<

[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x

Windows 10 Sysprep Guide

Published on
92,941 Points
85,941 Views
10 Endorsements
Last Modified:
Approved
Windows 10 is here and for most admins this means frustration and challenges getting that first working Windows 10 image. As in my previous sysprep articles, I've put together a simple help guide to get you through this process. The aim is to achieve that first deployment image quickly and easily.
This article builds on my previous two sysprep articles:
 

Files you will need...


- Windows Assessment and Deployment Kit (Windows ADK) for Windows 10
From the kit you need to install the Deployment Tools which contains Windows System Image Manager (SIM) used for creating unattend .xml files. This should be install on a computer not being used for imaging.

- Windows 10 image.wim
To create an unattend.xml file to be used for sysprep, you will also need the image.wim file located on the Windows 10 installation disk you used to Install Windows on your image computer (located in the Sources folder).


Let’s get started...


Install Windows 10 on your image computer. Here are initial settings I use.
 

Initial OS Load

 

During Install (leave defaults unless stated


  • Choose the Custom (advanced) option: Setup partition/s as needed. Format your partition/s.
  • Let’s get connected:  Skip and click Next
  • Get going fast:  Customize settings
 

Customize Settings


  • Personalization: All off
  • Location: All off
  • Browser and protection: All off
  • Connectivity and error reporting: All off
    • Choose how you’ll connect:   Join a domain
    • Who is going to use this PC?:  Operator (no password)


Immediately After Install  


  • Logon using the Operator account you created above.
  • Activate Windows then disconnect the computer from the Internet.
    This will ensure that the built-in apps do not update otherwise your sysprep will fail.
  • Uninstall built-in apps using PowerShell. Run PowerShell as Administrator. Paste the following commands onto the PowerShell command line and hit Enter.
Get-AppxPackage *3dbuilder* | Remove-AppxPackage
Get-AppxPackage *windowsalarms* | Remove-AppxPackage
Get-AppxPackage *Appconnector* | Remove-AppxPackage
Get-AppxPackage *windowscalculator* | Remove-AppxPackage
Get-AppxPackage *windowscommunicationsapps* | Remove-AppxPackage
Get-AppxPackage *windowscamera* | Remove-AppxPackage
Get-AppxPackage *CandyCrushSaga* | Remove-AppxPackage
Get-AppxPackage *officehub* | Remove-AppxPackage
Get-AppxPackage *skypeapp* | Remove-AppxPackage
Get-AppxPackage *getstarted* | Remove-AppxPackage
Get-AppxPackage *zunemusic* | Remove-AppxPackage
Get-AppxPackage *windowsmaps* | Remove-AppxPackage
Get-AppxPackage *Messaging* | Remove-AppxPackage
Get-AppxPackage *solitairecollection* | Remove-AppxPackage
Get-AppxPackage *ConnectivityStore* | Remove-AppxPackage
Get-AppxPackage *bingfinance* | Remove-AppxPackage
Get-AppxPackage *zunevideo* | Remove-AppxPackage
Get-AppxPackage *bingnews* | Remove-AppxPackage
Get-AppxPackage *onenote* | Remove-AppxPackage
Get-AppxPackage *people* | Remove-AppxPackage
Get-AppxPackage *CommsPhone* | Remove-AppxPackage
Get-AppxPackage *windowsphone* | Remove-AppxPackage
Get-AppxPackage *photos* | Remove-AppxPackage
Get-AppxPackage *WindowsScan* | Remove-AppxPackage
Get-AppxPackage *bingsports* | Remove-AppxPackage
Get-AppxPackage *windowsstore* | Remove-AppxPackage
Get-AppxPackage *Office.Sway* | Remove-AppxPackage
Get-AppxPackage *Twitter* | Remove-AppxPackage
Get-AppxPackage *soundrecorder* | Remove-AppxPackage
Get-AppxPackage *bingweather* | Remove-AppxPackage
Get-AppxPackage *xboxapp* | Remove-AppxPackage
Get-AppxPackage *XboxOneSmartGlass* | Remove-AppxPackage

Open in new window


  • Confirm that all the apps have been uninstalled. The shortcuts should no longer appear on the All Apps start menu.
  • The following four apps should still be present as they cannot be removed. 
    • Cortana
    • Contact Support
    • Microsoft Edge
    • Windows Feedback
  • NOTE: In Windows 8.1 the Store app could not be uninstalled. This has changed in Windows 10. if you would like to make this available to all users then you should not permanently uninstall preinstalled apps. Useful apps that you may want users to have access to are: Store, Calculator and Voice Recorder
  • Following the uninstall instructions above will allow the apps to be reinstalled on first log on for all new users. To remove certain apps you will need to script this at logon or just after the user logs in.
  • Enable the local Administrator account. Set a password for the account. Password never expires (optional).
  • Update the local Operator account.  Set a password for the account. Password never expires (optional).

