Windows 10 Imaging Guide (example)

Version 1

    The end result of this Imaging Guide will be one Windows 10 image which can be deployed across multiple different Computer Types with different Hardware, different drive sizes, etc.

     

    I personally use a Virtual Machine to create a basic Image, just because it's easy and if something goes wrong, it's just a click to return to the previous version.

    2 Cores, 4GB of Ram, 60GB VHD, Bridged Networking are the basic settings for this.

     

    BIOS Settings:

    • UEFI is not (yet) working with the PXE Image and Server, so we have to stick to regular BIOS mode which is totally fine for Windows 10.
    • Activate AHCI (as we are using a mix of regular 'ol spinning disk drives and ssd it seems to be the best choice for now, also other settings have proven to be more unstable in regular office use)

    Thats it for now in BIOS.

     

    OS Installation and preparation

    • Install Windows 10 as a regular installation
    • Driver Integration (Thanks to Bao Tran for the Tipp on this!)
      • Create a Folder for drivers'n stuff
      • Download Drivers for all the target computers, sort and put into the driver folder (we use Dell only, so thats easy, they have all their drivers sorted out really good here).
      • Edit Windows Registry-Key to accomodate for the new "driver store": "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DevicePath" - the default value is "%SystemRoot%\inf", add a semicolon and your own path to it. This tells windows to addtionally look for drivers in this path withouth you having to interact with it.
    • Adding it to LANRev
      • Install the LANRev Agent with all your settings
      • Quickly change the Client Information 1 to reflect the name of your new image (I do this to see which image was used on a particular Computer and to compensate later for eventual errors in the image (eg. a forgotten software package,etc.)
      • Stop the LANRev agent Service and set it to startup type manual (we'll reactivate it later)
      • Delete Serialnumber of the Agent (HKLM\software\wow6432node\pole position software\lanrev\AgentSerialNo) on 64Bit OS
      • Add the empty AMImage file to the root filesystem
    • Install the lates OS Updates (this probably requires multiple reboots, hence the Agent to manual, otherwise it would start installing software right away as we do not have a testing environment as such)
    • Cleanup!
      • Delete temporary downloads and all the stuff you don't need in the image
      • Let Windows cleanup the drive, empty trash etc.
    • Save your VM state. This. Helps. A-Lot.
    • Sysprep the hell out of it. I'll post the cleaned up version of my unattend.xml below
      • C:\Windows\System32\Sysprep\Sysprep.exe /generalize /oobe /shutdown /unattend:<your unattend.xml>
    • After Shutdown:
      • Save the VM state in a new snapshot
        • Afer saving, make a dry run, see if the unattend xml is ok
      • If everything is ok
        • return to previous state and
        • Boot from PXE and create a ADI Image
      • If not
        • return to Snapshot before Sysprep
        • correct the errors

    After the re-imaging

    As I have the Image-Name as Custom Information 1, i can make smart-groups to assign Packages to computers with this image. The computers get the following done after imaging automatically

     

    • Resize the Primary HDD (done automatically with diskpart)
    • Rename the computer according to service-tag (Dell only..? Done with a VB Script)
    • Run Dell DCU to update BIOS and Drivers (for Bios Updates, no Password should be set)
    • Install Office 365 2016
    • Install OneDrive for Business (Windows 10 only has the private one by default)
    • Install Silverlight
    • Install Antivirus

     

    I wrote that we change the state of the Absolute Manage Agent (We use 6.8.2 at the moment) at a later point, after i set the startup type to manual.

    This is done in the unattend.xml. There a few lines in there that set the agent to automatic, send a heartbeat to the server, transfer their inventory and make a software distribution check. This helps my colleagues that deploy the images to see that the Agent is doing stuff and they know when they can start looking on the server for the new pc.

     

    Unattend.xml

    Beware, this is for a German install, so you have to edit to your locale and edit everything that starts with %Your...

    This XML has a auto-logon feature that logs on the local administrator automatically. It stops doing that when the computer joins the domain (we do that manually after imaging).

