search

cschneegans / unattend-generator

.NET Core library to create highly customized autounattend.xml files
https://schneegans.de/windows/unattend-generator/
MIT License
659 stars 60 forks source link

[Suggestion] Few tweaks that may be helpful #106

Open CrPO4 opened 2 weeks ago

CrPO4 commented 2 weeks ago

Hey, it's me again but this time I'm here to share sometweaks that may or may not be helpful as "checkboxes" in the generator.

  1. Enable "Ultimate Performance" power plan (needs to be added to "Scripts to run when the first user logs on after Windows has been installed" section as .ps1):

    $schemeUUID=powercfg.exe /DUPLICATESCHEME e9a42b02-d5df-448d-aa00-03f14749eb61
if ($schemeUUID-match '\s([a-f0-9-]{36})\s')
{
powercfg.exe /SETACTIVE $Matches[1];
}

  2. Disable some timeout for current power plan, for both "plugged in" and "on battery" (from top to bottom: display, hard disk, "sleep" mode, "hibernation" mode; needs to be added to "Scripts to run when the first user logs on after Windows has been installed" section as .ps1)

    powercfg -change -monitor-timeout-ac 0
powercfg -change -monitor-timeout-dc 0
powercfg -change -disk-timeout-ac 0
powercfg -change -disk-timeout-dc 0
powercfg -change -standby-timeout-ac 0
powercfg -change -standby-timeout-dc 0
powercfg -change -hibernate-timeout-ac 0
powercfg -change -hibernate-timeout-dc 0

All the zeroes may be modified to any amount of minutes, making it possible to set timeouts to weird values like "12 hours and 34 minutes". AC is for "plugged in", DC is for "on battery".

  1. Enable inline sudo in Windows 11 24h2 by default (needs to be added to "Scripts to run in the system context, before user accounts are created" as .ps1): sudo config --enable normal

  2. Enable "File and printer sharing" for Private and Domain networks (needs to be added to "Scripts to run in the system context, before user accounts are created" as .ps1): Set-NetFirewallRule -Group "@FirewallAPI.dll,-28502" -Enabled True -Profile Private,Domain Usable profile names are Private, Domain and Public. Enabling it like in this example enables it for Private and Domain and disables it for Public.

  3. Enable logging into SMB administrative shares with local accounts (needs to be added to "Scripts to run in the system context, before user accounts are created" as .reg)::

    
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] "LocalAccountTokenFilterPolicy"=dword:00000001

Reptaiin commented 2 weeks ago

Regarding the powerplan, does Windows PE also use this? So that when you run the installer it runs in High Perfomance/Ultimate as well.

cschneegans commented 2 weeks ago

Regarding the powerplan, does Windows PE also use this?

There is no powercfg.exe in Windows PE.