Now, install all necessary programs, run windows updates, configure the start screen, create local user accounts and configure the profile and OS the way you would like it to be. Find below some tips and tricks to add to your image. When completed, the computer should almost be ready to be sysprepped.
 

Additions – Image Tips and Tricks

 

Create SetupComplete.cmd File

On your image computer browse to the C:\Windows\setup directory.  Within the Setup folder create a new folder named Scripts. Within the Scripts folder create a file named SetupComplete.cmd. Commands placed in this file will run just before you are presented with the Windows logon screen. We’ll add some commands to this file shortly.
 

Run First Log On Commands

You can do this a few ways, including through your unattend.xml file. I choose to create a script and call it when users log in for the very first time. Launch.exe will call Cleanup.exe, which contains the commands to run.

Here is the code for the Launch.vbs script:
Set WshShell = WScript.CreateObject("Wscript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")

strAppData = WshShell.ExpandEnvironmentStrings("%APPDATA%")

'-----------------------------------------------------------------------

' Run computer cleanup script

Set objShell = CreateObject("WScript.Shell")
strCleanup = strAppData & "\Scripts\Cleanup.exe"
objShell.run "cmd /c " & strCleanup,0,False

'-----------------------------------------------------------------------

WScript.Quit

Open in new window

Convert Launch.vbs to an executable (Launch.exe) and place it in Operator’s Startup folder. This file will get deleted on completion of Cleanup.exe. You should add this file just before you're ready to run sysprep as you may need to reboot your computer at different stages.

Note: To create and compile my scripts I use VbsEdit. It’s costs $59 but you can install it on multiple machines and it comes with a lifetime license.

Now let's create the Cleanup.exe script. Here is the code for the Cleanup.vbs:
Set WshShell = WScript.CreateObject("Wscript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("WScript.Shell")

strAppData = WshShell.ExpandEnvironmentStrings("%APPDATA%")
strLocalAppData = WshShell.ExpandEnvironmentStrings("%LOCALAPPDATA%")
strUserProfile = WshShell.ExpandEnvironmentStrings("%USERPROFILE%")
strAllUsers = WshShell.ExpandEnvironmentStrings("%ALLUSERSPROFILE%")

'-----------------------------------------------------------------------



' ADD COMMANDS HERE



'-----------------------------------------------------------------------

' Delete Launch.exe

strAppData = WshShell.ExpandEnvironmentStrings("%APPDATA%")
strLaunch = strAppData & "\Microsoft\Windows\Start Menu\Programs\Startup\Launch.exe"

If objFSO.FileExists(strLaunch) Then
  objFSO.DeleteFile strLaunch, True
End If

'-----------------------------------------------------------------------

WScript.Quit

Open in new window

You can add any commands you like in this script. Here you can re-install OneDrive, which we will go over later in the guide. At the end of the script Launch.exe will get deleted so that it does not run again for the currently logged in user. Copy Cleanup.exe to %AppData%\Scripts. You will need to create the Scripts folder as it does not exist. 

Cleanup.exe and Launch.exe will become part of the Default profile. It will only run when a new user logs in for the very first time.
 

Adjust Display Settings

You may notice that some programs when opened do not display as sharp as others. In my case, as an example,  Adobe Acrobat. The program seems fuzzy or blurry when opened. If this is the case for you then check the following setting:

  • All Apps - Settings - Display
  • Change the size of text, apps and other items: Set the slider to 100%. I find in some cases the default is 125%.
 

Boot To Desktop

Boot right to the desktop. Navigate to: All Apps – Settings – System – Tablet Mode
When I sign in: Go to the desktop
 
Here you’re also able to set how your device handles switching from desktop to tablet mode.
 

WinSAT prepop (Windows System Assessment Tests Scores)

You may lose the aero theme after sysprep. Run the following command at an elevated command prompt:

WinSAT prepop

Open in new window

 This will generate the WinSAT prepop .xml results files to the Datastore directory, located at:
%WINDIR%\performance\winsat\datastore.
This enables you to keep the configured aero theme after running sysprep (otherwise it will be reset back to basic). Additional information about WinSAT can be found here.
 
Restart the computer then log back in as Operator. Make sure the theme is still set to your default theme. If needed, set it back to your default theme.
 

