Windows 10 Unattended install media – Part 4: Customize Windows Image

With the answer files complete, now it’s time to install Windows 10 on a reference Hyper-V virtual machine. You can naturally use any other virtualization platform for this, or even a spare physical PC, but I prefer Hyper-V and recommend it highly. To get started with Hyper-V in case you are not familiar with this platform, see my Hyper-V tutorial on

Create and configure VM

Create a new VM. The VM generation can be whatever you’d prefer, Generation 1 or Generation 2. In the New Virtual Machine Wizard, assign enough RAM (2 GB minimum) and disable (unselect) dynamic memory. For the next step leave the connection status as Not connected for now.  We will do our Windows Setup without a network connection and will  instead connect later:

Accept the default 127 GB virtual hard disk size, and in the next step select ISO as the install media, then browse to and select your preferred Windows 10 ISO image:

Finish the wizard. Before starting the VM up, right-click it in Hyper-V Manager and select Settings. Increase the number of virtual processors, two will be enough in most cases, and disable (unselect) automatic checkpoints. Click OK to save your settings:

Install Windows

Start the VM, and install Windows normally. This VM will have quite a short life span, so it does not have to be activated. When Windows Setup asks for a product key, select I don’t have a product key and continue on with setup:

When OOBE starts and the region and language selection screen is shown, press and hold down both the CTRL and SHIFT keys, press the F3 key, then release all keys. This  causes Windows to restart and boot into the so-called Audit Mode (a special customization mode for Windows):

Prepare assets

Windows installation on our reference VM will take 10 minutes or more even on a relatively fast host (host = PC used to run Hyper-V or other virtual machines). On the laptop I am using at the moment, it takes about 20 minutes. This gives us time to prepare and collect assets such as software installers, wallpapers, additional files and so on.

Create a new folder on any network share you have at your disposal. Name it Assets (or whatever you like). In case you don’t have any network shares on your host, create a new folder anywhere, name it Assets and share it. Right click that new folder, select Properties, select the Sharing tab, click on Advanced sharing, select Share this folder, name it as you like, click OK to save it, and then click Close to close the folder properties window:

Nowadays, the first asset I always copy to the Assets folder is the OneDrive standalone installer (get it here). There’s a known bug in Windows 10 since version 1703 that renders OneDrive unable to run after Windows has been sysprepped. Thus, it needs to be reinstalled. When I start customizing Windows on any reference VM, I will uninstall OneDrive first and foremost. The, I set this offline installer to run automatically when the first user signs in after Windows has been installed from my custom ISO.

It’s up to you: if your users don’t need OneDrive, you don’t need to reinstall it. Personally, I can no longer even think how to cope without my several terabytes of OneDrive storage on multiple accounts. For me, therefore, the OneDrive standalone installer is the first asset to copy into the Assets folder.

There’s another minor bug in Sysprep. Since Anniversary Update version 1607, when Windows image gets sysprepped,  end users see the built-in admin’s folders in File Explorer’s Quick Access. Ditto for the built-in admin’s recent files (everything we work with when customizing a Windows image). Fortunately, there’s an easy fix. On the host machine, open Notepad and copy these two lines into a new file:

echo Y | del %appdata%\microsoft\windows\recent\automaticdestinations\*
del %0

Save this file as RunOnce.bat in the Assets folder. We will later add this file to our Default Profile (the base profile Windows uses for each new user profile). The first line resets Quick Access and Recent Files to Windows defaults when a new user signs in for the first time. The second line then deletes the batch file itself from this specific user to ensure that it will only be run the first time a new user signs in.

Next come the Windows theme files. Windows won’t get activated as we start customizing in Audit Mode. Thus, this disables all personalization options using the Settings app. However, there’s nothing to prevent applying an imported a so-called Windows Desktop Theme Pack file with long extension .deskthemepack. On your host, create themes as you wish (wallpapers, colors and so on), then right click the theme in Settings > Personalization > Themes and select Save for sharing, saving them to the Assets folder:

The unattend.xml answer file to automate OOBE we created in Part 3 of this series must go into the Assets folder, too. Also, if you have prepared an OEM logo image (120*120 bitmap), and you added an OEM logo location into unattend.xml answer file in Part 3, copy that oemlogo.bmp file now into the Assets folder.

The rest is up to you. You can download and install software directly onto the reference virtual machine when we start customizing. If you’d prefer using offline and standalone installers, you can download them onto the host while Windows is still installing on reference VM and copy them into the Assets folder. In addition, if you want user profile folders to contain any documents, images, videos and such when a new user account is created, copy all this stuff into the Assets folder, too.

