How to create an automated install for Windows Server 2019
If you want to automate a Windows install, you must create a .XML file containing the responses to any prompts for input. Microsoft provides a tool to create these .XML files. It's called the Windows System Image Manager (WSIM). WSIM is port of the Windows Assessment and Deployment Kit (Windows ADK). You can get the Windows ADK via https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install
The Windows System Image Manager is fairly complicated to use and it requires a Windows machine. Since I don't use WSIM very often, I'm documenting the settings I use most frequently when I create a new .XML response file.
Installing the Windows System Image Manager (WSIM)
You'll need a Windows machine to run Windows System Image Manager. I use a Windows virtual machine on my Mac that I created with VMware Fusion. The WSIM tool doesn't require many resources to run. I find that WSIM runs just fine a virtual machine with 1 processor core and 2GB of memory.
Download the Windows Assessment and Deployment Kit to get the WSIM install.
The only feature you need to select is Deployment Tools
to install the Windows System Imagne Manger (WSIM).

Next download and install the Windows Assessment and Deployment Kit for Windows 8.1 Update and follow the installation instructions to update your install. This update is required to fix issues reading the install.wim
files for Windows Server 2019 and Windows 8.1.
Create and select a Windows catalog file
Next grab a copy of the ISO for the version of Windows you want to install. You'll need to create a catalog (.CLG) file from the install.wim
file located in the image. A catalog file is a small file that contains an index of all the files in the install.wim
. That way you can choose packages and components to install without needing to the 5-7GB install.wim
file. Also, you can store a .CLG file in source control as they are only around 1-2MB in size.
Mount the Windows ISO. Under the \sources
subdirectory, you should find the install.wim
file.

Copy that install.wim
file to a local drive that has read-write access. If you don't and try to index the .wim
file on the read-only mount, you'll get this lovely error.

To index the install.wim
and create a .CLG
file, launch Windows System Manager - you'll find it under the Windows Kits
folder on your start menu.

Choose File > Select Windows Image...
from the Windows System Image Manager menu:

Then open the install.wim
file for the version of the Windows install you wish to automate.

Some versions of Windows include multiple installs. If so, you will be prompted to choose the correct one:

Then Windows System Manager will prompted to get elevated permissions to create the catalog file:

If you see this error, make sure you copy the install.wim
file to a writeable location, like your Desktop (I warned you earlier!):

It will take MANY minutes to index all the files in the install.wim
. Go and get a coffee. Once the indexing is done, you'll see the Components
and Packages
in the Windows Image
page of WSIM:

I would recommend storing the .CLG files in source control alongside your .XML response files. You'll need the corresponding .CLG file for the version of Windows to add anything new to a .XML response file in WSIM.
You'll find the .clg
file created in the same directory as your install.wim
. That's why WSIM needed a writeable location.
I like to put my .clg
under the same absolute path \wsim
so multiple people can edit the WSIM .XML
files stored in source control. The WSIM tool uses absolute paths in .clg
files not relative ones. I would also recommend taking the time hit and creating a whole batch of .clg
files for your .iso
so you don't have to remember where you got it originally when created the .clg
file.

Testing your .XML response file
You'll need to create a floppy disk image on which to place your test autounattend.xml
file.
Download a blank floppy disk image from here: https://forums.virtualbox.org/download/file.php?id=4594
Mount it on your Mac, copy in your autounattend.xml
then unmount.
In a Windows image with your Windows ISO, add a floppy, selecting your unattend.img
file with the autounattend.xml
file on it.
When you boot your Windows ISO it will read the settings in the autoaunttend.xml
file on the floppy.
WSIM Settings to make a Windows Server 2019 install completely silent
You must configure the following settings to make a Windows Server 2019 install completely silent.
- Create a new answer file with
File > New Answer File
in WSIM. File > Save Answer File
asautounattend.xml
The Components foler will be filled with blank components, as shown:

The following the directions to create sections for each action:
- Disable the
language and other preferences
dialog - Disable the product key prompt
- Disable the Select Operating System dialog
- Disable the EULA dialog
- Disable the Disk Allocation dialog
- Disable the Administrator password prompt
Disabling the Language and other preferences dialog
The settings in this section will provide input to the language and other preferences prompt:

In the Windows Image pane, select the component amd64_Microsoft-Windows-International-Core-WinPE_10.0.17763.1_neutral. Right-click and choose Add Setting to Pass 1 windowsPE.

Using the Answer File Properties and Settings panes, configure the following:
Setting | Value |
---|---|
InputLocale |
en-US |
SystemLocale |
en-US |
UILanguage |
en-US |
UserLocale |
en-US |

Disabling the Product Key dialog
The settings in this section will disable prompts for a product key.

