Hi Oceandographer, welcome to the Seven Forums.
The problem in sysprep /generalize approach as you describe it in your post is the SID, or rather RIDs (relative identifiers) of the user profiles you want to keep.
A RID is based on SID, in another words the RID of a Windows user profile is created adding user identifier to SID. An example: Let's say the machine SID is S-1-2-21-123456789-123456789-12345678. Built-in administrator's identifier is always 500, and the initial user's (account created when first OOBE boot run) 1000, so these two profiles would have in this example following RIDs:
- Built-in administrator user profile: S-1-2-21-123456789-123456789-12345678-500
- Initial user (administrator) profile: S-1-2-21-123456789-123456789-12345678-1000
You see my point? The SID is needed for RID, but the SID is removed when you generalize. This very effectively also removes the user accounts.
I think you should start learning WAIK and join TechNet, as Greg already pointed out. These are too big shoes for at least me to fill.
Some thoughts giving reading: The Machine SID Duplication Myth (and Why Sysprep Matters) - Mark's Blog - Site Home - TechNet Blogs