In the following screenshot my sample Assets folder contains the all-important unattend.xml answer file (the key to everything), my OEM logo image and RunOnce batch file, standalone installers for Chrome, Firefox, and VLC Player, the OneDrive standalone installer and a few Windows theme files, like this:

Customize Windows

Windows on our reference VM should have started in Audit Mode and signed you in using built-in admin credentials (no user accounts exist yet) by now. A visible telltale that we are indeed in Audit Mode is the Sysprep prompt shown on desktop. Close it for now by clicking Cancel:

VM is now using basic 1024*768 resolution. Change it to something more comfortable if you wish. I prefer to set my screen resolution to 1600*900 when customizing to give myself more workspace.

OK, now it’s time to connect to the network. In the VM, select File > Settings, select Network Adapter on the left pane, select Default Switch (or any other external switch) from the Virtual switch drop down list, and click OK to save settings:

The VM will now have network and Internet connections. Open File Explorer > This PC, map the host Assets folder as a network share entering a path to the share folder: \\HostComputerName\AssetsFolderShareName. Disable (unselect) Reconnect at sign-in, selelct Connect using different credentials, then click Finish:

A prompt will ask you to enter credentials. Enter your host machine admin account username and password, then click OK:

The host Assets folder now resides in File Explorer > This PC on the reference VM. Copy unattend.xml, RunOnce.bat, and the two optional files OneDrive installer and OEM logo to the following folders:

  • unattend.xml to folder C:\Windows\System32\Sysprep
  • RunOnce.bat to folder C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
  • OneDriveSetup.exe to folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
  • oemlogo.bmp to folder C:\Windows\System32

Notice that ProgramData and AppData are hidden folders, and are not shown in File Explorer by default.

Run your standalone installers, install all software you want to from the Internet. Do not run any of your installed apps, to avoid them creating user specific AppData folders. Apply desktop theme files, applying last the theme you want to be the default theme for each new user’s first sign-in (the current theme when we sysprep will be the system-wide default theme).

In my case  I first uninstalled OneDrive (Settings > Apps > Microsoft OneDrive > Uninstall), installed Chrome. Firefox and VLC using the standalone installers in the Assets folder, applied all themes, with the last them as the one I want to be the default. I then installed Opera, Office 365 (2016) and some third party tools from the Internet. When all downloads were done, I deleted the contents of Downloads folder because everything left to built-in admin’s user folders now will be copied to default user profile when we sysprep Windows, and from there to any and all new user profiles. If you have any files you need to be present when Windows is installed from this custom image, copy them now to respective folders (Documents, Pictures and so on).

When all this is done, only one step is missing before we can sysprep the image — namely, Disk Clean-up. Open Command Prompt (no need to elevate, we are already using an elevated built-in admin account), and run the following command:

cmd.exe /c Cleanmgr /sageset:65535 & Cleanmgr /sagerun:65535

This opens the Advanced Disk Clean-up prompt. Select each and every item on the list, then click OK to start cleanup operations:

Let Disk Clean-up finish, then close the Command Prompt. Everything done, here’s my reference VM’s desktop, ready to be sysprepped (click to open enlarged in a new tab.):

We will sysprep Windows on reference VM, capture it to a WIM file and create a custom ISO based on it in the fifth and final part of this series. Stay tuned!

Links to all five parts:





Author: Kari Finn

A former Windows Insider MVP, Kari started in computing in the mid 80’s writing code for VAX / VMS systems. Since then, he’s worked in a variety of IT positions. He specializes in Windows image capture, customization, repair and deployment as well as Hyper-V virtualization. Kari is a proud Team Member at number #1 Windows site

Tags: , , , ,

21 thoughts on “Windows 10 Unattended install media – Part 4: Customize Windows Image

  1. I wanted to create a user Profile with custom Start Menu and Task Bar Icons (Also I wanted to remove all the Game and Crap Apps with the command “Get-AppxPackage | where-object {$ –notlike “*store*”} | Remove-AppxPackage” – I added some more exclusions like Photo App and so on.

    As soon as I install with my image – Start Menu and other changes regarding taskbar and Apps seems to be not applied. Do you have any hints?

    I tried exporting and importing a custom start menu layout too – the import of the layout does not work too…?

    Thank you!

  2. Awesome article.. just got one small issue.. putting OnedriveSetup.exe in folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup.. I find that every time a user logs in OnedriveSetup runs. Is there a simple way to make this a ‘runonce’ operation per user?

  3. Hi Mike.

    First, when customizing image in Audit Mode, do not put the OneDriveSetup.exe in any ProgramData folder. Instead, create a two line batch file, save it as a batch file in %appdata%\Microsoft\Windows\Start Menu\Programs\Startup. Name the batch as you wish, for instance OD_RunOnce.bat. Here’s the batch:

    del %0

    This batch will now be run for each user once, first time the user will sign in, then the batch will delete itself so it’s not run in subsequent logins.

