Fotolia
How to use Sysprep to install a custom Windows 10 image
Walk through the process of adding custom software, apps and assets to your Windows 10 image in audit mode.
When using Microsoft's System Preparation tool to create and install a custom Windows 10 image, one key step is installing all the software you want to include in your custom install media on a technician virtual machine.
A word of warning: Do not run any of the installed software in audit mode. If you run a software installer, for example, it may generate a selection box that reads something like Run this application now in its final prompt. Don't do that. Unselect that option and close the installer so the software remains pristine for each new user who actually works with the installed OS the customized image represents.
Because the System Preparation (Sysprep) tool runs using the built-in Administrator account you run in audit mode, it cannot run any Universal Windows Platform (UWP) apps, except Windows settings. Also, you cannot use Microsoft Edge to download any installers, either. Use Internet Explorer instead; type iexplore into the Run field to open that program.
Adding software installers to a custom Windows 10 image
You can also add software installers into your Assets folder. You'll import those assets into the virtual machine (VM), along with any other assets you may have already added or that you add during this part of the process.
Chocolatey package manager, which automates the software installation process so you don't have to install each software package individually, is a good option for this. To install Chocolatey, open an elevated PowerShell and set its script execution policy to unrestricted using the following command:
Set-ExecutionPolicy Unrestricted -Scope CurrentUser -Force
Now install Chocolatey using the following command, as shown in Figure A:
iwr https://chocolatey.org/install.ps1 -UseBasicParsing | iex
Now you can install all the basic software you want to include in your deployment images with a single command, as shown in Figure B:
choco install Office365Business, AdobeReader, vlc, 7zip, Notepadplusplus, ZoomIt, GoogleChrome, Firefox, Opera, Malwarebytes, TeamViewer -y
There are more than 5,100 Chocolatey packages to choose from. Notice that all the packages come from original sources without any additional potentially unwanted programs or other surprises; Chrome downloads from google.com, opera from opera.com and so on. Chocolatey installs everything you tell it to without any user interaction.
Import your assets
While that software is installing, you can import your assets to your custom Windows 10 image. If you use Microsoft OneDrive, simply use Internet Explorer to browse to OneDrive and import those assets.
Here's a list of save locations on the technician VM:
- oemlogo.bmp > C:\Windows\System32
- unattend.xml > C:\Windows\System32\Sysprep
- RunOnce.bat > C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start-up
You do not need to save the theme files you prepared on the host. Instead, open them from OneDrive to apply them. If you import multiple themes, import the one you want to greet new users last because that will act as the default theme. You cannot personalize the technician VM, nor change its theme because Windows is not activated. The only way to change themes is to import and apply them.
Working with Windows Update
When Chocolatey finishes installing your software, leave PowerShell open. Next, update Windows. You want your deployment images to receive all the available Windows updates. You can use a canned PowerShell script to accomplish this.
Download the PSWindowsUpdate script from Microsoft TechNet. This script is stored as a ZIP archive. On the technician VM, extract it to %WINDIR%\System32\WindowsPowerShell\v1.0\Modules. Import this into PowerShell using:
Import-Module PSWindowsUpdate
When this runs, you must accept two scripts by striking the R key.
Using Get-Command -Module PSWindowsUpdate, you can check to see what options are available. In this example, simply enter the following command to instruct Windows Update to apply all the available updates for the currently running Windows image, as shown in Figure C:
Get-WUInstall -AcceptAll
Because you used the latest build from Microsoft, there was nothing to update.
Customize Windows Explorer
Once you've installed all the additional software and Windows updates, you can customize Windows Explorer. For example, you can set icon size, establish a preferred view, add Favorites and so on.
Also, check the Administrator\Downloads folder. Then, delete any software installers you find there. Finally, run Disk Cleanup -- cleanmgr.exe -- to remove everything it lists as a cleanup target.
Because the built-in Administrator account cannot use UWP apps, Start menu tiles are not populated in audit mode. As a result, most tiles only show up as down arrows with no graphical elements. End users still see a normal, default Start menu, however.
Alternatively, you can modify the Start menu to your liking by removing all the tiles from the Start menu and pinning your preferred ones instead. You could, for instance, pin various Office application tiles to the Start menu at this point in the customization process.
When the Start menu looks the way you want, export the Start menu layout to C:\Windows\System32 using the PowerShell command Export-StartLayout C:\Windows\System32\MyCustomStart.xml. You can name and store this file whatever and wherever you want. You just have to save it with an XML extension in a location open to all users.
Now, open the Group Policy Editor -- gpedit.msc. Open your policy to Local Computer Policy > Administrative Templates > Start Menu and Taskbar > Start Layout. Enable the policy, then enter the path and file name for your exported Start menu layout. This policy forces your custom Start menu layout onto all users.
Next, open Disk Management and shrink the virtual hard disk of the technician VM to six to 15 GB to make room for a new partition to store the captured image. With the software from this example, 10 GB is enough.
Create a new partition allocating all the available space and name the partition image. Name the Windows partition Windows, then close Disk Management.
Then, create a folder named Scratch on your new image partition. You will use this as a temporary working folder for Windows Deployment Image Servicing and Management, the tool you use to capture the customized image.
When that is done, it's time to run Sysprep. Press WIN + R to open the Run field, then enter the following command:
%windir%\system32\sysprep\sysprep.exe /generalize /oobe /shutdown
Sysprep will generalize your image, making it hardware-independent by removing all the hardware drivers and entries in the Windows registry. When this process completes, the technician VM shuts down.
The only remaining step is to capture the image and use it to make an ISO file.