cschneegans / unattend-generator

.NET Core library to create highly customized autounattend.xml files
https://schneegans.de/windows/unattend-generator/
MIT License
609 stars 51 forks source link

some suggestions #21

Open jon-bit opened 4 months ago

jon-bit commented 4 months ago

Can we get a section for mainly disabling things related to privacy, such as telemetry, recall, copilot, and more? I'm not a master of Windows, PowerShell, Command Prompt, etc, however, I think a good starting point can be here:

https://github.com/crazy-max/WindowsSpyBlocker

and here:

https://github.com/Raphire/Win11Debloat

Also a suggestion, auto-install Chocolaty, Winget, god mode, and other windows fetchers (eg, hyper-v, sandbox, etc)

Also cool site and project. So cool.

cschneegans commented 3 months ago

See my answer on reddit. You should be able to call those tools using the Run custom scripts section. Those tools appear very mature and complete, and I don't think my generator could ever offer all their features.

Regarding package managers, I see in my logfiles that quite a few users install Chocolatey by running the official installer script as a custom script. But they typically run their own choco commands immediately afterwards, so simply providing a Install Chocolatey checkbox would not be very useful.

jon-bit commented 3 months ago

OK, I'll give it a try and get back to you

jon-bit commented 3 months ago

OK I slaped this

Set-ExecutionPolicy Bypass -Scope Process
& ([scriptblock]::Create((irm "https://win11debloat.raphi.re/"))) -RunDefaults -Silent
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
Install-Script -Name winget-install -Force

Into the first custom script option. It did not work (I think, choco is not working at least).

Did I do something wrong? Also is their away to get

& ([scriptblock]::Create((irm "https://win11debloat.raphi.re/"))) -RunDefaults -Silent

to run without having to enter "Y"

cschneegans commented 3 months ago

I ran your script on a Windows 11 VM. It turns out that Chocolatey was successfully installed, but for the System account. Therefore, you probably need to paste the Chocolatey install script in the Scripts to run when the first user logs on section instead. The Install-Script -Name winget-install -Force statement also seems to throw several errors when it is run as a system script.

The Yes/No/Suspend confirmation question can be avoided by installing the NuGet provider beforehand.

This link will open the form with the necessary modifications to your script.

To analyze possible future problems, check the C:\Windows\Setup\Scripts\unattend*.log logfiles.

jon-bit commented 3 months ago

OK I'll give it a go and respond soon.

jon-bit commented 3 months ago

So I did it but when it starts I still have to press "Y". Like I said I'm not master of powershell but should:

Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force;

be above:

& ([scriptblock]::Create((irm "https://win11debloat.raphi.re/"))) -RunDefaults -Silent;

?

EDIT: just checked choco and it didn't work. here's the file:

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
    <!--https://schneegans.de/windows/unattend-generator/?LanguageMode=Unattended&UILanguage=en-US&UserLocale=en-US&KeyboardLayout=0409%3A00000409&GeoLocation=244&ProcessorArchitecture=amd64&BypassRequirementsCheck=true&BypassNetworkCheck=true&ComputerNameMode=Random&TimeZoneMode=Implicit&PartitionMode=Interactive&WindowsEditionMode=Unattended&WindowsEdition=pro&UserAccountMode=Unattended&AccountName0=jon+will&AccountPassword0=jon+will&AccountGroup0=Administrators&AutoLogonMode=Builtin&BuiltinAdministratorPassword=password&PasswordExpirationMode=Unlimited&LockoutMode=Default&VBoxGuestAdditions=true&VMwareTools=true&VirtIoGuestTools=true&WifiMode=Interactive&ExpressSettings=DisableAll&Remove3DViewer=true&RemoveBingSearch=true&RemoveCalculator=true&RemoveCamera=true&RemoveClipchamp=true&RemoveClock=true&RemoveCopilot=true&RemoveCortana=true&RemoveDevHome=true&RemoveFamily=true&RemoveFeedbackHub=true&RemoveGetHelp=true&RemoveInternetExplorer=true&RemoveMailCalendar=true&RemoveMaps=true&RemoveMathInputPanel=true&RemoveZuneVideo=true&RemoveNews=true&RemoveNotepadClassic=true&RemoveOffice365=true&RemoveOneDrive=true&RemoveOneNote=true&RemoveOpenSSHClient=true&RemoveOutlook=true&RemovePaint=true&RemovePaint3D=true&RemovePeople=true&RemovePhotos=true&RemovePowerAutomate=true&RemovePowerShellISE=true&RemoveQuickAssist=true&RemoveSkype=true&RemoveSnippingTool=true&RemoveSolitaire=true&RemoveStepsRecorder=true&RemoveStickyNotes=true&RemoveTeams=true&RemoveGetStarted=true&RemoveToDo=true&RemoveVoiceRecorder=true&RemoveWeather=true&RemoveWindowsMediaPlayer=true&RemoveZuneMusic=true&RemoveWindowsTerminal=true&RemoveWordPad=true&RemoveXboxApps=true&RemoveYourPhone=true&SystemScript0=Install-PackageProvider+-Name+NuGet+-MinimumVersion+2.8.5.201+-Force%3B%0D%0A%26+%28%5Bscriptblock%5D%3A%3ACreate%28%28irm+%22https%3A%2F%2Fwin11debloat.raphi.re%2F%22%29%29%29+-RunDefaults+-Silent%3B&SystemScriptType0=Ps1&FirstLogonScript0=Set-ExecutionPolicy+Bypass+-Scope+Process+-Force%3B+%5BSystem.Net.ServicePointManager%5D%3A%3ASecurityProtocol+%3D+%5BSystem.Net.ServicePointManager%5D%3A%3ASecurityProtocol+-bor+3072%3B+iex+%28%28New-Object+System.Net.WebClient%29.DownloadString%28%27https%3A%2F%2Fcommunity.chocolatey.org%2Finstall.ps1%27%29%29%3B%0D%0AInstall-Script+-Name+winget-install+-Force%3B&FirstLogonScriptType0=Ps1&WdacMode=Skip-->
    <settings pass="offlineServicing"></settings>
    <settings pass="windowsPE">
        <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
            <SetupUILanguage>
                <UILanguage>en-US</UILanguage>
            </SetupUILanguage>
            <InputLocale>0409:00000409</InputLocale>
            <SystemLocale>en-US</SystemLocale>
            <UILanguage>en-US</UILanguage>
            <UserLocale>en-US</UserLocale>
        </component>
        <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
            <UserData>
                <ProductKey>
                    <Key>VK7JG-NPHTM-C97JM-9MPGT-3V66T</Key>
                </ProductKey>
                <AcceptEula>true</AcceptEula>
            </UserData>
            <RunSynchronous>
                <RunSynchronousCommand wcm:action="add">
                    <Order>1</Order>
                    <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassTPMCheck /t REG_DWORD /d 1 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>2</Order>
                    <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassSecureBootCheck /t REG_DWORD /d 1 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>3</Order>
                    <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassStorageCheck /t REG_DWORD /d 1 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>4</Order>
                    <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassCPUCheck /t REG_DWORD /d 1 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>5</Order>
                    <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassRAMCheck /t REG_DWORD /d 1 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>6</Order>
                    <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassDiskCheck /t REG_DWORD /d 1 /f</Path>
                </RunSynchronousCommand>
            </RunSynchronous>
        </component>
    </settings>
    <settings pass="generalize"></settings>
    <settings pass="specialize">
        <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
            <RunSynchronous>
                <RunSynchronousCommand wcm:action="add">
                    <Order>1</Order>
                    <Path>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE" /v BypassNRO /t REG_DWORD /d 1 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>2</Order>
                    <Path>reg.exe load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>3</Order>
                    <Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Runonce" /v "UninstallCopilot" /t REG_SZ /d "powershell.exe -NoProfile -Command \"Get-AppxPackage -Name 'Microsoft.Windows.Ai.Copilot.Provider' | Remove-AppxPackage;\"" /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>4</Order>
                    <Path>reg.exe add "HKU\DefaultUser\Software\Policies\Microsoft\Windows\WindowsCopilot" /v TurnOffWindowsCopilot /t REG_DWORD /d 1 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>5</Order>
                    <Path>reg.exe unload "HKU\DefaultUser"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>6</Order>
                    <Path>reg.exe delete "HKLM\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\DevHomeUpdate" /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>7</Order>
                    <Path>cmd.exe /c "del "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk""</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>8</Order>
                    <Path>cmd.exe /c "del "C:\Windows\System32\OneDriveSetup.exe""</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>9</Order>
