Windows 10 is here and for most admins this means frustration and challenges getting that first working Windows 10 image. As in my previous sysprep articles, I've put together a simple help guide to get you through this process. The aim is to achieve that first deployment image quickly and easily.
This article builds on my previous two sysprep articles:
- Windows Assessment and Deployment Kit (Windows ADK) for Windows 10
From the kit you need to install the Deployment Tools which contains Windows System Image Manager (SIM) used for creating unattend .xml files. This should be install on a computer not being used for imaging.
- Windows 10 image.wim
To create an unattend.xml file to be used for sysprep, you will also need the image.wim file located on the Windows 10 installation disk you used to Install Windows on your image computer (located in the Sources folder).
Let’s get started...
Install Windows 10 on your image computer. Here are initial settings I use.
Initial OS Load
During Install (leave defaults unless stated
Choose the Custom (advanced) option: Setup partition/s as needed. Format your partition/s.
Let’s get connected: Skip and click Next
Get going fast: Customize settings
Customize Settings
Personalization: All off
Location: All off
Browser and protection: All off
Connectivity and error reporting: All off
Choose how you’ll connect: Join a domain
Who is going to use this PC?: Operator (no password)
Immediately After Install
Logon using the Operator account you created above.
Activate Windows then disconnect the computer from the Internet.
This will ensure that the built-in apps do not update otherwise your sysprep will fail.
Uninstall built-in apps using PowerShell. Run PowerShell as Administrator. Paste the following commands onto the PowerShell command line and hit Enter.
Confirm that all the apps have been uninstalled. The shortcuts should no longer appear on the All Apps start menu.
The following four apps should still be present as they cannot be removed.
Cortana
Contact Support
Microsoft Edge
Windows Feedback
NOTE: In Windows 8.1 the Store app could not be uninstalled. This has changed in Windows 10. if you would like to make this available to all users then you should not permanently uninstall preinstalled apps. Useful apps that you may want users to have access to are: Store, Calculator and Voice Recorder
Following the uninstall instructions above will allow the apps to be reinstalled on first log on for all new users. To remove certain apps you will need to script this at logon or just after the user logs in.
Enable the local Administrator account. Set a password for the account. Password never expires (optional).
Update the local Operator account. Set a password for the account. Password never expires (optional).
Now, install all necessary programs, run windows updates, configure the start screen, create local user accounts and configure the profile and OS the way you would like it to be. Find below some tips and tricks to add to your image. When completed, the computer should almost be ready to be sysprepped.
Additions – Image Tips and Tricks
Create SetupComplete.cmd File
On your image computer browse to the C:\Windows\setup directory. Within the Setup folder create a new folder named Scripts. Within the Scripts folder create a file named SetupComplete.cmd. Commands placed in this file will run just before you are presented with the Windows logon screen. We’ll add some commands to this file shortly.
Run First Log On Commands
You can do this a few ways, including through your unattend.xml file. I choose to create a script and call it when users log in for the very first time. Launch.exe will call Cleanup.exe, which contains the commands to run.
Convert Launch.vbs to an executable (Launch.exe) and place it in Operator’s Startup folder. This file will get deleted on completion of Cleanup.exe. You should add this file just before you're ready to run sysprep as you may need to reboot your computer at different stages.
Note: To create and compile my scripts I use VbsEdit. It’s costs $59 but you can install it on multiple machines and it comes with a lifetime license.
Now let's create the Cleanup.exe script. Here is the code for the Cleanup.vbs:
You can add any commands you like in this script. Here you can re-install OneDrive, which we will go over later in the guide. At the end of the script Launch.exe will get deleted so that it does not run again for the currently logged in user. Copy Cleanup.exe to %AppData%\Scripts. You will need to create the Scripts folder as it does not exist.
Cleanup.exe and Launch.exe will become part of the Default profile. It will only run when a new user logs in for the very first time.
Adjust Display Settings
You may notice that some programs when opened do not display as sharp as others. In my case, as an example, Adobe Acrobat. The program seems fuzzy or blurry when opened. If this is the case for you then check the following setting:
All Apps - Settings - Display
Change the size of text, apps and other items: Set the slider to 100%. I find in some cases the default is 125%.
Boot To Desktop
Boot right to the desktop. Navigate to: All Apps – Settings – System – Tablet Mode
When I sign in: Go to the desktop
Here you’re also able to set how your device handles switching from desktop to tablet mode.
