search

cschneegans / unattend-generator

.NET Core library to create highly customized autounattend.xml files
https://schneegans.de/windows/unattend-generator/
MIT License
680 stars 62 forks source link

Windows 11 24h2 #28

Closed VitaleyUsa closed 1 month ago

VitaleyUsa commented 4 months ago

Hello and thank you for this great project. Seems like on 24h2 windows 11 some options are not work like it should. For example, section "Remove bloatware" not removing apps. Defender still persist in system even if i tick option to disable it.

Tried on win11 24h2 download from microsoft site.

cschneegans commented 4 months ago

Did you by any chance edit theautounattend.xml after downloading it? If so, you must make sure that the file is saved without a byte-order mark – Windows 24H2 Setup could otherwise not process the file.

The bloatware removal scripts write output and errors to three log files:

To inspect those files, launch an elevated PowerShell session and type this command:

Get-ChildItem -LiteralPath C:\Windows\Temp -Force -Filter remove*.log | Get-Content | ConvertFrom-Json

Disabling Windows Defender on 24H2 will fail when Windows is not installed to the C: drive, see https://github.com/cschneegans/unattend-generator/issues/29.

stimpy81 commented 4 months ago

I also use this wonderful tool to customise 24H2 and it works perfectly fine. All bloatware gone, all customisations done. I'm not entirely sure that Defender is fully removed as I still see the icon, and the hyper-annoying SmartSreen is still active. I then use the wonderful Defender removal tool included in AnWave to actually and completely nuke Defender from orbit. It's the only tool that I have ever found that does it properly, without issue, and it's not even its primary function!

https://sourceforge.net/projects/nvidia-power-management/

cschneegans commented 4 months ago

You are correct to observe that the Windows Security notification icon is still there:

image

However, that's not a bad thing, as this also means that Windows will not complain about Defender not running. The relevant Defender services and the MsMpEng.exe process are indeed disabled:

PS C:\> Get-Service -Name Sense, WdBoot, WdFilter, WdNisDrv, WdNisSvc, WinDefend

Status   Name               DisplayName
------   ----               -----------
Stopped  Sense              Windows Defender Advanced Threat Pr...
Stopped  WdBoot             Microsoft Defender Antivirus Boot D...
Stopped  WdFilter           Microsoft Defender Antivirus Mini-F...
Stopped  WdNisDrv           Microsoft Defender Antivirus Networ...
Stopped  WdNisSvc           Microsoft Defender Antivirus Networ...
Stopped  WinDefend          Microsoft Defender Antivirus Service

PS C:\> Get-Process -Name MsMpEng
Get-Process : Cannot find a process with the name "MsMpEng". Verify the process name and call the cmdlet again.

Furthermore, I have just added a new option Disable Smart App Control for Windows 11, based on Shawn Brink's .reg files. Feel free to check it out.

stimpy81 commented 4 months ago

You are a hero! Thank you for your hard work and effort with your generator, It's a lifesaver!

Kudos for the Smart App Control option! I am really not a fan of SmartScreen either, do you think you could add an option to remove that? It's an awful system that nobody wants as it's so intrusive and confusing.

I made my own script to remove it, as many Defender removers don't remove it, or don't remove all of it, and it comes back after a reboot or two.

It's made up of years of research by me, because I'm no coder/scripter finding out all the best settings that actually work, don't upset Windows, leaves Windows Update fully working, as well as not coming back later. Obviously, a big upgrade may bring it back, but that happens to Defender too.

Here's my .BAT file. It's amateur, but it works... You're also more intelligent than I, so don't laugh at some of the code. But these registry settings are 100%

@echo off

:: BatchGotAdmin
:-------------------------------------
REM  --> Check for permissions
    IF "%PROCESSOR_ARCHITECTURE%" EQU "amd64" (
>nul 2>&1 "%SYSTEMROOT%\SysWOW64\cacls.exe" "%SYSTEMROOT%\SysWOW64\config\system"
) ELSE (
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
)

REM --> If error flag set, we do not have admin.
if '%errorlevel%' NEQ '0' (
    echo Requesting administrative privileges...
    goto UACPrompt
) else ( goto gotAdmin )

:UACPrompt
    echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
    set params= %*
    echo UAC.ShellExecute "cmd.exe", "/c ""%~s0"" %params:"=""%", "", "runas", 1 >> "%temp%\getadmin.vbs"

    "%temp%\getadmin.vbs"
    del "%temp%\getadmin.vbs"
    exit /B

:gotAdmin
    pushd "%CD%"
    CD /D "%~dp0"

set Policies=HKEY_LOCAL_MACHINE\SOFTWARE\Policies

echo == Disabling SmartScreen

REG ADD "%Policies%\Microsoft\Windows\System" /f /v EnableSmartScreen /t REG_DWORD /d "0"
REG ADD "%Policies%\Microsoft\Windows Defender\SmartScreen" /f /v ConfigureAppInstallControlEnabled /t REG_DWORD /d "0"
REG ADD "%Policies%\Microsoft\Windows Defender\SmartScreen" /f /v ConfigureAppInstallControl /t REG_SZ /d "Anywhere"
REG ADD "%Policies%\Microsoft\Internet Explorer\PhishingFilter" /f /v Enabled /t REG_DWORD /d "0"
REG ADD "%Policies%\Microsoft\Internet Explorer\PhishingFilter" /f /v EnabledV8 /t REG_DWORD /d "0"
REG ADD "%Policies%\Microsoft\Internet Explorer\PhishingFilter" /f /v EnabledV9 /t REG_DWORD /d "0"
REG ADD "%Policies%\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /f /v 2301 /t REG_DWORD /d "3"
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Browser\AllowSmartScreen" /f /v value /t REG_DWORD /d "0"
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /f /v SmartScreenEnabled /t REG_SZ /d "Off"
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /f /v EnableSmartScreen /t REG_DWORD /d "0"

echo == Disabling SmartScreen for Store and Apps

REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /f /v EnableWebContentEvaluation /t REG_DWORD /d "0"
REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /f /v PreventOverride /t REG_DWORD /d "0"
REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Security Health\State" /f /v AppAndBrowser_StoreAppsSmartScreenOff /t REG_DWORD /d "0"
REG ADD "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" /f /v "EnabledV9" /t REG_DWORD /d "0"

echo == Disabling SmartScreen for Microsoft Edge

REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge" /f /v SmartScreenEnabled /t REG_DWORD /d "0"
REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge" /f /v SmartScreenPuaEnabled /t REG_DWORD /d "0"
REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Security Health\State" /f /v AppAndBrowser_EdgeSmartScreenOff /t REG_DWORD /d "0"

echo == Disabling Smart App Control

REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Policy" /f /v VerifiedAndReputablePolicyState /t REG_DWORD /d "0"

echo == Stopping SmartScreen and Cleaning Up

takeown /s %computername% /u %username% /f "%WinDir%\System32\smartscreen.exe"
icacls "%WinDir%\System32\smartscreen.exe" /grant:r %username%:F
taskkill /im smartscreen.exe /f
del "%WinDir%\System32\smartscreen.exe" /s /f /q

takeown /s %computername% /u %username% /f "%WinDir%\System32\smartscreen.dll"
icacls "%WinDir%\System32\smartscreen.dll" /grant:r %username%:F
del "%WinDir%\System32\smartscreen.dll" /s /f /q

takeown /s %computername% /u %username% /f "%WinDir%\System32\smartscreenps.dll"
icacls "%WinDir%\System32\smartscreenps.dll" /grant:r %username%:F
del "%WinDir%\System32\smartscreenps.dll" /s /f /q

pause
VitaleyUsa commented 3 months ago

Did you by any chance edit theautounattend.xml after downloading it? If so, you must make sure that the file is saved without a byte-order mark – Windows 24H2 Setup could otherwise not process the file.