                    <Path>cmd.exe /c "del "C:\Windows\SysWOW64\OneDriveSetup.exe""</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>10</Order>
                    <Path>reg.exe load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>11</Order>
                    <Path>reg.exe delete "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Run" /v OneDriveSetup /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>12</Order>
                    <Path>reg.exe unload "HKU\DefaultUser"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>13</Order>
                    <Path>reg.exe delete "HKLM\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\OutlookUpdate" /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>14</Order>
                    <Path>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Communications" /v ConfigureChatAutoInstall /t REG_DWORD /d 0 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>15</Order>
                    <Path>powershell.exe -NoProfile -Command "$xml = [xml]::new(); $xml.Load('C:\Windows\Panther\unattend.xml'); $sb = [scriptblock]::Create( $xml.unattend.Extensions.ExtractScript ); Invoke-Command -ScriptBlock $sb -ArgumentList $xml;"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>16</Order>
                    <Path>powershell.exe -NoProfile -Command "Get-Content -LiteralPath 'C:\Windows\Temp\remove-packages.ps1' -Raw | Invoke-Expression;"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>17</Order>
                    <Path>powershell.exe -NoProfile -Command "Get-Content -LiteralPath 'C:\Windows\Temp\remove-caps.ps1' -Raw | Invoke-Expression;"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>18</Order>
                    <Path>powershell.exe -NoProfile -Command "Get-Content -LiteralPath 'C:\Windows\Temp\remove-features.ps1' -Raw | Invoke-Expression;"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>19</Order>
                    <Path>reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Start" /v ConfigureStartPins /t REG_SZ /d "{ \"pinnedList\": [] }" /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>20</Order>
                    <Path>reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Start" /v ConfigureStartPins_ProviderSet /t REG_DWORD /d 1 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>21</Order>
                    <Path>reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Start" /v ConfigureStartPins_WinningProvider /t REG_SZ /d B5292708-1619-419B-9923-E5D9F3925E71 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>22</Order>
                    <Path>reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\providers\B5292708-1619-419B-9923-E5D9F3925E71\default\Device\Start" /v ConfigureStartPins /t REG_SZ /d "{ \"pinnedList\": [] }" /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>23</Order>
                    <Path>reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\providers\B5292708-1619-419B-9923-E5D9F3925E71\default\Device\Start" /v ConfigureStartPins_LastWrite /t REG_DWORD /d 1 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>24</Order>
                    <Path>net.exe accounts /maxpwage:UNLIMITED</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>25</Order>
                    <Path>powershell.exe -NoProfile -Command "Get-Content -LiteralPath '%TEMP%\VBoxGuestAdditions.ps1' -Raw | Invoke-Expression;"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>26</Order>
                    <Path>powershell.exe -NoProfile -Command "Get-Content -LiteralPath '%TEMP%\VMwareTools.ps1' -Raw | Invoke-Expression;"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>27</Order>
                    <Path>powershell.exe -NoProfile -Command "Get-Content -LiteralPath '%TEMP%\VirtIoGuestTools.ps1' -Raw | Invoke-Expression;"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>28</Order>
                    <Path>cmd.exe /c "powershell.exe -NoProfile -Command "Get-Content -LiteralPath 'C:\Windows\Setup\Scripts\unattend-01.ps1' -Raw | Invoke-Expression;" &gt;&gt;"C:\Windows\Setup\Scripts\unattend-01.log" 2&gt;&amp;1"</Path>
                </RunSynchronousCommand>
            </RunSynchronous>
        </component>
    </settings>
    <settings pass="auditSystem"></settings>
    <settings pass="auditUser"></settings>
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
            <InputLocale>0409:00000409</InputLocale>
            <SystemLocale>en-US</SystemLocale>
            <UILanguage>en-US</UILanguage>
            <UserLocale>en-US</UserLocale>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
            <AutoLogon>
                <Username>Administrator</Username>
                <Enabled>true</Enabled>
                <LogonCount>1</LogonCount>
                <Password>
                    <Value>password</Value>
                    <PlainText>true</PlainText>
                </Password>
            </AutoLogon>
            <OOBE>
                <ProtectYourPC>3</ProtectYourPC>
                <HideEULAPage>true</HideEULAPage>
                <HideWirelessSetupInOOBE>false</HideWirelessSetupInOOBE>
            </OOBE>
            <FirstLogonCommands>
                <SynchronousCommand wcm:action="add">
                    <Order>1</Order>
                    <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 0 /f</CommandLine>
                </SynchronousCommand>
                <SynchronousCommand wcm:action="add">
                    <Order>2</Order>
                    <CommandLine>cmd.exe /c "powershell.exe -NoProfile -Command "Get-Content -LiteralPath 'C:\Windows\Setup\Scripts\unattend-02.ps1' -Raw | Invoke-Expression;" &gt;&gt;"C:\Windows\Setup\Scripts\unattend-02.log" 2&gt;&amp;1"</CommandLine>
                </SynchronousCommand>
            </FirstLogonCommands>
        </component>
    </settings>
    <Extensions xmlns="https://schneegans.de/windows/unattend-generator/">
        <ExtractScript>
param(
    [xml] $Document
);