WinSAT prepop (Windows System Assessment Tests Scores)
You may lose the aero theme after sysprep. Run the following command at an elevated command prompt:
This will generate the WinSAT prepop .xml results files to the Datastore directory, located at:
%WINDIR%\performance\winsat\datastore.
This enables you to keep the configured aero theme after running sysprep (otherwise it will be reset back to basic). Additional information about WinSAT can be found here.
Restart the computer then log back in as Operator. Make sure the theme is still set to your default theme. If needed, set it back to your default theme.
PowerCFG Command (GUID for Default power plan)
Specify the default power plan in your unattend.xml file. Run the following at an elevated command prompt:
Look for your default power plan. Write down the guid for the plan. We will add this to your unattend.xml file later.
Slipstream Drivers
To slipstream drivers into your Windows image you can use the command line utility “pnputil.exe”.
If you need a certain driver installed in the image, like an adapter, scanner or printer driver, and do not want your users to be prompted for the driver, then add it to the DriverStore in your Windows image. The command to add a driver using this utility is (HP001.inf is an example driver):
The command needs to be run at an elevated command prompt. More information about this command can be found here.
Disable Windows Features or Noticifactions
Using notepad, create the following registry files to disable features or notifications. Copy and paste the following code then save the file with a .reg extension. For example DisableBackupMonitoring.reg. Run the registry file/s to import the changes to the registry.
Disable Backup Monitoring:
Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsBackup]"DisableMonitoring"=dword:00000001
Note: You can also apply the registry files via group policy.
OneDrive Setup
When you use the CopyProfile switch in your unattend file, the OneDrive shortcut in the All Apps menu continues to point to the Operator account instead of the currently logged in user. To resolve this issue OneDrive needs to be re-installed on first log on for each user. Do the following when logged in as Operator:
Manually copy the OneDrive Update folder from within the Operator profile to the ProgramData folder:
%LOCALAPPDATA%\Microsoft\ OneDrive\Update to%PROGRAMDATA%\Microsoft\OneDrive\Update
Run the following commands at an elevated command prompt to clean up the old OneDrive folders:
To clean up the old OneDrive registry entries, create a registry file named OneDriveCleanup.reg using notepad and paste the following code. Run the registry file.
Windows Registry Editor Version 5.00[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive]
All folders will be recreated, including the All Apps shortcut.
Create Unattend.xml File
When the computer is ready you'll need to create a unattend.xml answer file using Windows System Image Manager (Windows SIM). You should already have Windows SIM installed on another computer. If not, the download link is listed above.
Insert the media you used to install Windows 10 on your image computer into your CD-DVD drive.
Start Windows SIM. From the menu select “Tools – Create Catalog”. You’ll be prompted for the “install.wim” file located on your media. Browse to the install.wim file in the sources directory on your disk. When the catalog is complete you’ll be ready to configure your answer file.
I've attached a sample unattend.xml file for reference. Open the file with Windows SIM and take a look at some of the settings I’ve configured.
Set SkipRearm to 1 while customizing your computer.
Before running the Sysprep command the final time before deploying an image, rearm the computer by setting the SkipRearm setting to 0. This resets the Activation grace-period timer.
When set to True, this tells sysprep not to remove installed hardware from the image during sysprep. This should be the case when distributing the image to the same model computer. If you would like to create a clean sysprep image, meaning you are able to install the image on any computer, no matter the hardware, the above should be set to False.
The other thing regarding the unattend.xml, you need to create a local user during the sysprep process. When you install Windows 10 (using the disk) you’re prompted to create a local user. This process still occurs when using an attend.xml file and sysprep. In the answer file I create a local user named TempUser. TempUser gets deleted when the laptop first boots up to Windows logon screen. The sole purpose of TempUser is to hide the prompt to create a local user after sysprep runs.
Customize the answer file to meet your image needs. After you’ve completed the unattend.xml file, copy the file to C:\Windows\System32\Sysprep.
Customize SetupComplete.cmd
On your image laptop, browse to the C:\Windows\setup\Scripts directory your created earlier. Open SetupComplete.cmd for editing. As I said earlier, commands placed in this file will run just before you are presented with the Windows logon screen.
To delete the previously created TempUser account, add the following command to SetupComplete.cmd:
Even though the passwords you enter in the xml file are encrypted, you’ll feel better knowing the file is not there. I've attached a sample SetupComplete.cmd file for reference. You may add whatever commands you need to run here in this file. Save the file when finished.
