Community Pick: Many members of our community have endorsed this article.

Windows 8 and 8.1 Sysprep Guide

Ivano ViolaSystem Administrator
A lot has changed since the Introduction of Windows 7 and when I wrote my original article on Windows 7 Sysprep in 2010
Sysprep Guide

A lot has changed since the Introduction of Windows 7 and when I wrote my original article on Windows 7 Sysprep in 2010.

I’ve redefined my process a little and would like to share what I’ve learnt to help others get on the right track. I’ve reverted to using Windows sysprep instead of MySysprep as in Windows 7. I’ve implemented a process for renaming the computer after it has been added to the domain with a random name, thus not needing to name the computer during the sysprep process. In this guide I will refer to Windows 8.1, but most, if not all settings will work on Windows 8.

Files you will need...

- Windows Assessment and Deployment Kit (Windows ADK) for Windows 8.1
From the kit you need to install the Deployment Tools which contains Windows System Image Manager (SIM) used for creating unattend .xml files. This should be install on a computer not being used for imaging.

To create an unattend.xml file to be used for sysprep, you will also need the image.wim file located on the Windows 8.1 installation disk you used to Install Windows on your image computer.

Install Windows 8.1 on your image computer. Here are initial settings I use.

Initial OS Load

During Install (leave defaults unless stated)
- Choose the Custom (advanced) option
  Setup your partition/s as needed. Format your partition/s.
- Personalize: Keep Default
- PC name: Enter a name
- Get Online: Next
- Settings: Customize
Update your PC and Apps
- All off
Check online for solutions
- Use compatibility list for Internet Explorer…: Off
Check online for solutions
- All off
Sign in to your Microsoft account
- Create a new account
- Sign in without a Microsoft account
- Username: Operator (no password)
- Finish

Immediately After Install

I advise against using the Administrator account for configuring as your image profile.  This account gets deleted during the sysprep process. I use a local account named Operator. The account will be included in the image and can be used again when needing to make changes to the image.

- Logon using the Operator account you created above.
- I recommend that you uninstall the included Windows non-essential apps. If you install any new apps or update any existing apps in your image computer, your sysprep will fail. The reason for this is that apps are user specific. Apps and settings cannot be transferred to other users. More information about this can be found here:

Uninstall all non-essential apps using the following commands at an elevated PowerShell prompt.

Get-AppxPackage | % {if (!($_.IsFramework -or $_.PublisherId -eq "cw5n1h2txyewy")) {$_}} | Remove-AppxPackage

Get-AppXProvisionedPackage -online | Remove-AppxProvisionedPackage –online

Select all Open in new window

- Enable the local Administrator account. Set a password for the account. Password never expires (optional).
- Update the local Operator account.  Set a password for the account. Password never expires (optional).

Now install all necessary programs, run windows updates, configure the start screen, create local user accounts and configure the profile and OS the way you would like it to be. Find below some tips and tricks to add to your image. When completed, the computer should almost be ready to be sysprepped.

Additions – Image Tips and Tricks

Boot To Desktop
You are now able to boot right to the desktop, bypassing the Start Screen.
Right-click the Taskbar and select properties. Select the Navigation tab.

Corner Navigation
- When I point to the upper-right corner, show the charms: T
- When I click the upper-left corner, switch between my recent apps: T
- Replace command prompt with Windows PowerShell in the menu…: F
Start Screen
- When I sign-in or close all apps on a screen, go to the desktop instead of Start: T
- Show my desktop background on Start: F
- Show Start on the display I’m using when I press the Windows logo key: T
- Show the Apps view automatically when I go to start: F
- List desktop apps first in the Apps view when it’s sorted by category: T

WinSAT prepop (Windows System Assessment Tests Scores)
You may lose the aero theme after sysprep. Run the following command at an elevated command prompt:

WinSAT prepop

Select all Open in new window

This will generate the WinSAT prepop .xml results files to the Datastore directory, located at: %WINDIR%\performance\winsat\datastore. This enables you to keep the configured aero theme after running sysprep (otherwise it will be reset back to basic).  
For more information about WinSAT:

Restart the computer then log back in as Operator. Make sure the theme is still set to your default theme. If needed, set it back to your default theme.

