Sooner or later every company will come to the point when using standard Windows image is just not enough. Manual installation, fetching all updates or installing software etc. etc. takes time, and in IT, we really can use that time for something way more productive.
Therefore, I propose you to create your very own, customised, Windows 10 image which will save you tonnes of time.
Let’s set some goals:
- Automatic installation – no questions about user accounts, settings etc.
- Hardware neutral – image will be installable on any kind of computer with necessary drivers equipped within.
- Customised – image will be shipped with software and other preferences so that employees will be able to “just” log in straight after deployment.
Sounds good? So let’s start preparing.
Prepare for Windows 10 image creation
I know you’d like to just jump in and start creating the new image, but to prepare the image properly there are necessary setup steps needed before the actual process. The benefits of this preparing will come handy in the future.
What you’re going to need is:
- PC capable of virtualisation – Since the image creation will happen in VM (Virtual Machine), we need hardware capable of this. If you’ve got a dedicated machine already – that’s great – if not, then any computer manufactured within the last few years, which can afford at least 2GBs of memory for virtualisation (you can assign less than 2GBs of memory, but everything will be slow. Like really, slow) and hard disk space – only you know how much space you’re going to use for this task. However, bare in mind you should allow extra space for the checkpoints. If you can afford to use SSD that’s great – it hugely improves the speed of the process.
- Windows 10 ISO file – you’d need this to install the actual image and to create so-called “answer” file out of it.
- Windows ADK – this will be used for creating the answer file.
- Hypervisor with checkpoint function – this will allow us to create a VM with the actual image, while checkpoints can save plenty of time in case something goes wrong or must be amended.
- Software and customisation files which are going to be shipped with Windows.
- Internet – not necessary, but really helpful.
As long as you’ve got the hardware capable of virtualisation, the rest comes from the Internet, or your software repositories.
Windows 10 ISO file
The fastest way of getting the Windows 10 ISO file is to go to: https://www.microsoft.com/en-gb/software-download/windows10ISO or google “Windows Media Creation Tool”. Once on the website, pick “Windows 10” from the drop down menu (unless you’ve got licence for a different version). If your company happens to have a volume licence with Microsoft, then expand “More Download Options” where you can find links to MSDN websites.
When using Media Creation Tool, make sure to pick *.ISO file during the process. The file will be later on used in both, hypervisor and answer file.
Do not try to obtain images from any other, unofficial sources, as there’s always a chance of getting something “extra” from dishonest people. Nobody likes “extras” in Windows images.
Windows ADK (Assessment and Deployment Kit) is a set of tools required for image customisation and checking the performance of the computer. You need to fetch the version corresponding to the Windows image creation, as of writing this article, the newest version is Windows 10, version 1607.
Start the downloaded file, and upon the choice you need only 2 out of all:
- Deployment tools – SIM (Windows System Image Manager) – this tool is used to create the answer file, which will allow for automatic installation of Windows.
- Windows PE (Preinstallation Environment) – will be used for capturing the image. Unless you’ve got other solution in place (e.g. Norton Ghost) this tool is necessary.
The customised image will be created within the VM and therefore hypervisor is essential to it. The second requirement are snapshots, which will allow us to roll back any wrong changes, as well as re-use the image for any amendments/updates required after creating the initial image.
Snapshot = Checkpoint. These words can be used interchangeably.
I can only think about 2 free options here – first is Microsoft Hyper-V, which comes built in Windows 8 or 10 in Pro edition, or any Windows Server since 2008 version. If you don’t have a such a possibility, you can use VirtualBox, which is free and has desired checkpoints functionality. Obviously, any hypervisor with checkpoints feature should do the trick.
I’ll be using Hyper-V since I’ve got Windows 10 Pro in my setup. To install Hyper-V on either Windows client or Server, make sure that Virtualization is enabled in your BIOS/UEFI setting, this is often called Intel VT, AMD-V or simply Virtualization Technology.