The bloatware removal scripts write output and errors to three log files:

  • C:\Windows\Temp\remove-caps.log
  • C:\Windows\Temp\remove-features.log
  • C:\Windows\Temp\remove-packages.log

To inspect those files, launch an elevated PowerShell session and type this command:

Get-ChildItem -LiteralPath C:\Windows\Temp -Force -Filter remove*.log | Get-Content | ConvertFrom-Json

Disabling Windows Defender on 24H2 will fail when Windows is not installed to the C: drive, see #29.

thank you in advanced for this great utility yes, you are right - there are only icon from defender, however, all apps still persists, everything other works i'm not editing *.xml neither install it on other disk

tried both 24h2 and 23h2 in hyper-v downloaded from ms site dunno why it not work, maybe some language/locale issue?

stimpy81 commented 3 months ago

Did you by any chance edit theautounattend.xml after downloading it? If so, you must make sure that the file is saved without a byte-order mark – Windows 24H2 Setup could otherwise not process the file. The bloatware removal scripts write output and errors to three log files:

  • C:\Windows\Temp\remove-caps.log
  • C:\Windows\Temp\remove-features.log
  • C:\Windows\Temp\remove-packages.log

To inspect those files, launch an elevated PowerShell session and type this command: Get-ChildItem -LiteralPath C:\Windows\Temp -Force -Filter remove*.log | Get-Content | ConvertFrom-Json Disabling Windows Defender on 24H2 will fail when Windows is not installed to the C: drive, see #29.

thank you in advanced for this great utility yes, you are right - there are only icon from defender, however, all apps still persists, everything other works i'm not editing *.xml neither install it on other disk

tried both 24h2 and 23h2 in hyper-v downloaded from ms site dunno why it not work, maybe some language/locale issue?

Where did you get the Windows .ISO file that you are using from, and which build number is it? Also is the .ISO file altered in anyway?

Mine is 26100.1301.240725-1635.GE_RELEASE_SVC_PROD3_CLIENTMULTI_X64FRE_EN-GB.iso and I built it myself from UUPdump, and works flawlessly with the autounattend.xml file generated from here on 4 different computers.

cschneegans commented 3 months ago

The bloatware removal scripts write output and errors to three log files:

  • C:\Windows\Temp\remove-caps.log
  • C:\Windows\Temp\remove-features.log
  • C:\Windows\Temp\remove-packages.log

To inspect those files, launch an elevated PowerShell session and type this command: Get-ChildItem -LiteralPath C:\Windows\Temp -Force -Filter remove*.log | Get-Content | ConvertFrom-Json

thank you in advanced for this great utility yes, you are right - there are only icon from defender, however, all apps still persists, everything other works i'm not editing *.xml neither install it on other disk

You really need to check the log files.

cschneegans commented 3 months ago

I am really not a fan of SmartScreen either, do you think you could add an option to remove that? It's an awful system that nobody wants as it's so intrusive and confusing.

Compared to other Windows security settings, SmartScreen really seems to be a nightmare to configure. For example, Shawn Brink has at least four tutorials to cover this topic:

His .reg files are usually very good, but I simply cannot guarantee they all work as intended on both Windows 10 and 11. Also, there might be interdependencies with other settings offered by my service (like Disable Windows Defender), and testing all combinations is not possible for me. Furthermore, since I use Google Chrome, I have never experienced that much problems with SmartScreen.

For the time being, I do not intend to add SmartScreen settings to my service. However, I will look into the possibility to use Group Policies with autounattend.xml files – these seem to be much more manageable than .reg files.

stimpy81 commented 3 months ago

As far as I'm aware, there is no difference between 10 & 11. I posted the script many months ago over on My Digital Life and I've had zero issues reported, but obviously that's no guarantee. I did use Shawns work as some of the reference for my script, but it's very simplistic and does not stay disabled for long, but most of it came from manually digging through the registry and a few other sources too - A compilation of greatest hits if you will!

SmartScreen is more of an annoyance than anything. It's what is responsible, among other things, for those annoying blue dialog boxes that ask if you are sure you want to install and application or not, and the one that you have to click a link to actually run it. It's reliant on an Internet connection, as it sends a file hash to Microsoft and compares it to their own database before allowing the user to run the installation or not. It can be very slow, but it's mostly confusing for those that don't really understand that they have to click the "more info" link to actually run something that Microsoft does not have in its database...

image

But I totally understand your point and appreciate you looking into the group policy option.

cschneegans commented 3 months ago

It turned out that SmartScreen configuration is not that hard after all – https://github.com/cschneegans/unattend-generator/commit/355cad9c9d272ff20c5ce2f175a5c932b9d9bc94 consists of only 9 registry values.

This is how the SmartScreen settings page looks in Windows 11 immediately after installation with the new Disable SmartScreen in Windows and Edge setting enabled:

no-smartscreen-win11

stimpy81 commented 3 months ago

Thank you so much!

hitesh920 commented 2 months ago

You are correct to observe that the Windows Security notification icon is still there:

image

However, that's not a bad thing, as this also means that Windows will not complain about Defender not running. The relevant Defender services and the MsMpEng.exe process are indeed disabled:

PS C:\> Get-Service -Name Sense, WdBoot, WdFilter, WdNisDrv, WdNisSvc, WinDefend

Status   Name               DisplayName
------   ----               -----------
Stopped  Sense              Windows Defender Advanced Threat Pr...
Stopped  WdBoot             Microsoft Defender Antivirus Boot D...
Stopped  WdFilter           Microsoft Defender Antivirus Mini-F...
Stopped  WdNisDrv           Microsoft Defender Antivirus Networ...
Stopped  WdNisSvc           Microsoft Defender Antivirus Networ...
Stopped  WinDefend          Microsoft Defender Antivirus Service

PS C:\> Get-Process -Name MsMpEng
Get-Process : Cannot find a process with the name "MsMpEng". Verify the process name and call the cmdlet again.

Furthermore, I have just added a new option Disable Smart App Control for Windows 11, based on Shawn Brink's .reg files. Feel free to check it out.

Mines still running.... I selected offline account And booted with the first administrator account.... It got enabled in few minutes... after installing graphics card driver and checking for upfates

cschneegans commented 2 months ago

Mines still running....

What processes exactly are still running? What .iso image did you use? Also, please attach your autounattend.xml file.

hitesh920 commented 2 months ago

Mines still running....

What processes exactly are still running? What .iso image did you use? Also, please attach your autounattend.xml file.

image

and

Here's the xml file

i used official iso. used a offline account on the first boot i installed graphic card driver and all directx and visualc++ files then i tried to update the windows and i noticed defiender is running..

cschneegans commented 2 months ago

i used official iso.

So that means Win11_23H2_English_x64v2.iso, or what?

hitesh920 commented 2 months ago

i used official iso.

