How to create an automated install for Windows Server 2012 R2

by Mischa Taylor 5 years ago 12 min read

If you want to automate a Windows install, you must create a .XML file containing the responses to prompts for any input. Microsoft provides a tool to create these .XML files. It's called the Windows System Image Manager (WSIM). WSIM is part of the Windows Assessment and Deployment Kit (Windows ADK). You can get Windows ADK via the Windows Assessment and Deployment Kit.

The Windows System Image Manager is fairly complicated to use and it requires a Windows machine. Since I don't use WSIM very often, I'm documenting the settings I use most frequently when I create a new .XML response file.

Installing the Windows System Image Manager (WSIM)

You'll need a Windows machine to run Windows System Image Manager. I use a Windows virtual machine on my Mac that I created with VMware Fusion. The WSIM tool doesn't require many resources to run. I find that WSIM runs just fine on a VM with 1 processor core and 2GB of memory.

Download the Windows Assessment and Deployment Kit to get the WSIM install.

The only feature you need to install is "Deployment Tools" to install the Windows System Image Manager (WSIM).
2018-01-23_06-18-59

Create and select a Windows catalog file

Next grab a copy of the ISO for the version of Windows you want to install. You'll need to create a catalog (CLG) file from the install.wim file. A catalog file is a small file that contains an index of all the of all the files on an install.wim image. That way you can choose packages and components to install without needing to have the 5-7GB install.wim file. Also you can store a CLG file in source control as they are around 1-2MB.

Mount the Windows ISO. Under the \sources subdirectory, you should find the install.wim file.

2018-09-24_10-33-20

Copy that install.wim file to a local drive that has read-write access. If you don't, you'll get this lovely error.

2018-09-24_10-43-08

Launch Windows System Manager - you'll find it under the Windows Kits folder on your start menu.

2018-09-24_10-35-23

Choose File > Select Windows Image... from the Windows System Image Manager menu:

2018-09-24_10-36-58

Then open the install.wim file for the version of the Windows install you wish to automate.

2018-09-24_10-45-35-1

Some versions of Windows include multiple installs. If so, you will be prompted to choose the correct one:

Screen-Shot-2018-10-12-at-9.13.01-AM

And then Windows System Image Manager will prompt to get elevated permissions to create a catalog file:

Screen-Shot-2018-10-12-at-9.14.02-AM

If you see this error, make sure you copy the install.wim file to a writable location (I warned you earlier grin):

2018-09-24_10-43-08

It will take MANY minutes to index all the files in the install.wim. Go and get a coffee. Because it takes so long to generate these catalog (CLG) files. Once the indexing is done, you'll see the Components and Packages in the Windows Image pane of WSIM:

Screen-Shot-2018-10-12-at-9.16.18-AM

I would recommend storing them in source control alongside your .XML response files. You'll need the corresponding CLG file for the version of Windows to add anything new to an .XML response file in WSIM.

You'll find the .clg file created in the same directory as your install.wim. That's why WSIM needed a writable location.

I like to put my .clg under the same absolute path \wsim so multiple people can work edit the WSIM .XML files. Unfortunately the WSIM tool stores absolute paths to the .clg files. I would also recommended taking the time hit and creating a whole batch of .clg files for your .iso so you don't have to remember where you got it originally when you created a .clg.

Screen-Shot-2018-10-12-at-9.19.00-AM

Testing your .XML response file

You'll need to create a floppy disk image on which to place your test autounattend.xml file.

Download a blank floppy disk image from here: https://forums.virtualbox.org/download/file.php?id=4594

Mount it on your Mac, then copy in your autounattend.xml then unmount.

In a Windows image with your Windows ISO, add a floppy, selecting your unattend.img file with the autounattend.xml file on it.

When you boot your Windows ISO it will read the settings in the autounattend.xml file on the floppy.

WSIM Settings to make a Windows 2012 R2 install completely silent

You must configure the following settings to make a Windows 2012 R2 install completely silent.

Create a new answer file with File > New Answer File in WSIM.
File > Save Answer File as autounattend.xml

The Components folder will be filled with blank components, as shown:

2018-09-24_12-27-16

Then follow the directions to create sections for each action:

Disable the language and other preferences dialog
Disable the Select Operating System dialog
Disable the EULA dialog
Disable the Disk Allocation dialog
Disable the Administrator password prompt

Disabling the language settings dialog

The settings in this section will provide input to the language and other preferences prompt:

Screen-Shot-2018-10-12-at-9.29.46-AM

In the Windows Image pane, select the component amd64_Microsoft-Windows-International-Core-WinPE_6.3.9600.16384_neutral. Right-click and choose Add Setting to Pass 1 windowsPE.

