I already read about Windows unattended installations via autounattend.xml and unattend.xml, being the first used for WindowsPE (beginning of installation) and the second just for OOBE after initial installation. But by searching on internet all search results say that both are to be used in the USB media installer. How can I use unattend.xml for OEM pre-installed Windows? As soon as I power on out-of-the-box rigs Windows initiates a small "installation" process before going directly to the OOBE steps... Thanks. Oh, question is for both Win11 and Win10.
Install the latest ADK. Use the included "Windows System Image Manager" to create your autounattend.xml. All installation sections are covered my the tool. If your installing with the autounattend.xml, windows will copy it to \windows\panther\unattend.xml folder. If you open the unattend.xml you'll see " wasPassProcessed="true">" in the relevant sections... ei, <settings pass="oobeSystem" wasPassProcessed="true">
Are there any other locations Windows copies the unattend.xml to? I would like to delete them all after installation since they can be storing sensible data such as passwords...
C:\Windows\Panther is the only place for the staged copy of unattend.xml. Windows does scrub the password fields when it's done: Code: <AutoLogon> <Enabled>true</Enabled> <LogonCount>9999999</LogonCount> <Username>TWELVELB</Username> <Password>*SENSITIVE*DATA*DELETED*</Password> </AutoLogon> <OOBE> <HideEULAPage>true</HideEULAPage> <HideLocalAccountScreen>true</HideLocalAccountScreen> <HideOnlineAccountScreens>true</HideOnlineAccountScreens> <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> <NetworkLocation>Work</NetworkLocation> <ProtectYourPC>3</ProtectYourPC> </OOBE> <UserAccounts> <LocalAccounts> <LocalAccount wcm:action="add"> <Group>Administrators</Group> <Name>TWELVELB</Name> <Password>*SENSITIVE*DATA*DELETED*</Password> </LocalAccount> </LocalAccounts> </UserAccounts> </component> </settings> What I would be more scared about is your answer file being read on the install media, or a network share. If you have AD, use an Unsecure Join so no private password needs to be exposed.
Do I put answer file in that Sysprep folder even when laptop is new out of box and has not been initialized? (When turning on it runs the "Preparing" black screen before entering OOBE). And anyway, running sysprep.exe /oobe /reboot /unattend:E:\unattend.xml didn't work; this only processed the OOBE pass and not the Specialize pass... Volume E was an external USB drive. How can I use that?