So that means Win11_23H2_English_x64v2.iso, or what?

en-us_windows_11_consumer_editions_version_23h2_updated_sep_2024_x64_dvd_edcefbe4.iso

Its a official iso just upto date... I tried this in a vm with the same xml file.... defender services were stopped...

When i install it physically... Defender services was working...

stimpy81 commented 2 months ago

The only way forward with Defender is a separate removal tool. I have found one that works flawlessly, but every now and then, Microsoft will re-enable Defender in an update.

I believe the best way is to remove Defender from the install media, but I have no idea how you would do that easily.

cschneegans commented 2 months ago

en-us_windows_11_consumer_editions_version_23h2_updated_sep_2024_x64_dvd_edcefbe4.iso

Its a official iso just upto date...

So it's not an official image then.

You need at least check if the Defender services (Sense, WdBoot, WdFilter, WdNisDrv, WdNisSvc, WinDefend) are already running immediately after Windows has been installed. Also check the StartType property, like so:

Get-Service -Name Sense, WdBoot, WdFilter, WdNisDrv, WdNisSvc, WinDefend | Format-Table -AutoSize -Property Name, Status, StartType

kmx-max commented 2 months ago

@cschneegans Hi, I am currently using the Windows 11 (24H2) Insider Preview (Release Preview Channel) - Build 26100.1150 ISO but the autounattend.xml is not loading, is it the ISO issue? I installed the ISO from the official Microsoft website. I tried the same autounattend.xml on 23H2 and it works fine but I need it on 24H2. I am not using any special customization like bloatware gone, just creating user account and changing the time zone etc. Any help would be appreciated thank you.

stimpy81 commented 2 months ago

@cschneegans Hi, I am currently using the Windows 11 (24H2) Insider Preview (Release Preview Channel) - Build 26100.1150 ISO but the autounattend.xml is not loading, is it the ISO issue? I installed the ISO from the official Microsoft website. I tried the same autounattend.xml on 23H2 and it works fine but I need it on 24H2. I am not using any special customization like bloatware gone, just creating user account and changing the time zone etc. Any help would be appreciated thank you.

Strange, as I use 24H2 and it has always worked perfectly, and I do use it to remove many apps etc...

kmx-max commented 2 months ago

@cschneegans Hi, I am currently using the Windows 11 (24H2) Insider Preview (Release Preview Channel) - Build 26100.1150 ISO but the autounattend.xml is not loading, is it the ISO issue? I installed the ISO from the official Microsoft website. I tried the same autounattend.xml on 23H2 and it works fine but I need it on 24H2. I am not using any special customization like bloatware gone, just creating user account and changing the time zone etc. Any help would be appreciated thank you.

Strange, as I use 24H2 and it has always worked perfectly, and I do use it to remove many apps etc...

Yes, as it can be used on 23H2 it wouldn't be the autounattend.xml issue right? So, am I using the wrong 24H2 ISO, are you able to check on your end if it works using my exact 24H2 ISO version? Or can you tell me which 24H2 ISO you are using?

stimpy81 commented 2 months ago

@cschneegans Hi, I am currently using the Windows 11 (24H2) Insider Preview (Release Preview Channel) - Build 26100.1150 ISO but the autounattend.xml is not loading, is it the ISO issue? I installed the ISO from the official Microsoft website. I tried the same autounattend.xml on 23H2 and it works fine but I need it on 24H2. I am not using any special customization like bloatware gone, just creating user account and changing the time zone etc. Any help would be appreciated thank you.

Strange, as I use 24H2 and it has always worked perfectly, and I do use it to remove many apps etc...

Yes, as it can be used on 23H2 it wouldn't be the autounattend.xml issue right? So, am I using the wrong 24H2 ISO, are you able to check on your end if it works using my exact 24H2 ISO version? Or can you tell me which 24H2 ISO you are using?

I use an image ( 26100.1876.240918-1021.GE_RELEASE_SVC_PROD3_CLIENTMULTI_X64FRE_EN-GB) generated by uupdump(DotNet), which comes from MS own servers.

As yes, I think you're correct that the file must be ok if it works with the 23H2 image.

cschneegans commented 2 months ago

Hi, I am currently using the Windows 11 (24H2) Insider Preview (Release Preview Channel) - Build 26100.1150 ISO but the autounattend.xml is not loading, is it the ISO issue?

The autounattend.xml files generated by my service should work with any Windows 10 or Windows 11 edition and version.

Do you add the autounattend.xml into the image? If so, I strongly advise against it. Instead, use the approach described in the usage notes.

kmx-max commented 2 months ago

Hi, I am currently using the Windows 11 (24H2) Insider Preview (Release Preview Channel) - Build 26100.1150 ISO but the autounattend.xml is not loading, is it the ISO issue?

The autounattend.xml files generated by my service should work with any Windows 10 or Windows 11 edition and version.

Do you add the autounattend.xml into the image? If so, I strongly advise against it. Instead, use the approach described in the usage notes.

I used the same method as described in the usage notes but it still does not work, are there any other solutions I can try?

cschneegans commented 2 months ago

I used the same method as described in the usage notes but it still does not work, are there any other solutions I can try?

Maybe there is another autounattend.xml file – which may contain only a few instructions or none at all – higher up in the search order?

Also check the setupact.log file. To do so, press Shift+F10 after Windows Setup has started. In the console window that pops up, type notepad X:\Windows\setupact.log. The file should look like this:

image

kmx-max commented 2 months ago

I used the same method as described in the usage notes but it still does not work, are there any other solutions I can try?

Maybe there is another autounattend.xml file – which may contain only a few instructions or none at all – higher up in the search order?

Also check the setupact.log file. To do so, press Shift+F10 after Windows Setup has started. In the console window that pops up, type notepad X:\Windows\setupact.log. The file should look like this:

image

Hi, I used the image from what stimpy81 commented and it was able to load the initial part of the autounattend.xml, where it will select the language settings. But after when it installs finished, I will still need to manually select the region, create my own user account, etc. And I did what you asked, the setupact.log something weird as compared to yours is that the same 3 line of code you circled, I have 2 set of it, most likely it ran twice. Do you think that is the cause as to why my autoattend.xml is not working? I checked and there is no other autounattend.xml file I can find. By the way I tried to re-download the xml file and try again but it is the same result.

stimpy81 commented 2 months ago

Your issue is really odd... I'm scratching my head trying to think what would cause this... All I can come up with is some kind of hardware instability, like bad memory or USB/SSD/HDD acting up. It's really weird, as we are using the same image, and I can install Windows without these errors, as I also set language options, 2 of them actually.

But in fairness, I'm also having an issue with the show all icons on taskbar option, where the files that control this do not get installed during installation. I'm wondering if the new setup in 24H2 is bugged, or somehow sensitive to hardware.

Would you mind sharing the tech specs of your computer?

kmx-max commented 2 months ago

Your issue is really odd... I'm scratching my head trying to think what would cause this... All I can come up with is some kind of hardware instability, like bad memory or USB/SSD/HDD acting up. It's really weird, as we are using the same image, and I can install Windows without these errors, as I also set language options, 2 of them actually.

But in fairness, I'm also having an issue with the show all icons on taskbar option, where the files that control this do not get installed during installation. I'm wondering if the new setup in 24H2 is bugged, or somehow sensitive to hardware.