PowerCFG Command (GUID for Default power plan)
Specify the default power plan in your unattend.xml file. Run the following at an elevated command prompt:

Powercfg –list

Select all Open in new window

Look for your default power plan. Write down the guid for the plan. We will add this to your unattend.xml file later.

Slipstream Drivers
To slipstream drivers into your Windows image you can use the command line utility “pnputil.exe”.
If you need a certain driver installed in the image, like an adapter, scanner or printer driver, and do not want your users to be prompted for the driver, then add it to the DriverStore in your Windows image. The command to add a driver using this utility is (HP001.inf is an example driver):

pnputil.exe -a HP0001.inf

Select all Open in new window

The command needs to be run at an elevated command prompt. All the information regarding this command can be found here:

Disable “Set backup” Action Center Notification
To disable the Action Center “Set backup” notification, create a registry file named DisableBackupMonitoring.reg using notepad and paste the following code. Run the registry file under the configured profile. You can also apply the registry file via group policy.

Windows Registry Editor Version 5.00


Select all Open in new window

Create SetupComplete.cmd File
On your image computer browse to the C:\Windows\setup directory.  In there, create a new directory named Scripts. Inside of Scripts, create a file named SetupComplete.cmd. Commands placed in this file will run just before you are presented with the Windows logon screen. We’ll add some commands to this file shortly.

Create Unattend.xml File

When the laptop is ready you'll need to create a unattend.xml answer file using Windows System Image Manager (Windows SIM). You should already have Windows SIM installed on another computer. If not, the download link is listed above.
1. Insert the media you used to install Windows 8.1 on your image computer into your CD-DVD drive.
2. Start Windows SIM. From the menu select “Tools – Create Catalog”. You’ll be prompted for the “install.wim” file located on your media. Browse to the install.wim file in the sources directory on your disk. When the catalog is complete you’ll be ready to configure your answer file.
3. I've attached a sample unattend.xml file for reference. Open the file with Windows SIM and take a look at some of the settings I’ve configured.

In my unattend.xml file you’ll see:


Select all Open in new window

This will allow sysprep to provide a random name for the computer after sysprep.


Select all Open in new window

This tells sysprep to copy the configured profile you’ve created to the default profile.


Select all Open in new window

Set SkipRearm to 1 while customizing your computer.
Before running the Sysprep command the final time before deploying an image, rearm the computer by setting the SkipRearm setting to 0. This resets the Activation grace-period timer.

<PreferredPlan>YOUR GUID</PreferredPlan>

Select all Open in new window

This specifies the default power plan for your image. Update the unattend.xml file with the guid of the power plan you retrieved earlier.  


Select all Open in new window

Setting this to True will disable Windows Defender. Set this to False if you are not deploying your own antivirus program.


Select all Open in new window

You must specify an OU to add the computers to otherwise they will not be added to the domain.


Select all Open in new window

When set to True, this tells sysprep not to remove installed hardware from the image during sysprep. This should be the case when distributing the image to the same model computer. If you would like to create a clean sysprep image, meaning you are able to install the image on any computer, no matter the hardware, the above should be set to False.  

The other thing regarding the unattend.xml, you need to create a local user during the sysprep process.  When you install Windows 8.1 (using the disks) you’re prompted to create a local user. This process still occurs when using an attend.xml file and sysprep. In the answer file I create a local user named TempUser. TempUser gets deleted when the laptop first boots up to Windows logon screen. The sole purpose of TempUser is to hide the prompt to create a local user after sysprep runs.

Customize the answer file to meet your image needs. After you’ve completed the unattend.xml file, copy the file to C:\Windows\System32\Sysprep.

Customize SetupComplete.cmd

On your image laptop, browse to the C:\Windows\setup\Scripts directory your created earlier.  Open SetupComplete.cmd for editing. As I said earlier, commands placed in this file will run just before you are presented with the Windows logon screen.