2018-10-12_09-32-44

Using the Answer File Properties and Settings panes, configure the following:

InputLocale = en-US
SystemLocale = en-US
UILanguage = en-US
UserLocale = en-US

Screen-Shot-2018-10-12-at-9.33.57-AM

Next, in the Windows Image pane, select the component amd64_Microsoft-Windows-Setup_6.3.9600.17031_neutral. Right-click on UserData/ProductKey and choose Add Setting to Pass 1 windowsPE.

2018-10-12_09-41-52

Using the Answer File Properties and Settings panes, configure the following:

Key = <YOUR_PRODUCT_KEY>
WillShowUI = OnError

The official Microsoft KMS keys are listed [here](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj612867(v=ws.11) and make a good starting point to test installs.

Disabling the Select Operating System dialog

The settings in this section will provide input to the Select Operating System dialog:

Screen-Shot-2018-10-12-at-9.36.59-AM

In the Windows Image pane, select the component amd64_Microsoft-Windows-Setup_6.3.9600.17031_neutral. Right-click on ImageInstall/OSImage/InstallFrom/Metadata and choose Add Setting to Pass 1 windowsPE.

2018-10-12_09-43-58

Using the Answer File Properties and Settings panes, configure the following:

Key = /IMAGE/NAME
Value = Windows Server 2012 R2 SERVERDATACENTER

NOTE: Make sure the /IMAGE/NAME value matches the Windows Server 2012 R2 image flavour you selected. Possible values are:

Windows Server 2012 R2 SERVERDATACENTER
Windows Server 2012 R2 SERVERDATACENTERCORE
Windows Server 2012 R2 SERVERSTANDARD
Windows Server 2012 R2 SERVERSTANDARDCORE

2018-10-12_09-54-21

Disabling the EULA dialog

The settings in this section will provide input to the EULA dialog:

2018-10-12_09-51-24

In the Windows Image pane, select the component amd64_Microsoft-Windows-Setup_6.3.9600.17031_neutral. Right-click on UserData and choose Add Setting to Pass 1 windowsPE.

2018-10-12_09-52-52

Using the Answer File Properties and Settings panes, configure the following:

AcceptEula = true

2018-10-12_09-55-16-1

Disabling the Disk Allocation dialog

The settings in this section will provide input to the Disk Allocation dialog:

2018-10-12_09-57-44

You'll need to allocate disk differently depending on whether you are using a UEFI-based PC or BIOS-based PC. Most modern PCs (and VMs) are UEFI-based.

Disabling the Disk Allocation dialog (UEFI/Secure Boot)

Here's the default partition layout for UEFI-based machines

Disk 0 default partition layout UEFI-based PCs
https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/configure-uefigpt-based-hard-drive-partitions

The EFI System partition (ESP) must be formatted using the FAT32 filesystem. For drives that are using 4K native sectors, the minimum size is 260MB. For 512 byte sector drives, you can get away with using 100MB for the ESP.
You must use UEFI disk allocation if you are using Advanced Format 4Kn drives.
The recommended size for the Microsoft reserved partition (MSR) is 16MB.
The MSR is used to help with partition management. The MSR is a reserved partition that does not receive a partition ID. It cannot store user data.
Recovery partition is optional. We won't provision it in this example.

In the Windows Image pane, select the component amd64_Microsoft-Windows-Setup_6.3.9600.17031_neutral. Right-click on DiskConfiguration/Disk and choose Add Setting to Pass 1 windowsPE.

2018-10-12_10-02-47

Using the Answer File Properties and Settings panes, configure the following:

DiskID = 0
WillWipeDisk = true

2018-10-12_10-03-49-1

In the Windows Image pane, select the component amd64_Microsoft-Windows-Setup_10.0.14393.0_neutral. Right-click on DiskConfiguration/Disk/CreatePartitions/CreatePartition and choose Add setting to Pass 1 windowsPE.

2018-10-12_10-04-53

Right click on CreatePartitions in the Answer File window and choose Insert New CreatePartition to add the EFI System Reserved partition.

Using the Answer File Properties and Settings panes, configure the following settings:

Extend = false
Order = 1
Size = 260
Type = EFI

2018-10-12_10-09-17

Right click on CreatePartitions in the Answer File window and choose Insert New CreatePartition to add the SYS partition. Using the Answer File Properties and Settings panes, configure the following settings:

Extend = false
Order = 2
Size = 16
Type = MSR

2018-10-12_10-10-12

Right click on CreatePartitions in the Answer File window and choose Insert New CreatePartition to add the Primary partition. Using the Answer File Properties and Settings panes, configure the following settings:

Extend = false
Order = 3
Size = 20000
Type = Primary

NOTE: Don't worry about getting the size exact - just set it to a reasonable minimum. In the next setting, we will extend the partition to fill all remaining disk space on the drive.

2018-10-12_10-11-30

Right click on ModifyPartitions in the Answer File window and choose Insert New ModifyPartition to format the EFI System partition.

