[REPO/HOW-TO/CHAT] Audit/Sysprep/Generalize; Setupcomplete/Firstlogon; Silent Install

Discussion in 'Scripting' started by s1ave77, Feb 11, 2017.

  1. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,111
    24,294
    340
    #21 s1ave77, Feb 12, 2017
    Last edited by a moderator: Apr 20, 2017
    (OP)
    Good point, i will add an hint. Although i prefer the Powershell WU Module which i already linked in the Little Helper part.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    38,250
    66,442
    450
    #22 Enthousiast, Feb 13, 2017
    Last edited: Feb 13, 2017
    Added capture command lines, for use with capture exclusion script for ImageX, DISM and Wimlib-Imagex Wimcapture, at my previous post.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,111
    24,294
    340
    What would the exclusion script look like :g:. That info is missing, then i add it to post#1.

    Afaik when using imagex at least a lot of stuff is skipped by default.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    38,250
    66,442
    450
    #24 Enthousiast, Feb 13, 2017
    Last edited by a moderator: Apr 20, 2017
    I was hoping abbodi1406 would post them :)

    Win7.ini:
    Code:
    [ExclusionList]
    \Boot
    \Recovery
    \Recovery.txt
    \BOOTSECT.BAK
    \ProgramData\Microsoft\Network\Downloader\*
    \Users\Administrator
    \Windows\debug\*
    \Windows\inf\*.etl
    \Windows\inf\*.log
    \Windows\Logs\CBS\*
    \Windows\Logs\DISM
    \Windows\Logs\DPX
    \Windows\Logs\PBR
    \Windows\Logs\DirectX.log
    \Windows\Panther
    \Windows\Prefetch
    \Windows\security\database\*.chk
    \Windows\security\database\*.log
    \Windows\security\database\*.jrs
    \Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-*.dat
    \Windows\servicing\Packages\wuindex.xml
    \Windows\SoftwareDistribution
    \Windows\System32\catroot2\*.chk
    \Windows\System32\catroot2\*.log
    \Windows\System32\catroot2\*.jrs
    \Windows\System32\CodeIntegrity\bootcat.cache
    \Windows\System32\Sysprep\Panther
    \Windows\System32\Sysprep\Sysprep_succeeded.tag
    \Windows\System32\WindowsPowerShell\v1.0\Modules\PSWindowsUpdate
    \Windows\System32\winevt\Logs\*
    \Windows\Temp\*
    \Windows\WinSxS\ManifestCache\*
    \Windows\WinSxS\Temp\PendingDeletes\*
    \Windows\DtcInstall.log
    \Windows\PFRO.log
    \Windows\setupact.log
    \Windows\setuperr.log
    \Windows\TSSysprep.log.log
    \Windows\vmgcoinstall.log
    \Windows\WindowsUpdate.log

    Win8.1/10.ini:
    Code:
    [ExclusionList]
    \Boot
    \Recovery
    \Recovery.txt
    \BOOTSECT.BAK
    \ProgramData\Microsoft\Network\Downloader\*
    \Users\Administrator
    \Windows\debug\*
    \Windows\inf\*.etl
    \Windows\inf\*.log
    \Windows\Logs\CBS\*
    \Windows\Logs\DISM
    \Windows\Logs\dosvc
    \Windows\Logs\DPX
    \Windows\Logs\PBR
    \Windows\Logs\SetupCleanupTask
    \Windows\Logs\SIH
    \Windows\Logs\WindowsUpdate
    \Windows\Logs\DirectX.log
    \Windows\Panther
    \Windows\Prefetch
    \Windows\security\database\*.chk
    \Windows\security\database\*.log
    \Windows\security\database\*.jrs
    \Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-*.dat
    \Windows\SoftwareDistribution
    \Windows\System32\catroot2\*.chk
    \Windows\System32\catroot2\*.log
    \Windows\System32\catroot2\*.jrs
    \Windows\System32\CodeIntegrity\bootcat.cache
    \Windows\System32\Sysprep\Panther
    \Windows\System32\Sysprep\Sysprep_succeeded.tag
    \Windows\System32\winevt\Logs\*
    \Windows\Temp\*
    \Windows\WinSxS\ManifestCache\*
    \Windows\WinSxS\Temp\PendingDeletes\*
    \Windows\comsetup.log
    \Windows\DtcInstall.log
    \Windows\lsasetup.log
    \Windows\PFRO.log
    \Windows\setupact.log
    \Windows\setuperr.log
    \Windows\TSSysprep.log.log
    \Windows\vmgcoinstall.log

    Standard exclusions aren't added, they get excluded by default.

