x64), Home Premium (x86/x64), Professional
(x86/x64), Ultimate(x86/x64) and Enterprise(x86/x64). Some updates are applicable only
in Professional, Ultimate and Enterprise editions.
After preparing the OS images, the next step is to start updating the installation media. We’ll
do this in two passes: before and after updating the boot.wim:
First pass: Check in the updated OS images for updated versions of the files found in the installation
media. Also update files from the “Integrate to installation media” updates.
Second pass: Get the updated Setup files after servicing updates to boot.wim. Optional: Generate
updated setup catalogs for the updated installation image.
After the first pass of updating the installation media is complete, we will cleanup and
capture the installation image (install.wim). The installation image will contain all OS
versions in separate indexes. We will finally service the boot.wim and complete updating the
installation media. The steps are similar with winRE.wim updating. We won’t update
Sweeper in boot.wim index 1, as DaRT is not included.
Final note: Let’s explain the role of the various indexes found in boot.wim, winRE.wim and
install.wim images.
boot.wim Index 1 Used for Upgrade installations
Index 2 Used for Clean installations (boot from setup disk)
install.wim Index 1 32-bit: Windows 7 Starter 64-bit: Windows 7 Home Basic
Index 2 32-bit: Windows 7 Home Basic 64-bit: Windows 7 Home Premium
Index 3 32-bit: Windows 7 Premium 64-bit: Windows 7 Professional
Index 4 32-bit: Windows 7 Professional 64-bit: Windows 7 Ultimate
Index 5 32-bit: Windows 7 Ultimate 64-bit: Windows 7 Enterprise
Index 6* 32-bit: Windows 7 Enterprise
winRE.wim Index 1 Windows Recovery Environment3
If you have difficulties grasping the meaning of “index”, you could think of it as a “partition” while its
image file represents a “disk”.
This is our flight plan. Let’s start implementing it.
3 Windows Recovery Environment (Windows RE or WinRE) is the special recovery environment your computer enters each time you select “Startup repair”, “Repair your computer” or other advanced repair options.
17
6. Preparing the SP1-level disks
IMPORTANT: The steps described in this chapter need to be done only in the first time.
After that, we can use those SP1-level ISOs as a base to keep W7USP2 updated.
6a. Preparing the English-only SP1-level disk
We will execute these steps twice, one time per architecture.
We’ll present the procedure for x64.
First of all, let’s keep some backup. Let’s create a folder on an external HDD and save the
original ISOs, the original winRE.wim, and the AIO ISOs we created in Chapter 3. We should
do this in a way that the different architectures are kept separate. For example, we can
create a folder named “ORIGINAL” with 2 subfolders “x86” and “x64”. Each subfolder will
contain the original winRE.wim, the 2 MSDN/TechNet Ultimate + Enterprise ISOs, the
language packs and the local packs ISOs as well as the modified AIO ISO we created for that
architecture. We can revert to these files if something goes wrong in the next steps.
Now, let’s start updating the winRE.wim and boot.wim images with the DaRT files and the
optional components (64-bit only).
– Integrating the DaRT v 7.0 files: For your convenience, I’ve already prepared the required
files: Download Link: http://www.2shared.com/file/ItGRhhiX/DaRT_x86_x64.html
The DaRT_X86_X64.7z file you will download contains another two 7z. DaRT.7z is for 32-bit
while DaRT_x64.7z is for 64-bit.
Extract the files from the 7z file that is appropriate for the architecture you are working on
(in this example, we’re working on the 64-bit architecture, so we’ll extract the files in
Dart_x64.7z). Extract them to D:\Dart_ext (create folder). You will delete this temporary
folder after completing the job. Let’s start from the winRE.wim file.
First of all let’s mount the D:\winRE.wim (if it isn’t there copy it from the ORIGINAL folder)
index 1 to D:\mount:
Dism /mount-wim /Wimfile:d:\winre.wim /index:1 /mountdir:d:\mount
Then merge the contents of the D:\Dart_ext\mount folder with the D:\mount folder. Do this
by copy-pasting the D:\Dart_ext\mount to D:\
– OPTIONAL STEP: Add Windows PE optional components. To do this you will need the WAIK
SP1 Supplement ISO. This ISO contains packages for Windows PE 3.1 images. These files are
located in the \AMD64(or X86)\WINPE_FPS folder. From this folder, one can extract these
optional packages. The file names of these packages are: WINPE-DOT3SVC.CAB, WINPE-
FONTSUPPORT-JA-JP.CAB, WINPE-FONTSUPPORT-KO-KR.CAB, WINPE-FONTSUPPORT-ZH-
CN.CAB, WINPE-FONTSUPPORT-ZH-HK.CAB, WINPE-FONTSUPPORT-ZH-TW.CAB, WINPE-
HTA.CAB, WINPE-MDAC.CAB and WINPE-PPPOE.CAB. Extract these files to a temporary
folder named D:\WINPE_OC_NEU_X64.
