Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
0

How to create a custom ISO for Windows 10 | #firefox | #chrome | #microsoftedge | #hacking | #aihp


Installing Windows 10 is easy; as a Windows administrator or expert user, all you have to do is download an ISO from Microsoft, burn it to an external device and use it to boot the PC or laptop.

In 15 to 30 minutes, you’ll have a clean, fresh Windows 10 installation, but it still will require some work before it’s ready for production use. You’ll need to install software and the desktop and personalize the Start menu to meet your requirements. Then, you’ll need to repeat this process for each of your PCs and repeat that procedure whenever a reinstall is necessary.

There is a different method you can take. First, you should install Windows 10, customize it to your needs, install all the software you need, capture that installation and use it to create an ISO. Using this customized ISO for your installation media, you need half an hour to clean install Windows 10 with all your software and personalization. When you want to change something in your ISO, add or remove software, change personalization, or update or upgrade Windows 10, you simply update the image and create a new ISO. It’s fast and easy to do, and it can work for any Windows administrators.

Getting started with a custom ISO

To create a custom ISO, you need install media for your preferred Windows 10 edition and software, a technician machine — a Microsoft term that means a PC on which you can build OS images — and about 20 minutes longer than it would take to clean install Windows 10 and all your software one time.

The process of creating a custom ISO breaks down into five distinct parts:

  1. Install Windows and prepare assets while installing
  2. Update and customize Windows, install software
  3. Generalize Windows image with Windows System Preparation Tool (Sysprep)
  4. Capture Windows image, create the ISO
  5. Update/Change the ISO

Apart from whatever software you pre-installed in your Windows image, you don’t need any third-party tools, apps or other software; everything is done using native Windows 10 and Microsoft tools.

You should follow these steps to create a custom ISO for a Windows 10 desktop.

1. Install Windows and prepare assets

Install Windows normally until it stops at the Region Selection screen after the last reboot. When the desktop requests a product key, select the “I don’t have a product key” option. Windows does not need to be activated for this process.

This example uses a Hyper-V Generation 1 virtual machine (VM) as the technician machine, with a 64 GB virtual hard disk. Before starting the VM, you should change its settings to use Standard Checkpoints instead of default Production Checkpoints.

Installation takes 15 minutes or so to complete. While it’s running, you have time to prepare some assets on your host machine. First, download and install the Windows 10 Assessment and Deployment Kit (ADK). Next, create an unattended answer file using the Windows System Image Manager (SIM), which is part of the Windows ADK. Don’t panic even if you are a Windows SIM newbie. It’s easy to use.

If you are feeling unsure about this, or if Windows SIM looks too intimidating, input the following answer file into a blank file using Notepad (Figure 1).

Figure 1. Windows Answer File in Notepad

The values shown in bold red above are explained below.

ProcessorArchitecture  = adm64 for 64 bit Windows, x86 for 32 bit
Logo                                = OEM logo (120*120 pixel bitmap (.bmp)) file
Manufacturer                  = Whatever you like
SupportHours                 = text string (9 AM to 5 PM, 10:00 – 18:00, 24/7 etc.)
SupportPhone                 = any phone number
SupportURL                     = any URL
OEMName                        = Whatever you like
RegisteredOwner            = Whatever you like
TimeZone                         = As per Microsoft time zone names

All the preceding answer file components are optional, except ProcessorArchitecture — this component is mandatory. If you do not need or want to set a time zone, for example, you should remove this line:

            <TimeZone>W. Europe Standard Time</TimeZone>

When you’re done customizing the answer file, save it as unattend.xml. You should create a new folder on Microsoft OneDrive and name it “Deployment Assets.” Save your answer file in this folder.

Next, prepare an OEM logo image if one is needed. Any bitmap image (.bmp) will do, but its size must be exactly 120 x 120 pixels. Save the image as oemlogo.bmp in the Deployment Assets folder.

Modify background images, colors, sounds and screensavers on your host machine, then save your settings as a theme file. Save all the themes you’d like to include in the custom ISO into your Deployment Assets folder as well. This folder is where you’ll find the items you need to customize your ISO again and again.