PowerCFG Command (GUID for Default power plan)

Specify the default power plan in your unattend.xml file. Run the following at an elevated command prompt:

Powercfg –list

Open in new window

Look for your default power plan. Write down the guid for the plan. We will add this to your unattend.xml file later.
 

Slipstream Drivers

To slipstream drivers into your Windows image you can use the command line utility “pnputil.exe”.
If you need a certain driver installed in the image, like an adapter, scanner or printer driver, and do not want your users to be prompted for the driver, then add it to the DriverStore in your Windows image. The command to add a driver using this utility is (HP001.inf is an example driver):
pnputil.exe -a HP0001.inf

Open in new window

The command needs to be run at an elevated command prompt. More information about this command can be found here.
 

Disable Windows Features or Noticifactions
 

 Using notepad, create the following registry files to disable features or notifications. Copy and paste the following code then save the file with a .reg extension. For example DisableBackupMonitoring.reg. Run the registry file/s to import the changes to the registry.

Disable Backup Monitoring:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsBackup]
"DisableMonitoring"=dword:00000001

Open in new window

Disable Password Reveal:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main]
"DisablePasswordReveal"=dword:00000001

Open in new window

Disable IE Suggested Sites:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Suggested Sites]
"Enabled"=dword:00000000

Open in new window

Note: You can also apply the registry files via group policy.
 

OneDrive Setup

When you use the CopyProfile switch in your unattend file, the OneDrive shortcut in the All Apps menu continues to point to the Operator account instead of the currently logged in user. To resolve this issue OneDrive needs to be re-installed on first log on for each user. Do the following when logged in as Operator:
 
Manually copy the OneDrive Update folder from within the Operator profile to the ProgramData folder:
%LOCALAPPDATA%\Microsoft\ OneDrive\Update  to   %PROGRAMDATA%\Microsoft\OneDrive\Update

Run the following commands at an elevated command prompt to clean up the old OneDrive folders:
move "%LOCALAPPDATA%\Microsoft\OneDrive" "%LOCALAPPDATA%\Microsoft\OneDrive.old"
del "%APPDATA%\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk" /q/s
rd "%LOCALAPPDATA%\Microsoft\OneDrive.old" /q/s
rd "%USERPROFILE%\OneDrive" /q/s

Open in new window

To clean up the old OneDrive registry entries, create a registry file named OneDriveCleanup.reg using notepad and paste the following code. Run the registry file.

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive]

Open in new window

Now you can add the following code to the Cleanup.exe file you created above to re-install OneDrive when the user logs in for the very first time.

' Run OneDrive Setup

strOneDrive = strAllUsers & "\Microsoft\OneDrive\Update\OneDriveSetup.exe /silent"
objShell.run "cmd /c " & strOneDrive,0,True

Open in new window

All folders will be recreated, including the All Apps shortcut.
 

Create Unattend.xml File


When the computer is ready you'll need to create a unattend.xml answer file using Windows System Image Manager (Windows SIM). You should already have Windows SIM installed on another computer. If not, the download link is listed above.
 
  1. Insert the media you used to install Windows 10 on your image computer into your CD-DVD drive.
  2. Start Windows SIM. From the menu select “Tools – Create Catalog”. You’ll be prompted for the “install.wim” file located on your media. Browse to the install.wim file in the sources directory on your disk. When the catalog is complete you’ll be ready to configure your answer file.
  3. I've attached a sample unattend.xml file for reference. Open the file with Windows SIM and take a look at some of the settings I’ve configured.

In my unattend.xml file you’ll see:
<ComputerName>*</ComputerName>

Open in new window

This will allow sysprep to provide a random name for the computer after sysprep.

<CopyProfile>true</CopyProfile>

Open in new window

This tells sysprep to copy the configured profile you’ve created to the default profile.

<SkipRearm>0</SkipRearm>

Open in new window

Set SkipRearm to 1 while customizing your computer.
Before running the Sysprep command the final time before deploying an image, rearm the computer by setting the SkipRearm setting to 0. This resets the Activation grace-period timer.
<PreferredPlan>your.guid</PreferredPlan>

Open in new window

This specifies the default power plan for your image. Update the unattend.xml file with the guid of the power plan you retrieved earlier. 

<DisableAntiSpyware>true</DisableAntiSpyware>

Open in new window

Setting this to True will disable Windows Defender. Set this to False if you are not deploying your own antivirus program.