18
In addition, extract language-specific (English-language) packages for these optional
components you’re adding. They are found in the \AMD64(or X86)\WINPE_FPS\EN-US
folder. Except for WINPE-FONTSUPPORT-JA-JP.CAB, WINPE-FONTSUPPORT-KO-KR.CAB,
WINPE-FONTSUPPORT-ZH-CN.CAB, WINPE-FONTSUPPORT-ZH-HK.CAB, WINPE-
FONTSUPPORT-ZH-TW.CAB all other WinPE packages have language-specific resources
included in separate packages. The name of these packages is relevant with the neutral
package they are updating. For example the english package for the WinPE optional
component named WINPE-DOT3SVC is, in turn, named as WINPE-DOT3SVC_EN-US.CAB.
Select and extract these required packages to a temporary folder named
D:\WINPE_OC_EN_X64.
Add all optional components with one command:
dism /Image:D:\mount /Add-package /packagepath: D:\WINPE_OC_NEU_X64
/packagepath: D:\WINPE_OC_EN_X64
Commit changes to winRE.wim with the command:
Dism /Unmount-wim /Mountdir:d:\mount /commit
Finally rebuild the winRE.wim image and delete all temporary folders (except for D:\mount).
–For boot.wim indexes 1 and 2 the process is almost identical. However, there are three
important differences:
Don’t copy DaRT files to boot.wim index 1.
Delete the winpeshl.ini file from the D:\mount\Windows\System32 folder when
editing the boot.wim index 2 (after copying DaRT files).
Rebuild the boot.wim image when you’re editing all its indexes.
Because the syntax of dism commands is rather straightforward, I leave you “guess” the
required commands to complete the task with boot.wim.
–Saving the modified winRE.wim to install.wim
The final step is to integrate the winRE.wim to all install.wim indexes. Extract install.wim
form the AIO ISO Just mount each index to D:\mount, copy-paste (replace) winRE.wim to
D:\mount\Windows\System32\recovery. Close Windows Explorer windows and commit
changes. Repeat process with all image indexes. Finally rebuild install.wim. Using UltraISO,
save the updated install.wim and boot.wim files to the AIO ISO.
We’ve finally prepared the SP1-level English only ISOs. Keep a separate copy of the
winRE.wim you created earlier; we won’t need to extract it from the install.wim later.
19
6b. Preparing the MUI SP1-level disks
We will execute these steps six times, three times per architecture. We will create 3 MUI
ISOs per architecture which will contain the languages shown in page 2.
The process to create a MUI ISO is as follows:
1. winRE.wim and boot.wim language pack integration
First of all, we update the winRE.wim and boot.wim images. Example is shown for x64
architecture. Dism commands are easy to guess.
Procedure: Mount the image. Copy DaRT files (see 6a). Don’t copy DaRT files to boot.wim
index 1. Delete winpeshl.ini from boot.wim index 2 (after copying DaRT files).
Now install language packs. Language packs can be found in the WAIK sp1 supplement ISO,
in the \AMD64\WINPE_FPS\lang_code folder, where lang_code is the language code for the
language you’re about to install, for example fr-fr for French. Copy the contents of these
folders (for the languages you want to include) to a temporary folder named
D:\WINPE_LANGPACKS_X64.
(The Windows PE language package names follow the lp_lang_code.cab pattern, for
example: \AMD64\WINPE_FPS\fr-fr\lp_fr-fr.cab is the 64-bit WinPE 3.1 language pack for
French.)
Now we will simply install all packages in that folder. Even if this folder contains language-
specific packages for optional components, these packages won’t be installed because we
haven’t included their language-neutral counterparts. An important note, though: While we
are creating the MUI ISO #3 (see page 2) we have to integrate the following packages,
before adding any language packs: WINPE-FONTSUPPORT-JA-JP.CAB, WINPE-
FONTSUPPORT-KO-KR.CAB, WINPE-FONTSUPPORT-ZH-CN.CAB, WINPE-FONTSUPPORT-ZH-
HK.CAB, WINPE-FONTSUPPORT-ZH-TW.CAB. This will enable Japanese, Chinese and Korean
text to be shown properly.
In boot.wim index 2 and winRE.wim index 1 there is one additional step we have to perform:
create the lang.ini file. The lang.ini file enables selection of languages as soon as Windows
Setup starts.
Creating the lang.ini file is easy. Copy the \sources\lang.ini file to a place with read/write
access, for example your desktop. Using Notepad, open the file:
[Available UI Languages] en-US = 3 [Fallback Languages] en-US = en-us In the [Available UI Languages] section we change the en-US = 3 to en-US=0. Press Enter to
start a new line. Now, each line below en-us=0 (in this section) should follow the pattern:
20
lang_code = index_number
where lang_code is the language code of an integrated language and index_number is the
position in the language selection list, starting from 0.
