@s1ave77 : first of all thank you for this great tutorial, really good job. i have one question, when i want to capture a system image, i never use sysprep with this command : Code: %windir%\System32\Sysprep\sysprep.exe i just capture the system image either using the easiest way that exists with tool called Gimagex or i simply type directly this command line : Code: Dism /Capture-Image /ImageFile:x:\install.wim /CaptureDir:y:\ /Name:"My Windows partition" and once the image is captured with either both ways, i can apply the system image to the same computer or to another machine by typing this command line and it always works, never had a problem until now : Code: Dism /Apply-Image /ImageFile:X:Recovery\install.wim /Index:1 /ApplyDir:Z:\ then after the image is applied successfully, i use this command line in order for the windows version to be bootable : Code: x:\windows\system32\bcdboot x:\windows and that's it, the windows version is now bootable either on the same computer or on another machine with the image system previously captured. so my question is why people recommand to run sysprep.exe at the beginning when you can do the capture without using it as i've just showed you ? is it necessary to use sysprep.exe ?
thank you, now i know that sysprep is really important to avoid having compatibility problems among other things later on another machine but if you just want to use the same machine, in that case, i suppose that sysprep won't be necessary. so i suppose that sysprep.exe must be executed in audit mode everytime you want to capture the image, Right ?
The OS is left cleaner, ie, no user profile remains. You could use Administrator as the admin account is always there but disabled by default. Useful for Win8 where you can't run WU in Audit unless you use special scripts...
Thank s1ave77 for this awesome tutorial !!! It gathers a lot of informations I was looking for I would like to be apply registry tweaks to customize windows. I want to do that before first logon, because oitherwise the user would see the desktop without the customisation and would be forced to restart the computer. So, I call myRegTweaks.cmd from SetupComplete.cmd. As you say, the user profile doesn't exist yet, so my registry tweaks are also applied to HKU\.Default. Doing that ensure me that the created user would get the benefit of my customisation, or so I thought... Because it doesn't work Here is my RegTweaks.cmd called from SetupComplete.cmd : Spoiler: RegTweaks.cmd Code: @Echo Off call :IsAdmin :: Disable Telemetry reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d "0" /f :: Disable Wi-Fi Sense reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\Wifi\AllowWiFiHotSpotReporting" /v "Value" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\Wifi\AllowAutoConnectToWiFiSenseHotspots" /v "Value" /t REG_DWORD /d "0" /f :: Disable Web Search in Start Menu reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Search" /v "BingSearchEnabled" /t REG_DWORD /d "0" /f reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Search" /v "BingSearchEnabled" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "DisableWebSearch" /t REG_DWORD /d "1" /f :: Disable Start Menu suggestions reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SystemPaneSuggestionsEnabled" /t REG_DWORD /d "0" /f reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SystemPaneSuggestionsEnabled" /t REG_DWORD /d "0" /f :: Disable Location Tracking reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" /v "SensorPermissionState" /t REG_DWORD /d "0" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration" /v "Status" /t REG_DWORD /d "0" /f :: Disable Feedback reg add "HKCU\Software\Microsoft\Siuf\Rules" /v "NumberOfSIUFInPeriod" /t REG_DWORD /d "0" /f reg add "HKU\.DEFAULT\Software\Microsoft\Siuf\Rules" /v "NumberOfSIUFInPeriod" /t REG_DWORD /d "0" /f :: Disable Advertising ID reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /v "Enabled" /t REG_DWORD /d "0" /f reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /v "Enabled" /t REG_DWORD /d "0" /f :: Disable Error reporting reg add "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting" /v "Disabled" /t REG_DWORD /d "1" /f :: Restrict Windows Update P2P only to local network reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" /v "DODownloadMode" /t REG_DWORD /d "1" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization" /v "SystemSettingsDownloadMode" /t REG_DWORD /d "3" /f reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization" /v "SystemSettingsDownloadMode" /t REG_DWORD /d "3" /f :: Disable Firewall reg add "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile" /v "EnableFirewall" /t REG_DWORD /d "0" /f :: Disable Windows Defender reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f :: Disable Windows Update automatic restart reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoRebootWithLoggedOnUsers" /t REG_DWORD /d "1" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "AUPowerManagement" /t REG_DWORD /d "0" /f :: Enable Remote Desktop w/o Network Level Authentication reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v "fDenyTSConnections" /t REG_DWORD /d "0" /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v "UserAuthentication" /t REG_DWORD /d "0" /f :: Disable Autoplay reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" /v "DisableAutoplay" /t REG_DWORD /d "1" /f reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" /v "DisableAutoplay" /t REG_DWORD /d "1" /f :: Disable Autorun for all drives reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoDriveTypeAutoRun" /t REG_DWORD /d "255" /f :: Disable Action Center reg add "HKCU\Software\Policies\Microsoft\Windows\Explorer" /v "DisableNotificationCenter" /t REG_DWORD /d "1" /f reg add "HKU\.DEFAULT\Software\Policies\Microsoft\Windows\Explorer" /v "DisableNotificationCenter" /t REG_DWORD /d "1" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\PushNotifications" /v "ToastEnabled" /t REG_DWORD /d "0" /f reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications" /v "ToastEnabled" /t REG_DWORD /d "0" /f :: Disable Lock screen reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Personalization" /v "NoLockScreen" /t REG_DWORD /d "1" /f :: Disable Sticky keys prompt reg add "HKCU\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d "506" /f reg add "HKU\.DEFAULT\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d "506" /f :: Show file operations details reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\OperationStatusManager" /v "EnthusiastMode" /t REG_DWORD /d "1" /f reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\OperationStatusManager" /v "EnthusiastMode" /t REG_DWORD /d "1" /f :: Hide Task View button, Show known file extensions, Show hidden files, Hide sync provider notifications :: Change default Explorer view to This PC reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d "0" /f reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d "0" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d "0" /f reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d "0" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Hidden" /t REG_DWORD /d "1" /f reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Hidden" /t REG_DWORD /d "1" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSyncProviderNotifications" /t REG_DWORD /d "0" /f reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSyncProviderNotifications" /t REG_DWORD /d "0" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "LaunchTo" /t REG_DWORD /d "1" /f reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "LaunchTo" /t REG_DWORD /d "1" /f :: Show ribbon in windows explorer reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer" /v "ExplorerRibbonStartsMinimized" /t REG_DWORD /d "2" /f :: Show all tray icons :: Hide recently and frequently used item shortcuts in Explorer reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "EnableAutoTray" /t REG_DWORD /d "0" /f reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "EnableAutoTray" /t REG_DWORD /d "0" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "ShowRecent" /t REG_DWORD /d "0" /f reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "ShowRecent" /t REG_DWORD /d "0" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "ShowFrequent" /t REG_DWORD /d "0" /f reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "ShowFrequent" /t REG_DWORD /d "0" /f :: Show This PC shortcut on desktop reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" /v "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" /t REG_DWORD /d "0" /f reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" /v "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" /t REG_DWORD /d "0" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" /v "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" /t REG_DWORD /d "0" /f reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" /v "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" /t REG_DWORD /d "0" /f :: Hide Desktop icon from This PC reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f :: Hide Documents icon from This PC reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f :: Hide Downloads icon from This PC reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f :: Hide Music icon from This PC reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{a0c69a99-21c8-4671-8703-7934162fcf1d}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{a0c69a99-21c8-4671-8703-7934162fcf1d}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f :: Hide Pictures icon from This PC reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0ddd015d-b06c-45d5-8c4c-f59713854639}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0ddd015d-b06c-45d5-8c4c-f59713854639}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f :: Hide Videos icon from This PC reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\PropertyBag" /v "ThisPCPolicy" /t REG_SZ /d "Hide" /f :: Set Photo Viewer association for bmp reg add "HKLM\SOFTWARE\Classes\Paint.Picture\shell\open" /v "MuiVerb" /t REG_EXPAND_SZ /d "@%%ProgramFiles%%\Windows Photo Viewer\photoviewer.dll,-3043" /f reg add "HKLM\SOFTWARE\Classes\Paint.Picture\shell\open\command" /ve /t REG_EXPAND_SZ /d "%%SystemRoot%%\System32\rundll32.exe \"%%ProgramFiles%%\Windows Photo Viewer\PhotoViewer.dll\", ImageView_Fullscreen %%1" /f :: Set Photo Viewer association for gif reg add "HKLM\SOFTWARE\Classes\giffile\shell\open" /v "MuiVerb" /t REG_EXPAND_SZ /d "@%%ProgramFiles%%\Windows Photo Viewer\photoviewer.dll,-3043" /f reg add "HKLM\SOFTWARE\Classes\giffile\shell\open\command" /ve /t REG_EXPAND_SZ /d "%%SystemRoot%%\System32\rundll32.exe \"%%ProgramFiles%%\Windows Photo Viewer\PhotoViewer.dll\", ImageView_Fullscreen %%1" /f :: Set Photo Viewer association for jpg reg add "HKLM\SOFTWARE\Classes\jpegfile\shell\open" /v "MuiVerb" /t REG_EXPAND_SZ /d "@%%ProgramFiles%%\Windows Photo Viewer\photoviewer.dll,-3043" /f reg add "HKLM\SOFTWARE\Classes\jpegfile\shell\open\command" /ve /t REG_EXPAND_SZ /d "%%SystemRoot%%\System32\rundll32.exe \"%%ProgramFiles%%\Windows Photo Viewer\PhotoViewer.dll\", ImageView_Fullscreen %%1" /f :: Set Photo Viewer association for png reg add "HKLM\SOFTWARE\Classes\pngfile\shell\open" /v "MuiVerb" /t REG_EXPAND_SZ /d "@%%ProgramFiles%%\Windows Photo