New
#390
I wanted to share a batch file that I have created that works along with the steps in Kari's tutorial.
This batch file has the following options:
1) Perform Windows customizations.
2) Deploy your assets for sysprep (refer to section 5 of Kari's tutorial) and then perform the actual sysprep.
You can perform either one of the above operations individually or have the batch file run them both, one after the other.
The intention of this batch file is to help with the customization tasks that you will perform once you are booted into audit mode (see part 7 of the tutorial).
I created the batch file because I was always performing a lot of the same customizations to every reference system I was creating and I wanted to automate all those changes. Today I decided to just extend the functionality a bit more.
1) Perform Windows customizations.
You can easily add to remove from what the batch file does, use it as a framework. Currently it will perform the following Windows customizations:
A) Disable "annoying" Windows features
Change how often Windows asks you for feedback to "NEVER"
Disable feedback notifications
Disable "Get tips, tricks, and suggestions as you use Windows"
Disable the Windows welcome experience
Disable app suggestions in start
Disable display of suggested content in settings
Turn off tailored experiences with diagnostic data
Turn off suggestions in timeline
Disable Tips, Tricks, and Suggestions
B) Tweak some general Windows settings
Increase the desktop icon spacing slightly
Modify Screen Saver Password Grace Period
Display seconds on the taskbar clock
Auto hide the taskbar in desktop mode
Allow the master volume control to adjust bluetooth volume (optional, batch file asks if you want to do this)
Allow lock screen timeout to be changed (optional, batch file asks if you want to do this)
C) File explorer customizations
Turn on Expand to current folder
Turn on Show all folders
Turn on Show Libraries
Display full path in the title bar
Show empty drives
Show file name extensions
Show encrypted and compressed files in color
Show hidden files folders and drives (not system files)
Use check boxes to select items
Disable the sharing wizard
Launch File Explorer to "This PC"
D) Other settings
Set Taskbar Combining to "Always combine, hide labels"
Disable Standby Timeout on Both AC and DC Power
Apply a customized themepack to Windows
NOTES: Disabling Standby timeout can be very handy on your reference system. If the default timeout occurs, you cannot log back on again while in Audit mode unless you forcibly stop / restart the system so this setting will save you from that.
When a customized themepack is applied, the Settings app is automatically opened. This is normal. You can close it if you want, but it's not necessary.
After the Windows customizations are applied, the system is automatically rebooted, unless you choose to also perform sysprep. In that case, assets are prepared for sysprep after the customizations are made, sysprep is run, and the system will shutdown.
IMPORTANT: After sysprep is run, don't let the reference system boot normally. You want to interrupt boot and boot from alternate media as Kari's tutorial instructs so that you can create an image.
2) Prep for sysprep / execute sysprep
This part of the batch file will copy the assets to the correct locations, create the C:\Image and C:\Scratch directories for the purpose of creating the final image, and finally performs the actual sysprep operation.
How to Use the Batch File
Follow the tutorial until you reach section 7 at which point you are performing your Windows customizations.
Copy the following files to the desktop of the Reference system:
The batch file
Any custom themepacks
Oemlogo.bmp (if you are using one)
Autounattend.xml
Unattend.xml
Any software installers
NOTE: RunOnce.bat is not needed, the batch file creates it on the fly.
As noted above, the functions to prepare assets for sysprep and then run it, and the option to make Windows customizations are separated so that you don't have to run them at the same time. For example, I like to apply my Windows customizations first. That way, everything is setup how I like right away. I can now install all my apps with all the Windows customization already done.
Once I have all my apps installed, I run the batch file again and choose the option to perform sysprep.
Suggestion: If your reference system is a VM, you might want to take a snapshot before running the batch file the first time to get familiar with it. With a snapshot, you can go back, just in case you need to do so.
