It’s April 2017 and Microsoft has just released their fourth update / “version” of Windows 10 – externally referred to as the “Creators Update”. Since I haven’t updated my “How To” on creating customized Windows media since Windows 8.1, I think we’re overdue for a follow up. So let’s get into it!
I’ll preface this article by saying that Microsoft has made this effort much simpler since 2014 (when my original write up went live). Not only do we now (natively) support split wims, we’re not obligated to utilize the MDT (Microsoft Deployment Toolkit) if we choose not to (not that there’s anything wrong with using MDT if you’d rather).
For this walk through, I will be detailing the steps I personally use. Please note that there are multiple ways to achieve the same end goal. I have, however, successfully used this method for the last four years without issue – deploying across thousands of computers within the organization I work for (and of course at home as well).
Acquiring the necessary Tools
- Download the Windows ISO for which you are creating custom media. In my case, I’m downloading “en_windows_10_enterprise_version_1703_updated_march_2017_x64_dvd_10189290.iso” from MSDN.
- Download the Windows Assessment and Deployment Kit (ADK) for Windows 10 from here.
Preparing your environment
- Designate a workstation (physical machine) with Hyper-V capability as the “host” for this project. I’m going to assume your host is running Windows 10 Version 1703 already.
- Open the Windows ADK for Windows 10 installer.
- Select and install
Deployment Tools
andWindows Preinstallation Environment (Windows PE)
.
- Select and install
- Enable the Hyper-V Platform and reboot the host.
To do this, at your desktop type Win+X and click Apps and Features at the top.
- Select Hyper-V and Click OK. When prompted, click Restart now.
- Once rebooted, open the Start Menu and type “Hyper” > Open Hyper-V Manager
- Select your host (computer name) on the left and then click Virtual Switch Manager… (on the right)
- Select New virtual network switch on the left and External under the type to create. Click Create Virtual Switch.
- Name the switch something appropriate (I’m using “Main”).
- Select External Network > Select your main NIC (wireless or wired).
- Check Allow management operating system to share this network adapter and click OK.
- Click Yes on the notice prompt.
Create the Staging VM
- Now that you’re prepped, within Hyper-V Manager select New > Virtual Machine and then click Next.
- Type a name for your staging VM (I’m picking stage01) then click Next.
- Select Generation 2 and then click Next.
- Enter an appropriate amount of memory (I’m entering 4096 MB), UNselect Dynamic Memory and then click Next.
- Choose Not Connected for the Connection page (this will prevent Windows 10 from downloading / installing “consumer apps” during initial staging)
- Designate an adequate amount of storage for your VM (not less than the total GB of all applications you will be installing) and then click Next.
- Select Install an operating system from a bootable image file > Select Image File (.iso) > Find and select the Windows ISO you downloaded earlier > Click Next > Click Finish.
- Back at the Hyper-V Manager, right click stage01 and select Connect…
(This will open the console of the VM.)
- Navigate to Action and click Start.
- Press any key to initiate the Windows Setup
- Install Windows 10 by accepting the EULA and choosing Custom > selecting the entire virtual disk and clicking Next.
Enter Audit Mode and Install Applications
- Enter
CTRL+SHIFT+F3
. - Windows will reboot and log you in with the Administrator account.
- When presented with the System Preparation Tool window, click Cancel.
As I mentioned in my previous articles, Audit Mode is still my favorite method of configuring a customized Windows build before sysprepping. If you are unaware, Audit Mode bypasses OOBE and negates the need of creating a new user account, thus assigning a “Registered Owner” name. It baffles me how, even in 2017, this feature goes unnoticed and ignored even by Microsoft themselves. Unfortunately it doesn’t work with UWP apps (it never did, to be fair) – however I’ve never found myself needing to customize those applications. In fact, I find myself removing those apps when I can.
Now that we’re in Audit Mode, the first step I do (and recommend!) is disabling the “Consumer Experience” via GPO.
The “Consumer Experience” is the default mode Windows 10 (including Enterprise) is shipped with. This mode, upon initial login of a new user, commences the automatic download of a plethora of (unrequested) UWP apps, thus filling the start menu with games like Candy Crush. I deplore this feature beyond anything Microsoft has done in the past. It cheapens the Windows experience and frankly, I think they should be embarrassed that this is included in their flagship product. Fortunately, this feature can be disabled – but only on Enterprise edition.