In the Windows Image pane, select the component amd64_Microsoft-Windows-Setup_10.0.17763.1_neutral. Right-click on UserData/ProductKey and choose Add Setting to Pass 1 windowsPE.

Using the Answer File Properties and Settings panes, configure the following:
Setting | Value |
---|---|
ProductKey |
<your_product_key> |
If you are using volume licensed edition of Windows, you can use one of the KMS Client Setup Keys listed here: https://docs.microsoft.com/en-us/windows-server/get-started/kmsclientkeys Using a KMS key is also a great way to test your automation.
Disabling the Select Operating System dialog
The settings in this section will provide input to the Select Operating System dialog:

In the Windows Image page, select the component amd64_Microsoft-Windows-Setup_10.0.17763.1_neutral. Right-click on ImageInstall/OSImage/InstallFrom/Metadata and choose Add Setting to Pass 1 windowsPE.

Using the Answer File Properties and Settings panes, configure the following:
Setting | Value |
---|---|
Key |
/IMAGE/NAME |
Value |
Windows Server 2019 SERVERDATACENTER |
NOTE: Make sure the /IMAGE/NAME
value matches the Windows Server 2019 image flavour you selected. Possible values are:
- Windows Server 2019 SERVERDATACENTER
- Windows Server 2019 SERVERDATACENTERCORE
- Windows Server 2019 SERVERSTANDARD
- Windows Server 2019 SERVERSTANDARDCORE

Disabling the EULA dialog
The settings in this section will provide input to the EULA dialog:

In the Windows Image page, select the component amd64_Microsoft-Windows-Setup_10.0.17763.1_neutral. Right-click on UserData and choose Add Setting to Pass 1 windowsPE.

Using the Answer File Properties and Settings panes, configure the following:
Setting | Value |
---|---|
AcceptEula |
true |

Disabling the Disk Allocation dialog
The settings in this section will provide input to the Disk Allocation dialog:

You'll need to allocate disk differently depending on whether you are using a UEFI-based PC or BIOS-based PC. Most modern PCs (and virtual machines) are UEFI-based.
Disabling the Disk Allocation dialog (UEFI/Secure Boot)
Here's the default partition layout for UEFI-based machines:

- The EFI System partition (ESP) must be formatted using the FAT32 filesystem. For drives that are using 4K native sectors, the minimum size is 260MB. For 512 byte sector drives, you can get away with using 100MB for the ESP.
- You must use UEFI disk allocation if you are using Advanced Format 4Kn drives.
- The recommended size for the Microsoft reserved partition (MSR) is 16MB.
- The MSR is used to help with partition management. The MSR is a reserved partition that does not receive a partition ID. It cannot store user data.
- Recovery partition is optional. We won't provision it in this example.
In the Windows Image pane, select the component amd64_Microsoft-Windows-Setup_10.0.17763.1_neutral. Right-click on DiskConfiguration/Disk and choose Add Setting to Pass 1 windowsPE.

Using the Answer File Properties and Settings panes, configure the following:
Setting | Value |
---|---|
DiskID |
0 |
WillWipeDisk |
true |

In the Windows Image pane, select the component amd64_Microsoft-Windows-Setup_10.0.17763.1_neutral. Right-click on DiskConfiguration/Disk/CreatePartitions/CreatePartition and choose Add Setting to Pass 1 windowsPE.

In the Answer File Pane, right-click on DiskConfiguration/Disk/CreatePartition and choose Insert New CreatePartition from the menu.
Using the Answer File Properties and Settings panes, configure the following settings in CreatePartition (Order = "1"):
Setting | Value |
---|---|
Extend |
false |
Order |
1 |
Size |
260 |
Type |
EFI |

Right click on CreatePartitions in the Answer File window and choose Insert New CreatePartition to add the SYS partition. Using the Answer File Properties and Settings panes, configure the following settings:
Setting | Value |
---|---|
Extend |
false |
Order |
2 |
Size |
16 |
Type |
MSR |

Right click on CreatePartitions in the Answer File window and choose Insert New CreatePartition to add the Primary partition. Using the Answer File Properties and Settings panes, configure the following settings:
Setting | Value |
---|---|
Extend |
false |
Order |
3 |
Size |
20000 |
Type |
Primary |
NOTE: Don't worry about getting the size exact - just set it to a reasonable minimum. In the next setting, we will extend the partition to fill all remaining disk space on the drive.

