This guide outlines how to correctly prepare a Golden Image for virtual machines or physical workstation deployments. Following these steps ensures clean identity and UUID generation for endpoint management platforms such as Automox, WSUS, EPPS (Endpoint Protection Platform), and other agent-based solutions. It may also impact a device’s ability to perform enterprise backups.
Why Proper Preparation Matters
Incorrect preparation results in UUID collisions within the OS or the hypervisor itself (server), duplicate agents in dashboards/system management consoles, and broken group targeting or patch visibility. This process applies to any environment, cloning machines from a base image - VMware, Hyper-V, VirtualBox, cloud templates, or bare metal provisioning.
Steps
1. Initial Image Configuration
Create your Image with all of your desired setup, then to complete the Automox process > Open Command Prompt with full permissions (Run as Administrator).
- Windows - LOB MSI installation package, Group Policy Object GPO
- Linux - installation via Curl
2. Deregister the Agent (if already installed)
Windows
cd "C:\Program Files (x86)\Automox" net stop "Automox Agent" amagent.exe --deregister
This removes the existing device identity and UUID while retaining the installed service and binary location for startup on boot.
3. Verify Deregistration in the Automox Console
If the device has been removed, go back to step 2 if it has not worked, and rerun each line from the CLI.
4. Generalize the Operating System
Windows - Workstation
You may choose to include the /oobe switch within the generalization process for Windows 10 & Windows 11 devices, as this will set up the device as a factory reset with your new image.
Run Sysprep with generalize with/without shutdown options:
Sysprep Without Shutdown (shutdown can be performed manually):
C:\Windows\System32\Sysprep\Sysprep.exe /oobe /generalize
Sysprep With Shutdown:
C:\Windows\System32\Sysprep\Sysprep.exe /oobe /generalize /shutdown
- /generalize removes machine-specific data (e.g., software and hardware UUIDs).
- /shutdown ensures the OS is cleanly powered off prior to capture.
Windows - Server
Run Sysprep with generalize with/without shutdown options:
Sysprep Without Shutdown (shutdown can be performed manually):
C:\Windows\System32\Sysprep\Sysprep.exe /generalize
Sysprep With Shutdown:
C:\Windows\System32\Sysprep\Sysprep.exe /generalize /shutdown
Linux
- In the SSH window, enter this command sudo waagent -deprovision+user
- Type Y to continue (you can add the -force parameter to the previous command to avoid the confirmation step).
- After the command completes, enter Exit to close the SSH client.
The additional commands are required for a clean image without carrying over unnecessary logs.
sudo rm -f /var/log/waagent.log sudo cloud-init clean sudo waagent -force -deprovision+user sudo rm -f ~/.bash_history sudo export HISTSIZE=0
Windows Resources
MacOS (out-of-band/unsupported by Apple)
Apple does not recommend generalizing and monolithic imaging, and it is also not possible with a T2 image and beyond. Hence, it will not be discussed in this article.
5. Capture Image from Fully Shut Down State
Ensure the system is completely powered off—not suspended or hibernated—before cloning or imaging.
6. Post-Clone Behavior
On first boot:
- Agent will auto-start as a service.
- A new device UUID will be generated if Sysprep was used correctly.
- The device will register as a unique endpoint in Automox.
7. Verify/ UUID Conflict Remediation Post-Device Startup Build
(if generalizing was skipped/forgotten)
If duplicate UUIDs are detected across deployed devices post-agent deployment:
- They will not appear as duplicates in the Automox console; devices will 'fight’ for the UUID.
It has been noted: you may have one device showing up at a time in the console, the other device may never show up given that the UUID is currently in use. - Grouping, targeting, and reporting may also be inaccurate due to the incorrect device attributes assigned to the device.
It has been noted that a device may show a hostname of a particular device, but the resulting device details, like IP Address, correlate to the other device sharing said UUID.
How to check a Windows OS UUID:
CMD:
wmic csproduct get uuid
- Note: This method is deprecated in recent Windows versions.
PowerShell (Preferred going forward):
(Get-CimInstance Win32_ComputerSystemProduct).UUID
-
Note: Use this method for newer systems where
wmicis no longer available
How to check a Linux (any distro) UUID:
sudo blkid
Linux Resources
- How to retrieve and change partition’s UUID Universally Unique Identifier on linux
- In Hyper-V environments, use this tool to manually reset machine UUIDs via the VM’s .xml definition: Altaro Advanced Settings Editor – Hyper-V
8. If Conflicting UUIDs still persist, or if you need help identifying them:
- Please submit a Support ticket.