Reaper's Edge‎ > ‎

Unattend.xml for Windows 7

posted Sep 26, 2010, 9:36 AM by Michael Wilson   [ updated Oct 29, 2010, 7:14 AM ]
When you installed the Windows AIK earlier one of the tools that was installed was called the Windows System Image Manager. This is the tool Microsoft put out to help you assemble the unattend.xml file for use with Sysprep. Given how monstrously complicated the unattend.xml file is, WSIM actually does a decent job managing the chaos. That said, I was thinking I'd post a copy of the unattend.xml that I'm using and help you pick it apart.

There's a lot of code here, so to keep it all street I'll be making all my comments in red. Enjoy.

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="generalize">
        <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <SkipRearm>1</SkipRearm> This setting here covers whether or not you want to reset the Windows activation timer. During testing you'll want to leave this set to 1 and switch it to 0 for actual deployment. 
        </component>
        <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> These two settings have to do with whether or not you want your image to keep the device drivers that were on the template PC. If you're like me and you use a template PC that is common in your environment then you'll probably want to keep them.
            <DoNotCleanUpNonPresentDevices>true</DoNotCleanUpNonPresentDevices>
        </component>
    </settings>
    <settings pass="specialize">
        <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <SkipAutoActivation>true</SkipAutoActivation>  Do you want Windows to automatically activate itself, or wait for someone to do it manually. Personal preference I suppose.
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ProductKey>11111-11111-11111-11111-11111</ProductKey> The Windows product key. If using KMS, use a KMS client key found here: http://technet.microsoft.com/en-us/library/ff793421.aspx
            <ComputerName>%Please input a computer name%</ComputerName> The source of all my problems. Note that WSIM does not like this setting and will not allow you to enter it through that program. You'll have to manually add it if you're using MySysprep2. You are using MySysprep2 right? If not, you may want to leave this setting out altogether.
            <TimeZone>Pacific Standard Time</TimeZone> The time zone.
        </component>
        <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <Identification>
                <Credentials>
                    <Domain>windows.mydomain.com</Domain> These four settings cover joining the domain automatically. 
                    <Password>password</Password>
                    <Username>domadminguy</Username>
                </Credentials>
                <JoinDomain>windows.mydomain.com</JoinDomain>
            </Identification>
        </component>
        <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <RunSynchronous>
                <RunSynchronousCommand wcm:action="add">
                    <Path>net user administrator /active:yes</Path> This tells the PC to run a command line argument that activates the local Administrator account. Don't leave home without it.
                    <Order>1</Order>
                </RunSynchronousCommand>
            </RunSynchronous>
        </component>
    </settings>
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <InputLocale>en-us</InputLocale> These four settings all cover your language pack and country. 
            <SystemLocale>en-us</SystemLocale>
            <UILanguage>en-us</UILanguage>
            <UserLocale>en-us</UserLocale>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <OOBE>
                <HideEULAPage>true</HideEULAPage> These settings here seem to half work. They keep you from getting pestered during the oobeSystem pass about things like the EULA and Windows Update settings, but expect to get pestered again when you first login to Windows.
                <NetworkLocation>Work</NetworkLocation>
                <ProtectYourPC>1</ProtectYourPC>
                <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
            </OOBE>
            <RegisteredOrganization>CompanyName</RegisteredOrganization> I generally use my company name for both of these.
            <RegisteredOwner>OwnerName</RegisteredOwner>
            <UserAccounts>
                <AdministratorPassword>
                    <Value>giberishadminpassword</Value> If you add an Adminsitrator password here and leave plaintext set to false it will convert it to a long string of giberish, and still work.
                    <PlainText>false</PlainText>
                </AdministratorPassword>
                <LocalAccounts>
                    <LocalAccount wcm:action="add">
                        <Password>
                            <Value>giberishlocaluserpassword=</Value> These settings are for the creation of a local account. As it happened I wanted to add one, but you may not. The thing is, if you don't add a local account here it will force you to add one in OOBE. One strategy is to specify one here then setup a script that deletes at first login. I know, I hate it too.
                            <PlainText>false</PlainText>
                        </Password>
                        <DisplayName>LocalUserName</DisplayName>
                        <Name>LocalUserName</Name>
                        <Group>Administrators</Group>
                    </LocalAccount>
                </LocalAccounts>
            </UserAccounts>
        </component>
        <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <Reseal>
                <Mode>OOBE</Mode> Two options here OOBE and Audit. I haven't played much with Audit but if you're using this unattend as part of your image for deployment, you'll want it set to OOBE.
            </Reseal>
        </component>
    </settings>
    <cpi:offlineImage cpi:source="wim:c:/users/mikew/desktop/windows%207/sources/install.wim#Windows 7 PROFESSIONAL" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>


That's it for my unattend.xml. If you have any tips for me please post them to the comments.
ċ
Unattend.txt
(6k)
Michael Wilson,
Sep 26, 2010, 12:45 PM
Comments