In the Windows Image pane, select the component amd64_Microsoft-Windows-Setup_10.0.17763.1_neutral. Right-click on DiskConfiguration/Disk/ModifyPartitions/ModifyPartition and choose Add Setting to Pass 1 windowsPE.

Right click on ModifyPartitions in the Answer File window and choose Insert New ModifyPartition to add the Primary partition. Using the Answer File Properties and Settings panes, configure the following settings:
Setting | Value |
---|---|
Format |
FAT32 |
Label |
System |
Order |
1 |
PartitionID |
1 |

Right-click on DiskConfiguration/Disk/ModifyPartitions/ModifyPartition and choose Add setting to Pass 1 windowsPE. Using the Answer File Properties and Settings panes, configure the following settings:
Setting | Value |
---|---|
Extend |
true |
Format |
NTFS |
Label |
OS |
Letter |
C |
Order |
2 |
PartitionID |
3 |

In the Windows Image pane, select the component amd64_Microsoft-Windows-Setup_10.0.17763.1_neutral. Right-click on ImageInstall/OSImage/InstallTo and choose Add Setting to Pass 1 windowsPE.

Using the Answer File Properties and Settings panes, configure the following:
Setting | Value |
---|---|
DiskID |
0 |
PartitionID |
3 |

Disabling the Disk Allocation dialog (Legacy BIOS)
Here's the default partition layout for legacy BIOS machines:

- Each bootable drive must contain a system partition. The system partition must be configured as the active partition.
- The minimum size of the System partition is 100 MB. On Windows 2016 the recommended System Reserved Partition size is 500 MB.
- The Windows partition must be at least 20 GB in size and formatted using the NTFS file system.
- The Windows partition has a maximum size limit of 2 TB on BIOS machines.
- The recovery partition is optional. We won't provision it in this example.
In the Windows Image pane, select the component amd64_Microsoft-Windows-Setup_10.0.17763.1_neutral. Right-click on DiskConfiguration/Disk and choose Add Setting to Pass 1 windowsPE.

Using the Answer File Properties and Settings panes, configure the following:
Setting | Value |
---|---|
DiskID |
0 |
WillWipeDisk |
true |

In the Answer File pane, right-click on DiskConfiguration/Disk/CreatePartition and choose Insert New CreatePartition
from the menu to create a new System Reserved Partition. This is used to store Boot Configuration Data and BitLocker Drive Encryption files. On Windows 2019 the recommended System Reserved Partition size is 500MB. You aren't required to create System Reserved Partition, but either way the boot files take space on your hard drive and most people would expect them to be on a separate partition.

Using the Answer File Properties and Settings panes, configure the following settings for the System Reserved Partition:
Setting | Value |
---|---|
Extend |
false |
Order |
1 |
Size |
500 |
Type |
Primary |
Then create at least one partition for your Windows OS install.
In the Answer File pane, right-click on DiskConfiguration/Disk/CreatePartition and choose Insert New CreatePartition
from the menu to create a new operating system partition.
Using the Answer File Properties and Settings panes, configure the following settings:
Setting | Value |
---|---|
Extend |
false |
Order |
2 |
Size |
20000 |
Type |
Primary |

In the Answer File pane, right-click on DiskConfiguration/Disk [DiskID="0"]/ModifyPartitions and choose Insert New ModifyPartition from the menu:

Using the Answer File Properties and Settings panes, configure the following settings for the System Reserved partition:
Setting | Value |
---|---|
Active |
true |
Format |
NTFS |
Label |
System Reserved |
Order |
1 |
PartitionID |
1 |

In the Answer File pane, right-click on DiskConfiguration/Disk [DiskID="0"]/ModifyPartitions and choose Insert New ModifyPartition from the menu for the OS partition:
Setting | Value |
---|---|
Extend |
true |
Format |
NTFS |
Letter |
C |
Order |
2 |
PartitionID |
2 |

In the Windows Image pane, select the component amd64_Microsoft-Windows-Setup_10.0.17763.1_neutral. Right-click on DiskConfiguration/Disk and choose Add Setting to Pass 1 windowsPE.

Using the Answer File Properties and Settings panes, configure the following:
Setting | Value |
---|---|
DiskID |
0 |
PartitionID |
2 |

Disabling the Administrator password prompt
The settings in this section will provide input to the Administrator password prompt.

As you enter passwords in WSIM, you may want to consider unchecking Tools > Hide Sensitive Data
so that passwords are saved in plain text. Unless you have some other system for tracking passwords, there is no easy way to go backwards from the encrypted password to the plain text version if you forget ;-)

In the Windows Image pane, select the component amd64_Microsoft-Windows-Shell-Setup_10.0.17763.1_neutral. Right-click on UserAccounts/AdministratorPassword and choose Add Setting to Pass 7 oobeSystem.