Please feel free to let me know if you have any questions.Code:REM Configure a few initial settings @echo off setlocal enabledelayedexpansion setlocal enableextensions cd /d %~dp0 REM Check to see if this batch file is being run as Administrator openfiles > NUL 2>&1 if NOT %ERRORLEVEL% EQU 0 goto NotAdmin goto IsAdmin :NotAdmin REM The batch file was not run as admin. Launch a new copy of the batch file as admin and close the current instance. powershell.exe start-process '%~f0' -verb runas exit :IsAdmin REM If we arrive here, then the batch file is being run elevated. REM End Routine to check if being run as Admin cls echo Which do you want to do? echo. echo 1) Apply Windows customizations echo 2) Get everything ready for sysprep and then run sysprep echo 3) Both of the above echo 4) Quit echo. choice /c 1234 /m "Please make a selection: " IF ERRORLEVEL 4 goto END IF ERRORLEVEL 3 ( set DoBoth=Y goto Customize ) IF ERRORLEVEL 2 goto RunSysprep IF ERRORLEVEL 1 ( set DoBoth=N goto Customize ) :Customize REM Ask the user if they want to modify bluetooth settings. REM The text below explains exactly what this Windows tweak does. cls echo For some bluetooth audio devices devices, changing the master volume in Windows may not cause the volume of the echo device to change. Do you want to apply a tweak that will change this behavior? echo. choice /M "Update bluetooth behavior " IF ERRORLEVEL==1 ( SET UpdateBluetooth=Y ) IF ERRORLEVEL==2 ( SET UpdateBluetooth=N ) cls echo By default, the lockscreen will transition to a blank screen after one minute. If you want to be able to display echo a screensaver for a period of time, this functionality will interfere with this. Do you want to make a change that echo will allow you to work around this? echo. choice /M "Update lockscreen behavior " IF ERRORLEVEL==1 ( SET UpdateLockscreen=Y ) IF ERRORLEVEL==2 ( SET UpdateLockscreen=N ) REM ****************************************************** REM * Change the behavior of annoying Windows "features" * REM ****************************************************** REM ************************************************************* REM * Change how often Windows asks you for feedback to "NEVER" * REM ************************************************************* REG ADD HKCU\SOFTWARE\Microsoft\Siuf\Rules /v NumberOfSIUFInPeriod /t REG_DWORD /d 0x00000000 /f > NUL REG DELETE "HKCU\SOFTWARE\Microsoft\Siuf\Rules" /v PeriodInNanoSeconds /f > NUL 2>&1 REM ********************************** REM * Disable feedback notifications * REM ********************************** REG ADD HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection /v DoNotShowFeedbackNotifications /t REG_DWORD /d 0x00000001 /f > NUL REM ****************************************************************** REM * Disable "Get tips, tricks, and suggestions as you use Windows" * REM ****************************************************************** REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /v SubscribedContent-338389Enabled /t REG_DWORD /d 0x00000000 /f > NUL REM ****************************************** REM * Disable the Windows welcome experience * REM ****************************************** REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /v SubscribedContent-310093Enabled /t REG_DWORD /d 0x00000000 /f > NUL REM ************************************ REM * Disable app suggestions in start * REM ************************************ REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /v SubscribedContent-338388Enabled /t REG_DWORD /d 0x00000000 /f > NUL REM **************************************************** REM * Disable display of suggested content in settings * REM **************************************************** REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /v SubscribedContent-338393Enabled /t REG_DWORD /d 0x00000000 /f > NUL REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /v SubscribedContent-353694Enabled /t REG_DWORD /d 0x00000000 /f > NUL REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /v SubscribedContent-353696Enabled /t REG_DWORD /d 0x00000000 /f > NUL REM ****************************************************** REM * Turn off tailored experiences with diagnostic data * REM ****************************************************** REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Privacy /v TailoredExperiencesWithDiagnosticDataEnabled /t REG_DWORD /d 0x00000000 /f > NUL REM ************************************ REM * Turn off suggestions in timeline * REM ************************************ REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /v SubscribedContent-353698Enabled /t REG_DWORD /d 0x00000000 /f > NUL REM ***************************************** REM * Disable Tips, Tricks, and Suggestions * REM ***************************************** REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /v SubscribedContent-338389Enabled /t REG_DWORD /d 0x00000000 /f > NUL REM ******************************* REM * Tweak some general settings * REM ******************************* REM ********************************************** REM * Increase the desktop icon spacing slightly * REM ********************************************** REM Default setting for "IconSpacing" is -1125, for "IconVerticalSpacing" REM the default is also 1125. REM Set these settings to (-15 * horizontal spacing