How to create a Windows Image with WinPE
How do I know if I should use a WinPE environment and capturing images, or if I should create a deployment server?
As an IT Consultant, I’ve had clients large and small ranging from down the street from the office to having to drive 4 hours for just a standard visit. With Gig fiber lines, to T1 connections. My recommendation is to decide based off the size of your client and how often you format systems. WinPE works unbelievably well in small to medium size businesses, especially when you have multiple clients. On the flip side of that, if you oversee a larger company and only handle that single entity, go with a deployment server and simply adjust the unattend.xml files per department.
Here is a perfect WinPE scenario;
During a major overhaul at KJLH in Compton, we oversaw swapping 35 old computers with Windows XP installed, to brand new hardware with Windows 7. The internet at the time was very poor and all they had was physical servers that were really outdated. I was in charge of deciding the best way to complete the install and decided to use WinPE, with two scripts. One to start the imaging process, and one bypass the setup screen/install some additional software. After spending some time with the employees and obtaining very good information regarding the day to day process, I was able to record and duplicate all installs, configurations and ‘specific’ work arounds for compatibility issues within a single system. Capture that image and use it for all remaining installs from there on out. On the day of deployment, I brought a system ready to go with a share location, scripts, installs and image along with a router for DHCP services and 24 port gig switch. Within an hour and 30 minutes, everything was setup, hardware was in an assembly line configuration, cables ran, and the image applied to all 35 systems.
If WinPE is the direction you want to take, this article is for you. I will help guide you through the imaging process and will teach you how to capture a Windows image that can be applied to any system. This article is under the assumption you already have a WinPE USB/ISO ready to go. If you don’t please go here;
The capture process will be the same for any operating system from Windows 7 to Windows 11 and Windows Server 2012 R2 to Windows Server 2022.
You can use a physical system or a virtual machine to prepare your image, it does not matter. If using a virtual machine, I would recommend uninstalling any tools before capturing (such as VMWare Tools).
Always install a fresh OS to keep the overall size down. The larger the image the longer it’ll take to apply!
First step is preparation, it’s best to download everything that you will be installing on the system now so you can breeze right through the process. Be aware, any software that uses the GUID to differentiate between computers, should not be installed on the image and is best to install after the image is applied.
What type of software uses the GUID?
It really depends, but a good rule of thumb is, any program that is licensed through a cloud based portal, will most likely use the GUID.
For example, MalwareBytes I believe fixed their issue, but in the past if you installed it on an image and applied the image to multiple systems, it would fail to register the GUID change and would only register the latest applied image.
There is also some software that just simply have an issue or become corrupt during the imaging process. After opening, you may notice you’ll have to uninstall/reinstall or repair the software. Office is a prime example of this as well. – Again it is cloud based licensing, just acts in a different way then MalwareBytes. However, if you have an offline installer (volume license, Desktop license) that does not activate during a quiet install, then you shouldn’t have any issues.
Prevent issues ahead of time, and save yourself the headaches!
Preparation:
I have multiple images that I create for specific clients, it really depends on their needs. What I often do is create a list of software ahead of time with info as to whether I install it before the capture or after applying.
This time around, I’ll be remotely connecting to a client’s system and creating a fresh VM from their ESXi server, that way I can install programs that require a UNC path and setup the shared printers now. Here is a list of items we will be installing.
Before Capture:
Fresh Windows 10 Install with latest ISO
Firefox, Chrome, Edge, 7-zip, IrfanView, Notepad++
Adobe Reader
Printers and extra Printer drivers for some that are not shared and unique
Client has diverse hardware, so extra NIC Drivers to ensure all systems can connect to the internet right away
Quickbooks 2018 and above – Rename the license file afterwards
Lacerte 2017 and above
After applying the image:
Script to open or complete multiple steps for me. In many cases, I don’t completely automate the entire setup, as I like to verify everything applied properly.