Right-click on UserAccounts/AdministratorPassword and choose Add Setting to Pass 7 oobeSystem. Using the Answer File Properties and Settings panes, configure the following:
Setting | Value |
---|---|
Value |
<your_password> |

Additional WSIM Settings for Windows Server 2019
Disabling network discovery
The settings in this section will disable the Network Discovery prompt on first login.

I'm not aware of there being some setting to manage Network Discovery settings, so you'll have to resort to modifying the registry to disable the prompt.
To turn off network discovery prompt for all users:
reg ADD HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff /f
You may also want to follow this up by running the command to set your preferred Network Discovery settings:
To disable network discovery for all network profiles:
netsh advfirewall firewall set rule group="Network Discovery" new enable=No
To turn on network discovery for all network profiles:
netsh advfirewall firewall set rule group="Network Discovery" new enable=Yes
In the Windows Image pane, select the component amd64_Microsoft-Windows-Shell-Setup_10.0.17763.1_neutral. Right-click on FirstLogonCommands/SynchronousCommand and choose Add Setting to Pass 7 oobeSystem.
- CommandLine = reg ADD HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff /f
- Description = Disable network discovery prompt for all users
- Order = 10
Do not show Server Manager at login
In the Windows Image pane, select the component amd64_Microsoft-Windows-Shell-Setup_10.0.17763.1_neutral. Right-click on FirstLogonCommands/SynchronousCommand and choose Add Setting to Pass 7 oobeSystem.
Using the Answer File Properties and Settings panes, configure the following:
- DoNotOpenServerManagerAtLogon = true
Enable Remote Desktop Protocol (RDP)
In the Windows Image pane, select the component amd64_Microsoft-Windows-TerminalServices-LocalSessionManager_10.0.17763.1_neutral. Right-click and choose Add Setting to Pass 4 specialize. Using the Answer File Properties and Settings panes, configure the following:
- fDenyTSConnections = false
In the Windows Image pane, select the component amd64_Networking-MPSSVC-Svc_10.0.17763.107_neutral, right-click on FirewallGroups/FirewallGroup and choose Add Setting to Pass 4 specialize. Using the Answer File Properties and Settings panes, configure the following settings:
- Active = true
- Group = Remote Desktop
- Key = RemoteDesktop
- Profile = all
In the Windows Image pane, select the component amd64_Microsoft-Windows-TerminalServices-RDP-WinStationExtensions_10.0.17763.1_neutral, right-click and choose Add Setting to Pass 4 specialize. Using the Answer File Properties and Settings panes, configure the following settings:
- SecurityLayer = 1
- UserAuthentication = 0
Set proxy for Windows update
I'm not aware of there being some setting to manage proxy settings for Windows Update that still works in recent versions of Windows, so you'll have to resort to modifying the registry to disable the prompt.
You can use the netsh
utility to set the proxy settings for Windows Update.
To set up a basic proxy server:
netsh winhttp set _proxy ip-or-host_:_port_
There's a second parameter to add a list of hosts for which the proxy will not be used, called a bypass list. The list is semicolon-delimited:
netsh winhttp set _proxy ip-or-host_:_port_ "bar;*.foo.com"
A special parameter called <local>
will add all short-name hosts without an fqdn to the bypass list:
netsh winhttp set myproxy:80 "<local>;bar"
In the Windows Image pane, select the component amd64_Microsoft-Windows-Shell-Setup_10.0.17763.1_neutral.
Right-click on FirstLogonCommands/SynchronousCommand and choose Add Setting to Pass 7 oobeSystem.
Using the Answer File Properties and Settings panes, configure the following:
- CommandLine = netsh set proxy myproxy "127.0.0.1;localhost;bar"
- Description = Set proxy for Windows Update
- Order = 20
Disable Internet Explorer Enhanced Security (ESC)
In the Windows Image pane, select the component amd64_Microsoft-Windows-IE-ESC_neutral. Right-click and choose Add Setting to Pass 4 specialize. Using the Answer File Properties and Settings panes, configure the following:
- IEHardenAdmin = false
- IEHardenUser = false
Disable Internet Explorer First Run Wizard
In the Windows Image pane, select the component amd64_Microsoft-Windows-IE-InternetExplorer_neutral. Right-click and choose Add Setting to Pass 4 specialize. Using the Answer File Properties and Settings panes, configure the following:
- DisableFirstRunWizard = true
- DisableOOBAccelerators = false
- Home_Page = about:blank