$scriptsDir = 'C:\Windows\Setup\Scripts\';
foreach( $file in $Document.unattend.Extensions.File ) {
    $path = [System.Environment]::ExpandEnvironmentVariables(
        $file.GetAttribute( 'path' )
    );
    if( $path.StartsWith( $scriptsDir ) ) {
        mkdir -Path $scriptsDir -ErrorAction 'SilentlyContinue';
    }
    $encoding = switch( [System.IO.Path]::GetExtension( $path ) ) {
        { $_ -in '.ps1', '.xml' } { [System.Text.Encoding]::UTF8; }
        { $_ -in '.reg', '.vbs', '.js' } { [System.Text.UnicodeEncoding]::new( $false, $true ); }
        default { [System.Text.Encoding]::Default; }
    };
    [System.IO.File]::WriteAllBytes( $path, ( $encoding.GetPreamble() + $encoding.GetBytes( $file.InnerText.Trim() ) ) );
}
        </ExtractScript>
        <File path="C:\Windows\Temp\remove-packages.ps1">
$selectors = @(
    'Microsoft.Microsoft3DViewer';
    'Microsoft.BingSearch';
    'Microsoft.WindowsCalculator';
    'Microsoft.WindowsCamera';
    'Clipchamp.Clipchamp';
    'Microsoft.WindowsAlarms';
    'Microsoft.549981C3F5F10';
    'Microsoft.Windows.DevHome';
    'MicrosoftCorporationII.MicrosoftFamily';
    'Microsoft.WindowsFeedbackHub';
    'Microsoft.GetHelp';
    'Microsoft.Getstarted';
    'microsoft.windowscommunicationsapps';
    'Microsoft.WindowsMaps';
    'Microsoft.BingNews';
    'Microsoft.MicrosoftOfficeHub';
    'Microsoft.Office.OneNote';
    'Microsoft.OutlookForWindows';
    'Microsoft.Paint';
    'Microsoft.MSPaint';
    'Microsoft.People';
    'Microsoft.Windows.Photos';
    'Microsoft.PowerAutomateDesktop';
    'MicrosoftCorporationII.QuickAssist';
    'Microsoft.SkypeApp';
    'Microsoft.ScreenSketch';
    'Microsoft.MicrosoftSolitaireCollection';
    'Microsoft.MicrosoftStickyNotes';
    'MSTeams';
    'Microsoft.Todos';
    'Microsoft.WindowsSoundRecorder';
    'Microsoft.BingWeather';
    'Microsoft.WindowsTerminal';
    'Microsoft.Xbox.TCUI';
    'Microsoft.XboxApp';
    'Microsoft.XboxGameOverlay';
    'Microsoft.XboxGamingOverlay';
    'Microsoft.XboxIdentityProvider';
    'Microsoft.XboxSpeechToTextOverlay';
    'Microsoft.GamingApp';
    'Microsoft.YourPhone';
    'Microsoft.ZuneMusic';
    'Microsoft.ZuneVideo';
);
$getCommand = { Get-AppxProvisionedPackage -Online; };
$filterCommand = { $_.DisplayName -eq $selector; };
$removeCommand = {
  [CmdletBinding()]
  param(
    [Parameter( Mandatory, ValueFromPipeline )]
    $InputObject
  );
  process {
    $InputObject | Remove-AppxProvisionedPackage -AllUsers -Online -ErrorAction 'Continue';
  }
};
$type = 'Package';
$logfile = 'C:\Windows\Temp\remove-packages.log';
&amp; {
    $installed = &amp; $getCommand;
    foreach( $selector in $selectors ) {
        $result = [ordered] @{
            Selector = $selector;
        };
        $found = $installed | Where-Object -FilterScript $filterCommand;
        if( $found ) {
            $result.Output = $found | &amp; $removeCommand;
            if( $? ) {
                $result.Message = "$type removed.";
            } else {
                $result.Message = "$type not removed.";
                $result.Error = $Error[0];
            }
        } else {
            $result.Message = "$type not installed.";
        }
        $result | ConvertTo-Json -Depth 3 -Compress;
    }
} *&gt;&amp;1 &gt;&gt; $logfile;
        </File>
        <File path="C:\Windows\Temp\remove-caps.ps1">
$selectors = @(
    'Browser.InternetExplorer';
    'MathRecognizer';
    'Microsoft.Windows.Notepad';
    'OpenSSH.Client';
    'Microsoft.Windows.MSPaint';
    'Microsoft.Windows.PowerShell.ISE';
    'App.Support.QuickAssist';
    'Microsoft.Windows.SnippingTool';
    'App.StepsRecorder';
    'Media.WindowsMediaPlayer';
    'Microsoft.Windows.WordPad';
);
$getCommand = { Get-WindowsCapability -Online; };
$filterCommand = { ($_.Name -split '~')[0] -eq $selector; };
$removeCommand = {
  [CmdletBinding()]
  param(
    [Parameter( Mandatory, ValueFromPipeline )]
    $InputObject
  );
  process {
    $InputObject | Remove-WindowsCapability -Online -ErrorAction 'Continue';
  }
};
$type = 'Capability';
$logfile = 'C:\Windows\Temp\remove-caps.log';
&amp; {
    $installed = &amp; $getCommand;
    foreach( $selector in $selectors ) {
        $result = [ordered] @{
            Selector = $selector;
        };
        $found = $installed | Where-Object -FilterScript $filterCommand;
        if( $found ) {
            $result.Output = $found | &amp; $removeCommand;
            if( $? ) {
                $result.Message = "$type removed.";
            } else {
                $result.Message = "$type not removed.";
                $result.Error = $Error[0];
            }
        } else {
            $result.Message = "$type not installed.";
        }
        $result | ConvertTo-Json -Depth 3 -Compress;
    }
} *&gt;&amp;1 &gt;&gt; $logfile;
        </File>
        <File path="C:\Windows\Temp\remove-features.ps1">
$selectors = @(
    'Microsoft-SnippingTool';
);
$getCommand = { Get-WindowsOptionalFeature -Online; };
$filterCommand = { $_.FeatureName -eq $selector; };
$removeCommand = {
  [CmdletBinding()]
  param(
    [Parameter( Mandatory, ValueFromPipeline )]
    $InputObject
  );
  process {
    $InputObject | Disable-WindowsOptionalFeature -Online -Remove -NoRestart -ErrorAction 'Continue';
  }
};
$type = 'Feature';
$logfile = 'C:\Windows\Temp\remove-features.log';
&amp; {
    $installed = &amp; $getCommand;
    foreach( $selector in $selectors ) {
        $result = [ordered] @{
            Selector = $selector;
        };
        $found = $installed | Where-Object -FilterScript $filterCommand;
        if( $found ) {
            $result.Output = $found | &amp; $removeCommand;
            if( $? ) {
                $result.Message = "$type removed.";
            } else {
                $result.Message = "$type not removed.";
                $result.Error = $Error[0];
            }
        } else {
            $result.Message = "$type not installed.";
        }
        $result | ConvertTo-Json -Depth 3 -Compress;
    }
} *&gt;&amp;1 &gt;&gt; $logfile;
        </File>
        <File path="C:\Users\Default\AppData\Local\Microsoft\Windows\Shell\LayoutModification.xml"><![CDATA[
<LayoutModificationTemplate Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
    <LayoutOptions StartTileGroupCellWidth="6" />
    <DefaultLayoutOverride>
        <StartLayoutCollection>
            <StartLayout GroupCellWidth="6" xmlns="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" />
        </StartLayoutCollection>
    </DefaultLayoutOverride>
</LayoutModificationTemplate>
        ]]></File>
        <File path="%TEMP%\VBoxGuestAdditions.ps1">
&amp; {
    foreach( $letter in 'DEFGHIJKLMNOPQRSTUVWXYZ'.ToCharArray() ) {
        $exe = "${letter}:\VBoxWindowsAdditions.exe";
        if( Test-Path -LiteralPath $exe ) {
            $certs = "${letter}:\cert";
            Start-Process -FilePath "${certs}\VBoxCertUtil.exe" -ArgumentList "add-trusted-publisher ${certs}\vbox*.cer", "--root ${certs}\vbox*.cer"  -Wait;
            Start-Process -FilePath $exe -ArgumentList '/with_wddm', '/S' -Wait;
            return;
        }
    }
    'VBoxGuestAdditions.iso is not attached to this VM.';
} *&gt;&amp;1 &gt;&gt; "$env:TEMP\VBoxGuestAdditions.log";
        </File>
        <File path="%TEMP%\VMwareTools.ps1">
&amp; {
    foreach( $letter in 'DEFGHIJKLMNOPQRSTUVWXYZ'.ToCharArray() ) {
        $exe = "${letter}:\setup.exe";
        if( ( Get-Item -LiteralPath $exe -ErrorAction 'SilentlyContinue' | Select-Object -ExpandProperty 'VersionInfo' | Select-Object -ExpandProperty 'ProductName' ) -eq 'VMware Tools' ) {
            Start-Process -FilePath $exe -ArgumentList '/s /v /qn REBOOT=R' -Wait;
            return;
        }
    }
    'VMware Tools image (windows.iso) is not attached to this VM.';
} *&gt;&amp;1 &gt;&gt; "$env:TEMP\VMwareTools.log";
        </File>
        <File path="%TEMP%\VirtIoGuestTools.ps1">
&amp; {
    foreach( $letter in 'DEFGHIJKLMNOPQRSTUVWXYZ'.ToCharArray() ) {
        $exe = "${letter}:\virtio-win-guest-tools.exe";
        if( Test-Path -LiteralPath $exe ) {
            Start-Process -FilePath $exe -ArgumentList '/passive', '/norestart' -Wait;
            return;
        }
    }
    'VirtIO Guest Tools image (virtio-win-*.iso) is not attached to this VM.';
} *&gt;&amp;1 &gt;&gt; "$env:TEMP\VirtIoGuestTools.log";
        </File>
        <File path="C:\Windows\Setup\Scripts\unattend-01.ps1">
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force;
&amp; ([scriptblock]::Create((irm "https://win11debloat.raphi.re/"))) -RunDefaults -Silent;
        </File>
        <File path="C:\Windows\Setup\Scripts\unattend-02.ps1">
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'));
Install-Script -Name winget-install -Force;
        </File>
    </Extensions>
</unattend>