- Unattend.xml file to automate user creation and bypass ToS
- Disable sleep mode
- Change computer name
- Add it to the domain
- Open Windows updates
- Apply any branding
- Run the software installers below
Office 365
MalwareBytes Cloud – Specific to client
Updates to any previously installed software
Remote software – Specific to client
Download a fresh copy of Windows so it has the latest updates and install it to a USB.
Windows 11 ISO: https://www.microsoft.com/software-download/windows11
Windows 10 ISO: https://www.microsoft.com/en-us/software-download/windows10
Windows 8.1 ISO: https://www.microsoft.com/en-us/software-download/windows8ISO
Windows 8 ISO: Support ended from Microsoft, instructions will still work if you have an ISO
Windows 7 ISO: Support ended from Microsoft, instructions will still work if you have an ISO
There are so many ways to create a bootable USB Drive from an ISO, I personally would recommend using Rufus as it’s just so easy to use and has yet to fail me with anything I’ve thrown at it: https://rufus.ie/en/
Of course if you are more comfortable using Microsoft supported methods, here are instructions directly from Microsoft: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/install-windows-from-a-usb-flash-drive?view=windows-11
There are installs you can download ahead of time and then there are powershell scripts that will require to be applied on the system itself. Do what you can now to save yourself some time.
1) Ninite https://ninite.com/ -– Ninite is great for basic installs when you want just a simple executable. Simply select the software you want installed, and download their small installer/ copy it to a USB drive or file share location.
2) Manually download any software from sources; MalwareBytes Cloud, Adobe Reader, Printer Drivers, Remote software and driver packages. Dell has great driver packages, I highly recommend using theirs, even if you don’t use Dell systems: https://www.dell.com/support/kbdoc/en-us/000180534/dell-family-driver-packs Optiplex usually has more diverse NIC drivers and once organized, you really should not have to update it for years. The only negative is you must find the NIC drivers as they are not labeled by name. Our goal here is to simply get the system connected to the internet after applying the image and then it can update any driver on its own, so you do not need to keep your driver packages updated. I honestly haven’t since Windows 7 was popular!
**Optional** If you would like to create an unattend.xml file and a script for the image, follow this guide:
Now that we are prepared, we can start the process.
Installing Windows Fresh;
Please keep in mind whether you want to use MBR or UEFI, as WinPE will capture/apply the image based off of the current BIOS settings. I would highly recommend using UEFI since it’s the new standard! Windows 7 and above all support it as well, however, with Windows 7, do not convert the disk to GPT as it won’t be able to boot from it.
If you need to switch from MBR (Legacy) boot to UEFI boot, now is the time to do it. Access the BIOS for Physical systems or in the settings for a Virtual machine. ESXi can be adjusted during the VM creation on the customize settings tab, click on VM Options -> Boot Options and ensure EFI is set. VMWare Workstation Pro, you’ll have the option to change the ‘firmware’ to EFI, while VMWare free edition, you will need to manually edit the VMX file after the initial creation, but before you start it up for the first time and add in a line;
firmware = "efi"
Once you are ready, Install Windows as normal and wait for the setup screen.
Audit Mode;
Once at the setup screen, enter the Audit mode by pressing Shift + Ctrl + F3.
Keep everything simple, you do not want to install anything that makes large changes, meaning Windows updates and .net installers, as It may halt the sysprep process. If you manually download a Windows update and apply a hotfix or something similar, you should be fine, but in most cases, I generally stay away from all Windows updates. If sysprep does fail, you are basically SOL and will need to start over. If you are doing this in a virtual environment, create a snapshot before doing anything else! I’ve spent weeks just trying to figure out potential fixes for different sysprep issues and nothing helped.
Installing all items before the capture;
Install all basic items using Ninite from the instructions above, manual installation, Chocolatey or if in Windows 11, WinGet.
For Chocolatey, open powershell as an administrator and copy/paste the commands below.