    Please notice: I am currently running the latest Windows 10 Insider build 18204, with latest OneDrive version. In my case, the correct installer is in folder %localappdata%\Microsoft\OneDrive\18.111.0603.0006. Change that last folder in path according to your actual OneDrive setup folder.

  4. Sorry to be a pain. I’ve tried running the ‘Decrapify’ script to remove a ton of rubbish (after creating a checkpoint!), but I get a sysprep error. I know this isn’t part of your article but if you have any advise it would be gratefully received. The error I get is… Failed to remove apps for the current user: 0x80070002 I have spent hours trawling the web for a solution but haven’t been succesful. There is no specific app referenced after the error and other scripts I have run to delete ‘all’ apps have run succesfully but not resolved the issue. Your article is awesome btw, especially as I’ve been unable to get MDT to work properly! Many thanks in advance.

  5. Please ignore my last comment… Found the issue! I reverted to my ‘pre-decrapify script’ checkpoint, re-ran decrapify and ‘immediately’ sys-prep’d the machine and all worked perfectly. All I can think is that the delay in my last attempt allowed MS to secretly start downloading Apps again in the background as I had an active internet connection. Hope this helps others.

  6. Before imaging, I have applied KB4343909 (build 17134.228) and KB4343902 (Flash Security update) on system installed from ISO downloaded from MS (April update). Then I have encountered strange issue – after imaging I have installed VM from the resulting ISO and everything seemd to be OK.

    But then I’ve realized that new users (added after installation) have icons missing in the taskbar for UWA – i.e. instead of Edge or Store icons there were just empty squares. Icons for desktop apps like File Explorer or PowerShell were shown correctly. User created with unattended installation is not affected. So far I have not found the root cause nor any fix.

    btw: The OneDrive bug mentioned in the text – is it that OneDrive key under HKLM\CurrentUser\Software\Microsoft\Windows\Run points to C:\Users\Administrator…? Could this be remedied by replacing user specific path with %LocalAppData% before imaging?

  7. Mr. Tao, your original comment posted about six hours ago here is not gone away, I am looking it just now when replying to you.

    Anyway, good to know you found the cause for the issue you described.

  8. Now I can see it too, Kari. I wonder whether it could be browser cache issue, but I couldn’t find it yesterday. I’m glad I could share the solution because realizing that Google File Stream crippled Windows ability to display PNG icons was a moment of absolute astonishment (like how could this even be possible? ?).

    I’ve put
    reg delete HKEY_CLASSES_ROOT\.png\shellex\{E357FCCD-A995-4576-B01F-234630154E96} /f
    to RunOnce.bat to fix this problem.

  9. I’m in Hyper-V, installing Windows 10 Pro 1803, unable to enter Audit Mode, stuck at the Region screen. Nothing happens when I “press and hold down both the CTRL and SHIFT keys, press the F3 key, then release all keys.” Have tried full screen mode. Any suggestions?

  10. That is strange. Are you sure the VM window has focus? Has happened often to me that I am so deep in my thoughts, doing something else on my PC like writing in Word, that when I notice VM is waiting a keypress nothing happens because before the keypress I forgot to switch focus to VM.

    Anyway, alternative method: in VM window when in OOBE region selection screen, press SHIFT + F10 to open Command Prompt, and enter following command exactly as shown, and press Enter:

    %windir%\System32\Sysprep\sysprep.exe /audit /reboot

    This does the same than CTRL + SHIFT + F3, restarts the computer or VM to Audit Mode.

  11. Absolutely the article I’ve been needing. Thank you very much.

    While following your steps closely, I added a step to change the VM to our local domain. After successfully doing so and rebooting, I login as the domain admin. But it hangs during the first time login. I’ve been sitting here 7 minutes waiting for the domain admin users desktop.

    Any thoughts?

    Thank you again for the time you spent on these threads!!

  12. Kari,

    I think I made a bad assumption. Your article is not focused on a domain user setup. Am I correct to say that I should not switch to the domain? If so, at what point do I change the domain? Or should I ignore that in the Audit Mode phase and simply let the Unattend file handle it?

    Your help is greatly appreciated.


    1. You should never customize your deployment image in Audit Mode when signed in to domain, and not join the reference machine to domain. Just install Windows on reference machine, boot normally to audit mode using the default built-in admin account. Customize, add necessary local and domain accounts in answer file, Sysprep using that answer file. Capture image and deploy.

      The main point is that joining a domain is only done on production, target machines, not on reference machine.

Comments are closed.

More Stories From Admin Tools

%d bloggers like this: