If you are a system administrator, then you will definitely be faced with the issue of mass deployment of the operating system on user computers. And no matter how you deploy it - from USB, through a WDS server with MDT, using SCCM - in any case, you will use a WIM file with an operating system image.

Overview of OS fork methods

1. Installation from a bootable USB drive. The answer file should be located on it in the root of the disk autounattend.xml. This is the file you create in advance using Windows System Image Manager (SIM), which is included with the Windows ADK. Please note that all Windows 10 builds have their own ADK version. You can download it from the Microsoft website. The OS image file itself with the WIM or ESD extension is located in the sources folder of your USB. You can take the original MSDN image, copy it from somewhere, or prepare your own. You need to integrate the drivers in advance into the WIM file or put them in the $OEM$ subfolder, and the path to it is specified in the autounattend.xml file.
   This method is suitable for single installations without the possibility of deep customization for different tasks, different users or different hardware.
2. Deployment using MDT from a USB drive. In this case, you prepare the boot disk itself using MDT (Microsoft Deployment Toolkit). You download the MDT package for free from the Microsoft website (again, different versions of MDT support different versions of the OS being deployed). MDT also requires the correct version of ADK to work. The latest MDT 8450 currently only supports Windows 10 1709 and older. In the MDT environment, you prepare a Task Sequence, add packages, drivers, and an operating system WIM file. Next, you create a bootable media that will include all of the above and copy it to USB. The subtlety is that here you customize the image either by modifying the WIM file in advance, or by editing the unattend.xml file related to the Task Sequence you created in MDT, which will be automatically included in the media, or by writing scripts that you add to packages and include it in the installation process as a Task Sequence step.
   When creating media MDT, they will create a boot.wim boot file for you, which will be executed when booting from a flash drive. It will download the Windows PE environment for you, from which the installation will begin.
   A very flexible method that allows you to enable any drivers and install any software during OS installation.
3. Deployment using MDT and WDS server. The only difference between this method is that the boot.wim created in MDT will not be located on USB, but on the network on a WDS server, from where you can boot via PXE.
4. Deployment using SCCM and WDS server. The client is loaded as in option 3, but the difference is that all WIM files, drivers and packages, as well as the Task Sequence itself with the unattend.xml file will be created and launched from the SCCM server, and not from MDT. A bootable boot.wim image will also be created using SCCM.
   This option is suitable for the most complex deployments with a large number of distributed installations.

Please also note that the unattend.xml response file can be included in the WIM image itself by placing it in the %WINDIR%\Panther\Unattend folder, but for MDT and SCCM a separate external file will still be required to execute the Task Sequence.

As I already indicated, the unattend.xml or autounattend.xml files can be edited manually in the editor, but it is more correct and safer to do this through SIM. The WIM operating system image file itself is created and edited using a console utility DISM, having many keys. Moreover, the same utility also deploys (apply) the WIM file to disk.

The DISM utility is included in the ADK package; it is important to use the version of the utility that supports the OS you are deploying.

Image Capture and WIM Creation

In order to create a WIM file, you must perform the Sysprep and Capture operations. To do this, install the system on your computer, configure it as you wish, install or remove applications, and install updates. Also, for successful sysprep in Windows 10, you need to clean the system and remove some Modern App-provided applications from HP and Canon, otherwise sysprep will fail. This can be done with Powershell commands:

Sysprep.exe /generalize /shutdown /oobe

In this case, the system will go to OOBE mode (Out-Of-Box Experience, as if it were just being installed from scratch), and then the computer will turn off. You can read more about this procedure in the Microsoft documentation.

Now the disk image can be captured. Disk capture is performed by the already mentioned DISM utility.

If you capture manually, you need to boot into Windows PE from USB or over the network, or connect the disk to another computer. Windows PE should already include the dism utility. Capturing the image is done with the command (assuming you are capturing the C: drive):

Dism /Capture-Image /ImageFile:D:\my-windows-partition.wim /CaptureDir:C:\ /Name:"My Windows partition"

One WIM file can contain multiple OS images, you can add a new captured disk to an existing image. This is convenient when you need to deploy different systems (for example, with a different set of programs) from one WIM file. You can edit the properties of the wim file, the name of the images in it.