I removed the user to make one on setup. I Also did:

& ([scriptblock]::Create((irm "https://win11debloat.raphi.re/"))) -RunDefaults -Silent;
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force;

It still did'nt work.

jon-bit commented 3 months ago

OK I think I know whats wrong but I have no clue how to fix it. I want a local acout but I am installing this on a vm so I have the link state active or not. How can I install the local acount but still connect to the inter net

If you wondering why I did not notice that before, simple. I'm dumb. (insert face pam)

EDIT: It's better to note I want to make a user on set up. Not a predefined one. BUT if it is the only way...

cschneegans commented 3 months ago

You don't need to disconnect your computer from the network. You also don't need to check the Allow Windows 11 to be installed without internet connection setting. Using the autounattend.xml file, you can always create local user accounts even when connected to the Internet.

jon-bit commented 3 months ago

OK, but one thing. How would I get this to work on Windows to go? I just tried it and it did not work. It had all the Apps and stuff you don't want when installing windows. Any way to bypass that?

EDIT: I should mention that I did not need a windows account but that might be from the Rufus option. Not 100% sure.

cschneegans commented 3 months ago

Sorry, I have zero experience with Windows To Go. It is possible that the generated autounattend.xml works in principle on Windows To Go, but custom scripts are not executed. Custom scripts (which include bloatware removal scripts) rely on the command

powershell.exe -NoProfile -Command "$xml = [xml]::new(); $xml.Load('C:\Windows\Panther\unattend.xml'); …

which loads the autounattend.xml itself. With regular installations, this works because a copy is placed at C:\Windows\Panther\unattend.xml, but this may not be the case with Windows To Go. Try locating the copy by using a pattern like *unattend*.xml.

jon-bit commented 3 months ago

Hi sorry for the late replay. Things are crazy lately. Anyway I'm a bit lost on

"With regular installations, this works because a copy is placed at C:\Windows\Panther\unattend.xml, but this may not be the case with Windows To Go. Try locating the copy by using a pattern like unattend.xml"

I'm not big windows person. Can you elaborate? I need some details for This is something I kinda just jumped into.