To delete the previously created TempUser account, add the following command to SetupComplete.cmd:

net user TempUser /delete

Select all Open in new window

To enable the local Administrator account, add the following command to SetupComplete.cmd:  

net user Administrator /active:yes

Select all Open in new window

Even though you may have enabled the administrator account on the imaged laptop before running sysprep, it will be disabled again.

Delete the Domain Users group from the local Administrators and Users groups using the above commands.

net localgroup Administrators "Domain\Domain Users" /delete
net localgroup Users "DomainDomain Users" /delete

Select all Open in new window

To delete the unattend.xml file, add the following command to SetupComplete.cmd:

del C:\Windows\System32\Sysprep\unattend.xml

Select all Open in new window

Even though the passwords you enter in the xml file are encrypted, you’ll feel better knowing the file is not there.

I've attached a sample SetupComplete.cmd file for reference. You may add whatever commands you need to run here in this file. Save the file when finished

ConfigureSystem.hta (optional)

At this point your image computer is ready to be sysprepped. If you were to leave things as is, during the sysprep process the computer will be added to the domain under a randomly generated name. If that’s fine with you then you can skip this part and go to “Run Sysprep”.

I’ve created a HTA script that provides an interface to rename the computer, add users to the local users and administrators groups, and select the OU to add the computer to. It also gives you current system information. The script runs on first logon as a scheduled task. The scheduled task will be deleted once the script opens. The HTA file also deletes the "C:\Windows\Setup\Scripts\SetupComplete.cmd" once the script opens.

This is what the screen looks like. It's showing current information for my desktop. The scripts opens at full-screen:
ConfigureSystem GUI
In theory the process will be:

1. Image restored to computer.
2. Sysprep completes its tasks and you are presented with the logon screen.
3. You log in with an account with AD read/write credentials.
4. The HTA script is called (task scheduler). You provide a new computer name, add user/groups to the local Users and Administrators groups. Select an OU for the computer from the drop-down. View current hardware information for the computer.
5. The computer reboots and you can log in as the user.
6. Process completed.

Firstly, let me say that if you would like to use this HTA script, it will take a little modification from you to make it suit your needs. I will try and give clear instructions on what needs to be changed.

This script launches when the first user logs into the computer. The user must have the correct permissions to read and write to Active Directory. There is a 25 second delay before the script opens, allowing for other tasks to complete. Once the script loads, all the information is entered, and the Apply Changes button is pressed, a prompt asking you to reboot will appear

 The HTA provides an interface that enables you to do the following:
1. Rename the computer.
2. Add users and groups to the local Administrators and Users groups.
3. Add the computer to a specific OU.
4. Provides current system information.

If the new computer name already exists in AD (name you are renaming to), the existing computer account in AD will be deleted. The old computer name (current name of computer) will be renamed to the new computer name, and the computer account will then be moved to the selected OU. The script will also validate any user or group accounts entered against AD.

The HTA file needs to be placed in an accessible share on the network. Import the attached scheduled task into task scheduler on your image computer. Once you import the task, you will need to change the location of the HTA file (and author if needed).

I use HTAEdit to edit and compile my script to an exe. Compiling it to exe includes all the source files needed for script inside the exe.

You can use notepad to edit the script but you will not be able to compile it to exe. If you point to the HTA script itself (.hta and not .exe), the file will need to reside in the folder that contains all the corresponding source files (images, etc.)

The following code in the HTA needs to be customized:


Select all Open in new window

Search for all instances of the above text and replace with your domain name.

Set objNewOU = GetObject("LDAP://ou=" & strNewOU & strDomain & "")

Select all Open in new window

Line 427 – You may need to change the above to add an OU name if the OU you’re adding the computer to is nested in a parent OU. Something like:

GetObject("LDAP://ou=" & strNewOU & ",ou=CityCampus," & strDomain & "")

Select all Open in new window

strNewOU will take the value of the OU selected in the HTA.