Viewer\photoviewer.dll,-3043" /f reg add "HKLM\SOFTWARE\Classes\pngfile\shell\open\command" /ve /t REG_EXPAND_SZ /d "%%SystemRoot%%\System32\rundll32.exe \"%%ProgramFiles%%\Windows Photo Viewer\PhotoViewer.dll\", ImageView_Fullscreen %%1" /f :: Add Photo Viewer to "Open with..." reg add "HKLM\SOFTWARE\Classes\Applications\photoviewer.dll\shell\open\command" /ve /t REG_EXPAND_SZ /d "%%SystemRoot%%\System32\rundll32.exe \"%%ProgramFiles%%\Windows Photo Viewer\PhotoViewer.dll\", ImageView_Fullscreen %%1" /f reg add "HKLM\SOFTWARE\Classes\Applications\photoviewer.dll\shell\open\DropTarget" /v "Clsid" /t REG_SZ /d "{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}" /f :: Disable 'How do you want to open this file?' prompt reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer" /v "NoNewAppAlert" /t REG_DWORD /d "1" /f Exit :IsAdmin reg query "HKU\S-1-5-19\Environment" If Not %ERRORLEVEL% EQU 0 ( Cls & Echo You must have administrator rights to continue ... Pause & Exit ) Cls goto:eof When the first user logon, these HKCU registry tweaks are not applied. It looks like the creation of the user is based on an other HKU\.Default hidden somewhere on the filesystem. Any idea how to apply my registry tweaks before first logon ? Or at least to be sure that my user would see them the first time its desktop is loaded. I would like to stay away from sysrep, as I want to be sure my futurs Windows build will be compatible with the maximum of clients. So I'd rather not do modifications in audit/sysrep mode.
oobe.cmd = no username is created at this stage of the install, so any HK-CurrentUser commands will fail. SetupComplete.cmd = Username has been created at this stage of the install, HKCU should work. Also both stages are automatically run as SYSTEM - no need for the isadmin parts as it is running at higher than administrator status. Windows Vista/7: Your script should operate ok **. Windows 8.x/10: If no ei.cfg is used then oobe.cmd & SetupComplete.cmd are ignored by windows setup this is a design feature to get the user to the desktop as quick as possible. Using the ei.cfg forces 8.x/10 to list the Editions to install so you will have to select which Edition Home/Pro etc, a by product of this is that the oobe/setupcomplete are not ignored and if present are executed as expected **. ** Providing no errors are within the code as you will NOT see anything on the screen so avoid anything that needs user input such as clicking OK , pressing a key etc. If your script is being used on Windows 8.x/10 installs this is probably why the script is not being run because of the way setup is designed on those OS's. Also avoid using EXIT within oobe.cmd or SetupComplete.cmd as I have found that this can cause some undesirable effects, such as script failures, not sure why, it not happen all the time. On the very last line use: Code: DEL /F /Q "%0%" >nul so that the script self deletes properly as sometimes they are not auto deleted by setup. A working ei.cfg, (to be placed in Sources folder of the ISO/USB). Code: [Channel] _Default [VL] 0 If using a VL (Volume License) change the VL to a 1 Hopefully this will help in working out why your script does not function. If not then at least the information on the setup stages are here for reference. As I maintain the Multi-OEM/Retail Project, I have had to understand the various quirks of the Windows Setup system so that the project can operate as intended at the required stages.
Hi mxman2k I Use ei.cfg with my Windows 10 Enterprise : Code: [EditionID] Enterprise [Channel] Volume [VL] 1 To skip the edition selection during install, I use the following in my autounattend.xml Code: <ImageInstall> <OSImage> <InstallFrom> <MetaData wcm:action="add"> <Key>/image/index</Key> <Value>1</Value> </MetaData> </InstallFrom> </OSImage> </ImageInstall> I'm sure that OOBE.cmd and SetupComplete.cmd are executed because inside the script, I've put the following line to pause and see what's going on : Code: start "SetupComplete" /wait cmd From this new visible command prompt, I can launch regedit and check that my RegTweaks.cmd file was correctly executed. Still, it doesn't apply to the futur created user account. Any idea ? Thanks for you help anyway
I not use autounattend myself so unsure of that way's process. Technically yes it *should* run the script(s) as you can see when you pause.... Do you 'see' the created username? echo %Username% should show the user that has been created. If the name is there then that stage has completed. Windows setup is a fussy beast at times! I know, many times i have been left with a WTF moment. There is another area HKEY_USERS. HKEY_USERS\S-1-5-21-xxxxxxxxx-xxxxxxxx-xxxxxxx-1001 This sets default reg entries for some parts of the current user too, the long number after S-1-5-21-............................. is the UserID. Most are copied from the HKCU but not all! These area's may also need to be set, I am playing about with that area at the moment to make colored Titlebars stick. To obtain the UserID within batch to be used I use this line: Code: SET "USERID=" FOR /F "tokens=1,2 delims==" %%s IN ('wmic path win32_useraccount where name^='%username%' get sid /value ^| find /i "SID"') DO SET "USERID=%%t" As the UserID changes for every user created, this obtains the currently logged in user's ID number. With a bit of code you can also place the reg entries into those areas. Example: Code: reg add "HKEY_USERS\%USERID%\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "EnableAutoTray" /t REG_DWORD /d "0" /f >nul As mentioned not all HKCU bits are present in the HK_USERS area, but most are. Worth a try, if something it not like it will ignore adding it into the registry area.