Each image in the file has an index starting with 1. Accordingly, when you apply the image to a blank disk, you will need to specify the system index:

bcdboot C:\Windows

will create a BCD boot loader on the disk with the operating system. In addition, you will need to make a Recovery partition. To make it quick, I’ll give an example of a typical bat script that performs all these operations from the Microsoft documentation.

In fact, this is not the purpose of our article, but rather an overview that allows you to understand which utilities should be used and in what case. After all, the syntax of all commands is well described in the documentation. In addition, the procedure for both sysprep / capture and deploying an image to a pre-formatted disk is easier to perform through MDT by creating the appropriate Task Sequence in it, however, MDT requires skills; for one-time tasks it is easier to do everything manually.

Utilities for working with WIM images

All utilities in this list will be graphical replacements for console DISM.

This great utility, written in the AutoIt scripting language, saves you a lot of time by doing:

• capturing a disk into an image (capture)
• applying the image to disk (apply)
• shows information from the finished wim image
• allows you to mount an image into a folder, edit its contents and unmount it back (mount and unmount)
• uploading a single image from a wim file with multiple images
• editing the name and description of images in a wim file

The current version 2.2.0 is compatible up to Windows 10 build 1803. All operations are performed in one click. No installation required. Use case: capturing another partition on your disk or on a connected disk, as well as editing an existing wim file. Working in Windows PE is not implied.

This utility is written in Powershell, but is intended for slightly different operations, namely for maintaining and editing the existing WIM. All bookmarks are arranged in the order of their use: first you mount the image into a folder, and then edit it or save changes.

The utility allows you to:

• integrate drivers into the image (drivers)
• add cab packages and enable/disable features
• Attribute license information and key
• use ready-made Unattend.xml
• get a list of applications and patches in the image
• capture and apply image

The third utility is designed to prepare the system for capture. It allows you to cut or add whatever you want from it in a very granular manner:

• clearing caches, logs, Appx (Modern applications), temporary files
• management of installed Appx applications - allows you to remove Modern Apps, which previously could only be done through Powershell.
• optimization and customization of menus and icons
• adding and removing drivers
• adding and removing Windows components
• adding and removing Windows features (Features on Demand)
• adding and removing updates
• setting up file associations
• Editing the Unattend.xml response file

This documentation has been archived and is no longer maintained.

Build and deploy a Windows 10 Classic edition image (Home, Pro, Enterprise, and Education)

In this article

You can use Windows Image and Configuration Designer (ICD) to create a new image of Windows 10 for classic editions and customize it with drivers, applications, language packs, settings, and more. You can also create deployment media in a folder or USB key.

Note This imaging method requires a Windows Image file (Install.wim) that contains a base Windows image.

Build a custom Windows 10 image for classic editions

On the Windows ICD start page, select the command.

You can also choose Create a project... on the menu File.

In the window Enter project details please indicate Name And Location of your project. If you wish, you can also enter a short Description to describe your project.

If you have chosen a team Create a new custom Windows image on the home page, skip this step.

In the window Select a project workflow select Working with images from the list of available project workflows and click Further.

In the window Selecting the source format to create the image select item The Windows image is based on a WIM file and press the button Further.

In the window Selecting an image click Review to launch File Explorer. Search for and locate the Install.wim file.

After selecting the Install.wim file, all Windows images in the WIM file are listed in the panel Available images. By default, the first Windows image in the list is selected, and information about that image is displayed in the panel Image details.

Select the Windows image you want to use and click Further.

Optional. If you have a provisioning package that contains settings already made in another project and you want to reuse them from that package, click Review on the screen Import a provisioning package and find the provisioning package exported from another project.

Note You can only import one provisioning package.

Click the button Ready.

All settings that can be configured depending on the edition of Windows selected will be downloaded. Once all available settings have loaded, the Settings page will be displayed.

On this page, select the resources and settings you want to configure in the panel Available settings. There may be:

• Applications
• Driver set
• Drivers
• Components on demand
• Language packs
• Reference device data
• Options
• Windows Updates

For more information about configuring resources and settings, see .



Note

• The resources and options available for configuration depend on the edition of Windows you selected in the previous step, so not all of these resources may be available.

  Adding language packs may include a set of dependencies. For more information, see the article.

  If you want to add languages ​​to the Windows Recovery Environment, you will need to do so separately. For more information, see .