<select name="txt_ou" size="1" onChange="vbs:CheckOU">
    <option value="" name=""></option>
    <option value="Desktops">Desktops</option>
    <option value="Laptops">Laptops</option>
    <option value="Re-Imaged">Re-Imaged</option>
    <option value="">-----------------</option>
    <option value="Workgroup">Workgroup</option>

Select all Open in new window

These are your OU options. You need to change these options to suit your needs. The value="" must match the OU name in AD. So if I select Desktops, the value "Desktops" is the OU name.

Now…the way I have the HTA setup, any users or groups added to the fields will be added to both the local Administrators and Users groups. I know this may not suit everyone so a little knowledge of vbscript can help you customize the HTA file to meet your needs. This can be changed in the subroutines located on line 259 and 336.

If you need help I will do my best to provide assistance.

Run Sysprep

You should now be ready to run sysprep on the computer.

NOTE: I highly recommend that you take an image of your image computer before you run sysprep. Things DO go wrong and being able to get back to pre-sysprep will save you a lot of time and heart-ache.

From within the configured profile you’ve created, open a command prompt. Navigate to C:\Windows\System32\Sysprep. Type the following command to start the sysprep process:
sysprep.exe \generalize \oobe \shutdown \unattend:unattend.xml
The computer will shut down after sysprep has finished.

Take An Image

Now it’s time to take an image of the hard drive.  Everyone has their own way of doing this. I use Symantec Ghost as it takes an image of the whole drive.  I’ve tested ImageX and found it to have it drawbacks. The main reason I choose not to use it is because we use two partitions in our image. The C: partition for the OS and the D: partition for the users’ data. You cannot take a disk image with ImageX. You have to do each partition individually. The same goes for when applying the image. I ghost the hard drive and have our completed image.

I've attached a zip with all files for the guide. For the HTA script, please read the !READ ME FIRST.txt file in the folder.

I hope this puts you in the right direction for a successful sysprep image. If you have any questions I will be glad to help. Good luck!

Guide Files
Ivano ViolaSystem Administrator

Comments (15)

Dash AmrSenior Specialist(PM)

I am trying to use the guide to deploy windows 8 on w510 Acer iconia UEFI device x86 am I able to use the unattend.xml file in the guide
Ivano ViolaSystem Administrator



Most problems occur because of the unattend file. I highly recommend that you create your own and use the one I've provided as a guide for the settings. Download and install the Windows Assessment and Deployment Kit (Windows ADK) for Windows 8.1.

Note: The install.wim used for creating the unattend file MUST match the version you are going to deploy, it's no good pointing to a Windows 8 Pro image if you are going to deploy Windows 8 Enterprise.

Here is some useful information to help you do this:

Thanks ivanoviola great guide.

Can you help me on customizing HTA script?

I need to specify which sub OU according to type of PC.

For example in domain, we have Computers OU, but withing the computers OU we have sub OU. How can I setup the script so we can select which sub OU the PC will fall under? Also, I would also like to specify which users will be in local administrators group vs users group.
                           MarketData Workstations
Ivano ViolaSystem Administrator


Thanks Andy.

First you will need to update the drop-down field in the HTML code to something like this:
<select name="txt_ou" size="1" onChange="vbs:CheckOU">
    <option value="" name=""></option>
    <option value="Laptops">Laptops</option>
    <option value="Workstations">Workstations</option>
    <option value="MarketDataWorkstations">MarketData Workstations</option>
    <option value="">-----------------</option>
    <option value="Workgroup">Workgroup</option>

Open in new window

I don't think you need to change anything in the MoveComputers vbs sub as it should still work.
 Set objNewOU = GetObject("LDAP://ou=" & strNewOU & ",ou=Computers," & strDomain & "")

strNewOU will equal the value of what you select in the drop-down. So if you select Workstations then the path will equal: OU=Workstations,OU=Computers,DC=Your,DC=Domain,DC=Com

Let me know if you have any questions or need help.

Thank you Ivan. I will test this out.

View More

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.