If you start a freshly installed Windows 10 system for the first time, be it to complete the setup or a preinstalled OS, it will boot into the out-of-box experience (OOBE). There, users must configure several settings, but you can free them from this task with an answer file.

OOBE is the last of several passes Windows goes through during its installation—unless you boot the system into audit mode. Interactively, it displays a whole series of dialogs the user must respond to.

Microsoft has added numerous settings to Windows 10, especially those for privacy. One major stumbling block is in account creation, where Microsoft makes creating local accounts a game of hide-and-seek. On top of that, it forces the user to answer three security questions.

Users have to store answers to three security questions when setting up a local account

Users have to store answers to three security questions when setting up a local account

This task is not only tedious but can also irritate technically less-experienced users. Moreover, administrators or advanced users who regularly create new virtual machines (VMs) with Windows 10 will happily do without this recurring task.

The solution to this is an answer file for unattended installations. Such a file can already automate Windows 10 setup in the earlier phases, for example, when joining a domain during the Specialize pass.

Creating a new answer file ^

To generate an answer file, you need the Windows System Image Manager (Windows SIM). This tool is part of the Assessment and Deployment Toolkit (ADK). For it to display the required settings, open an installation image, typically the install.wim of Microsoft's ISO file.

This should match the architecture of the Windows version (32- or 64-bit) to which you want to apply the answer file. Then use the mouse to drag these entries from the bottom-left window to 7 oobeSystem in the middle window:


Be careful—these components also exist with the prefix wow64! For the 32-bit OS, the names begin with x86.

Transfer the components with the required settings for OOBE

Transfer the components with the required settings for OOBE

Now the tree view appears with all the settings contained in them.

Language and region settings ^

During the OOBE phase, the setup asks for the desired language—the keyboard layout or the region—to determine the time format. You can skip these dialogs by passing the respective values to the setup routine via the answer file.

You can answer the queries about the region and the associated settings automatically

You can answer the queries about the region and the associated settings automatically

The relevant settings are in the Microsoft Windows International Core component, and their names are:

  • InputLocale (input language for input devices; keyboard layout)
  • SystemLocale (language to use for non-Unicode programs)
  • UserLocale (per-user settings used for formatting dates, times, currency, and numbers)
  • UILanguage (default system language used to display the user interface)

You can specify all values according to RFC 3066, for example, en-US for the US or de-DE for Germany. InputLocale also accepts hexadecimal values; a list of all codes is on Microsoft Docs. Here you can also enter multiple values separated by semicolons.

Configure language and regional setting via an answer file

Configure language and regional setting via an answer file

Dialogs for EULA and user accounts ^

Next, switch to the OOBE section, where you can hide various dialogs during the installation. You can do this by changing the value of these settings to true:

  • HideEULAPage
  • HideOEMRegistrationScreen
  • HideWirelessSetupInOOBE
  • HideOnlineAccountScreens
  • HideLocalAccountScreen

The first option skips the confirmation of the license terms; the last two omit the dialogs for creating an account (online and local).

Privacy settings ^

You can skip the configuration of privacy settings, including the data sent to Microsoft or whether applications can access the user's location, by assigning ProtectYourPC the value 3.

Bypassing unwanted setup dialogs and privacy settings

Bypassing unwanted setup dialogs and privacy settings

As you can see later after completing the Windows 10 setup, this method disables online speech recognition, the use of the advertising ID, and location. It sets the amount of diagnostic data sent to Microsoft to Basic.

Privacy settings if you have set ProtectYourPC to 3

Privacy settings if you have set ProtectYourPC to 3

If you want to manage these settings centrally in the future, you can do so via group policies.

Creating a new local account ^

If you have hidden the dialogs for creating user accounts, you will add at least one of them via the answer file. Otherwise, only the deactivated administrator and some system accounts will exist on the system.

Creating a new local account during setup

Creating a new local account during setup

You can do this under User Accounts. For example, you can create local accounts under LocalAccounts. It is also possible to store the password here. If it is a member of the Administrators group, I recommend that afterward, you manage the password centrally via the Local Administrator Password Solution (LAPS).

Further settings ^

Microsoft-Windows-Shell-Setup has other options that may be of interest for OOBE automation. They do not mitigate user inconvenience during setup but can be of additional benefit if you have already created an answer file.

Attaching programs to the taskbar via the answer file

Attaching programs to the taskbar via the answer file

These include the possibility to change the paths for the Program directory and the user profiles. You can also use DesktopOptimization to ensure that Store apps do not appear on the taskbar. In addition, you can customize the display (resolution, color depth, etc.) or attach up to five programs to the taskbar (via the TaskbarLinks option).

Assigning an answer file to an image ^

Microsoft offers several ways to assign an answer file to an image for unattended installation. For example, you can provide this file using a USB stick.

In most cases, however, you will integrate it into the system image, whereby the setup offers you several directories to choose from. Among them are %SystemRoot%\system32\panther or the root directory of the system drive.

Regardless of which option you choose, you should save the file under the name unattend.xml.

If you use a customized image for installing Windows 10, you can mount the Windows Imaging Format (WIM) file with Deployment Image Servicing and Management (DISM) and copy the answer file into the Panther directory:

Dism /Mount-Image /ImageFile:"C:\wim\Custom.wim" /Index:1 /MountDir:C:\mount
Copy unattend.xml C:\mount\Windows\Panther
Dism /Unmount-Image /MountDir:C:\mount /Commit

If you want to set up Windows 10 as a guest OS for a VM and use Convert-WIM2VHD for this purpose, you can pass the answer file to the script via the /unattend parameter:

Convert-WIM2VHD -Path .\win10-1909.vhdx -SourcePath .\install.wim -index 3  Size 40GB -DiskLayout UEFI -Dynamic -unattend .\unattend.xml

Generating a virtual hard disk using Convert-WIM2VHD, which will copy the answer file to c:\ of the guest OS

Subscribe to 4sysops newsletter!

This command installs Windows 10 into a virtual hard disk (VHDX) without further prompting and copies unattend.xml into the root directory of C:. After attaching the VHDX to a VM, you can boot it directly to the logon screen without having to work through the OOBE dialogs.

  1. Leos Marek 3 years ago

    Hi Wolfgang!

    Great post again! I had on my list to play with this, but never had time yet!

    So I guess, the answer file can be integrated to the WIM file as per your previous post (https://4sysops.com/archives/create-a-customized-windows-10-image-using-powershell-and-hyper-v/)? If I import such WIM file to WDS services I guess it will work too?

    Thanks, Leos

  2. Wolfgang Sommergut 3 years ago

    Hi Leos, seems like you are the deployment guy 🙂 Good to hear that you like my article .-)

    There are various ways to connect an answer file to Windows setup (see MS Docs). Most likely you will integrate it into the WIM.

    Cheers, Wolfgang

    • Leos Marek 3 years ago

      Lets say I like automation in general 🙂 why click something thousand times if it can be scripted once 🙂


  3. Jitesh Kumar 3 years ago

    Hello Wolfgang, Nice Article yes.

    One quick question – How can we handle the settings from Answer files to show only "Language and region settings" during the OOBE Phase. Had any luck to test this scenarios!!

    Am Planning next to do – Hope if you already done, will get some helpful inputs.

  4. Jitesh Kumar 2 years ago

    This is how we can customize the OOBE to show only "Language and region settings".


    Thank You!!

  5. CarlosR 2 years ago

    My 1903 answer file is no longer working with release of 2004. I created a new answer file using the latest WSIM and 2004 install.wim. Some of my old options in my 1903 answer file were not working in my 2004 answer file and you were able to help me resolve those problems in your article.

    However, one issue persists. I can't get the OS to load after reboots. UEFI boot screen options screen is showing Windows boot loader and the HDD/SSD.  The only way I can get the machines to properly boot is by going into the BIOS and disabling all boot option except for HDD/SSD. 

    With all previous versions of OS/answer file combinations my machines booted from Windows boot loader with no issues. Is there something I'm missing while creating me answer file?

  6. Sizie 2 years ago

    I have a question, how do you remove the security questions.   We use a unattend.xml for the OOBE experience for ourexternal clients.   They boot off a ISO and it'll ask you to create a user name and password.   I tried leaving the password blank but it asks for a complex password.   Then it asks for security questions.     

    Where in the unattend.xml can I remove the security questions.   Am I missing something in this article.


  7. Vandrey Trindade 2 years ago

    Hi Wolfgang!

    I have created the autounattend.xml file and set the ProtectYourPc to 3. But it only works when I login with a user (local admin ou custom local user).

    No matter what, the privacy settings appear at least once. Any ideas why?

    The content of my file can be found here: https://www.reddit.com/r/Windows10/comments/iepoj9/autounattend_help/

  8. Leos Marek 2 years ago

    Hi Wolfgang,

    finally I got to the topic here 🙂 One question. Im able to do the accounts, skip Wifi etc, but I still got the final questions about Use voice recognition, share advertisment ID etc.

    Any quick hint?


    • Leos Marek 2 years ago

      Wolfgang, please ignore the comment. I somehow lost a bit of the puzzle in the file 🙂 Now its all good.

      • Wolfgang Sommergut 2 years ago

        Hi Leos, sorry for my late reply! Good to hear you fixed the problem 🙂

        Cheers, Wolfgang

  9. Andrey 2 years ago

    Thank you for useful article.

    I created unattend.xml using WSIM. It works when I do SysPrep but it does not work when I boot the system for the first time. The whole point was to skip all these steps.

    Please, help.

    Here is my script:

    <?xml version="1.0" encoding="utf-8"?>
    <unattend xmlns="urn:schemas-microsoft-com:unattend">
        <settings pass="oobeSystem">
            <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                        <LocalAccount wcm:action="add">
            <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <cpi:offlineImage cpi:source="wim:c:/users/user/desktop/install.wim#Windows10" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
    • Leos Marek 2 years ago

      You should use a code in Inputlocale. Codes can be found here 


      Otherwise the file you shared looks good. 

      How are you deploying the installation? If your using for example USB stick, make sure you dont unplug it when the installation reboots. The unattend.xml file is read after first boot of Windows and then applied. If you unplug the USB after the installer reboots, the file will no longer be used.


      • Andrey 2 years ago

        What do you mean by “You should use a code in Inputlocale”? I have en-US. Is there something else I need?

        USB is not unplugged. But PC just ignores the code.
        May be it has to do with how Dell preps their computers?

        Thank you

        • Leos Marek 2 years ago

          Sorry the code removed a part of the comment. I mean this line of your XML file

        • Leos Marek 2 years ago

          Damn… seems the comment module is broken a bit, will open a forum post for it…
          This line in International_Core section


  10. Adrian 2 years ago

    Hey Wolfgang,
    great one! Thanks for sharing.

    I’m just starting with this and looking for a way to have the machines automatically connect to my WLAN.
    The WLAN is of ourse password protected.


    • Leos Marek 2 years ago

      I quickly checked and there are no such options in the answer file components where you could define wifi settings. The option could be to set HideWirelessSetupInOOBE to false and connect manually during the setup, but thats not automatic.

      Guess for that you would need a custom script that would run during first logon. Try to check this post for inspiration – https://4sysops.com/archives/manage-wifi-connection-in-windows-10-with-powershell

      • Adrian 2 years ago

        Thanks Leos,

        I wasn't sure if that's the only solution and this is why I had to ask.
        Would have been to simple with the answer file 🙂

        Appreciate your response.

        Take care,


  11. Hamdan 2 years ago

    Hello, if you please, how do I skip selecting the disk on which to install Windows, so that this step is manual and not automatic. Thank you

    • Leos Marek 2 years ago

      Disk operations are not included in this post. When you boot from the installation media, you will get standard screen with edition selection and possibility to manage partitions.

      This post is only about automating the steps during the first boot of your new installation.

  12. Hamdan 2 years ago

    What is the solution, sir, I am excused from you.

    • Leos Marek 2 years ago

      What do you actually want to do?

      You asked about "how to skip disk selection" and then you say "so its manual and not automatic".


  13. Evelin Catic 1 year ago

    Hi Wolfgang!

    Thanks for the article, I really appreciate it.

    I was personally looking for how to automatically set language and region settings for a while now and stumbled upon this gem.


Leave a reply

Your email address will not be published.


© 4sysops 2006 - 2022


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account