Would you mind sharing the tech specs of your computer?

I highly doubt it is the hardware instability as I tried back on 23H2 multiple times, and it works perfectly well. I am thinking whether if the autounattend.xml generated might not be compatible for 24H2. The autounattend.xml most likely stopped at the settings pass "oobeSystem". Not sure where I can check where it stopped exactly, because for the setup portion it works.

kmx-max commented 2 months ago

autounattend.zip

Not sure if you guys can see but this is the autounattend.xml I generated with the settings I want, I am hoping if you guys can check if there are any abnormalities in it.

cschneegans commented 2 months ago

Not sure if you guys can see but this is the autounattend.xml I generated with the settings I want, I am hoping if you guys can check if there are any abnormalities in it.

This file looks perfectly fine. You should show us your setupact.log file. You can copy the file to a thumb drive during Windows Setup, but a simple photo taken with your phone will also suffice.

GTMoraes commented 2 months ago

Just tried on a freshly downloaded Windows 11 (24H2) Insider Preview (Release Preview Channel) - Build 26100.1150 ISO. The ISO was installed through a flash stick, created with Rufus 4.5. No Rufus Windows settings were selected.

I've made an autounattend file, and it also didn't apply the changes. Maybe it's incompatible with this 24H2 build.

Device is an Asus ROG Ally

Here's setupact.log

2024-09-26 21:16:20, Info                  UI     Determining whether we should run ConX or legacy setup
2024-09-26 21:16:20, Info                  UI     Will launch ConX setup experience
2024-09-26 21:16:20, Info                         [setup.exe] UnattendSearchExplicitPath: Found unattend file at [D:\autounattend.xml]; examining for applicability.
2024-09-26 21:16:20, Info                         [setup.exe] UnattendSearchExplicitPath: Found usable unattend file for pass [windowsPE] at [D:\autounattend.xml].
2024-09-26 21:16:20, Info                         [setup.exe] UnattendSearchExplicitPath: Found usable unattend file for pass [offlineServicing] at [D:\autounattend.xml].
2024-09-26 21:16:20, Info                         [setup.exe] UnattendSearchExplicitPath: Found unattend file at [D:\autounattend.xml]; examining for applicability.
2024-09-26 21:16:20, Info                         [setup.exe] UnattendSearchExplicitPath: Found usable unattend file for pass [windowsPE] at [D:\autounattend.xml].
2024-09-26 21:16:20, Info                         [setup.exe] UnattendSearchExplicitPath: Found usable unattend file for pass [offlineServicing] at [D:\autounattend.xml].
2024-09-26 21:16:20, Info                  UI     Initializing Media class driver for audio support
2024-09-26 21:16:20, Info                  UI     Initializing media class driver status: 0
2024-09-26 21:16:20, Info                  UI     Launching ConX setup experience
2024-09-26 21:16:20, Info                  UI     Inspecting ConX Setup Cmdline
2024-09-26 21:16:20, Info                  UI     Launching X:\Sources\SetupPrep.exe /boot

As this is a release preview build, I'm unsure whether that's how it works, but as soon as I fire up the setup, I'm not greeted as usual by the setup. It quickly opens and closes a lot of windows, then throws me to an advanced "select partition" screen (which doesn't look like the usual one). After selecting, it starts right away.

However, the OOBE still runs and seems to be completely unaffected. I had set up a PC name, which didn't apply after the windows setup finished, and I also had to create an username and password. "Luckily" it didn't dectect my wi-fi drivers, so I could click "I don't have internet" and create an offline user. It still asked the usual stuff about privacy, and all bloat seemed to be there after the setup was completed.

cschneegans commented 2 months ago

Just tried on a freshly downloaded Windows 11 (24H2) Insider Preview (Release Preview Channel) - Build 26100.1150 ISO. The ISO was installed through a flash stick, created with Rufus 4.5. No Rufus Windows settings were selected.

This is the same image I have used for several weeks now. The main difference is that I do not use Rufus. As Rufus might very well be the cause of this issue, install Windows without it:

As this is a release preview build, I'm unsure whether that's how it works, but as soon as I fire up the setup, I'm not greeted as usual by the setup. It quickly opens and closes a lot of windows,

Those would be commands that are associated with the

settings. This means that Windows Setup actually uses your autounattend.xml file – at least during the windowsPE stage.

then throws me to an advanced "select partition" screen (which doesn't look like the usual one).

24H2 apparently defaults to the new “ConX” setup experience. (This has nothing to do with the autounattend.xml process.) The dialog you saw probably looked like this one:

image

However, the OOBE still runs and seems to be completely unaffected. I had set up a PC name, which didn't apply after the windows setup finished, and I also had to create an username and password. "Luckily" it didn't dectect my wi-fi drivers, so I could click "I don't have internet" and create an offline user. It still asked the usual stuff about privacy, and all bloat seemed to be there after the setup was completed.

The most simple explanation is that Windows Setup cannot find an answer file after the windowsPE stage, i.e. after the computer reboots. The process in the later stages of Windows Setup relies on a copy being placed at C:\Windows\Panther\unattend.xml. Check that such a file exists, and feel free to post it here.

GTMoraes commented 2 months ago

The most simple explanation is that Windows Setup cannot find an answer file after the windowsPE stage, i.e. after the computer reboots. The process in the later stages of Windows Setup relies on a copy being placed at C:\Windows\Panther\unattend.xml. Check that such a file exists, and feel free to post it here.

There is an unattend.xml and unattend-original.xml. The unattend-original has a modified date one hour later than the unattend.

Those are the contents:

unattend.xml

<?xml version='1.0' encoding='utf-8'?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
  <settings pass="specialize" wasPassProcessed="true">
    <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" language="neutral" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" publicKeyToken="31bf3856ad364e35" versionScope="nonSxS">
      <RunSynchronous>
        <RunSynchronousCommand wcm:action="add">
          <Order>1</Order>
          <Path>reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE /v BypassNRO /t REG_DWORD /d 1 /f</Path>
        </RunSynchronousCommand>
      </RunSynchronous>
    </component>
  </settings>
</unattend>