To disable this “feature”, open up the Local Group Policy Editor (gpedit.msc) and navigate to Computer Configuration > Administrative Templates > Windows Components > Cloud Content and double click Turn off Microsoft consumer experiences. We will want to Enable this GPO and click OK.
At this point, we can now (safely) enable the Network Interface on this VM.
- Navigate to File > Settings.. and select Network Adapter on the left.
- Change the “Virtual Switch” from Not Connected to (in my case) Main. Click OK to save your changes.
Running Windows Update
If you followed my Windows 8.1 guide, you’ll remember the ridiculous steps that were required to run Windows Update while within Audit Mode. Fortunately, this is no longer the case! Someone at Microsoft must of read this blog ;-). In short, with Windows 10, Microsoft reintroduced the ability to run Windows Update while logged into Audit Mode. This is great news.
So, just as you would do normally, lets jump into the Settings app > Navigate to Update & Security and run Check for updates.
While updates are downloading / installing – I personally like to take this opportunity to tweak a few Windows Update settings. These include:
- Navigating to advanced options and enabling “Give me updates for other Microsoft products when I update Windows” and also setting my branch to Current Branch for Business.
- Scrolling down and selecting Choose how updates are delivered
At this point of the how-to, I’ve had the opportunity to tweak my Windows Update settings to my liking and Windows was ready to restart.
Upon restart (and installation of the latest Cumulative Update), Windows will automatically log you back into Audit Mode (make sure to click cancel on the sysprep popup again!).
After logging in, double check to confirm that all updates have been installed.
After confirming the OS is fully up to date, now is the time to make any tweaks and install all applications that you want embedded into your custom Windows build.
Examples:
* Remove UWP Apps
* Enable RDP
* Install Chrome, VLC, Skype, Office, etc.
As mentioned previously, I’m not the biggest fan of these UWP additions to Windows. Some apps I find useful (like the Weather app), while others I find to be redundant and a waste of space (Mail, Calendar – these are useless if you use Outlook). Additionally, I couldn’t care less about a 3D Builder app. Because of this, I have done the hard work for you and generated two groups of Powershell commands that need to be ran (as admin) – and after doing so, all non-essential UWP apps will be removed. Note: these apps can be redownloaded via the Windows Store if desired, but they will not be included in the base Windows install.
Note: it goes without saying, but running these commands is completely optional.
Cleanup and Sysprep
At this stage you have everything customized just the way you like, all your applications are installed and you’re fully updated. Now’s a good time to run Disk Cleanup.
- Right Click the C: drive and navigate to Properties
- Click Disk Cleanup
- Select all items and click OK
- Once you’ve ran Disk Cleanup, proceed with shutting down your Staging VM.
- Create a Checkpoint
Click Action > Checkpoint.. > Enter "Ready for sysprep" > Click Yes
- Power your Staging VM back on.
- When logged in, do not close the System Preparation Tool window.
- Select Enable System Out-of-Box Experience (OOBE)
- Checkbox Generalize
- Select Shutdown
- Click OK
- Once your VM is shut down, create another Checkpoint named “Complete”.
Do NOT power your VM back on.
Creating a WIM file
The hard part is done, next comes the fun part: capturing your customizations into an image file. Given you’ve made it this far, I’m going to presume you already know that an OS WIM file is the compressed OS image in a single file. The original Windows install media includes the vanilla install.wim file (located in the sources folder) – but we’re going to be replacing that file with our own. To do this, we need to “capture” the last Checkpoint.
On your host (physical machine), open up Disk Management.
WIN+X > Disk Management
- Navigate to Action > Attach VHD
- Click Browse
- Navigate to the directory where the virtual disks are stored for stage01.
By default this directory is: C:\Users\Public\Documents\Hyper-V\Virtual hard disks/
- In the bottom right, change
Virtual Disk files (* .vhd, * .vhdx) to All files (* . *)
- Select the file with the most recent Date Modified – this is your Complete Checkpoint! This file is approximately 4 MB.