In order to instal Hyper-V in Windows Clients, go to Control Panel>Programs and Features>Turn Windows features on or off. Then expand Hyper-V menu and make sure that you can tick Hyper-V Management Tools and Hyper-v Platform. You will need to reboot the PC for the role to become active.
In Windows Server, you will need to add Hyper-V role to the server and reboot the server afterwards.
It might be any sort of installer or even copy-paste type of application. If it works with the standard Windows installation, it should work with the customised image.
Customised files – this will be any specific wallpapers, files etc. which are used to brand the image.
Since Windows 10 is shipped with plenty of drivers out of box, there are still many propetiary ones which must be either downloaded via WU (Windows Update) or installed manually. If your environment does not allow/provide drivers download via Windows Update, you must add them to the image.
In other words, you need drivers with *.inf files, some manufacturers allow you to download the whole package of *.inf files for a computer series, some don’t. In such a case, you might need to unpack the drivers manually to get *.inf files out of it.
Prepare the environment for Windows 10 image
I hope you’re still bearing with me to this point, the most boring parts is behind us – I mean gathering all the stuff needed for the image creation.
Let’s look up the steps to follow:
- Create VM
- Install Windows
- Put set Windows into Audit mode
- Install software
- Add drivers
- Customise Menu Start
- Creating answer file
- Testing the image
Shall we begin?
Create VM + Virtual Switch for VM
VM will need a connection to the local network as well as the Internet. Therefore we need to create a virtual switch to which the VM is going to be connected.
Creating Virtual Switch
To create a virtual switch you need to:
- Virtual Switch manager
- Highlight new virtual switch, pick “External”, and click Create Virtual Switch
- Give it meaningful name e.g. Internet, make sure that External radius is ticked and choose the network card which used to connect to the Internet, click OK.
- The network switch is being created.
Once your virtual switch has been created, we can start creating the new VM and use the switch to connect VM to the Internet.
Creating Virtual Machine
Now it’s time to create our virtual computer – a place where a customised image will be created, maintained and captured! Are you excited, like me?
- Right click on the name of your server, highlight new and choose Virtual Machine.
- Specify the name e.g. Windows 10_1607, and you can change the location where VM will be saved if needed. Make sure the disk you’re going to use will have at least the amount of space you plan to use for your VM.
- You can choose either generation, but I strongly recommend Generation 2 (which is supported for Windows 2012/8 onwards), generation 2 allows you to simulate UEFI, boot from SCSi adapters (which perform faster than IDE) and are power-failure proof.
- Memory. Assign at least 2 GBs, if you can 4GBs. You can leave Dynamic memory tick on, however, it shouldn’t make any difference in this scenario.
- In the configuring networking window, choose the Virtual Switch created earlier on, this will allow the VM to talk to the rest of the world.
- Virtual disk – in other words, the special file which behaves like a hard drive. Probably you will only want to amend the size of, I find 60GB very minimum, but again, it’s entirely up to you.
- The last step needed for the configuration is Installation option – in other words, pointing VM to the installation media. Simply choose the ISO downloaded earlier on.
- On the Summary window, verify all the settings and hit finish if you’re happy with all of them.
Hyper-V will create your VM now, you should be able to see it in the main Windows of the Hyper-V.
Windows 10 installation
Yes, we are just a step before installing, but hold your horses for a second, there’s one more point worth considering.
Audit mode or OOBE mode?
When you perform the standard installation of Windows, you simply boot to OOBE (Out of box experience) every single time. Then you go through the process of customising the installation and creating user account etc.
Audit mode is, on the other hand, a special mode dedicated to preparing Customised Windows image. It will e.g. automatically log in to the Administrator account, which will be removed once the work in the Audit mode has been finished. Changes made in the Audit mode will be then copied to every new user logging to the PC, which keeps the user experience. Yet working in the Audit mode is exactly identical like in OOBE.