unattend-original.xml

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
    <!--https://schneegans.de/windows/unattend-generator/?LanguageMode=Unattended&UILanguage=en-US&Locale=en-US&Keyboard=00020409&UseKeyboard2=true&Locale2=pt-BR&Keyboard2=00000416&GeoLocation=32&ProcessorArchitecture=amd64&BypassRequirementsCheck=true&ComputerNameMode=Custom&ComputerName=GT-ALLY&TimeZoneMode=Implicit&PartitionMode=Interactive&WindowsEditionMode=Unattended&WindowsEdition=pro&UserAccountMode=Unattended&AccountName0=GTM&AccountPassword0=123pass&AccountGroup0=Administrators&AccountName1=&AccountName2=&AccountName3=&AccountName4=&AutoLogonMode=Own&PasswordExpirationMode=Unlimited&LockoutMode=Default&HideFiles=None&ShowFileExtensions=true&DisableWidgets=true&ClassicContextMenu=true&DeleteTaskbarIcons=true&DisableDefender=true&DisableUac=true&DisableSystemRestore=true&EnableLongPaths=true&HardenSystemDriveAcl=true&DisableLastAccess=true&NoAutoRebootWithLoggedOnUsers=true&DisableAppSuggestions=true&HideEdgeFre=true&WifiMode=Interactive&ExpressSettings=DisableAll&KeysMode=Skip&WallpaperMode=Default&Remove3DViewer=true&RemoveBingSearch=true&RemoveClipchamp=true&RemoveCopilot=true&RemoveCortana=true&RemoveDevHome=true&RemoveFamily=true&RemoveFeedbackHub=true&RemoveGetHelp=true&RemoveMailCalendar=true&RemoveMaps=true&RemoveMathInputPanel=true&RemoveMixedReality=true&RemoveZuneVideo=true&RemoveNews=true&RemoveOffice365=true&RemoveOneDrive=true&RemoveOneNote=true&RemoveOpenSSHClient=true&RemoveOutlook=true&RemovePaint3D=true&RemovePeople=true&RemovePhotos=true&RemovePowerAutomate=true&RemoveQuickAssist=true&RemoveRecall=true&RemoveRdpClient=true&RemoveSkype=true&RemoveSolitaire=true&RemoveStepsRecorder=true&RemoveStickyNotes=true&RemoveTeams=true&RemoveGetStarted=true&RemoveToDo=true&RemoveWeather=true&RemoveWindowsMediaPlayer=true&RemoveZuneMusic=true&RemoveXboxApps=true&RemoveYourPhone=true&WdacMode=Skip-->
    <settings pass="offlineServicing"></settings>
    <settings pass="windowsPE">
        <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
            <SetupUILanguage>
                <UILanguage>en-US</UILanguage>
            </SetupUILanguage>
            <InputLocale>0409:00020409;0416:00000416</InputLocale>
            <SystemLocale>en-US</SystemLocale>
            <UILanguage>en-US</UILanguage>
            <UserLocale>en-US</UserLocale>
        </component>
        <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
            <UserData>
                <ProductKey>
                    <Key>VK7JG-NPHTM-C97JM-9MPGT-3V66T</Key>
                </ProductKey>
                <AcceptEula>true</AcceptEula>
            </UserData>
            <RunSynchronous>
                <RunSynchronousCommand wcm:action="add">
                    <Order>1</Order>
                    <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassTPMCheck /t REG_DWORD /d 1 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>2</Order>
                    <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassSecureBootCheck /t REG_DWORD /d 1 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>3</Order>
                    <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassRAMCheck /t REG_DWORD /d 1 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>4</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo Set fso = CreateObject( "Scripting.FileSystemObject" )"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>5</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo Set dic = CreateObject( "Scripting.Dictionary" )"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>6</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo initialized = false"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>7</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo Do"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>8</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo     For Each drive In fso.Drives"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>9</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo         If drive.IsReady Then"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>10</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo             If drive.DriveLetter ^&lt;^&gt; "X" Then"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>11</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo                 For Each folder In Array( "$Windows.~BT\NewOS\Windows", "Windows" )"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>12</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo                     file = fso.BuildPath( fso.BuildPath( drive.RootFolder, folder ), "System32\config\SYSTEM" )"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>13</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo                     If fso.FileExists( file ) And fso.FileExists( file + ".LOG1" ) And fso.FileExists( file + ".LOG2" ) Then"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>14</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo                         If Not initialized Then"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>15</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo                             dic.Add file, Nothing"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>16</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo                         ElseIf Not dic.Exists( file ) Then"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>17</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo                             Set shell = CreateObject( "WScript.Shell" )"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>18</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo                             ret = 1"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>19</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo                             Do"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>20</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo                                 WScript.Sleep 500"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>21</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo                                 ret = shell.Run( "reg.exe LOAD HKLM\mount " + file, 0, True )"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>22</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo                             Loop While ret ^&gt; 0"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>23</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo                             For Each service In Array( "Sense", "WdBoot", "WdFilter", "WdNisDrv", "WdNisSvc", "WinDefend" )"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>24</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo                                 ret = shell.Run( "reg.exe ADD HKLM\mount\ControlSet001\Services\" + service + " /v Start /t REG_DWORD /d 4 /f", 0, True )"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>25</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo                             Next"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>26</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo                             ret = shell.Run( "reg.exe UNLOAD HKLM\mount", 0, True )"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>27</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo                             Exit Do"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>28</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo                         End If"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>29</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo                     End If"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>30</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo                 Next"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>31</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo             End If"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>32</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo         End If"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>33</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo     Next"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>34</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo     initialized = true"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>35</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo     WScript.Sleep 1000"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>36</Order>
                    <Path>cmd.exe /c "&gt;&gt;"X:\disable-defender.vbs" echo Loop"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>37</Order>
                    <Path>cmd.exe /c "start /MIN cscript.exe //E:vbscript X:\disable-defender.vbs"</Path>
                </RunSynchronousCommand>
            </RunSynchronous>
        </component>
    </settings>
    <settings pass="generalize"></settings>
    <settings pass="specialize">
        <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
            <RunSynchronous>
                <RunSynchronousCommand wcm:action="add">
                    <Order>1</Order>
                    <Path>reg.exe load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>2</Order>
                    <Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v "UninstallCopilot" /t REG_SZ /d "powershell.exe -NoProfile -Command \"Get-AppxPackage -Name 'Microsoft.Windows.Ai.Copilot.Provider' | Remove-AppxPackage;\"" /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>3</Order>
                    <Path>reg.exe add "HKU\DefaultUser\Software\Policies\Microsoft\Windows\WindowsCopilot" /v TurnOffWindowsCopilot /t REG_DWORD /d 1 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>4</Order>
                    <Path>reg.exe unload "HKU\DefaultUser"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>5</Order>
                    <Path>reg.exe delete "HKLM\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\DevHomeUpdate" /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>6</Order>
                    <Path>cmd.exe /c "del "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk""</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>7</Order>
                    <Path>cmd.exe /c "del "C:\Windows\System32\OneDriveSetup.exe""</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>8</Order>
                    <Path>cmd.exe /c "del "C:\Windows\SysWOW64\OneDriveSetup.exe""</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>9</Order>
                    <Path>reg.exe load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>10</Order>
                    <Path>reg.exe delete "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Run" /v OneDriveSetup /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>11</Order>
                    <Path>reg.exe unload "HKU\DefaultUser"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>12</Order>