For example, in the MUI ISO #1 the lang.ini file should be like:
[Available UI Languages] en-US = 0 fr-fr = 1 el-gr = 2 de-de = 3 it-it = 4 es-es = 5 pt-br = 6 pt-pt = 7 sv-se = 8 fi-fi = 9 hu-hu = 10 da-dk = 11 nl-nl = 12 nb-no = 13 tr-tr = 14 [Fallback Languages] en-US = en-us
Save changes to lang.ini file. Copy the same lang.ini file to boot.wim index 2, winRE.wim
index 1 and don’t delete it yet, because we will use it to update the installation media. Note
the lang.ini file is architecture-independent.
Finally, we unmount the image. When we’re done editing all the image indexes for
boot.wim and winRE.wim image files we rebuild the images.
2. Updating the installation media
We will now add multilingual support to the installation disk. First step is to extract all the contents of the AIO ISO for the architecture we’re working on, except for the \sources\boot.wim file. (We’ve created a new boot.wim file already). For example, extract the files to D:\MUIDISK_x64 (64-bit in our example). Below we’ll refer to D:\MUIDISK_X64 as if it was the root of the ISO, using the “\” character. We will update the following installation disk folders: \sources \sources\dlmanifests \sources\etwproviders \sources\license \sources\replacementmanifests \sources\lang.ini \support\logging \support\migwiz and add the folder \langpacks to the root of the installation media.
21
First of all, we should understand how updating the disk works. The setup files can go multilingual if there are special folders named after the various language codes of the integrated languages. These folders contain the translated versions of the setup files. For example, if we’ve included English and French the en-us folder contains the English versions of the files while the fr-fr folder contains the French versions of the files. Consequently, we have to add the language folders for the languages we’re adding to the English AIO ISO we’ve created. The easy part: \sources\dlmanifests and \sources\replacementmanifests. These folders contain an en-us folder each, but it’s empty. Consequently, the language folders we will add will also be empty. In the case of MUI ISO #1 we will add the following empty subfolders to each of the aforementioned folders: fr-fr, el-gr, de-de, it-it, es-es, pt-br, pt-pt, sv-se, fi-fi, hu-hu, da-dk, nl-nl, nb-no, tr-tr Now, let’s update the lang.ini file with the one we created earlier. Copy-paste (replace) the lang.ini you created earlier to the \sources folder of the extracted ISO. Updating the \sources folder: We will use the language-specific WinPE packages found in WAIK SP1 Supplement ISO to achieve this. Specifically, we’ll need the language specific packages for the WinPE-Setup component. These files are named \AMD64 (or X86)\WINPE_FPS\lang_code\WINPE-SETUP_lang_code.CAB. For example, the 64-BIT package for the French language is the \AMD64\WINPE_FPS\FR-FR\WINPE-SETUP_FR-FR.CAB package in the supplemental ISO. We will open these packages (for the languages we want to integrate) and use them as follows: Each of those packages contains a folder with a long name and a couple of other files. What we need here are the contents of the folder with the long name. We first create a folder with the language code of the language we’re about to integrate as its name. For example if we’re adding French, let’s create \sources\fr-fr. Then, we extract the contents of that long-named folder in the CAB package to the folder we just created:
22
We repeat these steps for all the languages we’re about to integrate to the installation media. This is actually the first part of the “updating the \sources folder” story. We will now add upgrade-related MUI setup files to \sources language subfolders. We will implement a similar strategy to what we did above with the WINPE-SETUP language-specific packages. The difference is that we gonna use the WINPE-LEGACYSETUP language-specific packages. The locations and names of these packages is similar to the ones of WINPE-SETUP language-specific packages. Again we open these packages and we need the contents of the long-named folder inside each of them. Now, things are a bit more complex: We will copy almost all the contents of this folder to the respective language-code-named subfolder of the \sources folder. For example, for 64-BIT French we will copy almost all the contents of the folder inside the \AMD64\WINPE_FPS\FR-FR\LEGACYSETUP_FR-FR.CAB package in the WAIK supplement ISO to the \sources\fr-fr folder we created and updated in the previous step. However, there are 8 files which shouldn’t be copied to the respective \sources language-code-named subfolder. These files are: auditetw.dll.mui, cmisetupetw.dll.mui, oobeldretw.dll.mui, setupcletw.dll.mui, setupugcetw.dll.mui, sysprepetw.dll.mui, windeployetw.dll.mui, winsetupetw.dll.mui. After copying the remaining contents of the package subfolder, don’t close the archieve viewer yet: we will copy those 8 files somewhere else. We will use these 8 files to create language-code-named folders in the \sources\etwproviders and the support\logging folders: Create a folder named after the language code of the language you’re integrating in each of these folders. For example if you’re integrating French, create 2 folders: \sources\etwproviders\fr-fr and \support\logging\fr-fr. Then select those 8 files from the Package you’ve opened previously and copy them to both folders.
Example: The selected files in this picture should be copied to \sources\fr-fr. The non-selected files should be copied to the \sources\etwproviders\fr-fr and \support\logging\fr-fr folders. The package we’re extracting the files from is the WINPE-LEGACYSETUP_FR-FR.CAB file in the \AMD64\WINPE_FPS\FR-FR folder of the WAIK Supplement ISO.
