Windows 10 unattend.xml (sysprep answer file) challenge
-
@Psycholiquid Care to share?
-
@Wayne-Workman You want the Unattend? I can send it minus the key if you want.
-
<?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="windowsPE"> <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <SetupUILanguage> <UILanguage>en-US</UILanguage> </SetupUILanguage> <InputLocale>en-US</InputLocale> <SystemLocale>en-US</SystemLocale> <UILanguage>en-US</UILanguage> <UILanguageFallback>en-US</UILanguageFallback> <UserLocale>en-US</UserLocale> </component> <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <UserData> <AcceptEula>true</AcceptEula> <FullName>End User</FullName> <Organization>Your Org</Organization> </UserData> </component> </settings> <settings pass="specialize"> <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <RunSynchronous> <RunSynchronousCommand wcm:action="add"> <Order>1</Order> <Path>net user Administrator /active:yes</Path> </RunSynchronousCommand> </RunSynchronous> </component> <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <SkipAutoActivation>true</SkipAutoActivation> </component> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <CopyProfile>true</CopyProfile> <ShowWindowsLive>false</ShowWindowsLive> <TimeZone>Eastern Standard Time</TimeZone> <DoNotCleanTaskBar>true</DoNotCleanTaskBar> <ComputerName>*</ComputerName> </component> </settings> <settings pass="oobeSystem"> <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <InputLocale>en-US</InputLocale> <SystemLocale>en-US</SystemLocale> <UILanguage>en-US</UILanguage> <UILanguageFallback>en-US</UILanguageFallback> <UserLocale>en-US</UserLocale> </component> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <AutoLogon> <Password> <Value>YourEncryptedPassword</Value> <PlainText>false</PlainText> </Password> <Enabled>true</Enabled> <LogonCount>2</LogonCount> <Username>Administrator</Username> </AutoLogon> <OOBE> <HideEULAPage>true</HideEULAPage> <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> <NetworkLocation>Work</NetworkLocation> <ProtectYourPC>1</ProtectYourPC> </OOBE> <UserAccounts> <AdministratorPassword> <Value>YourEncryptedPassword</Value> <PlainText>false</PlainText> </AdministratorPassword> <LocalAccounts> <LocalAccount wcm:action="add"> <Password> <Value>YourEncryptedPassword</Value> <PlainText>false</PlainText> </Password> <Description>Local Administrator</Description> <DisplayName>Administrator</DisplayName> <Group>Administrators</Group> <Name>Administrator</Name> </LocalAccount> </LocalAccounts> </UserAccounts> <RegisteredOrganization>Your Org</RegisteredOrganization> <RegisteredOwner>End User</RegisteredOwner> </component> </settings> <settings pass="generalize"> <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <DoNotCleanUpNonPresentDevices>true</DoNotCleanUpNonPresentDevices> <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> </component> </settings> <cpi:offlineImage cpi:source="wim:d:/sources/install.wim#Windows 7 ENTERPRISE" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> </unattend>
-
Mine is a little thicker, I have integrated the FOG service to turn it on and start it (Doesn’t do so well in my VM to have it on). As you can see I am using a typical naming that FOG will rename before adding it to the domain. There are two accounts that are setup also. Copying the default admin accounts allow for easier user setup in the long run also.
<?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="specialize"> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <WindowsFeatures> <ShowMediaCenter>false</ShowMediaCenter> <ShowWindowsMail>false</ShowWindowsMail> </WindowsFeatures> <BluetoothTaskbarIconEnabled>false</BluetoothTaskbarIconEnabled> <ComputerName>CIN-RENAME</ComputerName> <CopyProfile>true</CopyProfile> <ProductKey>tisk-tisk</ProductKey> <RegisteredOrganization>Sheakley Group</RegisteredOrganization> <RegisteredOwner>Sheakley Group</RegisteredOwner> <TimeZone>Eastern Standard Time</TimeZone> </component> <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <RunSynchronous> <RunSynchronousCommand wcm:action="add"> <Description>Enable Administrator Account</Description> <Order>1</Order> <Path>net user administrator /active:yes</Path> </RunSynchronousCommand> </RunSynchronous> </component> <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <BlockPopups>no</BlockPopups> <CompanyName>Sheakley Group</CompanyName> <Home_Page>http://intranet/SheakleyIntranet/</Home_Page> <DisableFirstRunWizard>true</DisableFirstRunWizard> </component> <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <DomainProfile_EnableFirewall>false</DomainProfile_EnableFirewall> <PrivateProfile_EnableFirewall>false</PrivateProfile_EnableFirewall> <PublicProfile_EnableFirewall>false</PublicProfile_EnableFirewall> </component> </settings> <settings pass="oobeSystem"> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <OOBE> <HideEULAPage>true</HideEULAPage> <NetworkLocation>Work</NetworkLocation> <ProtectYourPC>1</ProtectYourPC> <SkipMachineOOBE>true</SkipMachineOOBE> <SkipUserOOBE>true</SkipUserOOBE> <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> </OOBE> <UserAccounts> <AdministratorPassword> <Value>Look-Away</Value> <PlainText>false</PlainText> </AdministratorPassword> </UserAccounts> <RegisteredOrganization>Sheakley Group</RegisteredOrganization> <RegisteredOwner>Sheakley</RegisteredOwner> <TimeZone>Eastern Standard Time</TimeZone> <AutoLogon> <Password> <Value>Look-Away</Value> <PlainText>false</PlainText> </Password> <Enabled>true</Enabled> <LogonCount>3</LogonCount> <Username>Administrator</Username> </AutoLogon> <FirstLogonCommands> <SynchronousCommand wcm:action="add"> <CommandLine>del /Q /F c:\windows\system32\sysprep\unattend.xml</CommandLine> <Order>1</Order> <Description>Deletes unattend.xml</Description> <RequiresUserInput>false</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>del /Q /F c:\windows\Panther\unattend.xml</CommandLine> <Description>Deletes unattend.xml</Description> <Order>2</Order> <RequiresUserInput>false</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>sc config FOGService start= auto</CommandLine> <Description>Changes FOG server to Automatic</Description> <Order>3</Order> <RequiresUserInput>false</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>net start FOGService</CommandLine> <Description>Starts FOG service </Description> <Order>4</Order> <RequiresUserInput>false</RequiresUserInput> </SynchronousCommand> </FirstLogonCommands> </component> <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <InputLocale>en-US</InputLocale> <SystemLocale>en-US</SystemLocale> <UILanguage>en-US</UILanguage> <UserLocale>en-US</UserLocale> </component> </settings> <settings pass="generalize"> <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <SkipRearm>1</SkipRearm> </component> </settings> <cpi:offlineImage cpi:source="wim:e:/sources/install.wim#Windows 7 PROFESSIONAL" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> </unattend>```
-
@Psycholiquid Ah, so the pieces you’re doing in “FirstLogonCommands” I’m doing in the SetupComplete.cmd script.
del /Q /F C:\Windows\system32\sysprep\unattend.xml del /Q /F C:\Windows\panther\unattend.xml net start FOGService
-
@MRCUR Yeah I figured why add another file when I can just do it all in one motion.
-
@Psycholiquid You are a beautiful person and I love you.
You may have just ended my 5 year hate war against sysprep.Maybe I wasn’t looking hard enough, but everytime I tried sysprep or tried to customize it to my needs it failed miserably. Destroying customizations, getting stuck at oobe screens, just overall breaking everything. However, I just used your xml as a template and was able to successfully run sysprep on my windows 10 image and it worked pretty well and now I think I will be able to better search for the bits of the unattend.xml I need.
Also, a problem I ran into in windows 10 with sysprep is it sometimes gives an error about a metro app (movies and tv aka Microsoft.ZuneVideo for example) not being provisioned for each user or something. I had to run this powershell script I found in a microsoft tech forum (that I can’t seem to find again right now, but I saved the script for future use) on each user and it worked.
$AppsList = "Microsoft.Bing" , "Microsoft.BingFinance" , "Microsoft.BingMaps" , "Microsoft.BingNews"` , "Microsoft.BingSports" , "Microsoft.BingTravel" , "Microsoft.BingWeather" , "Microsoft.Camera"` , "microsoft.microsoftskydrive" , "Microsoft.Reader" , "microsoft.windowscommunicationsapps"` , "microsoft.windowsphotos" , "Microsoft.XboxLIVEGames" , "Microsoft.ZuneMusic"` , "Microsoft.ZuneVideo" , "Microsoft.Media.PlayReadyClient" ForEach ($App in $AppsList) { $PackageFullName = (Get-AppxPackage $App).PackageFullName if ((Get-AppxPackage $App).PackageFullName) { Write-Host "Removing Package: $App" remove-AppxProvisionedPackage -online -packagename $PackageFullName remove-AppxPackage -package $PackageFullName } else { Write-Host "Unable to find package: $App" } }
Save that guy as a .ps1 file and run it on each user if you’re getting an error when trying to run sysprep on windows 10 (or 8/8.1 for that matter)
-
@Arrowhead-IT You can remove the “Modern” apps in audit mode so you don’t run into any issues. See here: https://forums.fogproject.org/topic/6720/image-windows-10-upgrade/5
-
@MRCUR Oooh, cool. However it wouldn’t let me enter audit mode either until I found this script. I did read something about using audit mode to get rid of modern apps, but I had to remove them to get to audit mode.
-
@Arrowhead-IT You have to be on the network selection screen in OOBE to get into audit mode. (I know this is completely non-obvious - it’s a very MS thing to do.)
-
@Arrowhead-IT That’s because Audit mode is triggered by sysprep which only runs if the apps make it past the checks, it’s stupid, but hey.
-
@MRCUR said in Windows 10 unattend.xml (sysprep answer file) challenge:
@Arrowhead-IT You have to be on the network selection screen in OOBE to get into audit mode. (I know this is completely non-obvious - it’s a very MS thing to do.)
MS should watch themselves… If they keep making things more and more difficult, and Linux distros keep making things more and more easy… well then… You know.
-
Hi there all,
i tried a couple of times a sysprep on w10.
Sysprep on w10 is taking so long… Longer then w7 , how is this with you guys? -
@boeleke said in Windows 10 unattend.xml (sysprep answer file) challenge:
Sysprep on w10 is taking so long… Longer then w7 , how is this with you guys?
I know it does take quite a while, but I’ve never timed it. I will typically start sysprep and then go do something else while it runs. When I come back the vm is powered off. I can say the speed of sysprep is dependant on if you are running on a vm vs physical hardware (phy hardware has more drivers) and if you are deploying all of the bloat ware vs a clean image.
-
My sysprep on Windows 10 LTSB is around 3 mins max. But it is a very clean image.
-
You did it with Audit-Mode?
-
@MRCUR Thanks for the XML, it does open up in SIM but produces this when tested in the real world:
-
@Boyan-Biandov Your image has a driver it doesn’t like if you are getting that, for the most part I don’t really audit mode anymore. I do what I need to do in Windows and go straight to OOBE from there makes it cleaner and easier to deal with. I am still using the same XML I have posted here and it still works so you might want to check your drivers.
Always keep in mind that you can get past that by hitting Shift F10 sometimes and running Explorer. Then you can check the Setup,log in the Panther folder to see what is happening.
-
Thanks, driver I don’t know about but there’s definitely something that baffles me: why would it look for the xml in this directory? I’m stumped on this one…Do you all have to copy the xml file to both locations before running sysprep against one of the copies?
2016-07-09 08:11:52, Error [oobeldr.exe] User input error was detected in unattend file. Error: [0x0] 2016-07-09 08:11:52, Info IBS UnattendErrorFromResults: Hit an unattend error; dumping any info we have about the failure... 2016-07-09 08:11:52, Info IBS UnattendDumpSetting: ------Unattend setting error / warning------ 2016-07-09 08:11:52, Info IBS UnattendDumpSetting: Error code = 0x8030000b 2016-07-09 08:11:52, Info IBS UnattendDumpSetting: Pass = oobeSystem 2016-07-09 08:11:52, Info IBS UnattendDumpSetting: Component name = [Microsoft-Windows-Shell-Setup] 2016-07-09 08:11:52, Info IBS UnattendDumpSetting: -------------------------------------------- 2016-07-09 08:11:52, Info IBS UnattendErrorFromResults: Error text = Windows could not parse or process unattend answer file [C:\Windows\Panther\unattend.xml] for pass [oobeSystem]. The settings specified in the answer file cannot be applied. The error was detected while processing settings for component [Microsoft-Windows-Shell-Setup].
-
@Boyan-Biandov That’s the directory that sysprep is actually run from & where logs are sent. I don’t believe the directory location is your issue.