Microsoft KB Archive/942060

= Make sure that IIS 7.0 configuration files contain no encrypted properties before you use the Sysprep tool to deploy a Windows Vista image =

Article ID: 942060

Article Last Modified on 9/27/2007

-

APPLIES TO


 * Microsoft Internet Information Services 7.0

-



SUMMARY
You can use the System Preparation Tool (Sysprep.exe) to deploy Windows Vista across multiple Windows Vista-based computers. When you prepare to create the source Windows Vista installation image, you must make sure that the Internet Information Services (IIS) 7.0 configuration files contain no encrypted properties. By default, the IIS configuration store contains no encrypted properties. If a system administrator modifies the IIS configuration files to require encrypted properties before the Sysprep image is created, IIS 7.0 may not work as expected on the destination computer.



MORE INFORMATION
The Sysprep tool was designed for system administrators, OEMs, and other users who must automatically deploy Windows operating systems on multiple computers. After you perform the initial setup steps on a single computer, you can run the Sysprep tool to prepare the sample computer for cloning.

For security, IIS 7.0 uses a machine key from the Windows Vista installation to encrypt parts of the configuration store. For example, the following information is encrypted by using a machine key:
 * Secure Sockets Layer (SSL) configuration information
 * The password information for accounts that are used for remote content access

When IIS 7.0 tries to access the value of an encrypted property, IIS 7.0 uses the machine key to decrypt the configuration property. If the machine key is missing or if the machine key has been modified, decryption of the configuration property fails. This failure may cause unknown issues on the IIS 7.0 server.

When you use the Sysprep tool to deploy an image of an IIS 7.0 installation that contains encrypted properties, the machine key is not included in the image. After IIS 7.0 is installed on the destination computer, any IIS processing that requires the encrypted configuration properties to be decrypted fails. This problem occurs because the machine key on the destination computer differs from the machine key on the source computer.

To work around this behavior, make sure that you modify the encrypted properties after you deploy the Sysprep image.