23
Repeat those steps for all the languages you’re about to integrate in the MUI ISO. So much work! At least we won’t have to do this every time we will be updating W7USP2 ISOs… Still, we’re not done yet. We have to update the \sources\License folder. For your convenience, I’ll provide you with the required files below: 64-bit License folder: http://www.2shared.com/file/NymS1nOC/license_x64.html 32-bit License folder: http://www.2shared.com/file/vhQ_nfTs/license_x86.html After downloading the 7z file that’s appropriate for your architecture, extract the contents of 7z to a temporary folder, let’s say D:\LICENSE_X64_TEMP In the “license” folder we’ve just extracted there are license files for all 36 languages. We’ll keep only the files related to languages we intend to integrate. The license folder contains 36 language-code-named subfolders and the _default subfolder. We will delete the language-code-named subfolders that relate to languages we won’t include in the specific ISO. Then we will copy-paste the license folder we just edited (in the D:\LICENSE_X64_TEMP folder) to the D:\MUIDISK_X64\sources folder (where we’re building the MUI ISO files). Replace existing files. We’re now done updating the \sources\license folder. Next step: let’s update the \support\migwiz directory with language-specific resources. Again, I’m providing you with the relevant files to save you time. Just copy the language-code-named folders for the languages you plan to integrate in the specific MUI ISO to the \support\migwiz folder. 64-bit migwiz files: http://www.2shared.com/file/6W5Whzjr/migwiz_x64.html 32-bit migwiz files: http://www.2shared.com/file/hZCYkX5r/migwiz_x86.html Final step: Let’s create the \langpacks folder.
The langpacks folder enables multilingual support for Windows 7 setup. Without the
langpacks folder you will get an error message: “Windows cannot be installed in the selected
language”.
The langpacks folder contains the original SP1 language package files. Those files are the
lp.cab named files found in the MSDN/TechNet Language Packs ISOs.
First create a blank folder named “langpacks” inside D:\MUIDISK_x64. Now, open the
MSDN/Technet ISOs which contain the language pack files for the languages you’re
integrating. Copy all the subfolders of the langpacks folder in the MSDN/TechNet language
packs ISO which correspond to the languages you added to the D:\MUIDISK_x64\langpacks
folder. Also, copy the en-us subfolder to the D:\MUIDISK_x64\langpacks folder.
(Note: The zh-tw language package folder is found in a separate ISO).
Now, we’re done preparing the installation media files. Let’s update the install.wim and
create the MUI ISO.
24
3. Updating the installation image
First, let’s mount the install.wim we’ve extracted previously from the SP1 English ISO. The
command to do it is assumed known.
For each index we mount we have to do four things in the following order:
Install language packs (lp.cab files)
Install the required local packs
Copy the updated winre.wim to D:\mount\Windows\System32\recovery, where
D:\mount is the mount directory.
Unmount the index (command is assumed known). Close all Explorer windows
accessing the mounted image before proceeding.
To install the language packs, we use the dism /Image:D:\mount /Add-package:[path]
where [path] is the full path of the lp.cab language pack file we are adding.
We use the same command to install local packs. In this case, the [path] parameter is the full
path to the local pack we are installing.
We install local packs after installing all language packs. Install only the required local
packs (see page 2).
When you’re done modifying all indexes, rebuild the image.
4. Rebuilding the ISO
Our final step is rebuilding the ISO. To do this we open the original English ISO with UltraISO.
In UltraISO’s file explorer we select all files/folders (go to the root of the ISO) and delete
them. This will not affect the ISO bootloader (which makes the ISO bootable). Now, copy-
paste all the contents of the D:\MUIDISK_x64 folder to the UltraISO.
Save ISO as a new one, which should be named properly (for example W7_SP1_MUI1_x64
for the 64-bit MUI ISO #1).
Finally, close UltraISO.
After all, we’ve created the MUI ISO.
Clean up the temporary folders we created earlier. We keep a copy of winRE.wim we
created earlier for quick future updating (so that we don’t need to extract it from the
install.wim).
Now, we will proceed with the updating process.
25
7. Updating the SP1-level disks.
We have already outlined the basic steps involved in updating the SP1 installation image. In
this chapter we will explain these steps in practice. We will install the updates to WinPE
offline: directly from our machine’s command prompt, while we will apply the install.wim
updates (main OS updates) in Virtual Machine (VM) and then recapture the install.wim
image. Let’s start organizing the update files.
a) Organizing the update files
We will organize the updates based on the diagram shown on page 15. We create a new
temporary folder – for example: d:\updates_x64. The subfolders will contain the updates to
be installed. These subfolders will be named appropriately to reflect the sequence of the
updates to be installed. The folder containing the first wave of updates will be named as “1”,
the folder containing the second wave will be named as “2”, etc. After applying each wave of
updates we should restart the VM (if we’re working in VM) or simply proceed with the next
wave of updates, if we’re updating WinPE images (boot.wim and winRE.wim).
