[REPO/HOW-TO/CHAT] Audit/Sysprep/Generalize; Setupcomplete/Firstlogon; Silent Install

Discussion in 'Scripting' started by s1ave77, Feb 11, 2017.

  1. tcntad

    tcntad MDL Guru

    Oct 26, 2009
    4,742
    1,745
    150
    @SunLion

    Thanks! It changes main background just great but the smaller window is still white. I whonder what Im doing wrong :p I'll try manually tomorroow
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. SunLion

    SunLion MDL Expert

    May 11, 2011
    1,635
    6,111
    60
    Which window is smaller?

    Please post the image.
     
  3. tcntad

    tcntad MDL Guru

    Oct 26, 2009
    4,742
    1,745
    150
    #283 tcntad, Jun 16, 2025
    Last edited: Jun 16, 2025
    The actual setup window, not talking about the size but that the background isnt changed, its still white

    26100
    upload_2025-6-16_11-28-12.png


    2nd run on 23H2 works
    script window, ive removed pauses and added iso creation
    Code:
    ============================================================
    This script modifies indexes 1 and 2 of boot.wim
    
    Credits: maxXPsoft and MyselfIdem
    ============================================================
    
    
    
    
    Deployment Image Servicing and Management tool
    Version: 10.0.26100.2454
    
    Scanning drive C for stale files
    Scanning drive D for stale files
    The operation completed successfully.
    
    ============================================================
    Creating Work folders...
    ============================================================
    Done...
    
    
    Script Started At 11:33:49,74
    
    
    ============================================================
    D:\26100Pegasus\\DVD\sources\background_cli.bmp
    ============================================================
    
    
    ============================================================
    D:\26100Pegasus\\DVD\sources\spwizimg.dll
    ============================================================
    
    SUCCESS: The file (or folder): "D:\26100Pegasus\DVD\sources\spwizimg.dll" now owned by user "FELDELNING\tcntad".
    processed file: D:\26100Pegasus\\DVD\sources\spwizimg.dll
    Successfully processed 1 files; Failed processing 0 files
            1 file(s) copied.
            1 file(s) copied.
    
    
    ============================================================
    Modifying Boot 1
    ============================================================
    
    Deployment Image Servicing and Management tool
    Version: 10.0.26100.2454
    
    Mounting image
    [==========================100.0%==========================]
    The operation completed successfully.
    
    
    ============================================================
    D:\26100Pegasus\Boot1\sources\background.bmp
    ============================================================
    
    
    ============================================================
    D:\26100Pegasus\Boot1\sources\spwizimg.dll
    ============================================================
    
    
    ============================================================
    D:\26100Pegasus\Boot1\Windows\System32\winpe.jpg
    ============================================================
    
    SUCCESS: The file (or folder): "D:\26100Pegasus\Boot1\Windows\System32\winpe.jpg" now owned by user "FELDELNING\tcntad".
    processed file: D:\26100Pegasus\Boot1\Windows\System32\winpe.jpg
    Successfully processed 1 files; Failed processing 0 files
            1 file(s) copied.
    
    
    ============================================================
    D:\26100Pegasus\Boot1\Windows\System32\winre.jpg
    ============================================================
    
    SUCCESS: The file (or folder): "D:\26100Pegasus\Boot1\Windows\System32\winre.jpg" now owned by user "FELDELNING\tcntad".
    processed file: D:\26100Pegasus\Boot1\Windows\System32\winre.jpg
    Successfully processed 1 files; Failed processing 0 files
            1 file(s) copied.
    
    
    Done...
    
    Boot 1 modified...
    ============================================================
    
    
    Deployment Image Servicing and Management tool
    Version: 10.0.26100.2454
    
    Image File : D:\26100Pegasus\DVD\sources\Boot.wim
    Image Index : 1
    Saving image
    [==========================100.0%==========================]
    Unmounting image
    [==========================100.0%==========================]
    The operation completed successfully.
    
    
    
    ============================================================
    Modifying Boot 2
    ============================================================
    
    Deployment Image Servicing and Management tool
    Version: 10.0.26100.2454
    
    Mounting image
    [==========================100.0%==========================]
    The operation completed successfully.
    
    
    ============================================================
    D:\26100Pegasus\Boot2\sources\background.bmp
    ============================================================
    
    SUCCESS: The file (or folder): "D:\26100Pegasus\Boot2\sources\background.bmp" now owned by user "FELDELNING\tcntad".
    processed file: D:\26100Pegasus\Boot2\sources\background.bmp
    Successfully processed 1 files; Failed processing 0 files
            1 file(s) copied.
    