You can even switch between OOBE/Audit modes once Windows 10 has been installed, but why not start from using Audit and simply keep using it, from the beginning?
Therefore it’s not required, but I’d recommend you to use the Audit mode for the image creation.
Let’s install Windows 10!
All the preparation will now pay off – you’ll be able to go and set up everything as desired, using the software which you’ve prepared earlier on.
As mentioned earlier, I’ll follow the Audit mode way and prepare my image in that way. The process of installing is almost the same for Audit and OOBE mode, however, I’m going to indicate the moment when you need to make the call.
- Start the VM.
- On the screen “Press any key to boot”, press any key.
- On the “Windows Setup” screen, choose Install now.
- Now you’re going to be asked to provide a licence key. In case you don’t have it yet, you can simply skip this and provide the key later.
- Choose the edition of Windows 10 which you’re going to install. I recon it’s going to be Pro, which will allow you, among other things, join the computer to the domain.
- Once you are aware of the agreement content, tick the box and move forward.
- Since this is a freshly created VM, its hard drive it’s literally empty. Therefore the only thing you can do now is to choose Custom: Install Windows only.
- On the following screen just click next, Windows installer will partition the drive and utilise all space. Even if you’d need additional partitions, you’ll be able to order Windows to create them during the deployment process.
The Windows installation starts now. It will take some time and reboots before reaching the next screen, on which you’ll need to make a decision about the mode used for installation.
The Audit mode trigger is hidden; you must use a keyboard shortcut to activate it.
Press simultaneously ALT + SHIFT + F3, after which VM will instantly restart and boot to audit mode shortly.
Windows will now automatically log in with Administrator’s account, and present you with SYSPREP (System Preparation Tool) window, which you’d like to cancel. The tool allows you to set Windows 10 back to OOBE mode generalise (which I’ll explain later on) and restart it. Just cancel it. It might be worth to take a check point at this moment.
Customise the image
Now it’s time to install all the software you need, but how to provide it? We could use so-called guest services and start copying all the installation files, but that would take first time to do so, secondly the size of the VHD would start growing.
Rather than that, let’s go good, old network sharing. Not only it will allow us to install folders without copying them all to the VM, but also will deliver the answer file, or will allow exporting e.g. customised menu start settings.
Create the network share on your host machine
Open the folder where you’re going to store all files needed by your VM.
- Open properties of the folder.
- On the properties window, change tab to “Sharing” and choose “Advanced Sharing…”
- Tick the box “Share this folder” and choose “Permissions”. You might note down the folder name as this will become the name of the actual share.
- Grant full access to the account which is going to access the network share on your host machine. I granted access to Everyone.
- Click OK twice and once backed to the properties window, change tab to “Security” and choose “Edit” button.
- Click Add.
- Type the same username which you’ve used in the Sharing permissions.
- Grant “Allow – Modify” rights to the user. Click OK on all windows.
You might ask why we’ve had grant access to the same user in 2 different places. Since this is not an article about shares and permissions I’ll keep it short – Windows differentiates 2 levels of access – local and networked. The user must have access locally to be able to access the files at all and locally, that is, while working on the actual computer. Networked access allows users to access the files over the network, and folders accessed that way are called shares. In the case of when a user has only network rights, one still won’t be able to access the files because of the lack of the local permission.
Map the network drive
Once the network share has been created, it’s time to map it. That process is called mapping the network drive because ultimately it will show up alongside other drives – hard and flash disks and optical drives.
- Head towards “This computer.”
- Choose “Computer” tab and click “Map network drive.”
- On the following screen specify the location of the network share – the format is: \\<name of the host>\<name of the share>, the name of my host is KMLPRO and the name of the share is VM_installers therefore the full path will be: \\KMLPRO\VM_installers.
- Tick the box “Connect using different credentials”. You might also tick the box “Reconnect at sign-it”, that way Windows will store your login details to the server and automatically map the drive the next time you log in. Feel free to change the drive, if you’d like to.