Don’t forget to download the latest updates for .NET 4.x. These updates should be applied
after .NET 4.x installation (of course they’re not applicable in WinPE).
The non-offline updates cannot be integrated in WinPE. (They are unnecessary in Windows
PE anyway). They will throw an error during integration process, which is normal.
While integrating updates to Windows PE, only the applicable updates will be staged. So
don’t worry about redundant updates. Regarding Windows PE, install the latest cumulative
update for IE8 after installing all other updates. This shouldn’t be installed in VM, however –
it’s unnecessary. All WinPE updates are to be installed in MSU format. In VM, however, the
updates will be installed in CAB or EXE format. MSU files contain compressed cab files. (CAB
files represent the update packages to install). We will extract these CAB files from their
MSU parents. In the “1” folder for example, there are the MSU packages for the first-wave
updates. Create a subfolder named “ext” (for extracted). This folder will contain the
extracted CAB files for the MSU files residing in its parent directory (in this example, the “1”
folder). We do this by running the following command in command prompt:
expand –F:* d:\UPDATES_x64\1\*.msu d:\UPDATES_X64\1\ext
After running this command, go to D:\updates_x64\1\ext and delete the redundant WSUSScan.cab file. If there are any CAB files in the d:\updates_x64\1 folder (in general, the parent of the ext folder we just created) also copy them to the ext subfolder. We will massively install all CABs in the ext subfolder. The EXE (or MSI) updates are installed in VM only (not offline) with a double click – just what you’d do on a real computer. For your convenience, the EXE files have to be separated from the MSU updates. An EXE file doesn’t need to be an OS update to be successfully installed. You can install any third-party app in VM exactly like you would on a physical computer. It is recommended, however, that you install only the absolutely essential apps in VM. Avoid preinstalling antivirus and security-related software. In W7USP2 we include only the essential OS updates.
26
IMPORTANT: Many times some MSU updates may fail to install immediately (in VM
especially). Take note of these updates and try to apply them after restarting the VM. This
is important, because even applicable updates may sometimes fail to install due to other
updates being staged at the same time. Also, check for the applicability of some updates
you’re installing. The “integrate to installation media” updates in McRip’s repository may
not be applicable to the installation image (in VM) – search them over the Microsoft
Support to check for an integratable version of them – like a MSU file.
WU_Satisfy updates should be applied both to VM and WinPE, after installing all main OS
updates.
Drivers: A great idea, which is implemented in W7USP2, is to include the latest boot-critical
drivers, so that your hardware is immediately recognized. Many updated drivers can be
massively downloaded from the driverpacks site : www.driverpacks.net. We download the
Chipset, LAN, WLAN and Mass storage driver packages. We extract their contents with the
following procedure:
a) Create a folder named Drivers. b) Extract the contents of the “Vista” subfolder (the folder in it) to the Drivers folder you just created. c) Extract the contents of the “Win7” subfolder (the folder in it) to the Drivers folder. Merge folders with the same name and replace existing files. d) Extract the contents of the “All” subfolder (the folder in it) to the Drivers folder. Merge folders with the same name and replace existing files. e) Repeat steps b-d for every downloaded 7z file. f) When you are done, you will have the following subfolders the Drivers folder: C, M, L and W. Inside these folders there are subfolders containing the drivers. However, for some drivers, there are subfolders which contain drivers both for Windows Vista and Seven, in their respective subfolders. For example, let’s suppose this is the case with a chipset driver in the subfolder C\Intel\1. In this example, there will be 2 different subfolders to Intel\1, one for Vista and the other for Seven driver files. Their names would be for example LH and W7 respectively, or Vista and W7 , etc. In this case, we have to delete the folder containing the driver files for Vista, let’s say C\Intel\1\LH in our example. We have to do this check manually for all driver packs folders, to avoid duplicate driver installation in the driver store. g) Create a folder named Boot inside the Drivers folder. Move the C,M and L folders to it. The Boot subfolder contains boot-critical driver files to be injected in Windows PE images (boot.wim and winRE.wim). Finally, place the Drivers folder in the same folder where you previously organized the updates. Install drivers in VM after installing ALL updates and apps in VM. Install drivers in WinPE after installing ALL updates in Windows PE. More details about driver integration will be given later. Because normally driver integration can only be done offline, we will do a special trick to install the drivers before syspreping and capturing the install.wim image.
27
b) Injecting updates and drivers to Windows PE The procedure is the same for both winRE.wim and boot.wim images. We will perform one additional step in boot.wim index 2 and winRE.wim index 1 to update the Sweeper’s antimalware definitions (Sweeper is part of DaRT v 7.0). First, we mount the image to be serviced. (We start from winRE.wim). Using the commands: Dism /image:D:\mount /add-package:D:\UPDATES_X64\1 Dism /image:D:\mount /add-package:D:\Updates_x64\2 … Dism /image:d:\mount /add-package:d:\updates_x64\IE8 and so on, we install all applicable MSU updates (IE8 is last). Extra step: Update sweeper definitions: To do this, run the mssstoolx64.exe or mssstoolx86.exe executable (depending on your processor architecture, download at http://windows.microsoft.com/en-us/windows/what-is-windows-defender-offline). Click Next, then select to save as ISO, click next and specify the ISO target location. This ISO will contain the latest definitions. Once the download is complete, extract the mpam-fex64.exe or mpam-fe.exe, depending on target processor architecture. You can delete now the ISO file, the rest of it is useless. Using 7-zip open the exe file you just extracted as an archive. All the files it contains except for the MPSigStub.exe file are the latest definition files. Copy those files to D:\mount\Program Files\Standalone System Sweeper\Engine folder. Replace all files there. You just have updated the Sweeper antimalware definitions. Extra step – boot.wim index 2: Get the updated setup files: After installing all MSU updates, the boot.wim index 2 will contain updated versions of setup-related files. We will copy these files to a temporary folder. We will later integrate them in installation media. In the D:\mount\sources search for files with a recent date modified (the date when you installed the MSU updates). Copy only these files to a temporary folder named SETUP_SOURCES_X64_TEMP (64-bit architecture for example). This folder contains updated setup-related files that will be replacing their older counterparts in the \sources folder of the installation disk. In the D:\mount\Windows\Boot search for files with a recent date modified (the date when you installed the MSU updates). Copy only these files to a temporary folder named SETUP_BOOT_X64_TEMP (64-bit architecture for example). This folder contains updated setup-related files that will be replacing their older counterparts in the \boot or the \efi folders. These files may also update the \bootmgr and bootmgr.efi files in the root of the installation media. Install drivers: To install drivers to WinPE, run the following command: dism /Image:d:\mount /add-driver:D:\UPDATES_X64\Drivers\Boot /recurse This will add boot-critical drivers. (We excluded WLAN drivers because they are not supported in WinPE). Finally, commit changes to the image index we just edited. When you’re done editing all indexes in an image file, rebuild the image file. Copy winRE.Wim to D:\UPDATES_X64
28
c) Building the OS image – install.wim This is the fundamental part of updating W7USP2. We have already presented the process synoptically in page 1. We create one virtual machine per install.wim index, install Windows 7 SP1 to it, patch it and prepare it for general distribution. For your convenience, name the VM for each index properly. For example, Windows 7 Home Basic x64 will be used to build the English-only Home Basic 64-bit, Windows 7 Home Basic x64 MUI1 for MUI ISO #1 and so on. It is recommended to proceed with capturing install.wim after syspreping all VMs that will be included in the specific ISO we are going to update: that means we never delete VMs until successfully capture install.wim file. This facilitates recapturing if something goes wrong, without having to start from scratch. In this example, we will update English-only 64-bit disk. We will show the process for building Windows 7 Home BASIC, similar steps apply to all editions.
1. Create a VM named “Windows 7 Home Basic x64”. Allocate enough RAM – more than 1 GB – to your VM: it will accelerate the patching process.
2. Configure the virtual machine to always boot from CD/DVD. Don’t forget to do this, because you will have to boot from DVD to capture the installation image.
3. Mount the AIO SP1-level installation media you created following the instructions in chapter 6.
4. Power up the VM and press any key to boot from the ISO. 5. Without changing any of the default settings perform a clean install of Windows 7
SP1. NOTE: If you’re updating a MUI ISO select the ENGLISH language from the language menu. This is the default language option, and there is no reason to change the display the default display language while we’re patching the OS image. Don’t forget: select the version of Windows 7 you’re going to update:
29
6. When Windows Setup completes and you’re prompted to enter a computer name…
…don’t enter anything at the fields provided. Instead, enter a special key combination: CTRL + SHIFT + F3. This will restart your virtual machine. Windows Setup prepares the OS for pre-deployment testing. This mode is known as Audit mode. 7. When your computer restarts you will be faced with the sysprep (System
Preparation Tool v 3.14) window:
30
The System Preparation Tool 3.14 (Sysprep) Window If you are prompted to select profile for local network, select “Public” network profile. (Don’t select “Treat all future networks as public” though – we don’t want to change the defaults). The Sysprep window will appear after each reboot while in audit mode. We will ignore until the end. Just close the window. (Press the X on the upper-right corner). Now we will install CAB packages, EXE installers and finally run Windows Update repeatedly until nothing shows up. 8. To install the cab packages, we will have to bundle them in an ISO so that they’re
accessible from inside the VM. Using UltraISO, create a new ISO which will contain all the contents of the D:\updates_x64 fodler we created earlier. Then mount the ISO to the virtual machine.
Copy the winRE.wim file to C:\Windows\System32\recovery in the VM. Install the CAB packages: From the command prompt (type “cmd” at Start
menu search bar then press Enter) run the following command: dism /Online /Add-package:D:\1\ext /noreboot then reboot the system. If several updates fail to install, take note of their names and try apply them seperately after reboot (run their MSU installers one-by-one).
31
Then proceed with the second wave of updates, third wave of updates, etc: dism /Online /Add-package:D:\2\ext /noreboot and so on.
