Create media for automated unattended install of Windows 10  

Need to pick some experts brains if you can spare some time guys.

The Auto unattended works fine, and it boots into audit mode no issue.

I'm trying to get it to bring required files across from the windows install USB via a DataImage (Various Motherboard lighting software etc, the hardware we're using changes regularly)

That part works too, autoruns my batchfile and everything.. However in the DataImage process it's giving ownership of C:/ to what I suspect is audit user instead of TrustedInstaller?

If I run just the standard XML without the data image or config set, the OOBE accounts work as expected.

With the DataImage enabled it dumps the files in root C (Expected) However, even after sysprep and a new user is created through OOBE. That new user is treated as not having administrator privileges and has no access permission to view the C drive root folder.. Can't even launch CMD in admin mode.

- Is there a way to stop the drive permissions from changing?
- Is there a better way to access the files I need after windows is installed?
- Why is the OOBE created user not considered a full administrator and locked out of the C:/?

I did try running the script from the USB directly, but the unattended windows installer on some computers would fail to find D: Maybe there's a path command I'm not aware of that works where you can essentially say "look in the installer sources folder or USB root"?
I did try .\ and the installer couldn't locate the image..

Code:

<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<InputLocale>0409:00000409</InputLocale>
<SystemLocale>en-AU</SystemLocale>
<UserLocale>en-AU</UserLocale>
<UILanguage>en-US</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<DiskConfiguration>
<Disk wcm:action="add">
<CreatePartitions>
<CreatePartition wcm:action="add">
<Order>1</Order>
<Size>450</Size>
<Type>Primary</Type>
</CreatePartition>
<CreatePartition wcm:action="add">
<Order>2</Order>
<Size>100</Size>
<Type>EFI</Type>
</CreatePartition>
<CreatePartition wcm:action="add">
<Extend>true</Extend>
<Order>4</Order>
<Type>Primary</Type>
</CreatePartition>
<CreatePartition wcm:action="add">
<Order>3</Order>
<Size>16</Size>
<Type>MSR</Type>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition wcm:action="add">
<Format>NTFS</Format>
<Label>WinRE</Label>
<Order>1</Order>
<PartitionID>1</PartitionID>
<TypeID> DE94BBA4-06D1-4D40-A16A-BFD50179D6AC</TypeID>
</ModifyPartition>
<ModifyPartition wcm:action="add">
<Format>FAT32</Format>
<Label>System</Label>
<Order>2</Order>
<PartitionID>2</PartitionID>
</ModifyPartition>
<ModifyPartition wcm:action="add">
<Order>3</Order>
<PartitionID>3</PartitionID>
</ModifyPartition>
<ModifyPartition wcm:action="add">
<Format>NTFS</Format>
<Label>Windows</Label>
<Order>4</Order>
<PartitionID>4</PartitionID>
</ModifyPartition>
</ModifyPartitions>
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
</Disk>
</DiskConfiguration>
<ImageInstall>
<OSImage>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>4</PartitionID>
</InstallTo>
</OSImage>
<DataImage wcm:action="add">
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>4</PartitionID>
</InstallTo>
<InstallFrom>
<Path>%configsetroot%\Autorun.wim</Path>
</InstallFrom>
<Order>1</Order>
</DataImage>
</ImageInstall>
<UserData>
<ProductKey>
<Key>VK7JG-NPHTM-C97JM-9MPGT-3V66T</Key>
</ProductKey>
<AcceptEula>true</AcceptEula>
<FullName/>
</UserData>
<UseConfigurationSet>true</UseConfigurationSet>
</component>
</settings>
<settings pass="oobeSystem">
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<Reseal>
<Mode>Audit</Mode>
</Reseal>
</component>
</settings>
<settings pass="auditUser">
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<RunAsynchronous>
<RunAsynchronousCommand wcm:action="add">
<Description>StartScript</Description>
<Order>1</Order>
<Path>C:\Autorun.bat</Path>
</RunAsynchronousCommand>
</RunAsynchronous>
</component>
</settings>
<cpi:offlineImage xmlns:cpi="urn:schemas-microsoft-com:cpi" cpi:source="wim:e:/sources/install.wim#Windows 10 Pro"/>
</unattend>

Found a workaround.. But I'd like to know if anybody could forsee any issues that the end user may experience (Security risks, access issues)
Basically I just copied the permission and ownership of a known working unit.

Used the following CMD line which I could easily add to the startup script.

Code:

takeown /F C:\ /A
icacls C:\ /setowner "NT SERVICE\TrustedInstaller"
icalc C:\ /Grant "Authenticated Users":F

hello can someone help me to create an iso like this link? https://mega.nz/file/l0xgnZgY#0NM8wh...JtDZJH1SmnmB3A
formats automatically and starts the minstall

how do I put several autounattend in the same iso for each version of windows

keketoco00 said:

how do I put several autounattend in the same iso for each version of windows

You don't .

However, there is a workaround. Since Windows setup will scan the root of all disks / discs for the answer file, you can attach another HDD or flash drive. I like to have a partition on a thumb drive that has all my answer files in subfolders indicating what each one is for. Then I simply copy the one I need to the root.

If you are going to use an actual ISO image file for a VM, simply create multiple ISO files and organize them similar to what I described for the thumb drive, then just mount appropriate ISO as a second DVD drive.

Hope that helps!

Let me know if you have any questions.

hsehestedt said:

You don't .

However, there is a workaround. Since Windows setup will scan the root of all disks / discs for the answer file, you can attach another HDD or flash drive. I like to have a partition on a thumb drive that has all my answer files in subfolders indicating what each one is for. Then I simply copy the one I need to the root.

If you are going to use an actual ISO image file for a VM, simply create multiple ISO files and organize them similar to what I described for the thumb drive, then just mount appropriate ISO as a second DVD drive.

Hope that helps!

Let me know if you have any questions.

Thanks for your attention, would you know to tell me which command I use to scan

No command is needed. You you boot from Windows setup media or an ISO image, setup will automatically look in the root of all drives for the autounattend.xml answer file.

johngalt said:

That's ingeniously simplistic. Good job.

Since you're sticking to the 'Micro$oft way' of doing things, I would venture that this should not, in fact, cause any issues down the road...

Cheers, that was the only thing I could find wrong lol. After doing that the OOBE end result is back to normal :)
Not sure why it's done that, but it's all sorted now lol.. Did quite a bit of testing to ensure there was no other consequences, but that appears to have been it :)

I do have one additional question and there may not be anything that can be done about this.

When using an unattended on a system with 2 drives (Say 1x NVME and 1x Sata 2.5" SSD)
The MB seems to typically assign the sata drive as drive 0.. So naturally the system installs on that as per the answer file.
It's a small annoyance, but having windows not on the fastest drive seems silly..

Is there a way (Say via a PSscript or diskpart cmd command) to assign the nvme as drive 0 before it starts to install?
Currently I'm just leaving the SSD's disconnected during the install, and i've got a PowerShell script that automatically formats and assigns letters to and new drives upon restart.


I did see somebody comment the following code but i've no idea how you would do that without an operating system already installed..

Code:

PowerShell -ExecutionPolicy Bypass -Command " (New-Object -COMObject Microsoft.SMS.TSEnvironment).Value('OSDDiskIndex') = (Get-PhysicalDisk | Where-Object BusType -eq 'NVMe').DeviceID "

Obviously tried to set the boot order in the bios, but because the drives are raw and unformatted (Presumably that's the reason) they don't show up in the boot priority list.

My only other thought was to make an additional WINPE USB drive that formats all attached drives, then change it in the bios before windows.. But that's getting more clunky than my 'leave disconnected for now' method.