First you will need a few things...
- A Host machine and a hyper-visor for a "Staging VM"
- Windows 10 ADK
- Windows 10 ISO with Media Creation Tool OR Windows 10 LTSB x64
Autounattend.xml aka Answers file for unattended setup
NOTE: Autounattend.xml has to be either MBR or UEFI configured if you want to have it fully automated
- This site makes a basic XML >> http://windowsafg.no-ip.org/win10x86_x64.html
- Or just use the base scripts Microsoft has provided and edit to your needs
- https://msdn.microsoft.com/en-us/library/ms912214(v=winembedded.10).aspx
- Or use NTLite and copy the final autounattend.xml
- Here is my copy you can just use but there are a few things you might want to edit
- Local Account = Admin and PWD = admin
- Tested on Windows 10 x64 LTSB
- Setup for UEFI auto partition ENTIRE Disk
- Computer name = Matrix
- Key is generic LTSB key from microsoft
- autounattend.xml
- WinPE ISO
Create "Staging VM":
- Don't add a NIC to new VM
- Install Windows as normal, after it's first reboot it will ask to select region
- STOP HERE AND ENTER "AUDIT MODE"
- CTRL+SHIFT+F3
- Close System Preparation Tool for now
Disabling the “Consumer Experience” via GPO (gpedit.msc)
Computer Configuration > Administrative Templates > Windows Components > Cloud Content Enable >> Turn off Microsoft consumer experiences
- Add Back NIC to VM
- Update Windows via regular methods
- Reboot to complete updates as needed, closing SySPrep each reboot
- Tweak Windows as desired, I don't bother tweaking untill after Windows Update as sometimes Windows Update overwrites my changes and I don't notice
- Removing Apps if desired, run the following in PowerShell:
- Download my powershell script and run as Administrator
- First you need to "Set-ExecutionPolicy RemoteSigned" in PowerShell to enable running scripts
- remove_uwp_apps_win10.ps1
- Note: these apps can be redownloaded via the Windows Store if desired, but they will not be included in the base Windows install.
- Once satisfied with VM shut down and export backup named "Ready for SySPrep"
Power on and this time, run SySPrep with desired options
cd C:\Windows\System32\Sysprep sysprep.exe /generalize /oobe /unattend:C:\Autounattend.xml /shutdown
- Once its done it should poweroff
- Now fire up the WinPE ISO and create a custom WIM image
- Extract image back to host computer
THIS IS WHERE I SWITCH TO NTLITE!Split IMG into files smaller than 4GB's for FAT32 (Required for UEFI)
Dism /Split-Image /ImageFile:win10sys.wim /SWMFile:install.swm /FileSize:3800
- Extract Regular Win10 ISO to C:\WinExtract
- Remove install.(esd/wim) from C:\WinExtract\sources\
- Copy over
install*.swm files back into C:\WinExtract\Sources Create new ISO via the following in CMDcd C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\Oscdimg\ oscdimg -m -o -u2 -lCPBA_X64FRE_EN-US_DV5 -udfver102 -bootdata:2#p0,e,bC:\WinExtract\boot\etfsboot.com#pEF,e,bC:\WinExtract\efi\microsoft\boot\efisys.bin C:\WinExtract\ C:\Win10v1709-Custom.iso
- Inject any other drivers into ISO with whatever software you choose. I like to add the VMWare_Tools.ISO as well as the VirtIO KVM Drivers ISO and the NVidia Graphx drivers and VirtualBox Guest Additions.
- I just place them under a folder called "Drivers" then if you need a driver to load for windows installation you can just manually search that folder and windows should find the drivers automatically.
Notes:
- Start small with tweaks and then test/deploy and see how it goes before doing all of your tweaks
- Not all changes stuck, like changes to "View" and desktop shortcuts etc, but RegEdit and GPO changes stayed as well as programs which is enough of a "head start" for me.
- To make both UEFI and MBR ISO you can't have automatic partitioning in unattend.xml
1 Comment
Anonymous