But I wanted to see if I can kinda simplify my deployment of the 30-some PCs with the cool Windows Deployment Services.
hell, only if I knew what a mess it is.
First things first, WDS is deprecated and basically phased out. The replacements MDT, SCCM, ConfigMgr or whatever exist, but none of them are straight forward. Even some of them are kinda deprecated. Microsoft officially suggests Autopilot and Entra ID or some other crap that is cloud based and doesn't work on-prem, what is something that I despise using.
While the regular WDS guides go enough in depth what and how to do, the unattended things are a mess in itself and are rarely properly documented in a way where I would want.
Only thing mentionable is that you are advised to use Windows 10 Setup PE because Microsoft blocked out the Windows 11 Setup PE on purpose.
I advise you to follow the rest of the guides for WDS, I am clarifying just the unattended part.
Making Unattended work with WDS is a fun exercise. You can pick one of two possible options. Either you can make a split WDSUnattend config and an ImageUnattend where the former specifies PE settings + automated tasks (partitioning, selected wim and the regional) and the latter is used for the main Windows stuff (joining domains, installing stuff, running scripts and such).
These two scripts can be merged into one in case you plan to "simplify" things but it's not necessary.
- Server WDS Properties > Client > Unattended Installation
- Install Images > [ImageGroup] > Image Properties > Unattend File
Not applying the unattend in the WDS properties results in the PXE booted PE setup to not perform automated tasks, same analogy applies with OOBE and the rest on the unattend for image properties.
WDSUnattend Example:
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DiskConfiguration>
<Disk wcm:action="add">
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
<CreatePartitions>
<!-- Windows RE Tools partition -->
<!-- System partition (ESP) -->
<CreatePartition wcm:action="add">
<Order>1</Order>
<Type>EFI</Type>
<Size>100</Size>
<!-- Note: for Advanced Format Generation One drives, change to size=260 -->
</CreatePartition>
<!-- Microsoft reserved partition (MSR) -->
<!-- Windows partition -->
<CreatePartition wcm:action="add">
<Order>2</Order>
<Type>Primary</Type>
<Extend>true</Extend>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<!-- Windows RE Tools partition -->
<!-- System partition (ESP) -->
<ModifyPartition wcm:action="add">
<Order>1</Order>
<PartitionID>1</PartitionID>
<Label>System</Label>
<Format>FAT32</Format>
</ModifyPartition>
<!-- MSR partition does not need to be modified -->
<!-- Windows partition -->
<ModifyPartition wcm:action="add">
<Order>2</Order>
<PartitionID>2</PartitionID>
<Label>Windows</Label>
<Letter>C</Letter>
<Format>NTFS</Format>
</ModifyPartition>
</ModifyPartitions>
</Disk>
<WillShowUI>OnError</WillShowUI>
</DiskConfiguration>
<ImageInstall>
<OSImage>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>2</PartitionID>
</InstallTo>
</OSImage>
</ImageInstall>
<WindowsDeploymentServices>
<Login>
<Credentials>
<Domain>DOMAIN</Domain>
<Password>examplePassword</Password>
<Username>Administrator</Username>
</Credentials>
</Login>
<ImageSelection>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>2</PartitionID>
</InstallTo>
<InstallImage>
<Filename>golden.wim</Filename>
<ImageGroup>WDS</ImageGroup>
<ImageName>Windows 11 Golden</ImageName>
</InstallImage>
</ImageSelection>
</WindowsDeploymentServices>
<UserData>
<AcceptEula>true</AcceptEula>
<FullName>Počítač</FullName>
<Organization>Organizácia</Organization>
</UserData>
</component>
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<InputLocale>sk-SK</InputLocale>
<SystemLocale>sk-SK</SystemLocale>
<UILanguage>sk-SK</UILanguage>
<UserLocale>sk-SK</UserLocale>
</component>
</settings>
<cpi:offlineImage cpi:source="wim:c:/install_original_w11ent.wim#Windows 11 Enterprise LTSC 2024" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>
ImageUnattend Example:
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="specialize">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>041b:0000041b</InputLocale>
<SystemLocale>sk-SK</SystemLocale>
<UILanguage>sk-SK</UILanguage>
<UserLocale>sk-SK</UserLocale>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<TimeZone>W. Europe Standard Time</TimeZone>
<ComputerName></ComputerName>
<RegisteredOwner>Počítač</RegisteredOwner>
<RegisteredOrganization>Organizácia</RegisteredOrganization>
</component>
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Identification>
<JoinDomain>priklad.domeny.sk</JoinDomain>
<UnsecureJoin>false</UnsecureJoin>
<Credentials>
<Domain>priklad.domeny.sk</Domain>
<Password>examplePassword</Password>
<Username>Administrator</Username>
</Credentials>
</Identification>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>041b:0000041b</InputLocale>
<SystemLocale>sk-SK</SystemLocale>
<UILanguage>sk-SK</UILanguage>
<UserLocale>sk-SK</UserLocale>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideLocalAccountScreen>true</HideLocalAccountScreen>
<HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<ProtectYourPC>2</ProtectYourPC>
</OOBE>
<TimeZone>W. Europe Standard Time</TimeZone>
<ShowPowerButtonOnStartScreen>true</ShowPowerButtonOnStartScreen>
<RegisteredOrganization>Organizácia</RegisteredOrganization>
<RegisteredOwner>Počítač</RegisteredOwner>
<UserAccounts>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>examplePassword</Value>
<PlainText>true</PlainText>
</Password>
<Description>lokálny Administrator</Description>
<DisplayName></DisplayName>
<Group>Administrators</Group>
<Name>admin</Name>
</LocalAccount>
</LocalAccounts>
<AdministratorPassword>
<Value>examplePassword</Value>
<PlainText>true</PlainText>
</AdministratorPassword>
</UserAccounts>
</component>
</settings>
<cpi:offlineImage cpi:source="wim:c:/install_original_w11ent.wim#Windows 11 Enterprise LTSC 2024" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>
Part of the reason for this post's existence is also that I was insanely wasting hours of my life figuring out what actually is the working combination for unattend these days.
Stuff like <ComputerName></ComputerName> or <ComputerName>*</ComputerName> or <ComputerName>%MACHINENAME%</ComputerName> or whatever else that never used to make sense, reading docs (both official and 3rd party) about it that didn't help either and also the domain join related issues like getting stuck on Unattended Join: NetJoinDomain attempt failed: 0x5, will retry in 10 seconds or 0x2 just pissed me off real hard. Not to mention the UnattendSearchExplicitPath: [C:\Windows\Panther\unattend.xml] does not meet criteria to be used for this unattend pass., NetpGeComputerObjectOn: Crack Results: Account does not exist or the another set of user account creation issues that plagued my journey. Or me also trying to use <MachineObjectOU>CN=Computers,DC=priklad,DC=domeny,DC=sk</MachineObjectOU> while I never really knew if I did it right.
I am happy to have this somewhat working now, even if I didn't contribute much new knowledge to the internet in the end.
