Windows 10 unattend.xml (sysprep answer file) challenge


  • Testers

    @Psycholiquid You are a beautiful person and I love you.
    You may have just ended my 5 year hate war against sysprep.

    Maybe I wasn’t looking hard enough, but everytime I tried sysprep or tried to customize it to my needs it failed miserably. Destroying customizations, getting stuck at oobe screens, just overall breaking everything. However, I just used your xml as a template and was able to successfully run sysprep on my windows 10 image and it worked pretty well and now I think I will be able to better search for the bits of the unattend.xml I need.

    Also, a problem I ran into in windows 10 with sysprep is it sometimes gives an error about a metro app (movies and tv aka Microsoft.ZuneVideo for example) not being provisioned for each user or something. I had to run this powershell script I found in a microsoft tech forum (that I can’t seem to find again right now, but I saved the script for future use) on each user and it worked.

    $AppsList = "Microsoft.Bing" , "Microsoft.BingFinance" , "Microsoft.BingMaps" , "Microsoft.BingNews"`
                , "Microsoft.BingSports" , "Microsoft.BingTravel" , "Microsoft.BingWeather" , "Microsoft.Camera"`
                , "microsoft.microsoftskydrive" , "Microsoft.Reader" , "microsoft.windowscommunicationsapps"`
                , "microsoft.windowsphotos" , "Microsoft.XboxLIVEGames" , "Microsoft.ZuneMusic"`
                , "Microsoft.ZuneVideo" , "Microsoft.Media.PlayReadyClient"
    
    ForEach ($App in $AppsList)
    {
        $PackageFullName = (Get-AppxPackage $App).PackageFullName
        if ((Get-AppxPackage $App).PackageFullName)
        {
            Write-Host "Removing Package: $App"
            remove-AppxProvisionedPackage -online -packagename $PackageFullName
            remove-AppxPackage -package $PackageFullName
        }
        else
        {
            Write-Host "Unable to find package: $App"
        }
    }
    

    Save that guy as a .ps1 file and run it on each user if you’re getting an error when trying to run sysprep on windows 10 (or 8/8.1 for that matter)


  • Testers

    @MRCUR Yeah I figured why add another file when I can just do it all in one motion.


  • Testers

    @Psycholiquid Ah, so the pieces you’re doing in “FirstLogonCommands” I’m doing in the SetupComplete.cmd script.

    del /Q /F C:\Windows\system32\sysprep\unattend.xml
    del /Q /F C:\Windows\panther\unattend.xml
    net start FOGService
    

  • Testers

    Mine is a little thicker, I have integrated the FOG service to turn it on and start it (Doesn’t do so well in my VM to have it on). As you can see I am using a typical naming that FOG will rename before adding it to the domain. There are two accounts that are setup also. Copying the default admin accounts allow for easier user setup in the long run also.