Set-ExecutionPolicy Bypass -Scope Process -Force; `
iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
Then copy and paste the following command to install the same software from the list. For more information about Chocolatey: https://docs.chocolatey.org/en-us/choco/commands/install
choco install 7zip firefox googlechrome notepadplusplus adobereader microsoft-edge IrfanView
For WinGet, run the command below. For more information about current packages, please visit: https://winstall.app
winget install --id=7zip.7zip -e && winget install --id=Mozilla.Firefox -e && winget install --id=Google.Chrome -e && winget install --id=Notepad++.Notepad++ -e && winget install --id=Adobe.Acrobat.Reader.32-bit -e && winget install --id=Microsoft.Edge -e && winget install --id=IrfanSkiljan.IrfanView –e
If this image will have your branding and you want it applied to all systems, now is the time to do it. If you prefer to have it more of an optional item or just don’t need it on all systems, save it as an option for the script after the image is applied.
Create a text file and call it branding.reg and save the following information in it:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation]
“Logo”=”C:\\WINDOWS\\oem\\OEMlogo.bmp”
“Manufacturer”=”Root Level Alliance, Inc.”
“Model”=”Custom made by Root Level Alliance, Inc.”
“SupportHours”=”9am to 5pm PST M-F”
“SupportURL”=”https://www.rootlevelalliance.com”
**Note** be sure to add/rename a picture of your logo to; C:\WINDOWS\oem\OEMlogo.bmp
Windows 11 branding still works normally, however sometime after an update when they moved from the control panel System properties to the newer Settings menu in Windows 10, this branding feature seems to have been lost. Older OS’s it still works.
If you want to uninstall any specific Microsoft Store Apps, now is the time. I would recommend uninstalling those you know for sure your team will not use. Once the image is applied and updated on the new computer, it can become a hassle to reinstall apps again. In a business atmosphere, there are multiple I would recommend uninstalling though, such as the Xbox apps, Yourphone, Zune related software and news if it’s not necessary for them to have it.
The following is a list of Microsoft Store Apps in Windows 10 21H1:
Get-AppxPackage *3dbuilder* | Remove-AppxPackage
Get-AppxPackage *windowsalarms* | Remove-AppxPackage
Get-AppxPackage *windowscalculator* | Remove-AppxPackage
Get-AppxPackage *windowscommunicationsapps* | Remove-AppxPackage
Get-AppxPackage *windowscamera* | Remove-AppxPackage
Get-AppxPackage *officehub* | Remove-AppxPackage
Get-AppxPackage *skypeapp* | Remove-AppxPackage
Get-AppxPackage *getstarted* | Remove-AppxPackage
Get-AppxPackage *zunemusic* | Remove-AppxPackage
Get-AppxPackage *windowsmaps* | Remove-AppxPackage
Get-AppxPackage *solitairecollection* | Remove-AppxPackage
Get-AppxPackage *bingfinance* | Remove-AppxPackage
Get-AppxPackage *zunevideo* | Remove-AppxPackage
Get-AppxPackage *bingnews* | Remove-AppxPackage
Get-AppxPackage *onenote* | Remove-AppxPackage
Get-AppxPackage *people* | Remove-AppxPackage
Get-AppxPackage *windowsphone* | Remove-AppxPackage
Get-AppxPackage *photos* | Remove-AppxPackage
Get-AppxPackage *bingsports* | Remove-AppxPackage
Get-AppxPackage *soundrecorder* | Remove-AppxPackage
Get-AppxPackage *bingweather* | Remove-AppxPackage
Get-AppxPackage *xboxapp* | Remove-AppxPackage
Windows 11 21H2 has the following apps installed by default;
#AV1 Codec Get-AppxPackage *AV1VideoExtension* | Remove-AppxPackage
#News app Get-AppxPackage *BingNews* | Remove-AppxPackage