2. Update and customize Windows, install software

When Windows installation is done, the final setup out of box experience (OOBE) begins. The process stops to let you to select the region but instead of doing that, press Ctrl + Shift +F3.

Windows interrupts its normal setup and restarts in audit mode, a special customization mode for Windows. Because no user accounts exist on the desktop yet, it signs you into audit mode using the built-in administrator account. Click on “Cancel” to close it, and then change the display resolution if the default 1024 x 768 is too small for you to work in.

You can now install your software and update Windows. Do not run any programs yet. If, for example, the installer shows “Run this application now” selected in a final prompt, unselect it and close that installer. Do not install any hardware drivers — even those that Windows Update installs automatically will be removed later. If any installer or update requires a restart, do it. Windows returns to audit mode after restart. If you want to download software, you must use Microsoft Edge.

Import the Deployment Assets you prepared while Windows was installing on your technician machine. If you saved assets on OneDrive, sign into your OneDrive account. Download the oemlogo.bmp file and save it to the C:\Windows\System32 folder. Do the same for the answer file unattend.xml and save it to the C:\Windows\System32\Sysprep folder. It is important for you use these file names exactly as shown, and to save them to the folders specified.

Customizing the installed image

You do not need to save the Windows themes that you prepared. Select a desktop theme on OneDrive and instead of saving it, select Open to apply it to the technician machine. Because Windows is not activated in audit mode, you cannot use personalization options (e.g., themes, colors etc.). Applying an imported theme is your only means to customize theme and desktop appearance.

Open File Explorer and customize it as you like. You can adjust icon size, hide or show the Ribbon, show item selection boxes, show Details or Preview pane, show Libraries in Navigation pane and so on.

The following PowerShell command exports your current Start layout to the file named C:\Windows\System32\MyStart.xml:

Export-StartLayout C:\Windows\System32\MyStart.xml

When you’ve exported the file, open the Group Policy Editor with the command Win + R, type gpedit.msc. The Group Policy Editor is not available in Home and Single Language Windows 10 editions. Browse to Local Computer Policy > Administrative Templates > Start Menu and Taskbar in the left-hand pane, then double click Start Layout on the right-hand pane.

Enable policy by entering C:\Windows\System32\MyStart.xml as the Start Layout File, then click on OK to save that policy.

This policy forces each user account to use your customized Start layout.

Two batch files are still missing from this customization. They run once each time a new user signs in for the first time. The first file resets File Explorer’s Recent Files and Quick Access. To build this file, type or copy and paste the following two lines into a new Notepad text file:

echo Y | del
%appdata%\microsoft\windows\recent\automaticdestinations\*
 del %0

This batch file resets Quick Access and then deletes itself because it only exists and runs when a new user signs in for the first time. In Notepad, select File > Save As, type %appdata% in the address bar in the Save As prompt, then press Enter to open AppData\Roaming folder.

Browse to the folder named Microsoft\Windows\Start Menu\Programs\StartupSave the file as RunOnce.bat and select “Save As type: All files” in Notepad’s Save As prompt.

The second batch file is a Visual Basic Script (.vbs) file. Its purpose is to greet new users the first time they sign in, after which it deletes itself. This file is optional, but it is something you should probably include in your customized images. Type or copy and paste the following text into a new Notepad text file:

Dim WshShell, Welcome
Set WshShell = WScript.CreateObject("WScript.Shell")

Welcome = WshShell.Popup("Welcome to customised Windows 10 with pre-installed software.", 60, "Windows 10", vbOKOnly)

Select Case Welcome
case 1
MsgBox "Following software has been installed: Office 365 (2016), Adobe reader, VLC Player, Chrome, Firefox and Opera. You will also find some pre-installed themes in Settings > Personalize > Themes.", vbOKOnly, "Windows 10"
End Select

MsgBox "Have Fun with Windows 10!", vbOKOnly, "Windows 10"

DeleteScript()
Function DeleteScript()
Set objFSO = CreateObject("Scripting.FileSystemObject")
strScript = Wscript.ScriptFullName
objFSO.DeleteFile(strScript)
End Function

Save this file as Welcome.vbs to the same folder where you saved RunOnce.bat. Again, select the “Save As type: All files” option in Notepad’s Save As prompt.