Not necessary. If you've finished configuring your custom image, you can export the provisioning package if you want to reuse all or most of the settings configured in that project.

To do this, click the drop-down list Export in the main menu, select Training package, add the required package information, set parameters, and create the package.

If you've finished configuring your custom image or finished exporting the provisioning package (optional), create the media that will host the image.

To do this, click Create from the main menu, and then select one of the media types.

• Working media- a medium to be used by equipment manufacturers. This carrier can be run in full autopilot mode. This media provides the ability to boot in audit mode and use an optional test script.

  Production media provides several optimization options to save deployment time.

  Clean installation media- This media may only be used by the end user for a clean installation. This media starts when the computer is first turned on, waits for end user input, and continues to boot into desktop mode. The installation itself is completed before starting when you turn on the computer for the first time.

  When you build media for a clean installation, all resources are placed in a provisioning package along with an install.wim file. The .ppkg file is not embedded in the installation, but rather embedded in the operating system during deployment.

  System recovery media- this media can be used by the end user only to recover data from a partially functioning (showing signs of life) device. It can only be in WIM image format.

• On the screen Select image format To create an image, you can select WIM or FFU format.

  • WIM- an image is created in the Windows Image (WIM) file format.

    This option allows you to build the media to a local folder on your computer or a network folder, or create bootable media on a USB drive.

    FFU- the image is built in Full Flash Update (FFU) file format.

You can also choose image options, such as enabling compact OS and defining first boot behavior. This includes booting in audit mode and selecting a script to run during the first boot.

On the screen Deployment media select the media type you want to create.

• If you select this option, enter or select a path for the destination location.

  Create a bootable USB drive- bootable media is created on a USB drive.

  When this option is selected, Windows ICD detects all available USB drives connected to the host computer and lists them in a drop-down list Output drives. If Windows ICD does not detect USB drives, connect the USB drive to your computer and click Update.

Click the button Further and then click Run build to start building the image. Project details are displayed on the build progress page, and a progress bar indicates the status of the build.

To cancel the construction, click the button Cancel. The current build process will be canceled, the wizard will close, and you will be returned to the settings page.

If the build fails, an error message will be displayed with a link to the project folder. You can review the logs to determine what caused the error. After the problem is resolved, try building the image again.

If the build is successful, the image name, output directory, and project directory will be displayed.

• If necessary, you can build the image again by selecting a different image format, selecting deployment media (or both), and starting another build. To do this, click Back to select the item you want to change and click Further to start another build.

• If you are finished, click the button Ready to close the wizard and return to the settings page.

Important The files generated when creating media using Windows ICD should only be used for installation when booting from the media. Affiliates must not modify or use these files for purposes other than downloading from the media.

Deploying an image on a computer

Insert the USB drive that contains the bootable media into your computer and boot your computer from the USB drive.

Enter your product key.

Accept the terms of the license agreement and wait until the installation completes.

This documentation has been archived and is no longer maintained.

Applying Sysprep to a Windows installation (preparing for use)

Use the remedy Sysprep to prepare the Windows installation. To deploy a Windows image to different computers, you must first prepare the image. You can use the system preparation tool (Sysprep), or you can specify an option in a response file to prepare the image as part of a silent installation. To prepare the image, you need to remove information about a specific computer from it. This process is called preparation image.

In most Windows 8 deployment scenarios, it is no longer necessary to use the SkipRearm answer file option to reset the Windows activation clock when you run the command Sysprep on the computer several times. In Windows 8, the SkipRearm parameter is used to indicate the Windows licensing state. If you specify a retail product key or a multiple install key, Windows activates automatically. Team Sysprep can be performed no more than 8 times with one Windows image. After running Sysprep 8 times on a Windows 8 image, you need to re-create the Windows image. For more information about the Windows features and settings that you can add to an answer file, see the Unattended Windows Installation Reference.

Attention

Don't use the Windows Store to update a Windows Store app before running sysprep /generalize. Sysprep cannot prepare the image in this scenario. This issue also affects Windows Store apps that come with Windows 8 (such as Mail, Maps, Bing Finance, Bing News, and others). This may occur when you configure an installation in audit mode as a built-in administrator or when a special account is used. The following error appears in the sysprep log files (%WINDIR%\System32\Sysprep\Panther):

Was installed for a user, but not provisioned for all users. This package will not function properly in the sysprep image.