    
    ============================================================
    D:\26100Pegasus\Boot2\sources\spwizimg.dll
    ============================================================
    
    SUCCESS: The file (or folder): "D:\26100Pegasus\Boot2\sources\spwizimg.dll" now owned by user "FELDELNING\tcntad".
    processed file: D:\26100Pegasus\Boot2\sources\spwizimg.dll
    Successfully processed 1 files; Failed processing 0 files
            1 file(s) copied.
            1 file(s) copied.
    
    
    ============================================================
    D:\26100Pegasus\Boot2\Windows\System32\setup.bmp
    ============================================================
    
    SUCCESS: The file (or folder): "D:\26100Pegasus\Boot2\Windows\System32\setup.bmp" now owned by user "FELDELNING\tcntad".
    processed file: D:\26100Pegasus\Boot2\Windows\System32\setup.bmp
    Successfully processed 1 files; Failed processing 0 files
            1 file(s) copied.
    
    
    ============================================================
    D:\26100Pegasus\Boot2\Windows\System32\winpe.jpg
    ============================================================
    
    SUCCESS: The file (or folder): "D:\26100Pegasus\Boot2\Windows\System32\winpe.jpg" now owned by user "FELDELNING\tcntad".
    processed file: D:\26100Pegasus\Boot2\Windows\System32\winpe.jpg
    Successfully processed 1 files; Failed processing 0 files
            1 file(s) copied.
    
    
    ============================================================
    D:\26100Pegasus\Boot2\Windows\System32\winre.jpg
    ============================================================
    
    SUCCESS: The file (or folder): "D:\26100Pegasus\Boot2\Windows\System32\winre.jpg" now owned by user "FELDELNING\tcntad".
    processed file: D:\26100Pegasus\Boot2\Windows\System32\winre.jpg
    Successfully processed 1 files; Failed processing 0 files
            1 file(s) copied.
    
    
    Done...
    
    ============================================================
    Boot 2 modified...
    ============================================================
    
    
    
    
    Deployment Image Servicing and Management tool
    Version: 10.0.26100.2454
    
    Image File : D:\26100Pegasus\DVD\sources\Boot.wim
    Image Index : 2
    Saving image
    [==========================100.0%==========================]
    Unmounting image
    [==========================100.0%==========================]
    The operation completed successfully.
    
    
    ============================================================
    Press a key to Export Boot.wim
    ============================================================
    
    
    ImageX Tool for Windows
    Copyright (C) Microsoft Corp. All rights reserved.
    Version: 10.0.10011.16384
    
    Exporting: [D:\26100Pegasus\DVD\sources\boot.wim, *] ->
               [D:\26100Pegasus\Temp\Export\boot.wim]
    
    
    [ 100% ] Exporting progress
    
    Successfully exported image #1.
    
    
    [ 100% ] Exporting progress
    
    Successfully exported image #2.
    
    
    Total elapsed time: 8 sec
    
    
    
    
    Deleted file - D:\26100Pegasus\DVD\sources\boot.wim
    D:\26100Pegasus\Temp\Export\boot.wim
    1 File(s) copied
    
    
    
    Deployment Image Servicing and Management tool
    Version: 10.0.26100.2454
    
    Scanning drive C for stale files
    Scanning drive D for stale files
    The operation completed successfully.
    Deleted file - D:\26100Pegasus\Temp\Export\boot.wim
    
    
    ============================================================
    Creating ISO
    ============================================================
    Press any key to continue . . .
    
    
    [/spoiler
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. SunLion

    SunLion MDL Expert

    May 11, 2011
    1,635
    6,111
    60
    This configuration window always has a white background here with me.
     
  5. tcntad

    tcntad MDL Guru

    Oct 26, 2009
    4,742
    1,745
    150
    right ;p I mixed up the images from earlier in this thread, mistook them for 24h2 instead of 23h2, wellwell

    Gotta be able to change that one also..
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. SunLion

    SunLion MDL Expert

    May 11, 2011
    1,635
    6,111
    60
    eheheheh

    That's how it is. Trying and correcting...

    Hugs
     
  7. KleineZiege

    KleineZiege MDL Guru

    Dec 11, 2018
    2,388
    3,107
    90
    give me the files that don't fit on the 24H2
     
  8. migascalp

    migascalp MDL Addicted

    Sep 18, 2009
    557
    940
    30
    #288 migascalp, Jun 29, 2025
    Last edited: Jun 29, 2025
    Stupidly moderated message.
    People are using their brains less and less.
    Sad!
     