     

    <!--*************************************************
    Windows 10 Answer File Generator
    Created using Windows AFG found at:
    http://windowsafg.no-ip.org
    
    
    
    Installation Notes
    Location: 
    Notes: Enter your comments here...
    **************************************************-->
    
    
    <?xml version="1.0" encoding="utf-8"?>
      <unattend xmlns="urn:schemas-microsoft-com:unattend">
      <settings pass="windowsPE">
      <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="
    http://schemas.microsoft.com/WMIConfig/2002/State
    " xmlns:xsi="
    http://www.w3.org/2001/XMLSchema-instance
    ">
    
      <SetupUILanguage>
      <UILanguage>de-DE</UILanguage>
      </SetupUILanguage>
      <InputLocale>0407:00000407</InputLocale>
      <SystemLocale>de-DE</SystemLocale>
      <UILanguage>de-DE</UILanguage>
      <UILanguageFallback>de-DE</UILanguageFallback>
      <UserLocale>de-DE</UserLocale>
      </component>
      <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="
    http://schemas.microsoft.com/WMIConfig/2002/State
    " xmlns:xsi="
    http://www.w3.org/2001/XMLSchema-instance
    ">
    
      <SetupUILanguage>
      <UILanguage>de-DE</UILanguage>
      </SetupUILanguage>
      <InputLocale>0407:00000407</InputLocale>
      <SystemLocale>de-DE</SystemLocale>
      <UILanguage>de-DE</UILanguage>
      <UILanguageFallback>de-DE</UILanguageFallback>
      <UserLocale>de-DE</UserLocale>
      </component>
      <component name="Microsoft-Windows-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="
    http://schemas.microsoft.com/WMIConfig/2002/State
    " xmlns:xsi="
    http://www.w3.org/2001/XMLSchema-instance
    ">
    
      <DiskConfiguration>
      <Disk wcm:action="add">
      <CreatePartitions>
      <CreatePartition wcm:action="add">
      <Order>1</Order>
      <Type>Primary</Type>
      <Size>100</Size>
      </CreatePartition>
      <CreatePartition wcm:action="add">
      <Extend>true</Extend>
      <Order>2</Order>
      <Type>Primary</Type>
      </CreatePartition>
      </CreatePartitions>
      <ModifyPartitions>
      <ModifyPartition wcm:action="add">
      <Active>true</Active>
      <Format>NTFS</Format>
      <Label>System Reserved</Label>
      <Order>1</Order>
      <PartitionID>1</PartitionID>
      <TypeID>0x27</TypeID>
      </ModifyPartition>
      <ModifyPartition wcm:action="add">
      <Active>true</Active>
      <Format>NTFS</Format>
      <Label>System</Label>
      <Letter>C</Letter>
      <Order>2</Order>
      <PartitionID>2</PartitionID>
      </ModifyPartition>
      </ModifyPartitions>
      <DiskID>0</DiskID>
      <WillWipeDisk>true</WillWipeDisk>
      </Disk>
      </DiskConfiguration>
      <ImageInstall>
      <OSImage>
      <InstallTo>
      <DiskID>0</DiskID>
      <PartitionID>2</PartitionID>
      </InstallTo>
      <InstallToAvailablePartition>false</InstallToAvailablePartition>
      </OSImage>
      </ImageInstall>
      <UserData>
      <AcceptEula>true</AcceptEula>
      <FullName>%YourLocalAdmin%</FullName>
      <Organization>%YourOrganisation%</Organization>
      </UserData>
      <EnableFirewall>true</EnableFirewall>
      </component>
      <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="
    http://schemas.microsoft.com/WMIConfig/2002/State
    " xmlns:xsi="
    http://www.w3.org/2001/XMLSchema-instance
    ">
    