                    <Path>reg.exe delete "HKLM\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\OutlookUpdate" /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>13</Order>
                    <Path>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Communications" /v ConfigureChatAutoInstall /t REG_DWORD /d 0 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>14</Order>
                    <Path>powershell.exe -NoProfile -Command "$xml = [xml]::new(); $xml.Load('C:\Windows\Panther\unattend.xml'); $sb = [scriptblock]::Create( $xml.unattend.Extensions.ExtractScript ); Invoke-Command -ScriptBlock $sb -ArgumentList $xml;"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>15</Order>
                    <Path>powershell.exe -NoProfile -Command "Get-Content -LiteralPath 'C:\Windows\Temp\remove-packages.ps1' -Raw | Invoke-Expression;"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>16</Order>
                    <Path>powershell.exe -NoProfile -Command "Get-Content -LiteralPath 'C:\Windows\Temp\remove-caps.ps1' -Raw | Invoke-Expression;"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>17</Order>
                    <Path>powershell.exe -NoProfile -Command "Get-Content -LiteralPath 'C:\Windows\Temp\remove-features.ps1' -Raw | Invoke-Expression;"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>18</Order>
                    <Path>reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Start" /v ConfigureStartPins /t REG_SZ /d "{ \"pinnedList\": [] }" /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>19</Order>
                    <Path>reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Start" /v ConfigureStartPins_ProviderSet /t REG_DWORD /d 1 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>20</Order>
                    <Path>reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Start" /v ConfigureStartPins_WinningProvider /t REG_SZ /d B5292708-1619-419B-9923-E5D9F3925E71 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>21</Order>
                    <Path>reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\providers\B5292708-1619-419B-9923-E5D9F3925E71\default\Device\Start" /v ConfigureStartPins /t REG_SZ /d "{ \"pinnedList\": [] }" /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>22</Order>
                    <Path>reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\providers\B5292708-1619-419B-9923-E5D9F3925E71\default\Device\Start" /v ConfigureStartPins_LastWrite /t REG_DWORD /d 1 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>23</Order>
                    <Path>reg.exe load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>24</Order>
                    <Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v "GeoLocation" /t REG_SZ /d "powershell.exe -NoProfile -Command \"Set-WinHomeLocation -GeoId 32;\"" /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>25</Order>
                    <Path>reg.exe unload "HKU\DefaultUser"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>26</Order>
                    <Path>net.exe accounts /maxpwage:UNLIMITED</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>27</Order>
                    <Path>reg.exe load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>28</Order>
                    <Path>reg.exe add "HKU\DefaultUser\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>29</Order>
                    <Path>reg.exe add "HKU\DefaultUser\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Hidden" /t REG_DWORD /d 1 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>30</Order>
                    <Path>reg.exe add "HKU\DefaultUser\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSuperHidden" /t REG_DWORD /d 1 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>31</Order>
                    <Path>reg.exe unload "HKU\DefaultUser"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>32</Order>
                    <Path>powershell.exe -NoProfile -Command "Get-Content -LiteralPath 'C:\Windows\Setup\Scripts\DeleteTaskbarIcons.ps1' -Raw | Invoke-Expression;"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>33</Order>
                    <Path>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>34</Order>
                    <Path>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\FileSystem" /v LongPathsEnabled /t REG_DWORD /d 1 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>35</Order>
                    <Path>icacls.exe C:\ /remove:g "*S-1-5-11"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>36</Order>
                    <Path>fsutil.exe behavior set disableLastAccess 1</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>37</Order>
                    <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v AUOptions /t REG_DWORD /d 4 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>38</Order>
                    <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoRebootWithLoggedOnUsers /t REG_DWORD /d 1 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>39</Order>
                    <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Dsh" /v AllowNewsAndInterests /t REG_DWORD /d 0 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>40</Order>
                    <Path>reg.exe load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>41</Order>
                    <Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "ContentDeliveryAllowed" /t REG_DWORD /d 0 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>42</Order>
                    <Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "FeatureManagementEnabled" /t REG_DWORD /d 0 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>43</Order>
                    <Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "OEMPreInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>44</Order>
                    <Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>45</Order>
                    <Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEverEnabled" /t REG_DWORD /d 0 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>46</Order>
                    <Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SilentInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>47</Order>
                    <Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SoftLandingEnabled" /t REG_DWORD /d 0 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>48</Order>
                    <Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContentEnabled" /t REG_DWORD /d 0 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>49</Order>
                    <Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-310093Enabled" /t REG_DWORD /d 0 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>50</Order>
                    <Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338387Enabled" /t REG_DWORD /d 0 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>51</Order>
                    <Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338388Enabled" /t REG_DWORD /d 0 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>52</Order>
                    <Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338389Enabled" /t REG_DWORD /d 0 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>53</Order>
                    <Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338393Enabled" /t REG_DWORD /d 0 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>54</Order>
                    <Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353698Enabled" /t REG_DWORD /d 0 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>55</Order>
                    <Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SystemPaneSuggestionsEnabled" /t REG_DWORD /d 0 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>56</Order>
                    <Path>reg.exe unload "HKU\DefaultUser"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>57</Order>
                    <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 0 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>58</Order>
                    <Path>reg.exe load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>59</Order>
                    <Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v "ClassicContextMenu" /t REG_SZ /d "reg.exe add \"HKCU\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32\" /ve /f" /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>60</Order>
                    <Path>reg.exe unload "HKU\DefaultUser"</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Order>61</Order>
                    <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v HideFirstRunExperience /t REG_DWORD /d 1 /f</Path>
                </RunSynchronousCommand>
            </RunSynchronous>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
            <ComputerName>GT-ALLY</ComputerName>
        </component>
    </settings>
    <settings pass="auditSystem"></settings>
    <settings pass="auditUser"></settings>
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
            <InputLocale>0409:00020409;0416:00000416</InputLocale>
            <SystemLocale>en-US</SystemLocale>
            <UILanguage>en-US</UILanguage>
            <UserLocale>en-US</UserLocale>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
            <UserAccounts>
                <LocalAccounts>
                    <LocalAccount wcm:action="add">
                        <Name>GTM</Name>
                        <Group>Administrators</Group>
                        <Password>
                            <Value>123pass</Value>
                            <PlainText>true</PlainText>
                        </Password>
                    </LocalAccount>
                </LocalAccounts>
            </UserAccounts>
            <AutoLogon>
                <Username>GTM</Username>
                <Enabled>true</Enabled>
                <LogonCount>1</LogonCount>
                <Password>
                    <Value>123pass</Value>
                    <PlainText>true</PlainText>
                </Password>
            </AutoLogon>
            <OOBE>
                <ProtectYourPC>3</ProtectYourPC>
                <HideEULAPage>true</HideEULAPage>
                <HideWirelessSetupInOOBE>false</HideWirelessSetupInOOBE>
            </OOBE>
            <FirstLogonCommands>
                <SynchronousCommand wcm:action="add">
                    <Order>1</Order>
                    <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 0 /f</CommandLine>
                </SynchronousCommand>
                <SynchronousCommand wcm:action="add">
                    <Order>2</Order>
                    <CommandLine>powershell.exe -NoProfile -Command "Disable-ComputerRestore -Drive 'C:\';"</CommandLine>
                </SynchronousCommand>
            </FirstLogonCommands>
        </component>
    </settings>
    <Extensions xmlns="https://schneegans.de/windows/unattend-generator/">
        <ExtractScript>
param(
    [xml] $Document
);

