Thursday, January 31, 2013

How To Create a Windows 8 Unattended Answer File For [WDS] Silent deployment


If you want to deploy Windows 8 silently (ex: by using Windows Deployment Services) you will need to create an answer file (aka unattend.xml).

Here are the steps I followed:
  1. Install the Deployment Tools feature included in the Windows Assessment and Deployment Kit for Windows 8.
  2. Extract your Windows 8 ISO
  3. Launch the Windows System Image Manager
  4. Under Windows Image right click and select a windows image, navigate to the sources\install.wim file from your extracted ISO or your DVD
  5. It will ask you about creating a catalog of the image, say yes
  6. Once that is done, under Answer File right click and select new answer file
  7. Drag Microsoft-Windows-Shell-Setup_neutral to the "4 specialize" section
    1. Enter your product key
  8. Drag Microsoft-Windows-International-Core_neutral to "7 oobeSystem"
    1. Set InputLocale to 0409:00000409
    2. SystemLocal, UILanguage, and UserLocal all to en-US
  9. Drag Microsoft-Windows-Shell-Setup_neutral to "7 oobeSystem"
    1. In order to make the installation completely silent and not need any user interaction, under OOBE set each of the following to true: HideEULAPage, HideLocalAccountScreen, HideOEMRegistrationScreen, HideOnlineAccountScreen, HideWirelessSetupInOOBE
    2. Set NetworkLocation to Work
    3. Set ProtectYourPC to 1 (This enables windows update with recommended settings)
  10. If you do not specify a local account in the answer file you will be forced to create one during image deployment, so be sure to create a new Local Account under UserAccounts -> LocalAccounts
    1. I have found that you can create a new account that is the same name as one that is already in the image for simplicity
  11. If you need to join to a domain, drag Microsoft-Windows-UnattendedJoin_Neutral to "4 specialize"
    1. Set your domain name in JoinDomain, set UnsecureJoin to false
    2. Enter credentials with domain join privileges -- **They WILL be stored in plain text in the file

Save your unattend.xml file.  At this point if you are using WDS you can select the image in the WDS console and attach the unattend.xml file to that image.

If you want to slip the unattend.xml file in to the image itself, copy it to c:\windows\system32\sysprep, and run sysprep like this:
sysprep /generalize /oobe /shutdown /unattend:c:\windows\system32\sysprep\unattend.xml
*I chose not to do it this way so i could easily update the unattend file without having to rebuild my image.

And here is my answer file:

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <InputLocale>0409:00000409</InputLocale>
            <SystemLocale>en-US</SystemLocale>
            <UILanguage>en-US</UILanguage>
            <UILanguageFallback></UILanguageFallback>
            <UserLocale>en-US</UserLocale>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <AutoLogon>
                <Password>
                    <Value>removed</Value>
                    <PlainText>false</PlainText>
                </Password>
                <Enabled>true</Enabled>
                <LogonCount>1</LogonCount>
                <Username>admin</Username>
                <Domain>removed</Domain>
            </AutoLogon>
            <OOBE>
                <HideEULAPage>true</HideEULAPage>
                <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
                <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
                <ProtectYourPC>1</ProtectYourPC>
                <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
                <NetworkLocation>Work</NetworkLocation>
                <HideLocalAccountScreen>true</HideLocalAccountScreen>
            </OOBE>
            <UserAccounts>
                <AdministratorPassword>
                    <Value>removed</Value>
                    <PlainText>false</PlainText>
                </AdministratorPassword>
                <LocalAccounts>
                    <LocalAccount wcm:action="add">
                        <Password>
                            <Value>removed</Value>
                            <PlainText>false</PlainText>
                        </Password>
                        <Description>admin</Description>
                        <DisplayName>admin</DisplayName>
                        <Name>admin</Name>
                        <Group>administrators</Group>
                    </LocalAccount>
                </LocalAccounts>
            </UserAccounts>
        </component>
    </settings>
    <settings pass="specialize">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ProductKey>XXXXX-XXXXX-XXXXX-XXXXX-XXXXX</ProductKey>
            <RegisteredOrganization>removed</RegisteredOrganization>
            <RegisteredOwner>removed</RegisteredOwner>
            <ComputerName>*</ComputerName>
        </component>
        <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <Identification>
                <Credentials>
                    <Domain>removed</Domain>
                    <Password>removed</Password>
                    <Username>removed</Username>
                </Credentials>
                <JoinDomain>removed</JoinDomain>
            </Identification>
        </component>
    </settings>
    <cpi:offlineImage cpi:source="wim:c:/isoextract/sources/install.wim#Windows 8 Enterprise" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>