During OOBE.cmd, the user is system : http://i.imgur.com/VySe3AP.png Although, my registry tweaks have been correctly imported in HKCU and HKU\.Default. In fact, durinbg this stage HKCU points to HKU\.Default : HKCU : http://i.imgur.com/MacD63D.png HKU : http://i.imgur.com/c0swAcK.png During SetupComplete.cmd, the user is also system : http://i.imgur.com/PRkqF5c.png Also, the user specified in my autounattend.xml (Admin) is created : http://i.imgur.com/ORc3bX1.png But there's no key for him in HKU : http://i.imgur.com/lkUDOyv.png In this moments, I like to say... WTF ?!
Ok I know what's going on ! During that stage, the HKU\.Default is not a default registry for new user profiles, it's a registry for the “NT Authority/Local System”. Default registry for all new users is located in C:\Users\Default\NTUSER.DAT I check if I can adapt my script to apply the reg tweaks to this NTUSER.DAT file.
Hmm I see! Yeah it's definitely a WTF moment! Username: System would be correct as it still within setup and not completed those stages at that time, sorry i got confused a bit, the actual user has been created as the SID is present, those numbers are the username in numbers, why they not just use the username is anybodies guess! It is most odd that it not 'accepting' certain entries, it may be that area is 'locked' to NT_AUTHORITY or non admin user. Ah ha! you thought the same as i did
No worries, it's quite simple ... Code: :: Load the default user registry in HKU\DEFAULT instead of using wrong HKU\.DEFAULT reg load HKU\DEFAULT %systemdrive%\Users\Default\NTUSER.DAT :: reg add ........... :: Unload the default user registry reg unload HKU\DEFAULT
Spoiler: Demo NTUSER.DAT editing... Code: [CODE]@echo off REM Script Date - May 2016 set "Image=%systemDrive%\Users\Default\NTUser.dat" echo. echo "%Image%" IF NOT EXIST "%Image%" GOTO :ERR echo. echo Press any key to Load NTUSER.DAT hive into registry... echo. pause echo. reg load "HKU\DUMMY" "%Image%" echo. echo Hive Loaded... echo. echo Press any key to start registry hive update... echo. pause echo. reg add "HKEY_USERS\DUMMY\SOFTWARE\Microsoft\Internet Explorer\Main" /v "DoNotTrack" /t REG_DWORD /d 1 /f >NUL 2>&1 reg add "HKEY_USERS\DUMMY\SOFTWARE\Microsoft\Internet Explorer\Main" /v "Search Page" /t REG_SZ /d "http://www.google.com" /f >NUL 2>&1 reg add "HKEY_USERS\DUMMY\SOFTWARE\Microsoft\Internet Explorer\Main" /v "Start Page Redirect Cache" /t REG_SZ /d "http://www.google.com" /f >NUL 2>&1 ...... reg unload "HKU\DUMMY" echo. echo Completed! echo. pause EXIT :ERR echo. echo Looks like you have not mounted the Hive at the Location: echo "%Image% echo. TIMEOUT /T 10 exit This is part of what i used to use, you will get the idea how things are done.
Hmmm, I have another problem I have this command executed dureing SetupComplete.cmd to enable File Sharing : Nevertheless, it doesn't seem to work as I get this nag screen during first login http://i.imgur.com/3YCM4Wy.png Any idea ? Edit : my bad, the correct command should be the following. Therefore it's normal that it doesn't work. netsh advfirewall firewall set rule group="Network Discovery" new enable=Yes
Well, the nag screen still show up during first logon : http://i.imgur.com/3YCM4Wy.png But, the thing is : my pc is discoverable. So that prove that the netsh command is correctly executed and applied for my whole machine and not only for the system user during setupcomplete.cmd There must be a reg key somewhere to get rid of this nag screen, but I think it's going to take ages to find it
Found it ! Code: reg add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f Source here