Restart the computer each time. Also install the EXE packages and restart the computer each time. Finally launch Windows Update. Repeatedly scan for updates. Install Microsoft Silverlight by enabling Microsoft Update feature. Repeatedly scan for updates until nothing shows up. (Windows Update will be reset during generalize process of sysprep). Optionally after installing all apps and updates, run the System Update Readiness Tool. After running the tool, restart and run the sfc /scannow command. It should report no issues. This means that the servicing store is in excellent condition. A final check for updates from Windows Update wouldn’t be a bad idea after using the System Update Readiness Tool.
9. When you’ve installed all apps and updates, it’s time to install the drivers. To install the drivers, mount the AIO installation disk. Restart the VM and boot from the installation disk. Go to recovery tools and launch command prompt. Mount the updates ISO – it should also contain the driver files. Run the following command to install all drivers:
Dism /Image:D: /Add-driver:E:\Drivers /recurse
10. When the command has been successfully executed, re-mount the AIO ISO. Reboot the VM. The first time after applying the driver packages, Windows make take enough time to load. This is normal and will not happen in further reboots.
11. Bring the 30-day countdown meter down to 4: Now is the time to exploit the “WPA trick”. When the computer restarts after driver integration, run the slmgr –dlv command. Ensure that remaining 30-day activation countdown rearms are 5 and run the slmgr –rearm command. Restart immediately. Now we’re ready for sysprep.
12. Running sysprep: After restarting for the last time DO NOT CLOSE the sysprep window. Instead:
Check the “Generalize” check box. This will make our image hardware-agnostic: it can be installed on all hardware configurations.
Ensure that “Enter System Out-of-the-box Experience (OOBE)” option is selected under ‘System Cleanup Action’. This will bring up the familiar ‘Set Up Windows’ wizard after installing Windows.
Select “Shutdown” under ‘Shutdown Options’ menu. This will automatically shut down the VM after completion of sysprep.
Finally, click the OK button and start the sysprep process. DO NOT TOUCH THE VM while sysprep is progress (Press Ctrl+Alt to remove focus from VM). WARNING: If sysprep fails for some reason, this is FATAL: you’ll have to rebuild the virtual machine from scratch! After sysprep completes, the VM will shut down. Proceed with building the remaining VMs. NOTE: The language packs and local packs preinstalled in the SP1-level MUI AIO ISO won’t be lost during sysprep, even if you’re using Windows 7 Starter/Home Basic/Home Premium or Professional. When you’re done building all VMs for the ISO you’re ready to capture the install.wim image. We will discuss the process in the next section.
32
d) Capturing the install.wim image After preparing the patched VMs, we have to bundle them in a new install.wim file. The procedure should be done as described below:
– In 32-bit architecture: Capture Windows 7 Starter first, then Windows 7 Home Basic, then Windows 7 Home Premium, then Windows 7 Professional, then Windows 7 Ultimate and finally Windows 7 Enterprise.
– In 64-bit architecture: Capture Windows 7 Home Basic first, then Windows 7 Home Premium, then Windows 7 Professional, then Windows 7 Ultimate and finally Windows 7 Enterprise. To capture an OS edition from its VM follow these steps:
1. Power up the VM. 2. Immediately Boot from CD/DVD (windows 7 AIO ISO).
WARNING: If Windows starts from VM’s HDD at this point, you’ll have to rebuild the VM image from scratch!
3. When the initial setup dialog appears just click next. (In MUI ISOs select the English language):
4. After that you are faced with another window. DO NOT click ‘Install now’. Instead, click the “Repair your computer” option.
33
5. When the System Recovery Options message appears click No:
34
6. Click next and launch the command prompt. Run notepad. 7. Using Notepad’s open file dialog as a replacement for Windows Explorer (set file
type to ‘All files’ to show all files) delete some log files left behind after sysprep: D:\Windows\Panther (delete all contents of this folder) D:\Windows\TSSysprep.log (Do not delete this file, but open it in notepad and clear its contents, then save changes) D:\Windows\WindowsUpdate.log (Do not delete this file, but open it in notepad and clear its contents, then save changes) D:\Windows\Logs (Empty the CBS and DPX subfolders and leave the Homegroup folder untouched. Delete everything else in there) D:\Windows\System32\sysprep\Panther (Delete this folder). D:\Windows\System32\sysprep\Sysprep_succeeded.tag (Delete this file).
8. Attach an external HDD to the Virtual machine. This HDD should contain the GImageX binary files (x86 and x64). We will use this HDD to save the install.wim image.
9. Launch GImageX from the external HDD. 10. Under the capture tab, let’s specify the capture options:
The following table summarizes the settings you should make for each OS version you’re about to capture.
OS Version Image Name Description/Display Name/Display Desc.