For work Sysprep /generalize requires that all applications be provisioned for all users. However, when you update an app from the Windows Store, the app becomes unprovisioned and account bound.

Instead of using the Windows Store to update applications, you should sideload updates to line-of-business applications or encourage users to update applications on target computers using the Windows Store. In managed environments where Windows Store access is disabled by your IT administrator, you won't be able to update Windows 8 Store apps.

If your Network Policy Server (NPS) configuration contains RADIUS clients or groups of external RADIUS servers, you must remove this information before deploying it to another computer. For more information, see .

In this section

Preparing the image for use

When you prepare a Windows image, Windows Setup processes settings during the configuration phase. Even if the service computer and the reference computer have the same hardware configuration, you must run the command Sysprep with parameter /generalize. Team Sysprep /generalize removes unique system information from a Windows installation, making it safe to use the image on another computer. However, you can save the drivers during the setup phase.

Important

When you set up a reference computer, Windows Setup installs drivers for all detected devices. By default, Windows Setup removes these drivers when preparing the system for use. If the image is deployed to computers with the same hardware and devices, you will need to have Windows Setup install the same drivers again. To leave these drivers on the computer during system preparation, set the Microsoft-Windows-pnpsysprep | PersistAllDeviceInstalls value true. More information about Windows components related to Sysprep that you can add to the answer file, see Unattended Windows Installation Reference.

When executing the command Sysprep Windows replaces only the computer security identifier (SID) on the operating system volume. When Sysprep prepares the image, only the general section is prepared. Therefore, if several operating systems are installed on one computer, you must perform Sysprep for each image separately.

Preparing the image for use

Add one of the following parameters to your response file.

• Use the Microsoft-Windows-Deployment | Generalize. Set Mode to OOBE or Audit, and for ForceShutdownNow the value true. The computer will automatically prepare the image for use and shut down.

  Add the Microsoft-Windows-Deployment | Reseal into the setup phase. Set Mode to Audit. After the computer boots into audit mode and the window displays System Preparation Tool use one of the following methods:

  • In the window System preparation program select Preparation for use and click Shutdown and then click OK.

    Close the window System Preparation Tool %WINDIR%\system32\sysprep. Use the command Sysprep with parameters /generalize, /shutdown And /oobe. For example:

    The computer will prepare the image for use and shut down.

Dism/capture-image in the Deployment Image Servicing and Management Tool ( DISM).

For more information, see and.

If you need to configure additional settings, you can enter audit mode manually and perform the configuration before you prepare the image for use and deploy it.

Optional action. Entering audit mode manually before preparing the image for use

When the startup screen appears when you turn on your computer for the first time, press CTRL+SHIFT+F3. Windows will restart your computer in Audit mode and display the System preparation program.

Attention

The Ctrl+Shift+F3 keyboard shortcut prevents you from skipping any steps in the startup process when you turn on your computer for the first time, such as running scripts and applying response file settings during the setup phase.

Add all the settings you want to enable.

In the window System preparation program select Preparation for use and click Shutdown and then click OK

Close the window System Preparation Tool, open a command prompt window as administrator and go to the directory %WINDIR%\system32\sysprep. Use the command Sysprep with parameters /generalize, /shutdown And /oobe. For example:

Sysprep /generalize /shutdown /oobe

The computer will prepare the image for use and shut down.

After shutting down your computer, capture the image using image capture. For this you can use the command Dism/capture-image in the means DISM.

Deploy this image to a reference computer. When you boot your reference computer, the startup screen appears when you turn on the computer for the first time.

For more information about audit mode, see:

When you need to periodically install Windows with the same set of programs and settings, you can prepare your own Windows installation WIM image. Having created your image once, all subsequent installations will save your time.

Let's look at how to do this using Windows 10 as an example.

Preconditions

• You have VirtualBox or VMware Workstation installed on your computer.
• Windows ISO image downloaded.

Step-by-step instruction

Create a new virtual machine.

Install operating system(OS) Windows to a virtual machine. During installation, create a user, for example, user.

After the OS installation is complete, install VirtualBox Guest Additions(or VMware Tools) and reboot.

Install programs eg Office, 7z, Adobe Reader, Google Chrome, K-Lite codec pack, Skype, etc.

Launch Word and select the Install updates checkbox.