- Click Open
- Check box Read Only and then click OK.
At this point you will see one new read only disk with three partitions. Make note of the third partition drive letter (in my case, the G: Drive).
- Open the Command Prompt with Administrator Rights.
Start > Type "cmd" > Right Click "Command Prompt" > Run as administrator
- Type
dism /capture-image /imagefile:c:\customInstall.wim /capturedir:G:\ /name:"Windows 10 Enterprise" /Description:"Windows 10 Enterprise" /compress:maximum /checkintegrity /verify /bootable
– replacing G: with the third partition drive letter you made note of earlier.
Depending on your processing power, this may take a little while. When complete, you will see “This operation completed successfully.” You should now see a file named “customInstall.wim” at the root of your C:\ Drive.
- Change Directory to C:\
- Type
Dism /Split-Image /ImageFile:customInstall.wim /SWMFile:install.swm /FileSize:3800
And just like that, we’ve now split this large WIM file into two (or possibly more) smaller files – with the largest file being 3800 MB. Why 3800 MB? Because it’s less than 4 GB, the maximum file size for a FAT32 formatted flash drive! This will allow us to use a single flash drive for GPT / UEFI Windows 10 installation. (FAT32 is required for Windows GPT/UEFI media.)
Once you’ve confirmed both “The operation completed successfully” results, head back into Disk Management and right-click the Read-Only VHD disk and click Detach VHD. Click OK when prompted to confirm.
Build the Customized Media
- Double click the stock ISO you used to install Windows in stage01 to mount it within File Explorer.
- Open This PC and double click the newly mounted drive.
(In my case, Drive H:CENA_X64FREV_EN-US_DV5)
CTRL+A
(to select all) andCTRL+C
(to copy)- Create a new folder named WinExtract off your C:\ drive
- (Another location is fine too, but these instructions will be assuming C:\)
- Navigate to
C:\WinExtract\
andCTRL+V
(to paste) - After the copy completes, navigate to
C:\WinExtract\sources\
and delete the install.wim file. - Move
C:\install.swm
andC:\install2.swm
toC:\WinExtract\sources\
.
At this point, you are ready to create your ISO.
Create UEFI Bootable ISO
- Open Command Prompt (Admin)
- Change Directory to:
C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\Oscdimg\
- Run
oscdimg -m -o -u2 -lCENA_X64FREV_EN-US_DV5 -udfver102 -bootdata:2#p0,e,bC:\WinExtract\boot\etfsboot.com#pEF,e,bC:\WinExtract\efi\microsoft\boot\efisys.bin C:\WinExtract\ C:\Win10v1703-Custom.iso
Once complete, you now have a UEFI bootable ISO named Win10v1703-Custom.iso located at the root of your C:\ Drive!
You can test to make sure it works by creating another Virtual Machine within Hyper-V and choosing Generation 2 (UEFI bootable).
Make UEFI Bootable USB Disk
If you’ve ever needed to create a UEFI bootable USB disk before, you may be familiar with the (brilliant) product named Rufus. It’s a very straightforward Windows ISO to USB tool which, right off the bat, asks if you want to do a GPT partition (UEFI bootable) or a MBR partition (BIOS bootable) drive.
Technically, the ISO you just created can work with either one of these formats, but since GPT and UEFI (along with Secure Boot) is the industry standard going forward, I would recommend sticking with that.
- So, go download Rufus and load up your new ISO:
Congratulations! You’ve just created a universal flash drive with your custom Windows v.1703 build, utilizing UEFI and GPT.
Side note: If you decided to follow my Powershell commands which remove the majority of built-in UWP apps, you may notice something odd when opening the Start Menu after a fresh install. It appears the hard coded link to applications that no longer exist remains and a bunch of “place holders” clutter up the Start Menu. The simplest fix? Reboot! This is silly, but unfortunately I’ve not discovered a better solution at this time. If you find one, please comment below and let me know!
Let me know your experience with following these steps! Hopefully this walk through was helpful and the process didn’t take too long.
And for those who followed the Win 8.1 walk through, hopefully this one’s conclusion was a bit more streamlined. 🙂
Until next time!