  9. Vineet Garg

    Vineet Garg MDL Member

    Aug 4, 2016
    109
    34
    10
    #289 Vineet Garg, Feb 3, 2026
    Last edited: Feb 3, 2026
    Hi,

    I saw advice on net to install but not to open / launch the programs, utilities in sysprep/audit. I badly need some settings in some desktop apps without using them extensively or connecting to net.

    Registry compare tools like Regshot are not my ways.

    I am also going to use Exclusions scripts as there: https://forums.mydigitallife.net/th...ogon-silent-install.73131/page-2#post-1318178

    Please advise.

    Thanks.
     
  10. KleineZiege

    KleineZiege MDL Guru

    Dec 11, 2018
    2,388
    3,107
    90
  11. Vineet Garg

    Vineet Garg MDL Member

    Aug 4, 2016
    109
    34
    10
    #291 Vineet Garg, Feb 4, 2026
    Last edited: Feb 5, 2026
    Download done.

    Thanks.

    ( Earlier I was not able to make the download but thanks to chrome's Chrono download manager extension )
     
  12. stark2006

    stark2006 MDL Novice

    Jan 16, 2010
    5
    6
    0
    #292 stark2006, Feb 21, 2026
    Last edited by a moderator: Feb 22, 2026
    Here is my Sys-Prep-Guide Download:
    Also, if you want a perfect clean image, already activated for personal use, let me know.
     
  13. stark2006

    stark2006 MDL Novice

    Jan 16, 2010
    5
    6
    0
    #293 stark2006, Feb 22, 2026
    Last edited: Feb 22, 2026
    In my above guide you will face one challenge which is known as "Ghost Update" Redownload Bug.
    If you are building custom Windows 11 24H2 or IoT Enterprise LTSC 2024 images using offline servicing (DISM) (Without Internet), you may have run into a bizarre servicing glitch on the first boot.

    Even if you perfectly integrate the latest massive Cumulative Update (e.g., KB5077181) and run DISM /ResetBase to lock it in as the foundation, Windows Update might immediately attempt to redownload and "reinstall" the exact same update if you click "Check for Updates" too quickly after establishing an internet connection.

    Here is the technical teardown of exactly what this issue is, why the 24H2 architecture triggers it, and how to logically eliminate it in your deployment pipeline.

    1. The Symptoms (What is the issue?)
    • The Ghost Download: You connect to the internet on a freshly deployed image, immediately click "Check for Updates," and the Windows Update Agent (WUA) begins downloading the exact Cumulative Update you already integrated using offline servicing (DISM) in your final image.

    • The Size Discrepancy: It doesn't download the full ~4GB payload. Instead, it downloads a much smaller Delta package (usually ~100MB to 700MB) via the Unified Update Platform (UUP).

    • The Uninstall Trap: Once it finishes, the update appears in your "Uninstall Updates" list. However, if a user clicks "Uninstall", the system will reboot, throw a fatal ERROR_FILE_NOT_FOUND in the background, roll back the uninstallation, and leave the update exactly where it is.
    2. The Root Cause (Why does it happen?)
    This is not a failure of your offline DISM integration, nor is the image corrupted. It is a strict Cryptographic Race Condition inherent to how modern Windows 11 validates Component Store manifests.

    When you click "Check for Updates" on a fresh install, the Windows Update Agent scans the Component Store (WinSxS). It sees your integrated .dll and .sys binaries, but it requires cryptographic proof to verify the digital signatures of the update's manifests. To do this, it checks the local CryptnetUrlCache for valid Certificate Trust Lists and Timestamp Tokens.

    The Race Condition:

    The background job responsible for fetching these tokens from Microsoft—\Microsoft\Windows\CertificateServicesClient\SystemTask—is a low-priority, idle-triggered scheduled task. It usually takes 15 to 20 minutes of system idle time to run after connecting to internet first time.

    If the user clicks "Check for Updates" before this task runs, WUA queries an empty cache, throws error 0x80247168 (No timestamp tokens in cache), and flags your integrated update manifests as "Cryptographically Unverified."

    3. The Mechanics of the "Ghost Install"
    Because WUA cannot mathematically verify the signatures of your offline baseline, it panics and requests a repair from Microsoft.

    1. The Hash Check: The UUP engine hashes your WinSxS folder and realizes the heavy 4GB physical binaries are already present and matching the target build.