EDIT: Also is their a way to run .bat file in the script section? I have alot to do.

cschneegans commented 3 months ago

To find possible matches, run

Get-ChildItem -LiteralPath C:\ -Filter *unattend*.xml -ErrorAction SilentlyContinue -Recurse -Force

in an elevated PowerShell session on the machine that runs Windows To Go.

As far as I understand, .cmd and .bat files behave almost identical. Just try running your scripts as .cmd files.

jon-bit commented 3 months ago

OK I'll give it a try but is their any way to run on boot? I made my own iso and I get all the bloat with windows to go (BUT NOT with normal install).

cschneegans commented 3 months ago

Note that the command

Get-ChildItem -LiteralPath C:\ -Filter *unattend*.xml -ErrorAction SilentlyContinue -Recurse -Force

is only intended for debugging. It will not immediately address the problem. Given that fact that Windows To Go has been discontinued, my own options for debugging are quite limited.

jon-bit commented 3 months ago

So ... Their is just no way to run the .xml file on boot on W2G?

cschneegans commented 3 months ago

As I said before, I have absolutely no experience with Windows To Go, and I cannot answer that question with certainty. Articles like this one let me assume that Windows To Go does indeed support autounattend.xml files, but I cannot test this. It would really help if you would run the command

Get-ChildItem -LiteralPath C:\ -Filter *unattend*.xml -ErrorAction SilentlyContinue -Recurse -Force

in an elevated PowerShell session on a Windows To Go instance.

Hammerfest commented 2 months ago

Did some testing as I use Windows2Go on a few of my systems, figured I would give it a test as LTSC 11 is coming out soon so might as well upgrade my old versions when it launches outside OEM.

If you select any of the options after you chose the edition with Rufus, it spawns the unattend.xml file with those options in the C:\Windows\Panther folder which bypasses that which you put in C:\Windows\System32\Sysprep Delete that one generated in C:\Windows\Panther and it will use the unattend.xml you place in Sysprep

You will want to manually add in the option from Rufus to prevent auto mounting of internal drives: `

4

`

Unrelated, but still annoying: I am running into the same dang issue I had with my ticket cschnegans, everything else seems to run, but apps are not removed and no logs generated, its so fracking weird, its gotta be a 24H2 issue, all my other elections from the autounattend generator happen (sans formatting/version because windows2go), just not apps removed

jon-bit commented 2 months ago

Sorry for the late replay. I have been ruining in circles for the past 2 weeks. Anyway That would make seance. I did just base this off of "Apps are still here" look. I apologize but I'm not a master of windows. @Hammerfest , Any way to do this on W2G at all? I just need the apps gone and fire wall blocking IPs. Here is what I have Right now.