    Provided by abbodi1406 :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,111
    24,294
    340
    Added Enthousiasts examples to post#1 :good3:.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    38,250
    66,442
    450
    @S1ave77, at the OP you say:

    It's executed after OOBE has run (User account creation, personalizing, etcetc...) or not?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,111
    24,294
    340
    Exact, but afaik user folders are created at FirstLogon :g:.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    38,250
    66,442
    450
    In 15063 WU works in audit mode (same behavior as in previous builds).
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    12,897
    62,358
    340
    I believe oobe.cmd and setupcomplete can co-exist

    and it may worth to mention that oem key disables both on Windows 8 and later :)
     
  10. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,060
    15,242
    270
    #30 Mr.X, May 4, 2017
    Last edited: May 4, 2017
    Ah yes, I remember @xinso and I noticed this oem key and oobe "issue" when working for the very first time KMS activation and Windows 8.1 Single Language with Bing.
     
  11. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,111
    24,294
    340
    Thanks. Added info to post#2 :good3:.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    38,250
    66,442
    450
    I use an OOBE.cmd (MRP) + a setupcomplete.cmd (murphy78's Enable MSUpdate script) on win 7 SP1 inside the "install.wim\windows\setup\scripts\" folder.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,111
    24,294
    340
    Didn't know they can co-exist. Thought they act at the same setup stage :g:. I usually use setupcomplete.cmd (Daz Loader) and start the script for firstlogon stage (Prog installs and tweaks) via RunOnceEx reg key.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. MonarchX

    MonarchX MDL Expert

    May 5, 2007
    1,732
    311
    60
    This guide states that Start Menu adjustments in Audit mode carry-over with SysPrep, but it is not fully the case. Tile adjustments are ignored for sure. MSMG Toolkit leaves blank Store tile and removing it in Audit mode does not remove it from other profiles after SysPrep.
     
  15. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,111
    24,294
    340
    Seems to be a problem related to the way of removal not the Audit/Sysprep/Generalize method :g:.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. quetzalin

    quetzalin MDL Junior Member

    May 25, 2011
    84
    11
    0
    After sysprep, and maping the VM Ware virtual disk i'm capturing the image with the next command:

    wimcapture E:\ D:\WinStuff\install.wim "Windows 10 Enterprise" "Windows 10 Enterprise" --config=D:\WinStuff\excludelist\winscript.ini

    When i check the result file (install.wim) files like pagefile.sys,swapfile.sys and folders like System Volume Information are there, shouldnt these files be excluded even if they are not listed on winscript.ini?
     
  17. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    38,250
    66,442
    450
    #37 Enthousiast, Jun 29, 2017
    Last edited: Jun 29, 2017
    Not on my sysprepped/captured wims:
    [​IMG]

    [​IMG]

    [​IMG]

    Oh wait, you've used wimlib imagex, mine were captured by normal imagex (will capture using wimlib next time).
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    38,250
    66,442
    450
    #38 Enthousiast, Jun 29, 2017
    Last edited: Jun 29, 2017
    Captured with wimlib imagex using the exclusion list by abbodi1406:

    Code:
    Microsoft Windows [Version 10.0.15063]
    (c) 2017 Microsoft Corporation. All rights reserved.
    
    C:\WINDOWS\system32>d:\Downloads\wimlib\wimcapture h:\ d:\Test7\wimlib\install.wim Index_Name Index_Description --config=d:\W10UI_1.8\winscript.2.ini
    Scanning "h:\"
    1550 MiB scanned (88 files, 13 directories)
    Excluding "\\?\h:\Recovery" from capture
    1607 MiB scanned (241 files, 115 directories)
    Excluding "\\?\h:\Windows\lsasetup.log" from capture
    
    Excluding "\\?\h:\Windows\Panther" from capture
    
    Excluding "\\?\h:\Windows\setuperr.log" from capture
    
    Excluding "\\?\h:\Windows\setupact.log" from capture
    
    Excluding "\\?\h:\Windows\Prefetch" from capture
    1619 MiB scanned (252 files, 132 directories)
    Excluding "\\?\h:\Windows\DtcInstall.log" from capture
    5440 MiB scanned (33164 files, 9204 directories)
    Excluding "\\?\h:\Windows\WinSxS\ManifestCache\c51851603bc3818b_blobs.bin" from capture
    5576 MiB scanned (37511 files, 9209 directories)
    Excluding "\\?\h:\Windows\Temp\FXSTIFFDebugLogFile.txt" from capture
    
