- Pooling printers to load-balance print jobs - Mon, Jul 27 2020
- Repackage existing installers (MSI, EXE) using the MSIX Packaging Tool - Wed, Jul 22 2020
- MSIX: Microsoft's unified package format for all Windows applications - Wed, Jul 15 2020
OOBE is the last of several passes Windows goes through during its installation—unless you boot the system into audit mode. Interactively, it displays a whole series of dialogs the user must respond to.
Microsoft has added numerous settings to Windows 10, especially those for privacy. One major stumbling block is in account creation, where Microsoft makes creating local accounts a game of hide-and-seek. On top of that, it forces the user to answer three security questions.
Users have to store answers to three security questions when setting up a local account
This task is not only tedious but can also irritate technically less-experienced users. Moreover, administrators or advanced users who regularly create new virtual machines (VMs) with Windows 10 will happily do without this recurring task.
The solution to this is an answer file for unattended installations. Such a file can already automate Windows 10 setup in the earlier phases, for example, when joining a domain during the Specialize pass.
Creating a new answer file ^
To generate an answer file, you need the Windows System Image Manager (Windows SIM). This tool is part of the Assessment and Deployment Toolkit (ADK). For it to display the required settings, open an installation image, typically the install.wim of Microsoft's ISO file.
This should match the architecture of the Windows version (32- or 64-bit) to which you want to apply the answer file. Then use the mouse to drag these entries from the bottom-left window to 7 oobeSystem in the middle window:
1 2 | amd64_Microsoft-Windows-International-Core_10.0.<Build-Number>_neutral amd64_Microsoft-Windows-Shell-Setup_10.0.<Build-Number>_neutral |
Be careful—these components also exist with the prefix wow64! For the 32-bit OS, the names begin with x86.
Transfer the components with the required settings for OOBE
Now the tree view appears with all the settings contained in them.
Language and region settings ^
During the OOBE phase, the setup asks for the desired language—the keyboard layout or the region—to determine the time format. You can skip these dialogs by passing the respective values to the setup routine via the answer file.
You can answer the queries about the region and the associated settings automatically
The relevant settings are in the Microsoft Windows International Core component, and their names are:
- InputLocale (input language for input devices; keyboard layout)
- SystemLocale (language to use for non-Unicode programs)
- UserLocale (per-user settings used for formatting dates, times, currency, and numbers)
- UILanguage (default system language used to display the user interface)
You can specify all values according to RFC 3066, for example, en-US for the US or de-DE for Germany. InputLocale also accepts hexadecimal values; a list of all codes is on Microsoft Docs. Here you can also enter multiple values separated by semicolons.
Configure language and regional setting via an answer file
Dialogs for EULA and user accounts ^
Next, switch to the OOBE section, where you can hide various dialogs during the installation. You can do this by changing the value of these settings to true:
- HideEULAPage
- HideOEMRegistrationScreen
- HideWirelessSetupInOOBE
- HideOnlineAccountScreens
- HideLocalAccountScreen
The first option skips the confirmation of the license terms; the last two omit the dialogs for creating an account (online and local).
Privacy settings ^
You can skip the configuration of privacy settings, including the data sent to Microsoft or whether applications can access the user's location, by assigning ProtectYourPC the value 3.
Bypassing unwanted setup dialogs and privacy settings
As you can see later after completing the Windows 10 setup, this method disables online speech recognition, the use of the advertising ID, and location. It sets the amount of diagnostic data sent to Microsoft to Basic.
Privacy settings if you have set ProtectYourPC to 3
If you want to manage these settings centrally in the future, you can do so via group policies.
Creating a new local account ^
If you have hidden the dialogs for creating user accounts, you will add at least one of them via the answer file. Otherwise, only the deactivated administrator and some system accounts will exist on the system.
Creating a new local account during setup
You can do this under User Accounts. For example, you can create local accounts under LocalAccounts. It is also possible to store the password here. If it is a member of the Administrators group, I recommend that afterward, you manage the password centrally via the Local Administrator Password Solution (LAPS).
Further settings ^
Microsoft-Windows-Shell-Setup has other options that may be of interest for OOBE automation. They do not mitigate user inconvenience during setup but can be of additional benefit if you have already created an answer file.
Attaching programs to the taskbar via the answer file
These include the possibility to change the paths for the Program directory and the user profiles. You can also use DesktopOptimization to ensure that Store apps do not appear on the taskbar. In addition, you can customize the display (resolution, color depth, etc.) or attach up to five programs to the taskbar (via the TaskbarLinks option).
Assigning an answer file to an image ^
Microsoft offers several ways to assign an answer file to an image for unattended installation. For example, you can provide this file using a USB stick.
In most cases, however, you will integrate it into the system image, whereby the setup offers you several directories to choose from. Among them are %SystemRoot%\system32\panther or the root directory of the system drive.
Regardless of which option you choose, you should save the file under the name unattend.xml.
If you use a customized image for installing Windows 10, you can mount the Windows Imaging Format (WIM) file with Deployment Image Servicing and Management (DISM) and copy the answer file into the Panther directory:
1 2 3 | Dism /Mount-Image /ImageFile:"C:\wim\Custom.wim" /Index:1 /MountDir:C:\mount Copy unattend.xml C:\mount\Windows\Panther Dism /Unmount-Image /MountDir:C:\mount /Commit |
If you want to set up Windows 10 as a guest OS for a VM and use Convert-WIM2VHD for this purpose, you can pass the answer file to the script via the /unattend parameter:
1 | Convert-WIM2VHD -Path .\win10-1909.vhdx -SourcePath .\install.wim -index 3 Size 40GB -DiskLayout UEFI -Dynamic -unattend .\unattend.xml |
Generating a virtual hard disk using Convert-WIM2VHD, which will copy the answer file to c:\ of the guest OS
This command installs Windows 10 into a virtual hard disk (VHDX) without further prompting and copies unattend.xml into the root directory of C:. After attaching the VHDX to a VM, you can boot it directly to the logon screen without having to work through the OOBE dialogs.
Want to write for 4sysops? We are looking for new authors.
Read 4sysops without ads and for free by becoming a member!
2 months ago
Hi Wolfgang!
Great post again! I had on my list to play with this, but never had time yet!
So I guess, the answer file can be integrated to the WIM file as per your previous post (https://4sysops.com/archives/create-a-customized-windows-10-image-using-powershell-and-hyper-v/)? If I import such WIM file to WDS services I guess it will work too?
Thanks, Leos
Hi Leos, seems like you are the deployment guy 🙂 Good to hear that you like my article .-)
There are various ways to connect an answer file to Windows setup (see MS Docs). Most likely you will integrate it into the WIM.
Cheers, Wolfgang
2 months ago
Lets say I like automation in general 🙂 why click something thousand times if it can be scripted once 🙂
Cheers
Hello Wolfgang, Nice Article
.
One quick question - How can we handle the settings from Answer files to show only "Language and region settings" during the OOBE Phase. Had any luck to test this scenarios!!
Am Planning next to do - Hope if you already done, will get some helpful inputs.
This is how we can customize the OOBE to show only "Language and region settings".
https://www.anoopcnair.com/sccm-customize-windows-out-of-box-experience-oobe-using-configmgr/
Thank You!!
My 1903 answer file is no longer working with release of 2004. I created a new answer file using the latest WSIM and 2004 install.wim. Some of my old options in my 1903 answer file were not working in my 2004 answer file and you were able to help me resolve those problems in your article.
However, one issue persists. I can't get the OS to load after reboots. UEFI boot screen options screen is showing Windows boot loader and the HDD/SSD. The only way I can get the machines to properly boot is by going into the BIOS and disabling all boot option except for HDD/SSD.
With all previous versions of OS/answer file combinations my machines booted from Windows boot loader with no issues. Is there something I'm missing while creating me answer file?
I have a question, how do you remove the security questions. We use a unattend.xml for the OOBE experience for ourexternal clients. They boot off a ISO and it'll ask you to create a user name and password. I tried leaving the password blank but it asks for a complex password. Then it asks for security questions.
Where in the unattend.xml can I remove the security questions. Am I missing something in this article.
Thanks