      <DiskConfiguration>
      <Disk wcm:action="add">
      <CreatePartitions>
      <CreatePartition wcm:action="add">
      <Order>1</Order>
      <Type>Primary</Type>
      <Size>100</Size>
      </CreatePartition>
      <CreatePartition wcm:action="add">
      <Extend>true</Extend>
      <Order>2</Order>
      <Type>Primary</Type>
      </CreatePartition>
      </CreatePartitions>
      <ModifyPartitions>
      <ModifyPartition wcm:action="add">
      <Active>true</Active>
      <Format>NTFS</Format>
      <Label>System Reserved</Label>
      <Order>1</Order>
      <PartitionID>1</PartitionID>
      <TypeID>0x27</TypeID>
      </ModifyPartition>
      <ModifyPartition wcm:action="add">
      <Active>true</Active>
      <Format>NTFS</Format>
      <Label>System</Label>
      <Letter>C</Letter>
      <Order>2</Order>
      <PartitionID>2</PartitionID>
      </ModifyPartition>
      </ModifyPartitions>
      <DiskID>0</DiskID>
      <WillWipeDisk>true</WillWipeDisk>
      </Disk>
      </DiskConfiguration>
      <ImageInstall>
      <OSImage>
      <InstallTo>
      <DiskID>0</DiskID>
      <PartitionID>2</PartitionID>
      </InstallTo>
      <InstallToAvailablePartition>false</InstallToAvailablePartition>
      </OSImage>
      </ImageInstall>
      <UserData>
      <AcceptEula>true</AcceptEula>
      <FullName>%YourLocalAdmin%</FullName>
      <Organization>%YourOrganisation%</Organization>
      </UserData>
      <EnableFirewall>true</EnableFirewall>
      </component>
      </settings>
      <settings pass="offlineServicing">
      <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="
    http://schemas.microsoft.com/WMIConfig/2002/State
    " xmlns:xsi="
    http://www.w3.org/2001/XMLSchema-instance
    ">
    
      <EnableLUA>true</EnableLUA>
      </component>
      </settings>
      <settings pass="offlineServicing">
      <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="
    http://schemas.microsoft.com/WMIConfig/2002/State
    " xmlns:xsi="
    http://www.w3.org/2001/XMLSchema-instance
    ">
    
      <EnableLUA>true</EnableLUA>
      </component>
      </settings>
      <settings pass="generalize">
      <component name="Microsoft-Windows-Security-SPP" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="
    http://schemas.microsoft.com/WMIConfig/2002/State
    " xmlns:xsi="
    http://www.w3.org/2001/XMLSchema-instance
    ">
    
      <SkipRearm>1</SkipRearm>
      </component>
      </settings>
      <settings pass="generalize">
      <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="
    http://schemas.microsoft.com/WMIConfig/2002/State
    " xmlns:xsi="
    http://www.w3.org/2001/XMLSchema-instance
    ">
    
      <SkipRearm>1</SkipRearm>
      </component>
      </settings>
      <settings pass="specialize">
      <component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="
    http://schemas.microsoft.com/WMIConfig/2002/State
    " xmlns:xsi="
    http://www.w3.org/2001/XMLSchema-instance
    ">
    
      <InputLocale>0407:00000407</InputLocale>
      <SystemLocale>de-DE</SystemLocale>
      <UILanguage>de-DE</UILanguage>
      <UILanguageFallback>de-DE</UILanguageFallback>
      <UserLocale>de-DE</UserLocale>
      </component>
      <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="
    http://schemas.microsoft.com/WMIConfig/2002/State
    " xmlns:xsi="
    http://www.w3.org/2001/XMLSchema-instance
    ">
    
      <InputLocale>0407:00000407</InputLocale>
      <SystemLocale>de-DE</SystemLocale>
      <UILanguage>de-DE</UILanguage>
      <UILanguageFallback>de-DE</UILanguageFallback>
      <UserLocale>de-DE</UserLocale>
      </component>
      <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="
    http://schemas.microsoft.com/WMIConfig/2002/State
    " xmlns:xsi="
    http://www.w3.org/2001/XMLSchema-instance
    ">
    
      <SkipAutoActivation>true</SkipAutoActivation>
      </component>
      <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="
    http://schemas.microsoft.com/WMIConfig/2002/State
    " xmlns:xsi="
    http://www.w3.org/2001/XMLSchema-instance
    ">
    
      <SkipAutoActivation>true</SkipAutoActivation>
      </component>
      <component name="Microsoft-Windows-SQMApi" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="
    http://schemas.microsoft.com/WMIConfig/2002/State
    " xmlns:xsi="
    http://www.w3.org/2001/XMLSchema-instance
    ">
    
      <CEIPEnabled>0</CEIPEnabled>
      </component>
      <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="
    http://schemas.microsoft.com/WMIConfig/2002/State
    " xmlns:xsi="
    http://www.w3.org/2001/XMLSchema-instance
    ">
    
