Windows Deployment Service (WDS) - Unattended Installations

Unattended Installs

Install Windows System Image Manager from Windows Automated Installation Kit (WAIK). This allows XML files to be created for install image files, these are then linked to images using WDS management console.

There are two XML files that need to be created, although these can be placed in single file if desired:

  • WinPE settings - linked to client properties of WDS Server based on architecture.
  • Install settings - linked to a specific WDS install image.

The Windows System Image Manager needs catalogs based on install images in order to know which component parameters are configurable. WAIK will usually find the catalog for the image if the file is named install.wim, otherwise it will want to create a catalog! If you really need to create a catalog and fails, try exporting the image first then create a catalog from the exported image. WAIK can't create catalogs from images that have been install/loaded into WDS as they're split into resource and other component files, you have to use the original distributed image or export the installed image to re-merge it back into one.

NOTE: WIM file must be named install.wim otherwise WAIK will want to create a catalog!

X64 Installations

REMEMBER: x64 images require amd64 components in XML file instead of x86 ones, you may see x86, 'amd64 and 'wow64 components so make sure you select the right ones.

If you not supplying the architecture in the PXE responses you'll need to configure WDS to automatically detect architecture using:

 WDSUTIL /set-server /architecturediscovery:yes

Joining a domain

If you wish to join machines to a domain during the install and don't want to supply credentials that are held in clear text in the XML files, you will need to pre-stage the machines in the AD with GUIDs. Although according to the Panther logs WDS claims to it is using MAC address in preference - we will need to do some further investigations on this.

In order to join the domain without putting credentials in the XML files use UnsecureJoin. WDS needs to change the machine account password to do this, therefore WDS needs to be authenticated as someone with the necessary role. You probably don't want these credentials in the XML files either so you'll have to authenticate manually (you will also need to select locale too as that's what WDS seems to want to do). This also gives you the option to select the installation image too, which is probably what we want in production rather than roll out a default image to all machines.

Out Of Box Experience

Vista and Windows 7 look like they need a local account setting during the Out Of Box Experience phase but this seems to be avoidable by using skipMachineOOBE entry. This entry is apparently deprecated so we may need to revisit this in the future. Other options include using WAIK to create a dummy account, then using the FirstLogonCommand and net user to remove this account, however, this will require someone with the administrator role to login to get the commands to execute cleanly. It may be possible to use AutoLogon to log an administrator in, then do some registry magic to remove the autologon and log the user out.

How do we enable the local administrators account? Vista/Windows 7 disable this by default there doesn't appear a way around this, maybe a net user FirstLogonCommand could be used if really necessary.

Required Settings

In order for the GUI to not appear during installation the following settings need to be defined:

WinPE Requirements

Pass WinPE:

  • SetupUILanguage
  • UILanguage (this looks like it needs to be en-US for unattended installations)
  • Disk Configuration
  • WindowsDeploymentServices | Login
  • WindowsDeploymentServices | ImageSelection (although this can be skipped - see joining a domain

Looks like it also requires locale to be set in oobeSystem pass otherwise WDS prompts for image selection:

Pass oobeSystem:

  • SystemLocale
  • UILanguage

Install Requirements

Pass specialize:

  • ComputerName = %MACHINENAME%
  • ProductKey
Microsoft-UnattendedJoin | Identification
  • JoinDomain = <domainname>
  • UnsecureJoin = true

Pass oobeSystem:

  • SystemLocale
  • UILanguage
  • RegisteredOrganisation
  • RegisteredOwner
  • Timezone = GMT Standard Time
  • UserAccounts -> AdministratorPassword
  • HideEULAPage -> true
  • NetworkLocation -> Work
  • ProtectYourPC -> 1
  • SkipMachineOOBE -> true

Non-PXE Installations - Install from USB memory stick

From the WDS MMC snap-in create a discovery image from boot.wim or the appropriate boot image.

Format and make the USB drive partition active using diskpart. We used Windows 7 version, the Vista one should work too. Older OS versions may also work be we haven't tried these.

 select disk 1
 select partition 1
 format fs=ntfs override quick

Create a bootable USB memory stick by the following:

  • Copy the folder boot from C:\Program Files\Windows AIK\Tools\PETools\x86\boot to the USB drive
  • Create a folder named \Sources on the USB drive
  • Copy the discovery file created earlier to the \Sources folder on the USB drive as boot.wim
  • Copy bootmgr from C:\Program Files\Windows AIK\Tools\PETools\x86 to the root of the USB drive
  • Install the Windows 7 or Vista boot loader:
 bootsect.exe /nt60 <USB driveletter:>

Capturing installation images

For large labs it's more efficient to install one machine, deploy the applications and other local configurations then use this to install the remaining machines. WDS allows you to do this by creating a Capture Image from a Boot Image. The master machine the boots this image (instead of an installation image), the WDS server then copies and compresses the master machine to an install image an adds its list of images.

General sequence of events:

  • Install master machine OS
  • Install applications and configure master machine
  • Sysprep the master machine
  • Capture the image with WDS
  • Deploy to other machines

Sysprep Windows XP

You need the following files from\system\tools\


The first three files need to go into C:\sysprep on the master machine, along with sysprep.inf. Use Setupmgr.exe to create the inf file.

On the target machine run - don't let it reboot of the disk otherwise it'll un-sysprep itself and you'll have to start again. There's also a recommended limit of three syspreps/unsysprep cycles per machine before bad things happen so you may need to start re-install from scratch if this happens.

 c:\sysprep\sysprep -clean

 c:\sysprep\sysprep -reseal -quiet -mini -shutdown

To allow sysprep to change the administrator password it needs to be empty before the machine captured.

To allow postinstall commands place a Postinst directory c:\Drivers. Inside $oem$ place cmdlines.txt which contains the commands to execute. This folder will be removed automatically when sysprep finishes.

sysprep Windows 7 or Vista

 C:\Windows\System32\Sysprep\Sysprep.exe /oobe /generalize /shutdown

According to MS TechNet


Prepares the Windows installation to be imaged. If this option is specified, all unique system information is removed from the Windows installation. The security ID (SID) resets, any system restore points are cleared, and event logs are deleted.

The next time the computer starts, the specialize configuration pass runs. A new security ID (SID) is created, and the clock for Windows activation resets, if the clock has not already been reset three times.


Restarts the computer into Windows Welcome mode. Windows Welcome enables end users to customize their Windows operating system, create user accounts, name the computer, and other tasks. Any settings in the oobeSystem configuration pass in an answer file are processed immediately before Windows Welcome starts.