$scriptsDir = 'C:\Windows\Setup\Scripts\';
foreach( $file in $Document.unattend.Extensions.File ) {
    $path = [System.Environment]::ExpandEnvironmentVariables(
        $file.GetAttribute( 'path' )
    );
    if( $path.StartsWith( $scriptsDir ) ) {
        mkdir -Path $scriptsDir -ErrorAction 'SilentlyContinue';
    }
    $encoding = switch( [System.IO.Path]::GetExtension( $path ) ) {
        { $_ -in '.ps1', '.xml' } { [System.Text.Encoding]::UTF8; }
        { $_ -in '.reg', '.vbs', '.js' } { [System.Text.UnicodeEncoding]::new( $false, $true ); }
        default { [System.Text.Encoding]::Default; }
    };
    [System.IO.File]::WriteAllBytes( $path, ( $encoding.GetPreamble() + $encoding.GetBytes( $file.InnerText.Trim() ) ) );
}
        </ExtractScript>
        <File path="C:\Windows\Temp\remove-packages.ps1">
$selectors = @(
    'Microsoft.Microsoft3DViewer';
    'Microsoft.BingSearch';
    'Clipchamp.Clipchamp';
    'Microsoft.549981C3F5F10';
    'Microsoft.Windows.DevHome';
    'MicrosoftCorporationII.MicrosoftFamily';
    'Microsoft.WindowsFeedbackHub';
    'Microsoft.GetHelp';
    'Microsoft.Getstarted';
    'microsoft.windowscommunicationsapps';
    'Microsoft.WindowsMaps';
    'Microsoft.MixedReality.Portal';
    'Microsoft.BingNews';
    'Microsoft.MicrosoftOfficeHub';
    'Microsoft.Office.OneNote';
    'Microsoft.OutlookForWindows';
    'Microsoft.MSPaint';
    'Microsoft.People';
    'Microsoft.Windows.Photos';
    'Microsoft.PowerAutomateDesktop';
    'MicrosoftCorporationII.QuickAssist';
    'Microsoft.SkypeApp';
    'Microsoft.MicrosoftSolitaireCollection';
    'Microsoft.MicrosoftStickyNotes';
    'MicrosoftTeams';
    'MSTeams';
    'Microsoft.Todos';
    'Microsoft.BingWeather';
    'Microsoft.Xbox.TCUI';
    'Microsoft.XboxApp';
    'Microsoft.XboxGameOverlay';
    'Microsoft.XboxGamingOverlay';
    'Microsoft.XboxIdentityProvider';
    'Microsoft.XboxSpeechToTextOverlay';
    'Microsoft.GamingApp';
    'Microsoft.YourPhone';
    'Microsoft.ZuneMusic';
    'Microsoft.ZuneVideo';
);
$getCommand = { Get-AppxProvisionedPackage -Online; };
$filterCommand = { $_.DisplayName -eq $selector; };
$removeCommand = {
  [CmdletBinding()]
  param(
    [Parameter( Mandatory, ValueFromPipeline )]
    $InputObject
  );
  process {
    $InputObject | Remove-AppxProvisionedPackage -AllUsers -Online -ErrorAction 'Continue';
  }
};
$type = 'Package';
$logfile = 'C:\Windows\Temp\remove-packages.log';
&amp; {
    $installed = &amp; $getCommand;
    foreach( $selector in $selectors ) {
        $result = [ordered] @{
            Selector = $selector;
        };
        $found = $installed | Where-Object -FilterScript $filterCommand;
        if( $found ) {
            $result.Output = $found | &amp; $removeCommand;
            if( $? ) {
                $result.Message = "$type removed.";
            } else {
                $result.Message = "$type not removed.";
                $result.Error = $Error[0];
            }
        } else {
            $result.Message = "$type not installed.";
        }
        $result | ConvertTo-Json -Depth 3 -Compress;
    }
} *&gt;&amp;1 &gt;&gt; $logfile;
        </File>
        <File path="C:\Windows\Temp\remove-caps.ps1">
$selectors = @(
    'MathRecognizer';
    'OpenSSH.Client';
    'App.Support.QuickAssist';
    'App.StepsRecorder';
    'Media.WindowsMediaPlayer';
);
$getCommand = { Get-WindowsCapability -Online; };
$filterCommand = { ($_.Name -split '~')[0] -eq $selector; };
$removeCommand = {
  [CmdletBinding()]
  param(
    [Parameter( Mandatory, ValueFromPipeline )]
    $InputObject
  );
  process {
    $InputObject | Remove-WindowsCapability -Online -ErrorAction 'Continue';
  }
};
$type = 'Capability';
$logfile = 'C:\Windows\Temp\remove-caps.log';
&amp; {
    $installed = &amp; $getCommand;
    foreach( $selector in $selectors ) {
        $result = [ordered] @{
            Selector = $selector;
        };
        $found = $installed | Where-Object -FilterScript $filterCommand;
        if( $found ) {
            $result.Output = $found | &amp; $removeCommand;
            if( $? ) {
                $result.Message = "$type removed.";
            } else {
                $result.Message = "$type not removed.";
                $result.Error = $Error[0];
            }
        } else {
            $result.Message = "$type not installed.";
        }
        $result | ConvertTo-Json -Depth 3 -Compress;
    }
} *&gt;&amp;1 &gt;&gt; $logfile;
        </File>
        <File path="C:\Windows\Temp\remove-features.ps1">
$selectors = @(
    'Microsoft-RemoteDesktopConnection';
    'Recall';
);
$getCommand = { Get-WindowsOptionalFeature -Online; };
$filterCommand = { $_.FeatureName -eq $selector; };
$removeCommand = {
  [CmdletBinding()]
  param(
    [Parameter( Mandatory, ValueFromPipeline )]
    $InputObject
  );
  process {
    $InputObject | Disable-WindowsOptionalFeature -Online -Remove -NoRestart -ErrorAction 'Continue';
  }
};
$type = 'Feature';
$logfile = 'C:\Windows\Temp\remove-features.log';
&amp; {
    $installed = &amp; $getCommand;
    foreach( $selector in $selectors ) {
        $result = [ordered] @{
            Selector = $selector;
        };
        $found = $installed | Where-Object -FilterScript $filterCommand;
        if( $found ) {
            $result.Output = $found | &amp; $removeCommand;
            if( $? ) {
                $result.Message = "$type removed.";
            } else {
                $result.Message = "$type not removed.";
                $result.Error = $Error[0];
            }
        } else {
            $result.Message = "$type not installed.";
        }
        $result | ConvertTo-Json -Depth 3 -Compress;
    }
} *&gt;&amp;1 &gt;&gt; $logfile;
        </File>
        <File path="C:\Users\Default\AppData\Local\Microsoft\Windows\Shell\LayoutModification.xml"><![CDATA[
<LayoutModificationTemplate Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
    <LayoutOptions StartTileGroupCellWidth="6" />
    <DefaultLayoutOverride>
        <StartLayoutCollection>
            <StartLayout GroupCellWidth="6" xmlns="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" />
        </StartLayoutCollection>
    </DefaultLayoutOverride>
</LayoutModificationTemplate>
        ]]></File>
        <File path="C:\Windows\Setup\Scripts\DeleteTaskbarIcons.ps1">
reg.exe load 'HKU\DefaultUser' 'C:\Users\Default\NTUSER.DAT';