<MachineObjectOU>OU=Re-Imaged,OU=Computers,DC=your,DC=domain,DC=com</MachineObjectOU>

Open in new window

You must specify an OU to add the computers to otherwise they will not be added to the domain.

<DoNotCleanUpNonPresentDevices>true</DoNotCleanUpNonPresentDevices>
<PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>

Open in new window

When set to True, this tells sysprep not to remove installed hardware from the image during sysprep. This should be the case when distributing the image to the same model computer. If you would like to create a clean sysprep image, meaning you are able to install the image on any computer, no matter the hardware, the above should be set to False.  

The other thing regarding the unattend.xml, you need to create a local user during the sysprep process.  When you install Windows 10 (using the disk) you’re prompted to create a local user. This process still occurs when using an attend.xml file and sysprep. In the answer file I create a local user named TempUser. TempUser gets deleted when the laptop first boots up to Windows logon screen. The sole purpose of TempUser is to hide the prompt to create a local user after sysprep runs.

Customize the answer file to meet your image needs. After you’ve completed the unattend.xml file, copy the file to C:\Windows\System32\Sysprep.
 

Customize SetupComplete.cmd


On your image laptop, browse to the C:\Windows\setup\Scripts directory your created earlier.  Open SetupComplete.cmd for editing. As I said earlier, commands placed in this file will run just before you are presented with the Windows logon screen.

To delete the previously created TempUser account, add the following command to SetupComplete.cmd:
net user TempUser /delete

Open in new window

To enable the local Administrator account, add the following command to SetupComplete.cmd:  

net user Administrator /active:yes

Open in new window

Even though you may have enabled the administrator account on the imaged laptop before running sysprep, it will be disabled again.

Delete the Domain Users group from the local Administrators and Users groups using the above commands.
net localgroup Administrators "Domain\Domain Users" /delete
net localgroup Users "Domain\Domain Users" /delete

Open in new window

To delete the unattend.xml file, add the following command to SetupComplete.cmd:

del C:\Windows\System32\Sysprep\unattend.xml

Open in new window

Even though the passwords you enter in the xml file are encrypted, you’ll feel better knowing the file is not there. I've attached a sample SetupComplete.cmd file for reference. You may add whatever commands you need to run here in this file. Save the file when finished.

Note: One change I’ve noticed from Windows 8.1 to Windows 10 is that you will not be able to add domain users/groups to local groups through SetupComplete.cmd. If you find otherwise Let me know.
 

Run Sysprep


You should now be ready to run sysprep on the computer.

Note: I highly recommend that you take an image of your image computer before you run sysprep. Things DO go wrong and being able to get back to a pre-sysprep state will save you a lot of time and heart-ache.

From within the configured profile you’ve created, open a command prompt. Navigate to C:\Windows\System32\Sysprep. Type the following command to start the sysprep process:
sysprep.exe /generalize /oobe /shutdown /unattend:unattend.xml

Open in new window

The computer will shut down after sysprep has finished.
 

Take An Image


Now it’s time to take an image of the hard drive.  Everyone has their own way of doing this. I use Symantec Ghost as it takes an image of the whole drive.  I’ve tested ImageX and found it to have it drawbacks. The main reason I choose not to use it is because we use two partitions in our image. The C: partition for the OS and the D: partition for the users’ data. You cannot take a disk image with ImageX. You have to do each partition individually. The same goes for when applying the image. I ghost the hard drive and have our completed image.

I've attached a zip containing the files discussed in this guide.

I hope this guide is helpful and puts you in the right direction for a successful sysprep image. You're welcome to post messages for your own tricks or tips that you think will be beneficial to the Windows 10 sysprep community!

Good luck!

Ivano

GuideFiles.zip
10
Comment
Author:Ivano Viola
14 Comments
 
LVL 13

Expert Comment

by:Rizzle
Hi,

It would probably useful to list a way to permanently remove the built-in apps. Your articles provides the commands to remove it but then below it says they will appear for the next logged on user which to me seems pointless to run the PS commands in the first place?
0
 
LVL 22

Author Comment

by:Ivano Viola
Roshan,

Thanks for the feedback.

I wouldn't say it is pointless to remove the apps. You remove them because they will break your sysprep as they cannot be transferred to the default profile. Also when you permantly remove the apps you will lose the Windows Store, Calculator, and Sound Recorder. If you want you can create a script that removes certain apps at log in if you don't want them. If you don't need any of these apps then go ahead and permanently remove them.

