autounattend.xml
filesCustom scripts in autounattend.xml
files are a powerful mechanism to customize your Windows installation. Some sample scripts are shown below.
Search for 7-Zip installers (like 7z2409-x64.exe
) in the root folder of all attached drives, then install 7-Zip silently.
This is a .ps1 script that runs in the system context, before user accounts are created.
foreach( $drive in [System.IO.DriveInfo]::GetDrives() ) { $found = Join-Path -Path $drive.RootDirectory -ChildPath '7z*-x64.exe' -Resolve -ErrorAction 'SilentlyContinue'; if( $found ) { Start-Process -FilePath $found -ArgumentList '/S /D="C:\Program Files\7-Zip"' -Wait; return; } } 'Cannot find any files that match pattern.' | Write-Warning;Configure form
Download and install Google Chrome.
This is a .ps1 script that runs in the system context, before user accounts are created.
$uri = [uri]::new( 'https://dl.google.com/chrome/install/chrome_installer.exe' ); $file = "$env:TEMP\{0}" -f $uri.Segments[-1]; [System.Net.WebClient]::new().DownloadFile( $uri, $file ); Start-Process -FilePath $file -ArgumentList '/silent /install' -Wait; Remove-Item -LiteralPath $file -ErrorAction 'SilentlyContinue';Configure form
Use the WinGet package manager to install Firefox. This method only works with Windows 11 24H2. The script accounts for Windows needing some time to set up WinGet properly.
This is a .ps1 script that runs when the first user logs on after Windows has been installed.
if( [System.Environment]::OSVersion.Version.Build -lt 26100 ) { 'This script requires Windows 11 24H2 or later.' | Write-Warning; return; } $timeout = [datetime]::Now.AddMinutes( 5 ); $exe = "$env:LOCALAPPDATA\Microsoft\WindowsApps\winget.exe"; while( $true ) { if( $exe | Test-Path ) { & $exe install --exact --id Mozilla.Firefox --silent --accept-package-agreements --accept-source-agreements --source winget --scope machine; return; } if( [datetime]::Now -gt $timeout ) { 'File {0} does not exist.' -f $exe | Write-Warning; return; } Start-Sleep -Seconds 1; }Configure form
Allow inbound ICMP messages, including echo requests (ping
), in Windows Firewall.
This is a .ps1 script that runs in the system context, before user accounts are created.
New-NetFirewallRule -DisplayName 'ICMPv4' -Profile 'Any' -Protocol 'ICMPv4'; New-NetFirewallRule -DisplayName 'ICMPv6' -Profile 'Any' -Protocol 'ICMPv6';Configure form
Disable AutoRun for all drives.
This is a .ps1 script that runs in the system context, before user accounts are created.
$params = @{ Path = 'Registry::HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer'; }; New-Item @params -ErrorAction 'SilentlyContinue'; Set-ItemProperty @params -Name 'NoDriveAutoRun' -Type 'DWord' -Value $( ( 1 -shl 26 ) - 1; # 0x3FFFFFF ); Set-ItemProperty @params -Name 'NoDriveTypeAutoRun' -Type 'DWord' -Value $( ( 1 -shl 8 ) - 1; # 0xFF );Configure form
Enable and activate Ultimate Performance power plan.
This is a .ps1 script that runs in the system context, before user accounts are created.
$out = powercfg.exe /DUPLICATESCHEME e9a42b02-d5df-448d-aa00-03f14749eb61; if( $out -match '\s([a-f0-9-]{36})\s' ) { powercfg.exe /SETACTIVE $Matches[1]; }Configure form
Set registered owner and organization of this computer. This information is shown when you run winver.exe
.
This is a .reg script that runs in the system context, before user accounts are created.
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion] "RegisteredOrganization"="Foo" "RegisteredOwner"="Bar"Configure form
Set system-wide environment variable to configure default parameters for the internal dir
command.
This is a .cmd script that runs in the system context, before user accounts are created.
setx.exe DIRCMD "/A /O:GN /C /N" /mConfigure form
Configure non-standard directory for user profiles.
This is a .cmd script that runs in the system context, before user accounts are created.
mkdir D:\Users reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /v ProfilesDirectory /t REG_SZ /d "D:\Users" /f reg.exe add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\ProfileList" /v ProfilesDirectory /t REG_SZ /d "D:\Users" /fConfigure form
Disable Remote Assistence.
This is a .reg script that runs in the system context, before user accounts are created.
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Remote Assistance] "fAllowToGetHelp"=dword:00000000Configure form
Configure non-standard directory for user profiles.
This is a .cmd script that runs in the system context, before user accounts are created.
mkdir D:\Users reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /v ProfilesDirectory /t REG_SZ /d "D:\Users" /f reg.exe add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\ProfileList" /v ProfilesDirectory /t REG_SZ /d "D:\Users" /fConfigure form
Change profile of Ethernet network from Public to Private.
This is a .ps1 script that runs when the first user logs on after Windows has been installed.
Get-NetConnectionProfile -InterfaceAlias 'Ethernet*' | Set-NetConnectionProfile -NetworkCategory 'Private';Configure form
Search for a file named background.png
in the root folder of all attached drives and use it as the desktop wallpaper.
This is a .ps1 script to set the desktop wallpaper.
foreach( $drive in [System.IO.DriveInfo]::GetDrives() ) { $found = Join-Path -Path $drive.RootDirectory -ChildPath 'background.png' -Resolve -ErrorAction 'SilentlyContinue'; if( $found ) { return [IO.File]::ReadAllBytes( $found ); } } 'Cannot find any files that match pattern.' | Write-Warning;Configure form