https://schneegans.de/windows/unattend-generator/?LanguageMode=Unattended&UILanguage=en-US&Locale=en-US&Keyboard=00000409&GeoLocation=244&ProcessorArchitecture=amd64&BypassRequirementsCheck=true&BypassNetworkCheck=true&ComputerNameMode=Random&TimeZoneMode=Implicit&PartitionMode=Interactive&WindowsEditionMode=Unattended&WindowsEdition=pro&UserAccountMode=Unattended&AccountName0=jon+will&AccountPassword0=password&AccountGroup0=Administrators&AccountName1=&AccountName2=&AccountName3=&AccountName4=&AutoLogonMode=Own&ObscurePasswords=true&PasswordExpirationMode=Unlimited&LockoutMode=Default&HideFiles=Hidden&ShowFileExtensions=true&DisableWidgets=true&DisableAppSuggestions=true&VBoxGuestAdditions=true&VMwareTools=true&VirtIoGuestTools=true&WifiMode=Interactive&ExpressSettings=DisableAll&Remove3DViewer=true&RemoveBingSearch=true&RemoveCalculator=true&RemoveCamera=true&RemoveClipchamp=true&RemoveClock=true&RemoveCopilot=true&RemoveCortana=true&RemoveDevHome=true&RemoveFamily=true&RemoveFeedbackHub=true&RemoveGetHelp=true&RemoveInternetExplorer=true&RemoveMailCalendar=true&RemoveMaps=true&RemoveMathInputPanel=true&RemoveZuneVideo=true&RemoveNews=true&RemoveNotepadClassic=true&RemoveNotepad=true&RemoveOffice365=true&RemoveOneDrive=true&RemoveOneNote=true&RemoveOpenSSHClient=true&RemoveOutlook=true&RemovePaint=true&RemovePaint3D=true&RemovePeople=true&RemovePhotos=true&RemovePowerAutomate=true&RemovePowerShellISE=true&RemoveQuickAssist=true&RemoveSkype=true&RemoveSnippingTool=true&RemoveSolitaire=true&RemoveStepsRecorder=true&RemoveStickyNotes=true&RemoveTeams=true&RemoveGetStarted=true&RemoveToDo=true&RemoveVoiceRecorder=true&RemoveWeather=true&RemoveWindowsMediaPlayer=true&RemoveZuneMusic=true&RemoveWindowsTerminal=true&RemoveWordPad=true&RemoveXboxApps=true&RemoveYourPhone=true&SystemScript0=%23+Run+the+debloat+script+with+options%0D%0A%26+%28%5Bscriptblock%5D%3A%3ACreate%28%28irm+%22https%3A%2F%2Fwin11debloat.raphi.re%2F%22%29%29%29+-RunDefaults+-Silent+-Sysprep+-RemoveApps+-RemoveCommApps+-RemoveW11Outlook+-RemoveDevApps+-RemoveGamingApps+-ForceRemoveEdge+-DisableDVR+-DisableTelemetry+-DisableBing+-DisableSuggestions+-DisableLockscreenTips+-RevertContextMenu+-ShowHiddenFolders+-ShowKnownFileExt+-HideDupliDrive+-HideSearchTb+-HideTaskview+-HideChat+-DisableWidgets+-DisableCopilot+-DisableRecall+-HideGallery%0D%0A%0D%0A%23+Block+Microsoft+IPs%0D%0A%24urls+%3D+%40%28%0D%0A++++%22https%3A%2F%2Fraw.githubusercontent.com%2Fcrazy-max%2FWindowsSpyBlocker%2Fmaster%2Fdata%2Ffirewall%2Fextra.txt%22%2C%0D%0A++++%22https%3A%2F%2Fraw.githubusercontent.com%2Fcrazy-max%2FWindowsSpyBlocker%2Fmaster%2Fdata%2Ffirewall%2Fspy.txt%22%2C%0D%0A++++%22https%3A%2F%2Fraw.githubusercontent.com%2Fcrazy-max%2FWindowsSpyBlocker%2Fmaster%2Fdata%2Ffirewall%2Fupdate.txt%22%2C%0D%0A++++%22https%3A%2F%2Fraw.githubusercontent.com%2Fcrazy-max%2FWindowsSpyBlocker%2Fmaster%2Fdata%2Fhosts%2Fextra.txt%22%2C%0D%0A++++%22https%3A%2F%2Fraw.githubusercontent.com%2Fcrazy-max%2FWindowsSpyBlocker%2Fmaster%2Fdata%2Fhosts%2Fextra_v6.txt%22%2C%0D%0A++++%22https%3A%2F%2Fraw.githubusercontent.com%2Fcrazy-max%2FWindowsSpyBlocker%2Fmaster%2Fdata%2Fhosts%2Fspy.txt%22%2C%0D%0A++++%22https%3A%2F%2Fraw.githubusercontent.com%2Fcrazy-max%2FWindowsSpyBlocker%2Fmaster%2Fdata%2Fhosts%2Fspy_v6.txt%22%2C%0D%0A++++%22https%3A%2F%2Fraw.githubusercontent.com%2Fcrazy-max%2FWindowsSpyBlocker%2Fmaster%2Fdata%2Fhosts%2Fupdate.txt%22%2C%0D%0A++++%22https%3A%2F%2Fraw.githubusercontent.com%2Fcrazy-max%2FWindowsSpyBlocker%2Fmaster%2Fdata%2Fhosts%2Fupdate_v6.txt%22%0D%0A%29%0D%0A%0D%0Aforeach+%28%24url+in+%24urls%29+%7B%0D%0A++++%24content+%3D+%28Invoke-WebRequest+-Uri+%24url+-UseBasicParsing%29.Content%0D%0A++++%24ips+%3D+%24content+-split+%22%60n%22+%7C+Where-Object+%7B%24_+-notmatch+%22%5E%23%22+-and+%24_+-ne+%22%22%7D%0D%0A++++foreach+%28%24ip+in+%24ips%29+%7B%0D%0A++++++++%24ipAddress+%3D+%24ip.Split%28%29%5B0%5D%0D%0A++++++++New-NetFirewallRule+-DisplayName+%22Block+%24ipAddress%22+-Direction+Inbound+-Action+Block+-RemoteAddress+%24ipAddress%0D%0A++++++++New-NetFirewallRule+-DisplayName+%22Block+%24ipAddress%22+-Direction+Outbound+-Action+Block+-RemoteAddress+%24ipAddress%0D%0A++++%7D%0D%0A%7D&SystemScriptType0=Ps1&FirstLogonScript1=%23+Create+God+mode+folder%0D%0A%24godModeFolder+%3D+%22%24env%3AUSERPROFILE%5CDesktop%5CGodMode.