IV
0
 
LVL 13

Expert Comment

by:Rizzle
Hi,

For completeness could that be mentioned within the article itself then? To the naked eye that wouldn't be obvious.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 

Expert Comment

by:hoos_s
Here is an article on how to remove the Provisioning Package of those apps from Windows 8/8.1

This method removes it for all new users.  Someone with better coding skills that I can rewrite it for Windows 10.

Give up on Sysprep and use MDT.
0
 

Expert Comment

by:PUAlumni
Great article.  I have been struggling with what should be a very simple thing to do with my base image.  I have a custom wallpaper that I wish to apply to all users.  The copy profile is completely broken to me.  None of my changes stick.  I was able to use a third party app to get what I'm looking for, except the custom wallpaper.

Suggestions?  Sysprep runs, no errors, just nothing applied on restart.  I'm getting my base image ready with the audit mode enabled, make changes, changes not applied on restart after sysprep.  It's almost like the copy profile flag is not being applied.

I have the copy profile being applied on the "Specialize" pass under component name="Microsoft-Windows-Shell-Setup".

Any help is greatly appreciated.
0
 
LVL 22

Author Comment

by:Ivano Viola
Hi PUAlumni,

The CopyProfile switch should work. Not sure why it isn't for you. This is what it looks like in my unattend:
Unattend FileI would start with a new unattend file and set all your settings again. That may help.

In regards to the wallpaper. Did you try this:

- Navigate to : C:\Windows\Web\Wallpaper\Windows
Copy your wallpaper to this folder. There you should see the default Windows wallpaper.
- Set your theme the way you would like it to be, using the wallpaper you just copied.  
- Once ready save the theme. Go to Control Panel - Personalize
Right-click on your theme (should say unsaved) and select save. Give the theme a name.
- Once saved navigate to: %USERPROFILE%\AppData\Local\Microsoft\Windows\Themes and move the saved theme to C:\Windows\Resources\Themes
- Go to Control Panel - Personalize
Switch to your saved theme which should be listed under "Installed Themes". Delete the unsaved theme listed under “My Themes”.

This setting should hold through the sysprep process.

If nothing else works then you can hack the default wallpaper Windows uses. You need to take full control of the folder first before you can make changes. Rename img0.jpg (default wallpaper) to img1.jpg. Rename your wallpaper to img0.jpg. This would be as a last resort.

IV
0
 
LVL 1

Expert Comment

by:OlafE
I would say,
sysprep.exe \generalize \oobe \shutdown \unattend:unattend.xml
should read
sysprep.exe /generalize /oobe /shutdown /unattend:unattend.xml
("/" instead of "\")
Best greetings from Germany
Olaf
0
 
LVL 22

Author Comment

by:Ivano Viola
Good catch Olaf. Thank you for letting me know.

IV
0
 

Expert Comment

by:Ken Bazor
Awesome article! Thanks for sharing and saving us valuable time!!
0
 

Expert Comment

by:jwcchelpdesk
Thanks for the help. Unfortunately I have not been able to get the computers to prompt for computer name. Also having problems with the domain login. I can live with this for the most part but it makes it difficult when I am imaging labs. Just additional steps...
In the past I have used Mysysprep2. Is there a Windows10 equivalent?

I also found it helpful to turn off the tiledatamodelsvc before sysprep.
0
 

Expert Comment

by:Hariiri Ishak
Is there any Video for this article?
0
 
LVL 17

Expert Comment

by:Kyle Santos
Hi Hariiri Ishak,

The author has not made a video for this article.

However, if you have a question about this article you can go here and ask a question about this article.  https://www.experts-exchange.com/askQuestion.jsp
Make sure to provide the link to the article as well so people know what you're referring to.
0
 

Expert Comment

by:mathieu tartarin
Hi,

My local administrator won't reactivate after SYsprep :(. Got the script at the right place. any ideas ?
Btw im usin a French OS. so instead "Administrator" i put "Administrateur" is it right ?
I set the user account in oobe System.
Any help ? :(

Thx
0
 
LVL 22

Author Comment

by:Ivano Viola
Hi Mathieu,

The SetupComplete.cmd should be located here:
C:\Windows\Setup\Scripts

The command that enables the Administrator account in this file should look like:
:: Enable local administrator user account
net user Administrator /active:yes

In regards to the spelling of Administrator. Take a look in "Local Users and Groups - Users".  Administrator should be listed as a local user. Spell it the way you see it there.

Make sure all the commands above this line are valid. If there is a command that is not valid, it can stop other commands from processing.

Is there a group policy that may disable the Administrator account after the computer is added to the domain?

Ivano
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Join & Write a Comment

The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Other articles by this author
Suggested Courses

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month