    Excluding "\\?\h:\Windows\Temp\FXSAPIDebugLogFile.txt" from capture
    
    Excluding "\\?\h:\Windows\Temp\MpCmdRun.log" from capture
    
    Excluding "\\?\h:\Windows\Temp\tem2F8.tmp" from capture
    5580 MiB scanned (44168 files, 9592 directories)
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-LiveId%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Security-SPP-UX-Notifications%4ActionCenter.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Fault-Tolerant-Heap%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-SettingSync%4Debug.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-SettingSync%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Provisioning-Diagnostics-Provider%4Admin.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4LogonTasksChannel.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4AppDefaults.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-PushNotification-Platform%4Admin.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-PushNotification-Platform%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Biometrics%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-WorkFolders%4WHC.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-StorageSpaces-ManagementAgent%4WHC.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-ConnectedAccountState%4ActionCenter.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Control Panel%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-All-User-Install-Agent%4Admin.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-WinRM%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-SMBClient%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Store%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-FileHistory-Core%4WHC.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Troubleshooter.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Steps-Recorder.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Inventory.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-TWinUI%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PCW%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Storage-ClassPnP%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Admin.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-SmbClient%4Security.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-SMBServer%4Audit.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-SMBServer%4Security.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-SMBServer%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4PlaybackManager.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4CaptureMonitor.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-User Device Registration%4Admin.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-UniversalTelemetryClient%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-VPN%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-WFP%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-IKE%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-SMBWitnessClient%4Informational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-SMBWitnessClient%4Admin.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Containers-Wcnfs%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Containers-Wcifs%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-StateRepository%4Restricted.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-StateRepository%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Ntfs%4WHC.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Ntfs%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Setup.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\HardwareEvents.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Internet Explorer.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Key Management Service.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Windows PowerShell.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Security.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\Application.evtx" from capture
    
    Excluding "\\?\h:\Windows\System32\winevt\Logs\System.evtx" from capture
    5645 MiB scanned (45592 files, 9832 directories)
    Excluding "\\?\h:\Windows\System32\Sysprep\Sysprep_succeeded.tag" from capture
    
    Excluding "\\?\h:\Windows\System32\Sysprep\Panther" from capture
    6075 MiB scanned (57936 files, 10928 directories)
    Excluding "\\?\h:\Windows\security\database\edb.log" from capture
    
    Excluding "\\?\h:\Windows\security\database\edb.chk" from capture
    
    Excluding "\\?\h:\Windows\security\database\edbres00002.jrs" from capture
    
    Excluding "\\?\h:\Windows\security\database\edbres00001.jrs" from capture
    
    Excluding "\\?\h:\Windows\security\database\edbtmp.log" from capture
    6084 MiB scanned (59646 files, 11778 directories)
    Excluding "\\?\h:\Windows\Logs\DISM" from capture
    
    Excluding "\\?\h:\Windows\Logs\DPX" from capture
    
    Excluding "\\?\h:\Windows\Logs\dosvc" from capture
    
    Excluding "\\?\h:\Windows\Logs\WindowsUpdate" from capture
    
    Excluding "\\?\h:\Windows\Logs\CBS\CBS.log" from capture
    6759 MiB scanned (70385 files, 12687 directories)
    Excluding "\\?\h:\Windows\debug\PASSWD.LOG" from capture
    
    Excluding "\\?\h:\Windows\debug\sammui.log" from capture
    7751 MiB scanned (72962 files, 13950 directories)
    Excluding "\\?\h:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat" from capture
    
    Excluding "\\?\h:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat" from capture
    7754 MiB scanned (81972 files, 14984 directories)
    Setting the DESCRIPTION property of image 1 to "Index_Description".
    Using LZX compression with 8 threads
    Archiving file data: 7149 MiB of 7149 MiB (100%) done
    
    C:\WINDOWS\system32>
    
    [​IMG]

    Install.wim = 2.99 GB (3,215,384,828 bytes)

    Capturing using normal imagex (GimageX tool, just a gui for imagex), no exclusions list:
    [​IMG]

    Install.wim = 2.86 GB (3,079,557,862 bytes)

    Capturing using normal imagex (GimageX tool, just a gui for imagex), exclusions list used:
    [​IMG]

    Install.wim = 2.86 GB (3,077,778,013 bytes)

    The captured install was a clean sysprepped install.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. quetzalin

    quetzalin MDL Junior Member

    May 25, 2011
    84
    11
    0
    So yeah, wimlib capture method definetly doesn't use any other exclusion (default) apart from the ones specified.

    I captured with imagex now and the install.wim is much cleaner since it uses both exclusions; the one you provide from abbodi1406 list and it's own default one.

    ImageX Tool for Windows
    Copyright (C) Microsoft Corp. All rights reserved.
    Version: 10.0.10011.16384

    Files/folders excluded from image capture by default:

    \$windows.~bt
    \$windows.~ls
    \winpepge.sys
    \Windows\CSC
    \Recycled
    \Recycler
    \$Recycle.Bin\*
    \System Volume Information
    \swapfile.sys
    \pagefile.sys
    \hiberfil.sys
     
  20. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    38,250
    66,442
    450
    Maybe @Atari800XL can help a bit with the exclusion options for wimlib.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...