Set time zone: Date and time settings -> Timezone.

Open: Device Manager -> IDE Controllers. Replace the Intel(R) driver with standard two-channel controller.

Go to: Control Panel -> Regional Options -> Advanced -> Current language of non-Unicode programs-> Russian. Reboot.

Disable tracking in Windows 10.
Launch a command prompt with administrator rights and run:

Sc delete DiagTrack sc config DcpSvc start=disabled echo "" > C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v AllowTelemetry /t REG_DWORD /d 0 /f

Remove unused built-in applications in Windows 10.
Launch Powershell with administrator rights and run:

Get-AppxPackage Microsoft.Appconnector | Remove-AppxPackage Get-AppxPackage Microsoft.SkypeApp | Remove-AppxPackage Get-AppxPackage 9E2F88E3.Twitter | Remove-AppxPackage Get-AppxPackage Microsoft.ConnectivityStore | Remove-AppxPackage Get-AppxPackage microsoft.windowscommunicationsapps | Remove-AppxPackage Get-AppxPackage Microsoft.Messaging | Remove-AppxPackage Get-AppxPackage Microsoft.Getstarted | Remove-AppxPackage Get-AppxPackage Microsoft.WindowsPhone | Remove-AppxPackage Get-AppxPackage Microsoft.3DBuilder | Remove-AppxPackage Get-AppxPackage Microsoft.CommsPhone | Remove-AppxPackage Get-AppxPackage Microsoft.BingFinance | Remove-AppxPackage Get-AppxPackage Microsoft.MicrosoftSolitaireCollection | Remove-AppxPackage Get-AppxPackage Microsoft.BingNews | Remove-AppxPackage Get-AppxPackage Microsoft.BingSports | Remove-AppxPackage Get-AppxPackage Microsoft.People | Remove-AppxPackage Get-AppxPackage Microsoft.WindowsAlarms | Remove-AppxPackage Get-AppxPackage Microsoft.MicrosoftOfficeHub | Remove-AppxPackage Get-AppxPackage Microsoft.Office.OneNote | Remove-AppxPackage Get-AppxPackage Microsoft.Office.Sway | Remove-AppxPackage Get-AppxPackage Microsoft.XboxApp | Remove-AppxPackage Get-AppxPackage Microsoft.WindowsMaps | Remove-AppxPackage Get-AppxPackage Microsoft.BingWeather | Remove-AppxPackage Get-AppxPackage Microsoft.ZuneVideo | Remove-AppxPackage Get-AppxPackage Microsoft.ZuneMusic | Remove-AppxPackage Get-AppxPackage king.com.CandyCrushSodaSaga | Remove-AppxPackage

Get a list of all Windows online apps with the command:

Get-AppXProvisionedPackage -online | Select PackageName

Then remove all programs except Photos, Calculator, Camera, Store using the following commands:

Remove-AppxProvisionedPackage -online -PackageName

Install updates on Windows and Office I reboot every time until all the updates are installed.

Shutdown virtual machine and make a clone of it (if there is no second virtual machine with Windows 10 or ADK Windows 10 installed).

Enable primary virtual machine.

Remove VirtualBox Guest Additions and reboot.

Go to: C:\Windows\System32\Sysprep and run sysprep.exe
Choose: Switching to system audit mode, uncheck “Preparing for use”, Shutdown options - Reboot

After reboot do not close the Sysprep window. We'll need it later.

Go to: Computer Management -> Utilities -> Local Users and Groups -> Users. Delete the account created during installation(in our case user).

Go to: Control Panel -> System -> Advanced system settings -> Advanced tab -> User profiles -> Advanced-> select "Unknown account"->Delete.

Go to: C:\Windows\System32\Sysprep and run sysprep.exe

Choose: Entering OBE mode, check the “Prepare for use” checkbox, Shut down options - Shut down.

After 10 minutes the machine should turn off.

Connect disk virtual machine on which sysprep was launched on the second machine (clone).

Start a virtual machine with two disks. In this case, the original machine with sysprep must remain disabled.

Determine on which partition the sysprep-prepared Windows 10 is located (in our case: F: )

Launch a command prompt with administrator rights and run:

Dism /Capture-Image /ImageFile:c:\install.wim /CaptureDir:F:\ /Name:"Windows 10"

After half an hour, our install.wim file will appear on the C: drive