      <CEIPEnabled>0</CEIPEnabled>
      </component>
      <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="
    http://schemas.microsoft.com/WMIConfig/2002/State
    " xmlns:xsi="
    http://www.w3.org/2001/XMLSchema-instance
    ">
    
      <ComputerName>%YourComputerName%</ComputerName>
      <ProductKey>%YourProductKey%</ProductKey>
      </component>
      <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="
    http://schemas.microsoft.com/WMIConfig/2002/State
    " xmlns:xsi="
    http://www.w3.org/2001/XMLSchema-instance
    ">
    
      <ComputerName>%YourComputerName%</ComputerName>
      <ProductKey>%YourProductKey%</ProductKey>
      </component>
      </settings>
      <settings pass="oobeSystem">
      <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="
    http://schemas.microsoft.com/WMIConfig/2002/State
    " xmlns:xsi="
    http://www.w3.org/2001/XMLSchema-instance
    ">
    
      <AutoLogon>
      <Password>
      <Value>%YourLocalAdminPassword%</Value>
      <PlainText>true</PlainText>
      </Password>
      <Enabled>true</Enabled>
      <Username>%YourLocalAdmin%</Username>
      </AutoLogon>
      <OOBE>
      <HideEULAPage>true</HideEULAPage>
      <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
      <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
      <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
      <NetworkLocation>Work</NetworkLocation>
      <SkipUserOOBE>true</SkipUserOOBE>
      <SkipMachineOOBE>true</SkipMachineOOBE>
      <ProtectYourPC>1</ProtectYourPC>
      </OOBE>
      <UserAccounts>
      <LocalAccounts>
      <LocalAccount wcm:action="add">
      <Password>
      <Value>%YourLocalAdminPassword%</Value>
      <PlainText>true</PlainText>
      </Password>
      <Description></Description>
      <DisplayName>%YourLocalAdmin%</DisplayName>
      <Group>Administrators</Group>
      <Name>%YourLocalAdmin%</Name>
      </LocalAccount>
      </LocalAccounts>
      </UserAccounts>
      <RegisteredOrganization>%YourOrganisation%</RegisteredOrganization>
      <RegisteredOwner>%YourLocalAdmin%</RegisteredOwner>
      <DisableAutoDaylightTimeSet>false</DisableAutoDaylightTimeSet>
      <FirstLogonCommands>
      <SynchronousCommand wcm:action="add">
      <Description>Control Panel View</Description>
      <Order>1</Order>
      <CommandLine>reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel" /v StartupPage /t REG_DWORD /d 1 /f</CommandLine>
      <RequiresUserInput>true</RequiresUserInput>
      </SynchronousCommand>
      <SynchronousCommand wcm:action="add">
      <Order>2</Order>
      <Description>Control Panel Icon Size</Description>
      <RequiresUserInput>false</RequiresUserInput>
      <CommandLine>reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel" /v AllItemsIconView /t REG_DWORD /d 1 /f</CommandLine>
      </SynchronousCommand>
      <SynchronousCommand wcm:action="add">
      <Order>3</Order>
      <Description>LanREF: Agent Konfigurieren</Description>
      <RequiresUserInput>false</RequiresUserInput>
      <CommandLine>sc config "Absolute Manage Agent" start=auto</CommandLine>
      </SynchronousCommand>
      <SynchronousCommand wcm:action="add">
      <Order>4</Order>
      <Description>LanREF: Agent starten</Description>
      <RequiresUserInput>false</RequiresUserInput>
      <CommandLine>net start "Absolute Manage Agent"</CommandLine>
      </SynchronousCommand>
      <SynchronousCommand wcm:action="add">
      <Order>5</Order>
      <Description>LanREF: Am Server anmelden</Description>
      <RequiresUserInput>false</RequiresUserInput>
      <CommandLine>"%programfiles(x86)%\Pole Position Software\LANrevAgent\LANrev Agent.exe" --SendHeartbeat</CommandLine>
      </SynchronousCommand>
      <SynchronousCommand wcm:action="add">
      <Order>6</Order>
      <Description>LanREF: Inventory senden</Description>
      <RequiresUserInput>false</RequiresUserInput>
      <CommandLine>"%programfiles(x86)%\Pole Position Software\LANrevAgent\LANrev Agent.exe" --SendInventory</CommandLine>
      </SynchronousCommand>
      <SynchronousCommand wcm:action="add">
      <Order>7</Order>
      <Description>LanREF: Nach zugewiesener Software suchen</Description>
      <RequiresUserInput>false</RequiresUserInput>
      <CommandLine>"%programfiles(x86)%\Pole Position Software\LANrevAgent\LANrev Agent.exe" --SDCheck</CommandLine>
      </SynchronousCommand>
      </FirstLogonCommands>
      <TimeZone>W. Europe Standard Time</TimeZone>
      </component>
      <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="
    http://schemas.microsoft.com/WMIConfig/2002/State
    " xmlns:xsi="
    http://www.w3.org/2001/XMLSchema-instance
    ">
    