    <?xml version="1.0" encoding="utf-8"?>
    <unattend xmlns="urn:schemas-microsoft-com:unattend">
        <settings pass="specialize">
            <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <WindowsFeatures>
                    <ShowMediaCenter>false</ShowMediaCenter>
                    <ShowWindowsMail>false</ShowWindowsMail>
                </WindowsFeatures>
                <BluetoothTaskbarIconEnabled>false</BluetoothTaskbarIconEnabled>
                <ComputerName>CIN-RENAME</ComputerName>
                <CopyProfile>true</CopyProfile>
                <ProductKey>tisk-tisk</ProductKey>
                <RegisteredOrganization>Sheakley Group</RegisteredOrganization>
                <RegisteredOwner>Sheakley Group</RegisteredOwner>
                <TimeZone>Eastern Standard Time</TimeZone>
            </component>
            <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <RunSynchronous>
                    <RunSynchronousCommand wcm:action="add">
                        <Description>Enable Administrator Account</Description>
                        <Order>1</Order>
                        <Path>net user administrator /active:yes</Path>
                    </RunSynchronousCommand>
                </RunSynchronous>
            </component>
            <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <BlockPopups>no</BlockPopups>
                <CompanyName>Sheakley Group</CompanyName>
                <Home_Page>http://intranet/SheakleyIntranet/</Home_Page>
                <DisableFirstRunWizard>true</DisableFirstRunWizard>
            </component>
            <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <DomainProfile_EnableFirewall>false</DomainProfile_EnableFirewall>
                <PrivateProfile_EnableFirewall>false</PrivateProfile_EnableFirewall>
                <PublicProfile_EnableFirewall>false</PublicProfile_EnableFirewall>
            </component>
        </settings>
        <settings pass="oobeSystem">
            <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <OOBE>
                    <HideEULAPage>true</HideEULAPage>
                    <NetworkLocation>Work</NetworkLocation>
                    <ProtectYourPC>1</ProtectYourPC>
                    <SkipMachineOOBE>true</SkipMachineOOBE>
                    <SkipUserOOBE>true</SkipUserOOBE>
                    <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
                </OOBE>
                <UserAccounts>
                    <AdministratorPassword>
                        <Value>Look-Away</Value>
                        <PlainText>false</PlainText>
                    </AdministratorPassword>
                </UserAccounts>
                <RegisteredOrganization>Sheakley Group</RegisteredOrganization>
                <RegisteredOwner>Sheakley</RegisteredOwner>
                <TimeZone>Eastern Standard Time</TimeZone>
                <AutoLogon>
                    <Password>
                        <Value>Look-Away</Value>
                        <PlainText>false</PlainText>
                    </Password>
                    <Enabled>true</Enabled>
                    <LogonCount>3</LogonCount>
                    <Username>Administrator</Username>
                </AutoLogon>
                <FirstLogonCommands>
                    <SynchronousCommand wcm:action="add">
                        <CommandLine>del /Q /F c:\windows\system32\sysprep\unattend.xml</CommandLine>
                        <Order>1</Order>
                        <Description>Deletes unattend.xml</Description>
                        <RequiresUserInput>false</RequiresUserInput>
                    </SynchronousCommand>
                    <SynchronousCommand wcm:action="add">
                        <CommandLine>del /Q /F c:\windows\Panther\unattend.xml</CommandLine>
                        <Description>Deletes unattend.xml</Description>
                        <Order>2</Order>
                        <RequiresUserInput>false</RequiresUserInput>
                    </SynchronousCommand>
                    <SynchronousCommand wcm:action="add">
                        <CommandLine>sc config FOGService start= auto</CommandLine>
                        <Description>Changes FOG server to Automatic</Description>
                        <Order>3</Order>
                        <RequiresUserInput>false</RequiresUserInput>
                    </SynchronousCommand>
                    <SynchronousCommand wcm:action="add">
                        <CommandLine>net start FOGService</CommandLine>
                        <Description>Starts FOG service </Description>
                        <Order>4</Order>
                        <RequiresUserInput>false</RequiresUserInput>
                    </SynchronousCommand>
                </FirstLogonCommands>
            </component>
            <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <InputLocale>en-US</InputLocale>
                <SystemLocale>en-US</SystemLocale>
                <UILanguage>en-US</UILanguage>
                <UserLocale>en-US</UserLocale>
            </component>
        </settings>
        <settings pass="generalize">
            <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <SkipRearm>1</SkipRearm>
            </component>
        </settings>
        <cpi:offlineImage cpi:source="wim:e:/sources/install.wim#Windows 7 PROFESSIONAL" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
    </unattend>```

  • Testers

    <?xml version="1.0" encoding="utf-8"?>
    <unattend xmlns="urn:schemas-microsoft-com:unattend">
        <settings pass="windowsPE">
            <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <SetupUILanguage>
                    <UILanguage>en-US</UILanguage>
                </SetupUILanguage>
                <InputLocale>en-US</InputLocale>
                <SystemLocale>en-US</SystemLocale>
                <UILanguage>en-US</UILanguage>
                <UILanguageFallback>en-US</UILanguageFallback>
                <UserLocale>en-US</UserLocale>
            </component>
            <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <UserData>
                    <AcceptEula>true</AcceptEula>
                    <FullName>End User</FullName>
                    <Organization>Your Org</Organization>
                </UserData>
            </component>
        </settings>
        <settings pass="specialize">
            <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <RunSynchronous>
                    <RunSynchronousCommand wcm:action="add">
                        <Order>1</Order>
                        <Path>net user Administrator /active:yes</Path>
                    </RunSynchronousCommand>
                </RunSynchronous>
            </component>
            <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <SkipAutoActivation>true</SkipAutoActivation>
            </component>
            <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <CopyProfile>true</CopyProfile>
                <ShowWindowsLive>false</ShowWindowsLive>
                <TimeZone>Eastern Standard Time</TimeZone>
                <DoNotCleanTaskBar>true</DoNotCleanTaskBar>
                <ComputerName>*</ComputerName>
            </component>
        </settings>
        <settings pass="oobeSystem">
            <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <InputLocale>en-US</InputLocale>
                <SystemLocale>en-US</SystemLocale>
                <UILanguage>en-US</UILanguage>
                <UILanguageFallback>en-US</UILanguageFallback>
                <UserLocale>en-US</UserLocale>
            </component>
            <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <AutoLogon>
                    <Password>
                        <Value>YourEncryptedPassword</Value>
                        <PlainText>false</PlainText>
                    </Password>
                    <Enabled>true</Enabled>
                    <LogonCount>2</LogonCount>
                    <Username>Administrator</Username>
                </AutoLogon>
                <OOBE>
                    <HideEULAPage>true</HideEULAPage>
                    <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
                    <NetworkLocation>Work</NetworkLocation>
                    <ProtectYourPC>1</ProtectYourPC>
                </OOBE>
                <UserAccounts>
                    <AdministratorPassword>
                        <Value>YourEncryptedPassword</Value>
                        <PlainText>false</PlainText>
                    </AdministratorPassword>
                    <LocalAccounts>
                        <LocalAccount wcm:action="add">
                            <Password>
                                <Value>YourEncryptedPassword</Value>
                                <PlainText>false</PlainText>
                            </Password>
                            <Description>Local Administrator</Description>
                            <DisplayName>Administrator</DisplayName>
                            <Group>Administrators</Group>
                            <Name>Administrator</Name>
                        </LocalAccount>
                    </LocalAccounts>
                </UserAccounts>
                <RegisteredOrganization>Your Org</RegisteredOrganization>
                <RegisteredOwner>End User</RegisteredOwner>
            </component>
        </settings>
        <settings pass="generalize">
            <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <DoNotCleanUpNonPresentDevices>true</DoNotCleanUpNonPresentDevices>
                <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>
            </component>
        </settings>
        <cpi:offlineImage cpi:source="wim:d:/sources/install.wim#Windows 7 ENTERPRISE" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
    </unattend>
    

  • Testers

    @Wayne-Workman You want the Unattend? I can send it minus the key if you want.



  • @Psycholiquid Care to share? ;-)


  • Testers

    I can confirm the Unattended I had for my Windows 7 is working great in 10 Enterprise also.



  • @MRCUR That is good to know ! Ill be trying that as soon as I get the chance. Ill post my results here (of course)


  • Testers

    @Rusty I’m using our existing Win 7 unattend file without any issues on Win 10 Enterprise (1511). I made zero changes to the file and everything within the file is being completed.


  • Moderator

    I’ve resorted to simply not using an unattend file for the time being. The few times I tried using unattend files (created in various ways) it never ended up coming out right. Microsoft kind of screwed it up as far as I can tell.



  • @Wayne-Workman This is still the best guide I have found so far. Details on setting up the unattend.xml are very limited but hopefully its basically the same as for windows 7. I’m just doing some trials at the moment.



  • @Boyan-Biandov Is there no good documentation on the subject? I found this with a quick Google search for windows 10 sysprep unattend http://www.tenforums.com/tutorials/3020-windows-10-image-customize-audit-mode-sysprep.html

    A lot of times, good searching often means knowing what it is you’re looking for and using specific words that are likely to be found in what you’re looking for.



  • I wish Wayne

    That’s 7. Sysprep 10 is completely messed up and what works on 7 doesn’t on 10. So I’m hoping for someone who actually uses 10. D



  • I believe you found what you were looking for here? https://forums.fogproject.org/topic/4441/sysprep-windows-7-computer-name


Log in to reply
 

385
Online

5.7k
Users

13.0k
Topics

122.1k
Posts