- You’ll be asked to provide details of the account which you’ve granted access rights earlier on.
Once completed, you’ll find your mapped network drive alongside other drives in the computer view.
Install the software, customise the settings
Now you’ve got to the point where you can perform an installation of any software needed.
- Try to use officially released MSI files. In the case of updating the image later on, MSIs always make sure to get rid of the old version of the file and upgrade.
- If possible, avoid launching the applications. It might amend some default settings which users might not like.
- Install the latest .NetFramework (as well as other libraries) possible, that will save time, both your and your users.
- Do not forget about the new Menu Start, you can pin applications often used by the users.
Once you’ve completed the customisation process, take the checkpoint. Just in case.
“Software comes and goes. Hardware is forever,” they said, but to make that hardware work, we need drivers.
Why not rely on the Internet/Windows updates?
The problem with drivers is that they often won’t install, unless there’s actual hardware present at the moment of installation. You can obviously rely on Windows Update and hope that everything will be self-installed, but do you really want to?
I personally cannot imagine deploying Windows to more than 10 computers and allowing them to go to Windows Update and start downloading, then wait for reboots etc. Nope, that doesn’t work like that in an enterprise.
Unless you’re in the situation where you can utilise Windows Update, then you can skip that part. But you’ll miss so much fun with having control of every single driver on the image.
PNPUTIL – Drivers’ best mate
Microsoft includes in the Windows a brilliant tool called PNPUTIL, which basically allows managing drivers and give you as the administrator the control over the drivers inside of the VM.
Have I mentioned that we will need to go command line? Oh well, now I’m telling you. But it won’t be scary, I promise. PNPUTIL is a command line only.
Main PNPUTIL switches which you should know about:
/enum-drivers - enumarates (lists) all stored drivers
/add-driver - adds driver to the driver store
/delete-driver - removes the driver from the driver store
Driver store – what is this?
Windows comes with plenty of drivers out of the box – however, it’s impossible to include every single driver to every single device, or even make sure that all the drivers are up to date.
Therefore, here comes the idea of the Driver Store – think about it like installers for your software – you have the installer, but you install the software when it’s actually needed by the user.
Same happens with the hardware – when a new device is connected, Windows goes through the store and looks for the appropriate driver. That way we can load all needed drivers and Windows will use them only when they are needed. This is cool, isn’t it?
Let’s add some drivers!
If you’ve done a good job preparing your drivers (*.inf files) organising them into folders (e.g. C:\Temp\Drivers\Audio, C:\Temp\Drivers\Video etc.), then follow the instruction below. If not, go and organise them now.
- Go to the folder where your drivers are, press and hold the SHIFT ket + right-click the mouse and choose “Open command window here”.
- Type “pnputil” and hit enter, familiarise yourself with the command details (for your own reference)
- Type pnputil /enum-drivers and look how many drivers are needed. Since this is VM, there a just a few in use.
- Type pnputil /add-driver *.inf /subdirs. This will order pnputil to go through all the folders and add any driver it finds to the store. It might take a while depending on amount and size of drivers you’ve prepared.
- Upon the completion, you’ll see how many drivers have been added to the store.
This is it, that one step closer to the hardware neutral Windows image. Enumerate the drivers now, see how many has been added to the Drivers now. Don’t forget to take the checkpoint.
Are we there yet? Yes, almost there!
Once you are happy with all customisations you’ve just done, it’s time to tell Windows, what to do during the installation. Why? To not get all that prompts about licencing, partitioning, the name of the computer and user etc. We are going to be like this bartender from the local pub, who knows us good enough to serve everything we like. Sounds cool? Keep it coming then!
I must admit, I was really impressed (like WOW impressed) when saw fully automatic Windows deployment for the first time in my life – from the beginning of the process – when Windows configured itself until it reached the Logon/Desktop screen.
Creating WIM file
Unattended installation means automatic installation – which is our goal. Essential part of it is the Answer file – the file which will tell Windows installer what to do during the installation. We obviously, are going to create are own answer file.
