Windows Deployment

From Compilenix Wiki
Jump to: navigation, search

Unattended Windows Setup Reference

Windows 8.1

File:Autounattend Win8.1.xml

The XML file have to be located at the root path, on the install DVD/USB, next to "setup.exe" and must have the name: "Autounattend.xml" (case does not matter).

Pass: windowsPE

  1. Setup sources definition
  2. Disk Configuration
  3. Displaylanguage (only during setup)
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <UserData>
        <AcceptEula>true</AcceptEula>
        <FullName></FullName>
        <Organization></Organization>
    </UserData>
    <EnableNetwork>true</EnableNetwork>
    <EnableFirewall>false</EnableFirewall>
    <ImageInstall>
        <OSImage>
            <!-- Offline setup using local install.win
            <InstallFrom>
                <MetaData wcm:action="add">
                    <Key>/IMAGE/INDEX</Key>
                    <Value>1</Value>
                </MetaData>
            </InstallFrom>
            -->
            <!-- Offline setup using remote install.win
            <InstallFrom>
                <Credentials>
                    <Domain></Domain>
                    <Username></Username>
                    <Password></Password>
                </Credentials>
                <Path>\\server\share\install.wim</Path>
                <MetaData wcm:action="add">
                    <Key>/IMAGE/INDEX</Key>
                    <Value>1</Value>
                </MetaData>
            </InstallFrom>
            -->
            <InstallTo>
                <DiskID>0</DiskID>
                <PartitionID>2</PartitionID> <!-- partition 2 -> Order 2 -> NTFS -> System -->
            </InstallTo>
            <WillShowUI>OnError</WillShowUI>
        </OSImage>
    </ImageInstall>
    <ComplianceCheck>
        <DisplayReport>OnError</DisplayReport>
    </ComplianceCheck>
    <DiskConfiguration>
        <DisableEncryptedDiskProvisioning>false</DisableEncryptedDiskProvisioning>
        <WillShowUI>OnError</WillShowUI>
        <Disk wcm:action="add">
            <CreatePartitions>
                <CreatePartition wcm:action="add">
                    <Order>1</Order>
                    <Size>300</Size>
                    <Type>Primary</Type>
                </CreatePartition>
                <CreatePartition wcm:action="add">
                    <Order>2</Order>
                    <Type>Primary</Type>
                    <Extend>true</Extend>
                </CreatePartition>
            </CreatePartitions>
            <ModifyPartitions>
                <ModifyPartition wcm:action="add">
                    <Order>1</Order>
                    <PartitionID>1</PartitionID>
                    <Label>BOOT</Label>
                    <Format>NTFS</Format>
                    <Active>true</Active>
                </ModifyPartition>
                <ModifyPartition wcm:action="add">
                    <Order>2</Order>
                    <PartitionID>2</PartitionID>
                    <Label>System</Label>
                    <Letter>C</Letter>
                    <Format>NTFS</Format>
                </ModifyPartition>
            </ModifyPartitions>
            <WillWipeDisk>true</WillWipeDisk>
            <DiskID>0</DiskID>
        </Disk>
    </DiskConfiguration>
</component>
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <SetupUILanguage>
        <UILanguage>de-DE</UILanguage>
        <WillShowUI>OnError</WillShowUI>
    </SetupUILanguage>
    <InputLocale>de-DE</InputLocale>
    <SystemLocale>de-DE</SystemLocale>
    <UILanguage>de-DE</UILanguage>
    <UILanguageFallback>de-DE</UILanguageFallback>
    <UserLocale>de-DE</UserLocale>
    <LayeredDriver>1</LayeredDriver>
</component>

Pass: specialize

  1. Unattended Domain Join
  2. Computername
  3. Internet Explorer system wide defaults
<component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <CompanyName></CompanyName>
    <Home_Page>http://google.com/ncr</Home_Page>
    <LocalIntranetSites></LocalIntranetSites>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <RunSynchronous>
        <RunSynchronousCommand wcm:action="add">
            <Description>Enable Admin Account</Description>
            <Order>1</Order>
            <Path>cmd.exe /c net user administrator /active:yes</Path>
        </RunSynchronousCommand>
    </RunSynchronous>
</component>
<component name="Security-Malware-Windows-Defender" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <DisableAntiSpyware>true</DisableAntiSpyware>
</component>
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <Identification>
        <Credentials>
            <Domain></Domain>
            <Username></Username>
            <Password></Password>
        </Credentials>
        <JoinDomain>home.local</JoinDomain>
        <MachineObjectOU>OU=Computer,OU=Home,DC=home,DC=local</MachineObjectOU>
    </Identification>
</component>
<component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <CEIPEnabled>0</CEIPEnabled>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <!-- autogenerated name -->
    <ComputerName />
    <!-- predefined name -->
    <ComputerName>asdf</ComputerName>
</component>