#Weather Get-AppxPackage *BingWeather* | Remove-AppxPackage
#PowerShell Get-AppxPackage *PowerShell* | Remove-AppxPackage
#WebP image support Get-AppxPackage *WebpImageExtension* | Remove-AppxPackage
#HEIF image support Get-AppxPackage *HEIFImageExtension* | Remove-AppxPackage
#Windows Terminal Get-AppxPackage *WindowsTerminal* | Remove-AppxPackage
#Music app Get-AppxPackage *ZuneMusic* | Remove-AppxPackage
#Movies and TV Get-AppxPackage *ZuneVideo* | Remove-AppxPackage
#MS Office Get-AppxPackage *MicrosoftOfficeHub* | Remove-AppxPackage
#People app Get-AppxPackage *People* | Remove-AppxPackage
#Maps Get-AppxPackage *WindowsMaps* | Remove-AppxPackage
#Help and tips Get-AppxPackage *GetHelp* | Remove-AppxPackage
#Voice Recorder Get-AppxPackage *WindowsSoundRecorder* | Remove-AppxPackage
#Notepad Get-AppxPackage *WindowsNotepad* | Remove-AppxPackage
#MS Paint Get-AppxPackage *Paint* | Remove-AppxPackage
#Sticky Notes Get-AppxPackage *MicrosoftStickyNotes* | Remove-AppxPackage
#PowerAutomate Get-AppxPackage *PowerAutomateDesktop* | Remove-AppxPackage
#Xbox and related apps Get-AppxPackage *Xbox* | Remove-AppxPackage
#Feedback Hub Get-AppxPackage *WindowsFeedbackHub* | Remove-AppxPackage
#Microsoft To-Do Get-AppxPackage *Todos* | Remove-AppxPackage
#Calculator Get-AppxPackage *WindowsCalculator* | Remove-AppxPackage
#Alarms and Clocks Get-AppxPackage *WindowsAlarms* | Remove-AppxPackage
#Teams/Chat Get-AppxPackage *Teams* | Remove-AppxPackage
#Microsoft Edge Get-AppxPackage *MicrosoftEdge* | Remove-AppxPackage
#Your Phone Get-AppxPackage *YourPhone* | Remove-AppxPackage
#Spotify Get-AppxPackage *SpotifyAB.SpotifyMusic* | Remove-AppxPackage
#Screen & Sketch/Snipping tool Get-AppxPackage *ScreenSketch* | Remove-AppxPackage
#Solitaire Collection Get-AppxPackage *MicrosoftSolitaireCollection* | Remove-AppxPackage
#Photos Get-AppxPackage *Windows.Photos* | Remove-AppxPackage
#OneDrive Get-AppxPackage *OneDriveSync* | Remove-AppxPackage
#Skype Get-AppxPackage *SkypeApp* | Remove-AppxPackage
#Xbox Console Companion Get-AppxPackage *GamingApp* | Remove-AppxPackage
This is a great stopping point to snapshot or mirror the hard drive, as you can use this as a solid base for any other images you might need.
Installing client specific software;
Instead of trying to remember each UNC path/location of the data for each software, make it easy on yourself and simply apply the user login script from the domain to the local account on the image. Once you are connected to the server, start installing the software.
Quickbooks and Lacerte both are free to install in any order (year) you wish. For Quickbooks, you will need to choose custom install and ensure that you do not overwrite the previous year.
Quickbooks will activate the license after installing it, so it is one of those files you will need to rename either before capturing the image, or after applying it. I’d recommend doing it now; To do that, open a CMD prompt and copy/paste the following:
rename C:\ProgramData\Intuit\"Entitlement Client"\V8\EntitlementDataStore.ecml C:\ProgramData\Intuit\"Entitlement Client"\V8\~EntitlementDataStore.ecml
Or manually navigate to C:\ProgramData\Intuit\"Entitlement Client"\V8 and rename the EntitlementDataStore.ecml file.
With Lacerte, you always want to use the workstation installer for the year you want installed. By doing so it’ll install only what is necessary, and it will copy the master options including UNC paths for you.
On Lacerte 2017 and up, it’ll request you to sign in, you can bypass this by simply closing the dialog boxes, and after 2 or 3 times, the installation will start.