Note: One change I’ve noticed from Windows 8.1 to Windows 10 is that you will not be able to add domain users/groups to local groups through SetupComplete.cmd. If you find otherwise Let me know.
Run Sysprep
You should now be ready to run sysprep on the computer.
Note: I highly recommend that you take an image of your image computer before you run sysprep. Things DO go wrong and being able to get back to a pre-sysprep state will save you a lot of time and heart-ache.
From within the configured profile you’ve created, open a command prompt. Navigate to C:\Windows\System32\Sysprep. Type the following command to start the sysprep process:
The computer will shut down after sysprep has finished.
Take An Image
Now it’s time to take an image of the hard drive. Everyone has their own way of doing this. I use Symantec Ghost as it takes an image of the whole drive. I’ve tested ImageX and found it to have it drawbacks. The main reason I choose not to use it is because we use two partitions in our image. The C: partition for the OS and the D: partition for the users’ data. You cannot take a disk image with ImageX. You have to do each partition individually. The same goes for when applying the image. I ghost the hard drive and have our completed image.
I've attached a zip containing the files discussed in this guide.
I hope this guide is helpful and puts you in the right direction for a successful sysprep image. You're welcome to post messages for your own tricks or tips that you think will be beneficial to the Windows 10 sysprep community!
My local administrator won't reactivate after SYsprep :(. Got the script at the right place. any ideas ?
Btw im usin a French OS. so instead "Administrator" i put "Administrateur" is it right ?
I set the user account in oobe System.
Any help ? :(
The SetupComplete.cmd should be located here:
C:\Windows\Setup\Scripts
The command that enables the Administrator account in this file should look like:
:: Enable local administrator user account
net user Administrator /active:yes
In regards to the spelling of Administrator. Take a look in "Local Users and Groups - Users". Administrator should be listed as a local user. Spell it the way you see it there.
Make sure all the commands above this line are valid. If there is a command that is not valid, it can stop other commands from processing.
Is there a group policy that may disable the Administrator account after the computer is added to the domain?
I'm new to Sysprep and have a simple embarrassing question.
From a new computer, I booted into Audit mode and got the setup I'm happy with after many many hours of learning. Since this is my first attempt, I want to capture an image of the setup I've spent so much time on PRIOR to running Sysprep and while in Audit mode in case - as you say - something goes wrong.
How do I make a "backup" image of the configuration prior to running Sysprep? I tried creating and Image from the Backup options of Control Panel but it says I'm not allowed while in Audit mode. But if I exit Audit mode, won't I loose everything?
I'm having a hard time understanding what happens to the configuration once you exit Audit mode.
Boot from external media (Windows to Go or eventually Windows 10 setup disk) and use dism to create a wim file from your Windows system volume.
If you later want to restore your Windows, rename that wim file install.wim and put it in the sources folder on a normal Windows 10 setup USB stick created with Media Creation Tool.
Comments (17)
Commented:
My local administrator won't reactivate after SYsprep :(. Got the script at the right place. any ideas ?
Btw im usin a French OS. so instead "Administrator" i put "Administrateur" is it right ?
I set the user account in oobe System.
Any help ? :(
Thx
Author
Commented:The SetupComplete.cmd should be located here:
C:\Windows\Setup\Scripts
The command that enables the Administrator account in this file should look like:
:: Enable local administrator user account
net user Administrator /active:yes
In regards to the spelling of Administrator. Take a look in "Local Users and Groups - Users". Administrator should be listed as a local user. Spell it the way you see it there.
Make sure all the commands above this line are valid. If there is a command that is not valid, it can stop other commands from processing.
Is there a group policy that may disable the Administrator account after the computer is added to the domain?
Ivano
Commented:
I'm new to Sysprep and have a simple embarrassing question.
From a new computer, I booted into Audit mode and got the setup I'm happy with after many many hours of learning. Since this is my first attempt, I want to capture an image of the setup I've spent so much time on PRIOR to running Sysprep and while in Audit mode in case - as you say - something goes wrong.
How do I make a "backup" image of the configuration prior to running Sysprep? I tried creating and Image from the Backup options of Control Panel but it says I'm not allowed while in Audit mode. But if I exit Audit mode, won't I loose everything?
I'm having a hard time understanding what happens to the configuration once you exit Audit mode.
Thank you for answering an embarrassing question.
Allan
Commented:
If you later want to restore your Windows, rename that wim file install.wim and put it in the sources folder on a normal Windows 10 setup USB stick created with Media Creation Tool.
Commented:
View More