    2. The Metadata Delta: It downloads only a tiny Forward Differential payload (.psf and .cab files)—specifically the registry manifests, catalog security files, and package identities needed to rebuild the signature chain.

    3. The Registry Injection: The CBS engine stages this tiny payload, skips overwriting the physical disk files, and forcefully re-injects the Update Identity into the CBS registry hive. This recreating of the registry identity is what brings back the "Uninstall" button.

    4. The Uninstall Rollback: If a user clicks that newly generated Uninstall button, CBS tries to revert to the pre-update files. But because you ran DISM /ResetBase during sysprep, those backup files were permanently purged. The engine realizes it cannot restore the old files, aborts the uninstallation to save the OS, and rolls back the attempt.
    4. The Logical Solution (How to avoid it)
    You cannot fix this using standard DISM commands because the issue relies on live, internet-based cryptographic token synchronization.

    To permanently avoid this, you must alter the Initialization Sequence of the OS during deployment. You need to delay the Windows Update engine from running until you have forcefully synchronized the time and the Certificate Services cache when you connect to the internet the very first time.

    The Automated Implementation (autounattend.xml):

    If you use an unattended answer file, you can inject a "Healer" script into the specialize pass. This script locks down the WUA service, forces the background tasks to run immediately upon internet detection, and fills the cryptographic cache before the user ever sees the desktop.

    Add this block to your <specialize> pass in autounattend.xml:

    Code:
    <settings pass="specialize">
            <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <RunSynchronous>
                
                    <RunSynchronousCommand wcm:action="add">
                        <Order>1</Order>
                        <Path>cmd /c reg add "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /v Start /t REG_DWORD /d 4 /f</Path>
                        <Description>Disable WU for smooth OOBE bypass</Description>
                    </RunSynchronousCommand>
                
                    <RunSynchronousCommand wcm:action="add">
                        <Order>2</Order>
                        <Path>powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$A = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument '-ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -Command \"while(!(Test-Connection ctldl.windowsupdate.com -Count 1 -Quiet -ErrorAction SilentlyContinue)){Start-Sleep 5}; Start-Service w32time -ErrorAction SilentlyContinue; w32tm /resync /force | Out-Null; schtasks /run /tn ''\Microsoft\Windows\CertificateServicesClient\SystemTask'' | Out-Null; Start-Sleep 25; Set-ItemProperty -Path ''HKLM:\SYSTEM\CurrentControlSet\Services\wuauserv'' -Name ''Start'' -Value 3; Start-Service wuauserv -ErrorAction SilentlyContinue; Unregister-ScheduledTask -TaskName ''StealthCertHealer'' -Confirm:$false | Out-Null\"'; $T = New-ScheduledTaskTrigger -AtStartup; Register-ScheduledTask -TaskName 'StealthCertHealer' -Action $A -Trigger $T -User 'NT AUTHORITY\SYSTEM' -RunLevel Highest -Force"</Path>
                        <Description>Deploy Zero-Friction Network Watcher</Description>
                    </RunSynchronousCommand>
                
                </RunSynchronous>
            </component>
        </settings>
    How the fix works logically:

    1. It disables wuauserv to prevent any background checks.

    2. It waits for a successful ping to ctldl.windowsupdate.com.

    3. It forces the Windows Time service (w32tm) to sync, preventing token expiration errors.

    4. It manually triggers the lazy CertificateServicesClient\SystemTask.

    5. It pauses for 25 seconds to allow the Software Protection Platform to validate the licenses in tokens.dat.

    6. It re-enables wuauserv, allowing the now-validated baseline to be recognized, completely eliminating the ghost download.
    Here is the short, simple way an end-user can completely avoid the Ghost Update scenario on a fresh installation without applying the above fix:

    Just wait 15 minutes before checking for updates.

    The exact steps for the user:

    1. Install the OS and reach the desktop.

    2. Connect to the internet (Wi-Fi or Ethernet).

    3. Do not immediately go to Settings and click "Check for Updates."

    4. Instead, just use the PC normally or let it sit idle for about 15 to 20 minutes.

    5. During this time, Windows will silently download the necessary security certificates in the background.
    Once that background sync happens naturally, clicking "Check for Updates" will work perfectly, instantly recognize the system is fully updated, and no ghost downloads will occur!
    Note: This happens (Ghost Update) only if you are building your SysPrep Image completely in offline mode. (With No Internet Connectivity even for once)
     
  14. amsk98

    amsk98 MDL Member

    Sep 8, 2013
    104
    6
    10