%7BED7BA470-8E54-465E-825C-99712043E01C%7D%22%0D%0ANew-Item+-ItemType+Directory+-Path+%24godModeFolder%0D%0A%0D%0A%23+Set+God+mode+folder+icon%0D%0A%24shell+%3D+New-Object+-ComObject+Shell.Application%0D%0A%24folder+%3D+%24shell.Namespace%28%24godModeFolder%29%0D%0A%24folder.Self.Icon+%3D+%22C%3A%5CWindows%5CSystem32%5Cimageres.dll%2C3%22%0D%0A%0D%0A%23+Install+choco+package+provider%0D%0ASet-ExecutionPolicy+Bypass+-Scope+Process+-Force%3B+%5BSystem.Net.ServicePointManager%5D%3A%3ASecurityProtocol+%3D+%5BSystem.Net.ServicePointManager%5D%3A%3ASecurityProtocol+-bor+3072%3B+iex+%28%28New-Object+System.Net.WebClient%29.DownloadString%28%27https%3A%2F%2Fcommunity.chocolatey.org%2Finstall.ps1%27%29%29%0D%0A%0D%0A%23+Create+fast+shutdown+shortcut%0D%0A%24fastShutdownShortcut+%3D+%22%24env%3AUSERPROFILE%5CDesktop%5CFast+Shutdown.lnk%22%0D%0A%24shell+%3D+New-Object+-ComObject+WScript.Shell%0D%0A%24shortcut+%3D+%24shell.CreateShortcut%28%24fastShutdownShortcut%29%0D%0A%24shortcut.TargetPath+%3D+%22C%3A%5CWindows%5CSystem32%5Cshutdown.exe%22%0D%0A%24shortcut.Arguments+%3D+%22%2Fs+%2Ft+0%22%0D%0A%24shortcut.IconLocation+%3D+%22C%3A%5CWindows%5CSystem32%5Cimageres.dll%2C106%22%0D%0A%24shortcut.Description+%3D+%22Fast+Shutdown%22%0D%0A%24shortcut.WorkingDirectory+%3D+%22C%3A%5CWindows%5CSystem32%22%0D%0A%24shortcut.Save%28%29%0D%0A%0D%0A%23+Enable+Hyper-V+and+sandbox+features%0D%0AEnable-WindowsOptionalFeature+-Online+-FeatureName+Microsoft-Hyper-V+-All%0D%0AEnable-WindowsOptionalFeature+-Online+-FeatureName+Containers-DisposableClientVM+-All%0D%0A%0D%0A%23+Configure+DNS+client+to+use+encrypted+DNS%0D%0A%24dnsClient+%3D+Get-DnsClient%0D%0A%24dnsClient.EnableTcpAndUdpFallback+%3D+%24false%0D%0A%24dnsClient.Tls13Fallback+%3D+%24true%0D%0A%24dnsClient.EncryptionMethod+%3D+%22TLS1_2%22%0D%0A%24dnsClient.Save%28%29&FirstLogonScriptType1=Ps1&UserOnceScript0=%23+Create+God+mode+folder%0D%0A%24godModeFolder+%3D+%22%24env%3AUSERPROFILE%5CDesktop%5CGodMode.%7BED7BA470-8E54-465E-825C-99712043E01C%7D%22%0D%0ANew-Item+-ItemType+Directory+-Path+%24godModeFolder%0D%0A%0D%0A%23+Set+God+mode+folder+icon%0D%0A%24shell+%3D+New-Object+-ComObject+Shell.Application%0D%0A%24folder+%3D+%24shell.Namespace%28%24godModeFolder%29%0D%0A%24folder.Self.Icon+%3D+%22C%3A%5CWindows%5CSystem32%5Cimageres.dll%2C3%22%0D%0A%0D%0A%23+Install+choco+package+provider%0D%0ASet-ExecutionPolicy+Bypass+-Scope+Process+-Force%3B+%5BSystem.Net.ServicePointManager%5D%3A%3ASecurityProtocol+%3D+%5BSystem.Net.ServicePointManager%5D%3A%3ASecurityProtocol+-bor+3072%3B+iex+%28%28New-Object+System.Net.WebClient%29.DownloadString%28%27https%3A%2F%2Fcommunity.chocolatey.org%2Finstall.ps1%27%29%29%0D%0A%0D%0A%23+Create+fast+shutdown+shortcut%0D%0A%24fastShutdownShortcut+%3D+%22%24env%3AUSERPROFILE%5CDesktop%5CFast+Shutdown.lnk%22%0D%0A%24shell+%3D+New-Object+-ComObject+WScript.Shell%0D%0A%24shortcut+%3D+%24shell.CreateShortcut%28%24fastShutdownShortcut%29%0D%0A%24shortcut.TargetPath+%3D+%22C%3A%5CWindows%5CSystem32%5Cshutdown.exe%22%0D%0A%24shortcut.Arguments+%3D+%22%2Fs+%2Ft+0%22%0D%0A%24shortcut.IconLocation+%3D+%22C%3A%5CWindows%5CSystem32%5Cimageres.dll%2C106%22%0D%0A%24shortcut.Description+%3D+%22Fast+Shutdown%22%0D%0A%24shortcut.WorkingDirectory+%3D+%22C%3A%5CWindows%5CSystem32%22%0D%0A%24shortcut.Save%28%29%0D%0A%0D%0A%23+Enable+Hyper-V+and+sandbox+features%0D%0AEnable-WindowsOptionalFeature+-Online+-FeatureName+Microsoft-Hyper-V+-All%0D%0AEnable-WindowsOptionalFeature+-Online+-FeatureName+Containers-DisposableClientVM+-All%0D%0A%0D%0A%23+Configure+DNS+client+to+use+encrypted+DNS%0D%0A%24dnsClient+%3D+Get-DnsClient%0D%0A%24dnsClient.EnableTcpAndUdpFallback+%3D+%24false%0D%0A%24dnsClient.Tls13Fallback+%3D+%24true%0D%0A%24dnsClient.EncryptionMethod+%3D+%22TLS1_2%22%0D%0A%24dnsClient.Save%28%29&UserOnceScriptType0=Ps1&WdacMode=Skip

jon-bit commented 1 month ago

I'm going to test Windows 2 go again. I'll let everyone know how it went. I'll be a bit however. Might be Friday before the update.