Windows 10 setup: skip OOBE dialogues for privacy, region, and user accounts using an answer file

• Author
• Recent Posts

Wolfgang Sommergut

Wolfgang Sommergut has over 20 years of experience in IT journalism. He has also worked as a system administrator and as a tech consultant. Today he runs the German publication WindowsPro.de.

Latest posts by Wolfgang Sommergut (see all)

• Compress SMB data in Windows 11 and Server 2022 - Mon, Oct 4 2021
• Install Windows 11 in a virtual machine - Tue, Sep 28 2021
• IE to Edge migration: Redirect legacy web apps to Internet Explorer - Tue, Sep 21 2021

OOBE is the last of several passes Windows goes through during its installation—unless you boot the system into audit mode. Interactively, it displays a whole series of dialogs the user must respond to.

Microsoft has added numerous settings to Windows 10, especially those for privacy. One major stumbling block is in account creation, where Microsoft makes creating local accounts a game of hide-and-seek. On top of that, it forces the user to answer three security questions.

Users have to store answers to three security questions when setting up a local account

This task is not only tedious but can also irritate technically less-experienced users. Moreover, administrators or advanced users who regularly create new virtual machines (VMs) with Windows 10 will happily do without this recurring task.

The solution to this is an answer file for unattended installations. Such a file can already automate Windows 10 setup in the earlier phases, for example, when joining a domain during the Specialize pass.

Creating a new answer file ^

To generate an answer file, you need the Windows System Image Manager (Windows SIM). This tool is part of the Assessment and Deployment Toolkit (ADK). For it to display the required settings, open an installation image, typically the install.wim of Microsoft's ISO file.

This should match the architecture of the Windows version (32- or 64-bit) to which you want to apply the answer file. Then use the mouse to drag these entries from the bottom-left window to 7 oobeSystem in the middle window:

amd64_Microsoft-Windows-International-Core_10.0.<Build-Number>_neutral
amd64_Microsoft-Windows-Shell-Setup_10.0.<Build-Number>_neutral

Be careful—these components also exist with the prefix wow64! For the 32-bit OS, the names begin with x86.

Transfer the components with the required settings for OOBE

Now the tree view appears with all the settings contained in them.

Language and region settings ^

During the OOBE phase, the setup asks for the desired language—the keyboard layout or the region—to determine the time format. You can skip these dialogs by passing the respective values to the setup routine via the answer file.

You can answer the queries about the region and the associated settings automatically

The relevant settings are in the Microsoft Windows International Core component, and their names are:

• InputLocale (input language for input devices; keyboard layout)
• SystemLocale (language to use for non-Unicode programs)
• UserLocale (per-user settings used for formatting dates, times, currency, and numbers)
• UILanguage (default system language used to display the user interface)

You can specify all values according to RFC 3066, for example, en-US for the US or de-DE for Germany. InputLocale also accepts hexadecimal values; a list of all codes is on Microsoft Docs. Here you can also enter multiple values separated by semicolons.

Configure language and regional setting via an answer file

Dialogs for EULA and user accounts ^

Next, switch to the OOBE section, where you can hide various dialogs during the installation. You can do this by changing the value of these settings to true:

• HideEULAPage
• HideOEMRegistrationScreen
• HideWirelessSetupInOOBE
• HideOnlineAccountScreens
• HideLocalAccountScreen

The first option skips the confirmation of the license terms; the last two omit the dialogs for creating an account (online and local).

Privacy settings ^

You can skip the configuration of privacy settings, including the data sent to Microsoft or whether applications can access the user's location, by assigning ProtectYourPC the value 3.

Bypassing unwanted setup dialogs and privacy settings

As you can see later after completing the Windows 10 setup, this method disables online speech recognition, the use of the advertising ID, and location. It sets the amount of diagnostic data sent to Microsoft to Basic.

Privacy settings if you have set ProtectYourPC to 3

If you want to manage these settings centrally in the future, you can do so via group policies.

Creating a new local account ^

If you have hidden the dialogs for creating user accounts, you will add at least one of them via the answer file. Otherwise, only the deactivated administrator and some system accounts will exist on the system.

Creating a new local account during setup

You can do this under User Accounts. For example, you can create local accounts under LocalAccounts. It is also possible to store the password here. If it is a member of the Administrators group, I recommend that afterward, you manage the password centrally via the Local Administrator Password Solution (LAPS).

Further settings ^

Microsoft-Windows-Shell-Setup has other options that may be of interest for OOBE automation. They do not mitigate user inconvenience during setup but can be of additional benefit if you have already created an answer file.

Attaching programs to the taskbar via the answer file

These include the possibility to change the paths for the Program directory and the user profiles. You can also use DesktopOptimization to ensure that Store apps do not appear on the taskbar. In addition, you can customize the display (resolution, color depth, etc.) or attach up to five programs to the taskbar (via the TaskbarLinks option).

Assigning an answer file to an image ^

Microsoft offers several ways to assign an answer file to an image for unattended installation. For example, you can provide this file using a USB stick.

In most cases, however, you will integrate it into the system image, whereby the setup offers you several directories to choose from. Among them are %SystemRoot%\system32\panther or the root directory of the system drive.

Regardless of which option you choose, you should save the file under the name unattend.xml.

If you use a customized image for installing Windows 10, you can mount the Windows Imaging Format (WIM) file with Deployment Image Servicing and Management (DISM) and copy the answer file into the Panther directory:

Dism /Mount-Image /ImageFile:"C:\wim\Custom.wim" /Index:1 /MountDir:C:\mount
Copy unattend.xml C:\mount\Windows\Panther
Dism /Unmount-Image /MountDir:C:\mount /Commit

If you want to set up Windows 10 as a guest OS for a VM and use Convert-WIM2VHD for this purpose, you can pass the answer file to the script via the /unattend parameter:

Convert-WIM2VHD -Path .\win10-1909.vhdx -SourcePath .\install.wim -index 3  Size 40GB -DiskLayout UEFI -Dynamic -unattend .\unattend.xml

Generating a virtual hard disk using Convert-WIM2VHD, which will copy the answer file to c:\ of the guest OS

This command installs Windows 10 into a virtual hard disk (VHDX) without further prompting and copies unattend.xml into the root directory of C:. After attaching the VHDX to a VM, you can boot it directly to the logon screen without having to work through the OOBE dialogs.

+4