We are going to need WIM file, which is in short take, the actual compressed Windows – whenever you install Windows, it’s being decompressed and installed to the local hard disk. Where’s the file then? You’ve guessed it right, on the Windows 10 ISO, the same which we’ve used to install Windows 10 earlier on.
Microsoft started using ESD files to include Windows installation files, which are way more compressed than actual WIM files. Therefore first step is to copy the ESD file off the ISO, then convert it to the WIM file to finally use for the Answer file creation.
- Right click on the ISO which you’ve used to install the Windows 10, mount it.
- ISO will show as ordinary DVD drive, open it and go to the “Sources” folder, and find install.esd file. It’s the biggest (approximately 4GBs) file over there. Copy the file off the image. I can suggest to create a dedicated folder where you’re going to store all ISOs used for installation and another folder called WIM where you’ll store WIM files. The reason behind is that you should always use the WIM file from ISO used for installation. Don’t forget about meaningful names.
- We need elevated (administrator) command prompt, right click on the Windows menu and choose it then. Change directory to where the ISO is.
- You can use DIR command to make sure you’re in the right folder and can see install.erd file.
- Type command: dism /Get-WimInfo /WimFile:install.esd You should see the list of available Windows 10 edition included in the ISO. I’m going to need Pro edition therefore will choose Index:1
- Type command: dism /export-image /SourceImageFile:install.esd /SourceIndex:1 /DestinationImageFile:Windows10_pro_1607.wim /Compress:max /CheckIntegrity I’ve highlighted the index number and the file name in case you’d like to change it.
Wait until the process has finished and we can move on to the actual answer file creation. You’ll find the WIM file in the same location where ESD file is.
It’s time to tell Windows off, literally. We’re going to prepare the answer file, which will guide Windows through the installation – and achieve automatic installation there.
There are tonnes of possible settings to configure, therefore I will focus on bringing you to the automated installation which you might use as the base for your answer file. Most of the settings are well documented which is a great help.
To create the answer file:
- Open Windows System Image Manager.
- Press the “New Answer File” button.
- Say yes to open the Windows Image file.
- Point to the WIM file created earlier on.
- Confirm creation of the catalog file.
It will take a few minutes for SIM to complete the image creation process. Upon finish, you’ll be presented with the new SIM windows with more options than before.
Answer file reflects different Windows installation stages (passes) – there are 7 of them, however, we need only a few for our needs.
The components part contains the actual jobs that Windows Installer performs during different parts of the installation. One component can be added to multiple installation stages. Components are added by right-clicking on them and choosing to which part they need to be added.
Necessary components for automated installation:
Phase 1 WinPE:
Phase 4 Specialize:
Phase 7 OOBE
I really wanted to describe all the components, meaning what you should type and where, but it would take way too much time and space. Instead, I’ll simply paste the answer file here and describe what it does in each phase.
Answer file – Windows_10_pro.xml (right click and dowload/save link as)
Use SIM to open the file above, and point to Windows 10 1607 WIM file.
Phase 1 WinPE
That one happens when you actually boot a computer from the installation media and are presented with the install now screen.
What happens in “amd64_Microsoft-Windows-International-Core-WinPE” is to choose which display language should be picked.
The “amd64_Microsoft-Windows-Setup” tells installer to wipe the first hard drive, then create 4 partitions (as needed for UEFI) and to modify them. While first 3 partitions are needed for Windows to run and have a fixed size, the 4th – where the actual OS is – will use all remaining space for itself.
Phase 4 Specialize
That phase happens when Windows is “Getting ready”. You can notice a CopyProfile option – it tells the installer to take Administrator’s profile (the same which you’ve customised earlier on in the Audit mode) and set it as the default profile – so that every profile created on the computer will have the same customisation.
The product key used here is generic Windows 10 Pro, you should change it to yours. You won’t be able to activate Windows with that key.