If you like, you can also prepare both the unattend.xml and Welcome.vbs files on the host while Windows is installing.

3. Generalize Windows image with Sysprep

One small — but important — step you must take before running Sysprep is creating a partition on the Hyper-V VM to store a captured Windows image. If you are using a physical PC as the technician machine, this is unnecessary. Instead, you can simply use an external HDD or flash drive to store that image.

Create free space in Disk Management

Open Disk Management and shrink the original C: partition to create free space for a new partition in which to capture a Windows image. It needs to be big enough for the install.wim file you’ll capture later. For example, a custom Windows 10 Pro x64 ISO could include the following software pre-installed: Office 365 Business, Macrium Reflect, Opera, Chrome, Firefox, VLC player, Adobe Reader, Malwarebytes, TeamViewer, 7-Zip, Notepad++, and other software that varies from build to build.

As described, this results in an install.wim file that’s between 5 to 6 GB in size. To compensate, you usually subtract 10 GB (10,240 MB) from C:. That’s plenty for most users. Then, exit Disk Management.

To help identify key partitions later, rename the system drive C: to Windows and the new partition to Image or any other distinctive name. Create a new folder on the new capture drive (E:) named Scratch. You will need it when capturing the image as a temporary working folder using the DISM command.

Prep and run Sysprep

If you are running a Hyper-V VM, create a checkpoint now. If you are using another virtualization program, create a snapshot. If using a physical PC, you should create a system image now. Checkpoints and snapshots take just a minute, while imaging a physical PC takes a bit longer.

Check that the built-in admin’s or current user’s Downloads folder is empty and that no software installers or assets are left there. Run Disk Cleanup to remove all temp files, Recycle Bin content and other bloat.

To run Sysprep, open the command prompt. The desktop will automatically elevate it because you are signed in using the built-in administrator account. Run the following command:

%windir%\system32\sysprep\sysprep.exe /generalize /oobe

This command runs Sysprep with Generalize and OOBE switches and then shuts down. The Generalize switch removes all hardware-related information such as drivers and registry entries, resets Event Viewer, removes all shadow copies — restore points — and disables the built-in administrator account.

The OOBE switch forces Windows to run its setup phase the next time Windows boots from this image as if it were a normal Windows setup. Because Windows was generalized, it generates a new unique SID for each such installation.

Sysprep reads the answer file unattend.xml from C:\Windows\System32\Sysprep folder. In this case its most important line reads <CopyProfile>true</CopyProfile>. When true, CopyProfile copies all our customizations to the default user profile in the hidden Default folder in the Users folder. That profile is used as the base profile whenever a new user account gets created.

4. Capture Windows image, create the ISO

Once Sysprep finishes working its magic, the Windows 10 installer shuts down. Boot the technician machine using the Windows 10 install media — the same you used in the beginning to install Windows. Do not let it boot from hard disk, an HDD or SSD if using a physical machine or VHD if you’re using Hyper-V.

At the first prompt when Windows setup asks for region and language settings, instead of selecting anything and starting installation, press Shift + F10 to open the Recovery Console Command Prompt. Type diskpart and press Enter to start the disk partitioning utility, then type list vol to list all available volumes, or partitions. For this example, the Hyper-V VM list vol shows this information:


You can see why it’s important to name the disk partitions so you can identify them easily.

Note that the Recovery Console does not use the same drive ID policy as Windows 10. You need to be sure which drive has Windows installed and which drive will store the captured image for customization and re-use.

Type exit and press Enter to exit the disk partitioning utility.