between icons in pixels) REM The below settings have been tested on the HP Spectre x360 BL012DX Laptop Computer. REM For the change to take effect, after making the registry change, do one of the following: REM 1) Sign out from your user account and then sign back in. REM 2) Right-click the desktop, uncheck "Align icons to grid", then re-check it. REM Since this batch file will perform a reboot, you won't need to do either of the above. REG ADD "HKCU\Control Panel\Desktop\WindowMetrics" /v IconSpacing /d -1500 /f > NUL REG ADD "HKCU\Control Panel\Desktop\WindowMetrics" /v IconVerticalSpacing /d -1200 /f > NUL REM ********************************************* REM * Modify Screen Saver Password Grace Period * REM ********************************************* REM When password protection for your screen saver is enabled, by default there is a 5 second grace period before REM you must enter a password. This registry setting will modify that grace period. Valid values are from 0 to 2147483. REM To restore the default, delete "ScreenSaverGracePeriod" value. REM Note that this entry is specified in hexadecimal. REM This REG file is currently configured to set the grace period to 15 seconds. REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v ScreenSaverGracePeriod /t REG_DWORD /d 0x0000000f /f > NUL REM **************************************** REM * Display seconds on the taskbar clock * REM **************************************** REM This will cause the clock on the taskbar to show seconds. Windows Explorer needs to be restarted REM before this will take effect. REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v ShowSecondsInSystemClock /t REG_DWORD /d 0x00000001 /f > NUL REM ***************************************** REM * Auto hide the taskbar in desktop mode * REM ***************************************** REM The setting for the taskbar is inside a long string of hex data. There are 48 octets in total. REM The 9th octet (17th and 18th characters) are "02" when autohide is disabled, "03" when enabled. REM In order to avoid changing the rest of the data we are going to read the data, then change REM only the 9th octet, and finally write this back to the registry. REM Begin by saving the registry key to a temporary file. REG QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects3 /v Settings > reg_temp.txt REM Get the second line of the output from the temporary file. for /F "skip=1 delims=" %%i in (reg_temp.txt) do ( set LineContents=%%i ) REM We no longer need the temp file, delete it. del reg_temp.txt REM Parse the line that we just captured. The goal here is to keep the first 16 charcters, replace the next 2 REM characters with "03", and then keep the remaining characters. Since the string is 96 characters long, REM (48 octets), we will grab the first 16 characters starting with the 96th character from the end, then insert REM the "03", and finally add the last 78 characters. set LineContentsP1=!LineContents:~-96,16! set LineContentsP2=!LineContents:~-78! set LineContents=%LineContentsP1%03%LineContentsP2% REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects3 /v Settings /t REG_BINARY /d %LineContents% /f > NUL REM ************************************************************** REM * Allow the master volume control to adjust bluetooth volume * REM ************************************************************** REM For some devices, the master volume may not alter the volume of a bluetooth device. Example: Edifier speakers connected via bluetooth. REM Changing the setting below from 0 to 1 should resolve this. REM To revert back, run the REG ADD command below with a "/d 0x00000000". if %UpdateBluetooth%==Y ( REG ADD HKLM\SYSTEM\ControlSet001\Control\Bluetooth\Audio\AVRCP\CT /v DisableAbsoluteVolume /t REG_DWORD /d 0x00000001 /f > NUL ) REM ******************************************* REM * Allow lock screen timeout to be changed * REM ******************************************* REM This registry entry enables a new setting in the Advanced settings of the Power Options Control Panel app. REM The user will still need to set the timeout in that app. After we make the change to the registry, we REM will open that app to allow the user to make the change. IF %UpdateLockscreen%==Y ( REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\8EC4B3A5-6868-48c2-BE75-4F3044BE88A7 /v attributes /t REG_DWORD /d 0x00000002 /f > NUL cls echo The registry has been modified to allow the lock screen timeout to be changed. We are now opening the Advanced Power echo Settings from the Control Panel Power Options utility to allow you to set a lock screen timeout. Select the echo "Display > Console lock display off timeout" setting to change the timeout. echo. echo Dont press any key while focus is on this batch file until you are done setting that option. echo. control powercfg.cpl,,1, pause ) REM ******************************** REM * File Explorer Customizations * REM ******************************** REM ************************************ REM * Turn on Expand to current folder * REM * Turn on Show all folders * REM ************************************ REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v NavPaneExpandToCurrentFolder /t REG_DWORD /d 0x00000001 /f > NUL REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v NavPaneShowAllFolders /t REG_DWORD /d 0x00000001 /f > NUL REM ************************** REM * Turn on Show Libraries * REM ************************** REG ADD HKCU\Software\Classes\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5} /v System.IsPinnedToNameSpaceTree /t REG_DWORD /d 0x00000001 /f > NUL REM ************************************** REM * Display full path in the title bar * REM ************************************** REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState /v FullPath /t REG_DWORD /d 0x00000001 /f > NUL REM ********************* REM * Show empty drives * REM ********************* REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v HideDrivesWithNoMedia /t REG_DWORD /d 0x00000000 /f > NUL REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v HideDrivesWithNoMedia /f > NUL 2>&1 REM ***************************** REM * Show file name extensions * REM ***************************** REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v HideFileExt /t REG_DWORD /d 0x00000000 /f > NUL REM ************************************************ REM * Show encrypted and compressed files in color * REM ************************************************ REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v ShowEncryptCompressedColor /t REG_DWORD /d 0x00000001 /f > NUL REM **************************************** REM * Show hidden files folders and drives * REM **************************************** REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v Hidden /t REG_DWORD /d 0x00000001 /f > NUL REM *********************************** REM * Use check boxes to select items * REM *********************************** REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v AutoCheckSelect /t REG_DWORD /d 0x00000001 /f > NUL REM ****************************** REM * Disable the sharing wizard * REM ****************************** REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v SharingWizardOn /t REG_DWORD /d 0x00000000 /f > NUL REM *********************************** REM * Launch File Explorer to This PC * REM *********************************** REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v LaunchTo /t REG_DWORD /d 0x00000001 /f > NUL REM ************************ REM * Other Customizations * REM ************************ REM ********************************************************** REM * Set Taskbar Combining to "Always combine, hide labels" * REM ********************************************************** REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v TaskbarGlomLevel /t REG_DWORD /d 0x00000000 /f > NUL REM *************************************************** REM * Disable Standby Timeout on Both AC and DC Power * REM *************************************************** powercfg -change -standby-timeout-dc 0 powercfg -change -standby-timeout-ac 0 REM ****************************************************** REM * Apply a customized themepack to Windows. Note that * REM * the themepack should be located in the same folder * REM * where this program is run from. * REM ****************************************************** MyCustomTheme.deskthemepack del MyCustomTheme.deskthemepack > NUL REM All settings have been applied. Even though we are restarting, for some reason the setting to auto hide the taskbar requires that REM File explorer.exe be restarted. If you don't restart it, that registry setting will revert back, even after a logoff / logon or reboot. REM As a result, we will restart explorer.exe first, then reboot the system. REM Restart explorer taskkill /f /im explorer.exe start explorer.exe REM ********************************* REM * END OF WINDOWS CUSTOMIZATIONS * REM ********************************* if %DoBoth%==N goto Reboot :RunSysprep cls echo Getting everything ready for sysprep... echo Running sysprep... echo. REM The following lines place the oemlogo.bmp, unattend.xml, and autounattend.xml files in the correct locations. REM It also creates the C:\Image and C:\Scratch folders used for creating the the final image files. Finally, REM it generates a RunOnce.bat file. move /Y oemlogo.bmp %windir%\system32 > NUL move /Y unattend.xml %windir%\system32\sysprep > NUL move /Y autounattend.xml %systemdrive%\ > NUL md c:\Image > NUL md c:\Scratch > NUL REM Create a "RunOnce.bat" file and place it. REM NOTE: I have modified the RunOnce file just slightly from Kari's instructions. I like to have the RunOnce automatically REM log me off after the first logon. This works especially well if you implement a one time autologon for 100% fully REM unattended installation, but it is optional. If you don't want this, simply remove the "^& logoff" from the 2nd line below. echo echo Y ^| del %%appdata%%\microsoft\windows\recent\automaticdestinations\* > "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\RunOnce.bat" echo del %%0 ^& logoff >> "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\RunOnce.bat" del %0 & %windir%\System32\Sysprep\sysprep.exe /generalize /oobe REM We should never reach this line, it is here just to be on the safe side goto END :Reboot REM Reboot the system shutdown /r /t 0 :END
EDIT:
A situation just dawned on me that you may want to be aware of:
IMPORTANT: MAKE SURE that you make any personalization settings changes BEFORE the network is enabled. After enabling networking, personalization settings cannot be made until Windows is activated.
NOTE: The ability to make personalization setting changes does not work if you install Windows in Hyper-V! Even with no network access, personalization will not be possible. The changes made by this batch file should still work, although I have not verified each and every one on Hyper-V. If you want to perform personalization for a reference system on Hyper-V, you have a few options:
- You can activate Windows in Audit mode by allowing access to the Internet.
- You can import a themepack which will allow very limited personalization.
- Perform the following procedure as a workaround:
*********************************
* Start of Workaround Procedure *
*********************************
Overview:
- Create a Virtual Hard Disk (VHD) in Windows.
- Deploy Windows to it.
- Boot the physical machine to that VHD and setup Windows.
- Perform your personalization tasks.
- Create a new Hyper-V VM and configure the VHD to boot from that VM.
Here are detailed steps for accomplishing this:
- Create either an MBR VHD for a BIOS based system or a GPT VHD for a UEFI based system
NOTE: The commands below assume you are creating the VHD on F:, that you want to call it WIN10PRO.vhdx, that you want a size of 50GB, and that you want to assign the drive letter W: to the VHD. Modify to fit your needs.
To create an MBR virtual disk for a BIOS based system:
create vdisk file=F:\W10PRO.vhdx maximum=51200 type=expandable
attach vdisk
create partition primary
format quick label="Windows"
assign letter=W
exit
OR
To create a GPT Virtual disk for a UEFI based system:
create vdisk file=F:\W10PRO.vhdx maximum=51200 type=expandable
attach vdisk
convert gpt
create partition efi size=100
format quick fs=fat32 label="System"
create partition msr size=128
create partition primary
shrink minimum=500
format quick fs=ntfs label="Windows"
assign letter="W"
create partition primary
format quick fs=ntfs label="WinRE"
set id="de94bba4-06d1-4d40-a16a-bfd50179d6ac"
exit
IMPORTANT: Due to FAT32 limitations, the minimum FAT32 partition size is 260 MB on Advanced Format 4K Native drives. As a result, make the EFI partition 260 MB on such drives rather than 100 MB.
2) Run the following commands to apply the image to the VHD:
NOTE: If C: (the drive on which Windows is installed) is bitlocker encrypted, suspend bitlocker from the GUI or run manage-bde -protectors -disable C: before you run the bcdboot and bcdedit commands below to avoid having to enter your bitlocker recovery key at start. You need to create the VHD on a disk other than the bitlocker encrypted Windows disk. NOTE: The first line is long and wraps in this document. It ends with /applydir:W:\. You can replace W: with another drive letter.
dism /apply-image /imagefile:I:\sources\install.wim /index:8 /applydir:W:\
bcdboot W:\Windows
bcdedit /set {default} description "Win10 PRO (VHD)"
3) To delete the boot entry for the VHD, run MSCONFIG, go to the Boot tab, delete the entry for the VHD boot, and optionally delete the VHD. Note that if C: (the Windows boot disk) is bitlocker encrypted you should suspend bitlocker from the GUI or run manage-bde -protectors -disable C: first.
4) If you want to attach the VHD to Hyper-V and boot from it, you must create boot files on the VHD disk like this:
- Boot the new VM from Windows install media (an ISO image).
- Run diskpart
- Within diskpart, run list vol
- Note the drive letter for the Windows partition (for example, C:)
- exit from diskpart
- run this command: C:\Windows\System32\bcdboot C:\Windows - This assumes Windows is on C:
*******************************
* End of Workaround Procedure *
*******************************
Last edited by hsehestedt; 16 Jun 2020 at 03:04.
Quote