Phase 7 OOBE
OOBE – Out of box experience – is the Wizard which you see during the first Windows boot.
“amd64_Microsoft-Windows-International-Core” will tell the computer which language, region and keyboard layout will be used for the users.
“amd64_Microsoft-Windows-Shell-Setup” will accept the agreement, set Windows to get automatic Windows Updates and create local user “Dave” who will be an administrator. Notice that password field is hashed, therefore you should change it to yours.
When at some point you’ll start testing/deploying the image, you might notice a 2nd user account created during the installation, called defaultuser0. It’s being created during the CopyProfile function, I couldn’t find an explanation why it happens.
We could switch off the CopyProfile, but then it would be necessary to spend a way more time with customising (including start menu, theme, wallpaper etc. would need to be set, configured with text files and exported – which is not really user friendly).
Or we could keep using CopyProfile and call a command “net user defaultuser0 /delete” during first user logon, which removes it automatically. I prefer the second option, which is included in the answer file.
Save the answer file
Once you’re happy with your answer file, save in the shared folder created earlier on.
Preparing the image for capture/housekeeping
We need to do some housekeeping to make the image clean and neat for the end user:
- Run Windows updates
- Run antivirus updates
- Remove all browsing history from Internet browsers
- Unmount all mounted network drives
- Right click on the address bar in Windows explorer and choose “Delete history”
- Run disk clean up
- Make sure there are no passwords saved in the Credential manager (Control panel>Credential Manager)
- Remove any directories used during image preparation (e.g. C:\temp)
In other words – when your users get freshly wiped PC, they’ll get an impression it’s spanking new, yet customised by their great IT department. It makes a difference, a huge difference to the end user.
Test the image within VM
That’s a great moment, isn’t it? I’m always excited when testing the new image and see how all the work turns out. But before deploying it to the actual physical machine, it’s worth to test it within the actual VM.
Why? Because due to checkpoints, it’s extremely easy to roll back the deployment, amend the setting and deploy once again. It’s a real time saver. Therefore, do not expect the image to be ready after the first time. My first attempt took about a week to get fully polished and prepared image.
Take the checkpoint now
Remember: if there’s something you don’t like after the deployment or test, you can always roll back, change the image and try once again (and don’t forget to take another checkpoint).
You can repeat that process until you’re fully satisfied with the result.
Sysprep – the tool for generalization
Generalise makes the image truly hardware neutral. It removes all installed drivers, Windows activation, unique installation details for the VM – it then allows computer to install completely fresh and setup itself for the new installation or another computer.
To generalise Windows installation you’d like to:
- Open elevated command prompt
- Type: CD C:\Windows\System32\Sysprep
- Type: SYSPREP /GENERALIZE /OOBE /REBOOT /UNATTEND:<path to your unattended file> We call sysprep tool to generalise the installation, set Windows into OOBE mode, use answer file and restart the PC.
- Wait until the sysprep process is done and PC restart.
Once completed, VM should restart a few times and – if everything goes well – bring you to the login screen. You’d like then to review all your customisation settings, make sure that passwords are not saved etc. Remember that whatever you can see after the first login, will be available to any new user using the computer.
Capturing and deploying the image
Once your VM is up to the standard it’s time to send it to the actual hardware and see if everything still works + all drivers are working.
However, it’s beyond this article as there are many tools which can be used. If you’ve got any favourite tools which can get the job done – let me know!
A few tips:
- Always take the checkpoint before syspreping. Windows has a sysprep counter, and after generalising an image few times it will not allow you to generalise it another! This means you’d need to create another image from the scratch. On the other hand, if you’ve got a VM with checkpoint just before sysprep, you can always come back to it, amend it, checkpoint it and sysprep again, unlimited number of times.
- If there are too many checkpoints (and not enough hard disk space), you can always remove all of them and create a new one.
- Creating the image is a long process – take your time!
Main photo by: https://unsplash.com/@rawpixel