Pass: oobeSystem

  1. OEMInformation
  2. User Accounts
    1. Domain Accounts
    2. Local Accounts
    3. Administrator Password
    4. AutoLogon
  3. FirstLogonCommands
  4. Default network location
  5. Display language
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <DesktopOptimization>
        <GoToDesktopOnSignIn>true</GoToDesktopOnSignIn>
        <ShowWindowsStoreAppsOnTaskbar>false</ShowWindowsStoreAppsOnTaskbar>
    </DesktopOptimization>
    <OEMInformation>
        <Logo>%WinDir%\OEM\OEM_LOGO.bmp</Logo> <!-- 100x100 px -->
        <Manufacturer></Manufacturer>
        <SupportHours></SupportHours>
        <SupportPhone></SupportPhone>
        <SupportURL>http://google.de/ncr</SupportURL>
    </OEMInformation>
    <OOBE>
        <HideEULAPage>true</HideEULAPage>
        <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
        <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
        <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
        <NetworkLocation>Other</NetworkLocation>
        <HideLocalAccountScreen>true</HideLocalAccountScreen>
        <ProtectYourPC>1</ProtectYourPC>
    </OOBE>
    <Themes>
        <DesktopBackground>%WinDir%\OEM\DesktopBackground.jpg</DesktopBackground>
    </Themes>
    <FirstLogonCommands>
        <SynchronousCommand wcm:action="add">
            <Description>Powershell ExecutionPolicy Bypass and enable remote powershell</Description>
            <Order>1</Order>
            <!-- CommandLine has a maximum of 259 characters -->
            <CommandLine>powershell -ExecutionPolicy Bypass -NoLogo -NoProfile -Command "Set-ExecutionPolicy Bypass -Scope LocalMachine -Force -Verbose;Enable-PSRemoting -Force"</CommandLine>
        </SynchronousCommand>
    </FirstLogonCommands>
    <UserAccounts>
        <AdministratorPassword>
            <PlainText>true</PlainText>
            <Value>123456</Value>
        </AdministratorPassword>
        <!-- Using Domain accounts requires the comuter to be a member of the domain  -->
        <DomainAccounts>
            <DomainAccountList wcm:action="add">
                <DomainAccount wcm:action="add">
                    <Group>Administrators</Group> <!-- local group -->
                    <Name></Name> <!-- active directory group -->
                </DomainAccount>
                <Domain>home.local</Domain>
            </DomainAccountList>
        </DomainAccounts>
        <!-- This is required, unless the computer is member of a domain and there are defined domain accounts -> see above  -->
        <LocalAccounts>
            <LocalAccount wcm:action="add">
                <Password>
                    <PlainText>true</PlainText>
                    <Value>123456</Value>
                </Password>
                <Description>Admin</Description>
                <Group>Administrators</Group>
                <Name>Admin</Name>
                <DisplayName>Admin</DisplayName>
            </LocalAccount>
        </LocalAccounts>
    </UserAccounts>
    <AutoLogon>
        <Enabled>true</Enabled>
        <LogonCount>1</LogonCount>
        <Username>Admin</Username>
        <Password>
            <PlainText>true</PlainText>
            <Value>123456</Value>
        </Password>
    </AutoLogon>
    <VisualEffects>
        <FontSmoothing>ClearType</FontSmoothing>
    </VisualEffects>
    <WindowsFeatures>
        <ShowInternetExplorer>true</ShowInternetExplorer>
        <ShowMediaCenter>false</ShowMediaCenter>
        <ShowWindowsMediaPlayer>true</ShowWindowsMediaPlayer>
    </WindowsFeatures>
    <ShowPowerButtonOnStartScreen>true</ShowPowerButtonOnStartScreen>
</component>
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <InputLocale>de-DE</InputLocale>
    <SystemLocale>de-DE</SystemLocale>
    <UILanguage>de-DE</UILanguage>
    <UILanguageFallback>de-DE</UILanguageFallback>
    <UserLocale>de-DE</UserLocale>
</component>
<component name="Security-Malware-Windows-Defender" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <DisableAntiSpyware>true</DisableAntiSpyware>
</component>

References

install.wim from network location Unattended Windows Setup Reference