$command = 'powershell.exe -NoProfile -Command "{0}"' -f { Remove-ItemProperty 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband' '*'; Get-Process 'explorer' | Where-Object { $_.SI -eq (Get-Process -Id $PID).SI; } | Stop-Process; };
Set-ItemProperty -LiteralPath 'Registry::HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\RunOnce' -Name 'DeleteTaskbarIcons' -Type 'String' -Value $command -Force;

reg.exe unload 'HKU\DefaultUser';
        </File>
    </Extensions>
</unattend>

Would this have something to do with Rufus? I've a feeling that it does. Given the ROG Ally is a very modern machine, I suppose that just formatting the flash drive to NTFS and dumping the .iso contents would be sufficient? I'll give it a go, and see if the installation proceeds as expected.

cschneegans commented 2 months ago

Would this have something to do with Rufus? I've a feeling that it does.

Your C:\Windows\Panther\unattend.xml contains only one command, which allows Windows 11 to be installed without internet connection. This is obviously not the answer file that you want to use, and I don't know where that file originates from. Rufus might be one possibility.

Given the ROG Ally is a very modern machine, I suppose that just formatting the flash drive to NTFS and dumping the .iso contents would be sufficient?

Most likely.

GTMoraes commented 2 months ago

Just formatting the flash drive to plain NTFS, without any other partition or anything special, copying the .ISO contents to the flash and pasting the autounattend.xml file did the trick.

Installation proceeded as expected and Windows has just been reinstalled, fully set up as I had selected to. Rufus was the problem, and somehow, somewhere, at some point, it injected its own unattend.xml file.

stimpy81 commented 2 months ago

Yeah, I had to give up on using Rufus to make my USB bootable. I kept getting an error that the disk could not be read, seconds after starting the setup!

So now I just let Windows format it and copy the ISO files to it, and it works without issue.

Darkman6 commented 1 month ago

@cschneegans Hello, what are the requirements for using "Disable Windows Defender"?

I see in your VBS script (in previous versions you had used a batch file) that it searches for "$Windows.~BT\NewOS\Windows". But this directory does not exist anywhere when I start the Windows installation from an USB stick (or ISO-Image in a VM) and with an empty drive (SSD).

I have the issue in Win11 version 23H2 and 24H2.

Does "Disable Windows Defender" only work if I start the installation from an already installed Windows? This is probably the cause of the issue for the other users too.

Here is a screenshot of DISKPART at the beginning of a german installation routine in a VM: grafik

Volume 0 - Driveletter D = ISO-Image Win11 version 23H2 from MCT. Volume 1 - Driveletter E = ISO-Image with "autounattend.xml" from your site.

I have added a text output to your script. You can see the script runs in an infinite loop. grafik

My changes in the script for the text output:

Set fso = CreateObject( "Scripting.FileSystemObject" )
Set dic = CreateObject( "Scripting.Dictionary" )
initialized = false
i = 0 <--- !!!!
Do
    i = i + 1  <--- !!!!
    WScript.Echo "Loop pass: " & i  <--- !!!!
    For Each drive In fso.Drives
        If drive.IsReady Then

[…]

EDIT: After the installation of version 23H2:

PS C:\> Get-Service -Name Sense, WdBoot, WdFilter, WdNisDrv, WdNisSvc, WinDefend

Status   Name               DisplayName
------   ----               -----------
Stopped  Sense              Windows Defender Advanced Threat Pr...
Stopped  WdBoot             Microsoft Defender Antivirus-Startt...
Running  WdFilter           Microsoft Defender Antivirus-Minifi...
Running  WdNisDrv           Treiber für Microsoft Defender Anti...
Running  WdNisSvc           Microsoft Defender Antivirus-Netzwe...
Running  WinDefend          Microsoft Defender Antivirus-Dienst

PS C:\> Get-Process -Name MsMpEng

Handles  NPM(K)    PM(K)      WS(K)     CPU(s)     Id  SI ProcessName
-------  ------    -----      -----     ------     --  -- -----------
    766      68   158392     143784       1,59   1448   0 MsMpEng

PS C:\>
cschneegans commented 1 month ago

I see in your VBS script (in previous versions you had used a batch file) that it searches for "$Windows.~BT\NewOS\Windows". But this directory does not exist anywhere when I start the Windows installation from an USB stick (or ISO-Image in a VM) and with an empty drive (SSD).

That is by design. The script runs during the imaging operation that applies the Windows image to the target partition. It scans for files …\System32\config\SYSTEM that did not exist when Windows Setup started and therefore apparently have just been created by the imaging operation.

The scripts needs to scan all drives because the target partition can be assigned a drive letter other than C:. It also needs to scan two root folders $Windows.~BT\NewOS\Windows and Windows to support both “ConX” and legacy setup modes.

Does the cscript.exe process even launch? When you press Alt+Tab during the imaging operation, the screen should look similar to this:

image

Does "Disable Windows Defender" only work if I start the installation from an already installed Windows?

Of course not. I always run Windows Setup from Windows PE.

GTMoraes commented 1 month ago

A comment about windows defender:

Using the same .iso and the same autounattend file, windows defender was disabled on my ROG Ally, but wasn't disabled on my Vivobook K6502.

There were only two differences between them, one that I installed it on the ROG Ally with a plain USB stick formatted to NTFS, and on the K6502 I had to use Rufus to create a bootable drive (the laptop wouldn't find the USB drive as a bootable device otherwise, no matter what I tried). This time around I quadruple-checked Rufus to ensure it wouldn't auto inject its unattend file, and it didn't. The second difference was that the ROG Ally was connected to Ethernet since the beginning, and the K6502 wasn't, so I was prompted to connect to the internet mid setup. I plugged it in, pressed continue, and it just continued on as usual, unattended.

On the K6502, in the end, everything seemed to go just like the ROG Ally, except it still had Defender enabled and fully functional.

cschneegans commented 1 month ago

Using the same .iso and the same autounattend file, windows defender was disabled on my ROG Ally, but wasn't disabled on my Vivobook K6502.

To identify the cause, I have added more verbose output to the disable-defender.vbs script. Feel free to refresh your autounattend.xml (you can import your existing file and download a new copy) and repeat the installation. Remember to bring the cscript.exe window to the front using Alt+Tab.

On Windows 11 23H2, the output should look like this:

image

On Windows 11 24H2, the output should look like this:

image

Darkman6 commented 1 month ago

Hello,

Thanks for your explanation. So the constant check for "$Windows.~BT\NewOS\Windows" or "Windows" makes sense.

Today I created new autounattend files with your site and it is strange: In Win11 23H2 the disable-defender script often works, but not always. I had done several installations in a VM. In 24H2 the script seems to work always.

I have no idea what the cause of the issue is. But it's good to know the script does work. I must have had bad luck yesterday 😉

Here are two screenshots from 23H2:

Working: VirtualBox_Win11 23H2-Test_30_09_2024_20_14_56

Not working - just before the restart: VirtualBox_Win11 23H2-Test_30_09_2024_19_48_24

Darkman6 commented 1 month ago

Oh no. Forget my previous text.

I was in "Mark" mode in the case where the script didn't work. You can also see it in the screenshot. This blocks the script. Very stupid of me.

Maybe it was my mistake yesterday, too. I'm not sure now. Sorry.

GTMoraes commented 1 month ago

Using the same .iso and the same autounattend file, windows defender was disabled on my ROG Ally, but wasn't disabled on my Vivobook K6502.

To identify the cause, I have added more verbose output to the disable-defender.vbs script. Feel free to refresh your autounattend.xml (you can import your existing file and download a new copy) and repeat the installation. Remember to bring the cscript.exe window to the front using Alt+Tab.

Thanks for the change, however my last installs were final, and I'm using both devices normally. Just a bummer that Windows Defender now pops up every now and then, asking if I want to let something through the firewall on the K6502, even though I'm using another protection suite. This doesn't happen on the Ally, that went through fully.

Both devices are great to use currently, and much cleaner than original. Though modern, they were seriously crippled by bloat from Microsoft and ASUS. I don't even hear or feel the heat from the K6502 anymore, when doing my daily tasks on it! Thanks for this tool.