Other options
Starter Windows 7 STARTER Windows 7 Starter Compression: maximum,
Verify: ON, SKU Flag: blank, no other
checkboxes should be checked
Home Basic Windows 7 HOMEBASIC Windows 7 Home Basic Compression: maximum,
Verify: ON, SKU Flag: blank, no other
checkboxes should be checked
Home Premium
Windows 7 HOMEPREMIUM Windows 7 Home Premium Compression: maximum,
Verify: ON, SKU Flag: blank, no other
checkboxes should be checked
Professional Windows 7 PROFESSIONAL Windows 7 Professional Compression: maximum,
Verify: ON, SKU Flag: blank, no other
checkboxes should be checked
Ultimate Windows 7 ULTIMATE Windows 7 Ultimate Compression: maximum,
Verify: ON, SKU Flag: blank, no other
checkboxes should be checked
Enterprise Windows 7 ENTERPRISE Windows 7 Enterprise Same as above
35
11. As Source we specify the D: drive. Enter F:\install.wim at the Destination field. 12. Now, if this the first index of install.wim we are capturing (Starter for x86, Home
Basic for x64) we click the Capture button. If this is not the first index, we click the Append button.
13. Don’t touch the VM while capturing in progress! When capturing is complete close GImageX, unplug the external HDD and shut down the VM.
When we finish capturing the install.wim image we are ready for our final steps in keeping the installation media updated.
e) Updating the installation media. Now is the time to update the installation media with the latest updates. For this purpose, we are going to check each file in the installation media for newer versions in the installation image we just captured.
– First of all, extract all files from the AIO SP1-level ISO you created in Chapter 6 and place them in a temporary folder (e.g. D:\W7USP2_X64). Replace all superseded files by their newer versions found in the SETUP_SOURCES_X64_TEMP and SETUP_BOOT_X64_TEMP folders you created earlier. Also copy the updated files found in the “Integrate to installation media” updates.
– Copy the new boot.wim and install.wim files and replace the original ones. You can
mount install.wim index 1 with readonly access (to keep the image untouched): dism /Mount-wim /wimfile:D:\W7USP2_X64\sources\install.wim /index:1 /Mountdir:d:\mount /Readonly
– Search for updated versions of the setup files. For example, at the time of writing, you need at least to update the following files (copy-paste them from install.wim mounted image): apircl.dll,cbscore.dll,cmiadapter.dll, cmiv2.dll, cntrtextinstaller.dll, dpx.dll, drvstore.dll, segoeui.ttf, smiengine.dll, smipi.dll, wbemcore.dll, wcp.dll, wmicmiplugin.dll and \servicingstackmisc\apircl.dll. All these files are in the D:\W7USP2_x64\sources folder.
– Unmount the image, discarding any changes: dism /Unmount-wim /Mountdir:d:\mount /discard
– Some files you have updated reside in other folders as well, apart from the \sources folder. Some of them are the xmllite.dll and a few wds-related dll files. Ensure that these files are updated in all their respective folders. Also check the MUI files; some updates may update the MUI files (rare).
– When you’ve finished updated the installation media files, it’s time to generate the setup catalogs, although it’s optional (The catalogs are included in the original ISO. If you don’t want to use them, just delete the 5 (or 6) .clg files found in the \sources folder). We will generate clg files (Setup Catalog files) using Windows System Image Manager (Windows SIM). Windows SIM is part of the Windows AIK, so make sure you install Windows AIK first. If you want to generate clg files for 32-bit install.wim image you’ll have to do the rest of the process in a 32-bit VM (if you’re running on a 64-bit host machine), because Windows SIM x64 cannot generate clg files for 32-bit setup images. The process is described below:
36
a) Once Windows AIK is installed, launch Windows System Image Manager from the start menu. (Click Start->All Programs->Windows AIK->Windows System Manager).
b) Then right click at “Select a Windows image or catalog file” and click Select Windows image.
The following dialog will appear:
Select an operating system image to create a catalog for it. Click OK.
c) When a dialog appears prompting you to update the catalog files, click Yes. Accept UAC elevation.
d) Wait until a catalog file has been created. e) Right click on the image name – shown at the “Windows Image” left side pane and click
“close Windows Image” at the context menu f) Repeat steps a – e until you have created updated catalogs for all image indexes. g) Close Windows System Image Manager.
Now we’ve generated the catalog files. Final touch: set date-time stamp of all files, fodlers and subfolders to one value, as in the official ISO. An excellent tool to do this is the Attribute Changer: http://www.softpedia.com/get/System/File-Management/Attribute-Changer.shtml.
37
After setting the date-time stamp, let’s inject the files back to ISO. Using UltraISO open the original AIO ISO and delete everything in it. Paste everything in D:\W7USP2_x64 to the UltraISO’s window. Save as new ISO. This is the updated W7USP2 ISO. After all we’ve created it!!
8. Final thoughts This tutorial is the result of my almost 9-month addiction to the W7USP2 project... What I’ve learned in these 9 months is that it’s truly impossible to produce a high-quality result in any specialized field, unless you learn almost everything about it. Try to be a perfectionist in everything you do and you will (most likely) succeed… Thank you for reading this tutorial.
By Har K (aka harkaz), 31 August 2013.