Enter the following command:

dism /capture-image /imagefile:E:\install.wim
/capturedir:D:\ /ScratchDir:E:\Scratch
/name:”W10PROx64” /compress:maximum
/checkintegrity /verify /bootable

Check and note the following important details:

  • /imagefile:E:\ = drive where install.wim will be saved
  • /capturedir:D:\ = drive where Windows is installed
  • /ScratchDir:E:\ = drive where temporary working folder Scratch is located
  • /name: = any name you like in quotes, not important but obligatory, here you can see the version of Windows: 64-bit Win10 Pro

Press Enter to start. 

This will take some time to complete. On slow physical machines, it can take up to 20 to 25 minutes. During the first half of that period, you won’t see a progress indicator.

When this command has finished, eject the install media — in Hyper-V select Media menu > DVD Drive > Eject. Next, close the command prompt and restart the technician machine. This time, boot normally from HDD or VHD and let it work through normal OOBE setup.

While the technician machine is preparing and setting up Windows, right-click the original Windows 10 ISO image you used to mount it on the host computer as a virtual DVD. Then, open it in File Explorer and copy its entire contents to a new folder on the host HDD.

When the technician machine is ready and your initial user is logged into the desktop, copy your newly created install.wim file from the image drive (E:) to the Sources subfolder in the folder where you copied the original Windows installation files. In this example, that’s D:\ISO_Files\Sources folder. It will replace the original Windows 10 install.wim file.

Hyper-V users should also create a checkpoint now on their technician VM to capture a pristine system image.

Windows imaging tools

Run Deployment and Imaging Tools Environment elevated as an admin. It is installed as part of the Windows ADK and you can find it in Start > W > Windows Kits. Type CD\ and press Enter to set the working folder to the root of the C: drive. Enter this command:

oscdimg.exe -m -o -u2 -udfver102 -bootdata:2#p0,e,
bd:\iso_files\boot\etfsboot.com#pEF,e,
bd:\iso_files\efi\microsoft\boot\efisys.bin
d:\iso_files d:\Win10PROx64.iso

The preceding command is one long continuous command line though it breaks across multiple lines in this article.

Check and the note following details:

  • d:\iso_files = path to folder where you copied original install files
  • d:\Win10PROx64.iso = path and your preferred name for new ISO

With all this work completed, making the ISO takes just a minute or two. When that’s done, you can burn the ISO to a DVD or flash drive; it will work on both BIOS/MBR and UEFI/GPT systems to install your customized Windows with its pre-installed software.

5. Update or change the ISO

The beauty of using Hyper-V VM as technician machine lies in how easy it makes the job of maintaining and updating a customized install image. For example, Windows Insider: Fast Ring receives new pre-release builds frequently and participants may want to upgrade their ISOs at the same pace.

When you feel like changing the ISO, you can simply apply the Hyper-V technician VM’s standard checkpoint you should have created just before running Sysprep Windows. You can add and remove software, update software, run Windows updates, apply a new theme or do whatever else you might need to do.

When that’s done, you should run Disk Cleanup, create a new checkpoint so you can restore to this point, repeat Sysprep, capture a new install.wim and make a new ISO. This process will be much faster now. The whole process takes just minutes because both Windows and basic software are already installed.

Upgrading the custom ISO

As a Windows Insider, you might also be interested in upgrading the ISO. When a new build arrives, you should restore the checkpoint you created when the technician machine was fully set up after capturing the install.wim file. You can’t use the checkpoint made in audit mode before Sysprep, because upgrading Windows in audit mode is not possible.

Once you’ve booted to normal mode, you can upgrade to the latest Insider build or the next feature update build using Windows Update or a standard ISO image. When that upgrade completes, enter the following command in an elevated command prompt to restart Windows in audit mode:

%windir%\system32\sysprep\sysprep.exe /audit /reboot

Windows restarts, then signs into audit mode using the built-in administrator account. Your initial user account already exists, so you should open Settings app > Accounts > Other users and delete all existing user accounts and their profile folders.

You should also delete the custom install.wim file from last time if it’s still located on the image drive — E: in this example — and check to ensure that the Scratch folder still exists. If not, you must recreate it manually.

Click Here For The Original Source.


————————————————————————————-

Translate




National Cyber Security

FREE
VIEW