Monday, February 4, 2019

Windows 10 Sysprep Full Unattended Setup

At work I tend to deal with creating the image we use for distribution of our computers. Windows 10 was a rather unique challenge of anything that could go wrong, did. We use Windows 10 Professional. Here's just a quick list of versions:
  • 1609 - Works, but updates can get stuck, requires different UAC on a domain
  • 1703 - Skipped, updating to worked fine, requires same UAC settings same as 1609
  • 1709 - Skipped, updating sometimes broke the system files, UAC settings same as 1609
  • 1803 - Could not get to work, updating to it broke permissions making searching impossible unless you were a pre-existing admin
  • 1809 - Works, requires slightly different Unattend, works with domain settings and UAC used for Windows 7
(UAC settings need Admin Approval mode enabled and all Admins to run in Admin approval mode)

Common issues I ran into included:
  • Users logged in were unable to use search features
  • The very first login may appear okay, but any after that break
  • Warnings about running programs as an administrator (UAC settings in domain can fix this)
  • Unable to apply all group policies without numerous attempts
  • Creating the .clg file needed has only worked for me once
  • Enabling .NET 3.5 in Windows features
  • Shutdown not working correctly
Currently I am trying to only work on a 64 bit image, we're in the process of phasing out 32 bit. So now let's do a walk-through and with any luck someone will find this helpful, maybe even help me fix problems I've come across. I'll be doing the most recent at the time, 1809.
So the first and obvious step, install Windows 10. After installed and gets ready for setup, press Ctrl+Shift+F3. Get into Windows and get it started on updates. After that, you can install any software you need to. I personally try to install everything through Chocolatey, and I may include setting that up in another post.
So let's talk about enabling .NET 3.5. To do this, you need the Windows 10 installation disc in, and let's assume that it's the D drive (adjust to your needs). You then use the command:

DISM /Online /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:D:\sources\sxs

After that, your .NET 3.5 should be enabled.

Now at this point, we should direct our attention to the unattend file. On another computer, install the Windows ADK (make sure the computer is the same architecture). From what I've read, some say to create an unattend using the install.wim on the iso, others say turn a blank Windows 10 installation to a wim and then use that. Both fail when creating the .clg file for it after a while of sitting there trying. One day after it said it failed, a .clg file magically appeared. Why or how, I don't know. Rather than walk anyone through the process, I'll just include the .wim and .clg file. If anyone knows why it fails making the .clg file, let me know.


So here's the bear minimum settings I found I needed to get the installation to go through. Keep in mind, it still flashes the setup for a moment, I think it's just because the network takes a minute to figure itself out. Open up Windows System Image Manager and create a new Unattend using the WIM file. Then add these settings at minimum:

  • amd64_Microsoft-Windows-Security-SPP_neutral -> Pass 3 Generalize
    • SkipRearm set to 1
  • amd64_Microsoft-Windows-Deployment_neutral -> Pass 4 Specialize
    • ExtendOSPartition
      • Extend set to true
    • Delete other options that appear
  • amd64_Microsoft-Windows-Shell-Setup_neutral -> Pass 4 Specialize
    • ComputerName set to *
    • Set your product key
    • Set your timezone
    • Do NOT put in anything for copy profile, that breaks the search feature for users setup after the installation
    • Delete all the other sub pieces that show.
  • amd64_Microsoft-Windows-International-Core_neutral -> Pass 7 oobe System
    • InputLocale set to 0409:00000409 for en-US
    • SystemLocale set to en-US
    • UILanguage set to en-US
    • UserLocale set to en-US
  • amd64_Microsoft-Windows-Deployment_neutral -> Pass 7 oobe System
    • AutoLogon should be set if you need any of that set with enabled to true and logoncount to 2
      • Set a password if you want it to autologon
    • FirstLogonCommands is where you are going to set any Post-SysPrep stuff that should supercede a logon, add as many as you need with whatever you need
    • Under OOBE you need all of these to skip the setup:
      • HideEULAPage true
      • HideLocalAccountScreen true
      • HideOEMRegistrationgScreen true
      • HideOnlineAccountScreens true
      • HideWirelessSetupInOOBE true
      • ProtectYourPC 2
    • UserAccounts needs at least the administrator password to skip past the login
      • You can either set the AdministratorPassword or right-click on LocalAccounts and create one if needed
After that is done, you should be ready to load what you need on the computer to create an image with and get that going. So let's talk about that.

First we need to copy over our unattend.xml file we so painstakingly made. I copy this to C:\. Now there is a cleanup we can do, using the SetupComplete.cmd that will get ran automatically after. So do that, we need to create the directory C:\Windows\Setups\Scripts. Then let's create a file called SetupComplete.cmd in that folder and open it with notepad. We need the following commands for a decent cleanup:

DEL /Q /F C:\Windows\System32\sysprep\unattend.xml
DEL /Q /F C:\Windows\panther\unattend.xml
DEL /Q /F C:\unattend.xml
DEL /Q /F C:\Windows\Setup\Scripts\SetupComplete.cmd

This will remove all the traces of our unattend file and then itself. With that being setup, we need to run the sysprep. So do this, just run the command:

"C:\windows\system32\sysprep\sysprep.exe" /generalize /oobe /reboot /unattend:c:\unattend.xml

Word of caution, this will reboot the computer, not shut it down. I've had to use reboot because shutdown does not shut down Windows properly, it hibernates. That means after you boot back up, it just drops you back where you were until you tell it to restart. At one point shutdown worked, but I had other issues around then and I think it was because I changed the shutdown procedure.

Anyway, that's a rough guide for setting up a Sysprep of Windows 10 x64 version 1809 to install and skip past the setup. Hope it helps anyone having issues with this.

No comments:

Post a Comment

Tag Cloud

.NET (2) A+ (5) ad ds (1) addon (4) Android (4) anonymous functions (1) application (9) arduino (1) artificial intelligence (1) backup (1) bash (6) camera (2) certifications (3) comptia (5) css (2) customize (11) encryption (3) error (13) exploit (5) ftp (1) funny (4) gadget (4) games (3) GUI (5) hardware (16) haskell (6) help (14) HTML (3) imaging (2) irc (1) it (1) java (2) javascript (13) jobs (1) Linux (19) lua (1) Mac (4) malware (1) math (6) msp (1) network (13) perl (2) php (3) plugin (2) powershell (8) privacy (2) programming (24) python (10) radio (2) regex (3) repair (2) security (16) sound (2) speakers (2) ssh (1) story (5) Techs from the Crypt (5) telnet (1) tools (13) troubleshooting (11) tutorial (9) Ubuntu (4) Unix (2) virtualization (2) web design (6) Windows (16) world of warcraft (1) wow (1) wx (1)