Copy All files/scripts/unattended.xml files to the Image. Most will go to a folder of your choosing; my usual location is C:\Drivers. While the unattend.xml file will go to: C:\Windows\Panther\unattend.xml. Just make sure where ever the location of the script in the unattend.xml is pointing to is where your primary scripts are!
The last item we have to do is to have Windows look in the C:\Drivers folder for any missing NIC drivers if it doesn’t find it within the inf folder. To do that, we need to adjust the registry.
In regedit navigate to: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
and adjust DevicePath key to the following: %SystemRoot%\inf;C:\Drivers
CMD:
Open a command prompt as administrator and copy and paste below
reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion /t REG_EXPAND_SZ /v DevicePath /d ^%SystemRoot^%\inf;C:\Drivers
Overwriting the existing key.
Or create a registry file and double clicking on it. Below it is converted to Hex, in most cases, I’d recommend just simply navigating to the location in regedit.
Open notepad, copy and paste below saving it as a reg file (example, DevicePath.reg):
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion]
"DevicePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,69,00,6e,00,66,00,3b,00,43,00,3a,00,5c,00,44,00,72,00,\
69,00,76,00,65,00,72,00,73,00,00,00
Now we can remove any unwanted files and folders and sysprep the image!
**Optional** Although not needed, if you need to save as much space as possible, open up a command prompt as admin, and run the following command:
Cleanmgr /sageset:1
In the new Window that appears, select all options and click ok. Then type;
Cleanmgr /sagerun:1
Restart the computer
Sysprep and finalize the image
Open Sysprep, located in: C:\Windows\System32\Sysprep
Depending on how your unattend file is setup, will depend on whether to choose audit mode or OOBE. I would recommend the OOBE method, as then you can give the system to customers if you do not put the unattend.xml file on it and allow the user to setup their device with their own information.
Highly recommend choosing “Generalize” so you can apply the image to any AMD or Intel system that is supported.
Choose “Shutdown” for the shutdown options, so you know when the process is complete.
Once the system shuts down, you can now boot into WinPE.
On physical systems, there has been plenty of times when I shut the system down, plug in the WinPE drive, start the computer and miss the key to choose a temp boot device for WinPE, just to have Windows load and start applying the image all over. I would highly recommend being prepared and know what key you need to press to enter the BIOS ahead of time!
In Virtual machines, make sure you choose the option to boot to bios after shutting it down. Give yourself ample time in case you’ve accidently clicked out of the virtual machine.
In the paid editions of Vmware, you will have the option to, within the VM settings. On the free version, you’ll need to edit the vmx file and add the following line;
bios.bootdelay = X
Where x is the amount of time in milliseconds. So, 5000 is equal to 5 seconds
Once you boot to WinPE, you can now capture the image:
1) Highly recommend to get into a habit of removing the WinPE drive after it loads so you don’t accidently format it.
2) Insert any external drive you wish to copy the image to, or attach a network drive using the net use command:
Net use z: \\<Server>\<share>\ /user:RLA\<useraccount> <password> and press enter
If you attached a USB Drive to copy the image to, verify it’s location as well as the volume letter the Windows OS is installed.
Diskpart
List volume
**Note** When it comes to WinPE, consistency is key, so any locations I keep the images at, I always assign it to letter z. Scripting is much easier to do within WinPE when everything is consistent as well.
If USB device will be used, change the drive letter to Z
Select volume e
Assign letter=z
Exit
Now that the Image storage location is set to Z and you have the data for the Windows OS drive, we can now capture the image;
imagex /compress fast /capture <OSDrive> <ImageStorage>:\<ImageName>.wim "OS" "Description"
Example;
imagex /compress fast /capture c: z:\W1064Pro_Basic_10-18-2021.wim "W1064" "Universal Image"
Imagex will automatically exclude any temp locations to minimize the space required.
You have now created an up to date image with all of the required installs for your specific client! Instead of spending that time per computer, you now can cut down an install time of sub par ~ an hour maybe longer, down to about 5-10 minutes, with the ability to apply the image to multiple systems at the same time! Congratulate yourself on a job well done!
Comments