      <AutoLogon>
      <Password>
      <Value>%YourLocalAdminPassword%</Value>
      <PlainText>true</PlainText>
      </Password>
      <Enabled>true</Enabled>
      <Username>%YourLocalAdmin%</Username>
      </AutoLogon>
      <OOBE>
      <HideEULAPage>true</HideEULAPage>
      <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
      <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
      <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
      <NetworkLocation>Work</NetworkLocation>
      <SkipUserOOBE>true</SkipUserOOBE>
      <SkipMachineOOBE>true</SkipMachineOOBE>
      <ProtectYourPC>1</ProtectYourPC>
      </OOBE>
      <UserAccounts>
      <LocalAccounts>
      <LocalAccount wcm:action="add">
      <Password>
      <Value>%YourLocalAdminPassword%</Value>
      <PlainText>true</PlainText>
      </Password>
      <Description></Description>
      <DisplayName>%YourLocalAdmin%</DisplayName>
      <Group>Administrators</Group>
      <Name>%YourLocalAdmin%</Name>
      </LocalAccount>
      </LocalAccounts>
      </UserAccounts>
      <RegisteredOrganization>%YourCompany%</RegisteredOrganization>
      <RegisteredOwner>%YourLocalAdmin%</RegisteredOwner>
      <DisableAutoDaylightTimeSet>false</DisableAutoDaylightTimeSet>
      <FirstLogonCommands>
      <SynchronousCommand wcm:action="add">
      <Description>Control Panel View</Description>
      <Order>1</Order>
      <CommandLine>reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel" /v StartupPage /t REG_DWORD /d 1 /f</CommandLine>
      <RequiresUserInput>true</RequiresUserInput>
      </SynchronousCommand>
      <SynchronousCommand wcm:action="add">
      <Order>2</Order>
      <Description>Control Panel Icon Size</Description>
      <RequiresUserInput>false</RequiresUserInput>
      <CommandLine>reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel" /v AllItemsIconView /t REG_DWORD /d 1 /f</CommandLine>
      </SynchronousCommand>
      </FirstLogonCommands>
      <TimeZone>W. Europe Standard Time</TimeZone>
      </component>
      </settings>
    </unattend>
    
    

     

    DiskPart Code

    in a cmd:

    diskpart /s "%~dp0extend.txt"
    
    

    extend.txt

    Select disk 0
    select partition 2
    extend
    
    

     

    Setting the Service Tag as Computername (Dell)

    dim NewName
    dim objWMIService
    dim colItems
    dim strComputer
    dim colComputers
    
    
    strComputer = "." 
    
    
    Set objWMIService = GetObject("winmgmts:" & _
      "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") 
    
    
    For Each objSMBIOS in objWMIService.ExecQuery("Select * from Win32_SystemEnclosure") 
      NewName=objSMBIOS.SerialNumber 
    Next
    
    
    strComputer = "."
    Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
    Set colItems = objWMIService.ExecQuery("Select * from Win32_ComputerSystem",,48)
    
    
    Set colComputers = objWMIService.ExecQuery ("Select * from Win32_ComputerSystem")
    For Each objComputer in colComputers
      err = objComputer.Rename(NewName)
      if err <> 0 then
      wscript.quit -1
      else
      wscript.quit 0
      end if
    next
    
    

     

    Forums thread: My Windows 10 Imaging Guide