Using the Answer File Properties and Settings panes, configure the following settings:

Format = FAT32
Label = System
Order = 1
PartitionID = 1

2018-10-12_10-13-56

Right click on ModifyPartitions in the Answer File window and choose Insert New ModifyPartition to add the Primary partition. Using the Answer File Properties and Settings panes, configure the following settings:

Right-click on DiskConfiguration/Disk/ModifyPartitions/ModifyPartition and choose Add setting to Pass 1 windowsPE. Using the Answer File Properties and Settings panes, configure the following settings:

Extend = true
Format = NTFS
Label = OS
Letter = C
Order = 2
PartitionID = 3

2018-10-12_10-15-08

In the Windows Image pane, select the component amd64_Microsoft-Windows-Setup_6.3.9600.17031_neutral. Right-click on ImageInstall/OSImage/InstallTo and choose Add setting to Pass 1 windowsPE.

2018-10-12_10-16-26

Using the Answer File Properties and Settings panes, configure the following:

DiskID = 0
PartitionID = 3

2018-10-12_10-17-28

Disabling the Disk Allocation dialog (Legacy BIOS)

Here's the default partition layout for legacy BIOS machines:

dep-win10-partitions-bios

https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/configure-biosmbr-based-hard-drive-partitions

Each bootable drive must contain a system partition. The system partition must be configured as the active partition.
The minimum size of the System partition is 100 MB. On Windows 2016 the recommended System Reserved Partition size is 500 MB.
The Windows partition must be at least 20 GB in size and formatted using the NTFS file system.
The Windows partition has a maximum size limit of 2 TB on BIOS machines.
The recovery partition is optional. We won't provision it in this example.

In the Windows Image pane, select teh component amd64_Microsoft-Windows-Setup_10.0.14393.0_neutral. Right-click on DiskConfiguration/Disk and choose Add Setting to Pass 1 windowsPE.

Using the Answer File Properties and Settings panes, configure the following:

DiskID = 0
WillWipeDisk = true

First create a System Reserved partition. This is used to store Boot Configuration Data and BitLocker Drive Encryption files. On Windows 2016 the recommended System Reserved Partition size is 500MB. You aren't required to create System Reserved Partition, but either way the boot files take space on your hard drive and most people would expect them to be on a separate partition.

In the Answer File pane, right-click on DiskConfiguration/Disk/CreatePartitions/CreatePartition and choose Insert New CreatePartition.

Using the Answer File Properties and Settings panes, configure the following settings:

Extend = false
Order = 1
Size = 500
Type = Primary

Then create at least one partition for your Windows install.
Right-click on DiskConfiguration/Disk/CreatePartitions/CreatePartition Insert New CreatePartition.

Using the Answer File Properties and Settings panes, configure the following settings:

Extend = true
Order = 2
Type = Primary

In the Answer File pane, right-click on DiskConfiguration/Disk/ModifyPartitions/ModifyPartition and choose Insert New ModifyPartition.

Using the Answer File Properties and Settings panes, configure the following settings:

Active = true
Format = NTFS
Label = System
Order = 1
PartitionID = 1

In the Answer File pane, right-click on DiskConfiguration/Disk/ModifyPartitions/ModifyPartition and choose Insert New ModifyPartition.

Using the Answer File Properties and Settings panes, configure the following settings:

Format = NTFS
Label = Windows
Letter = C
Order = 2
PartitionID = 2

In the Windows Image pane, select the component amd64_Microsoft-Windows-Setup_10.0.14393.0_neutral. Right-click on ImageInstall/OSImage/InstallTo and choose Add setting to Pass 1 windowsPE. Using the Answer File Properties and Settings panes, configure the following:

DiskID = 0
PartitionID = 2

Disabling the Adminsitrator password prompt

The settings in this section will provide input to the Administrator password prompt.

2018-10-12_10-22-40

As you enter passwords in WSIM, you may want to consider unchecking Tools > Hide Sensitive Date so that passwords are saved in plain text. Unless you have some other system for tracking passwords, there is no easy way to go backwards from the encrypted password to the plain text version if you forget it ;-)

In the Windows Image pane, select the component amd64_Microsoft-Windows-Shell-Setup_6.3.9600.17031_neutral. Right-click on UserAccounts/AdministratorPassword and choose Add Setting to Pass 7 oobeSystem.

2018-10-12_10-24-48

Using the Answer File Properties and Settings panes, configure the following:

Value = your_password

2018-10-12_10-25-35

Additional WSIM Settings for Windows Server 2012 R2

Set up vagrant autologin

In the Windows Image pane, select the component amd64_Microsoft-Windows-Shell-Setup_10.0.14393.0_neutral. Right-click on UserAccounts/LocalAccounts/LocalAccount and choose Add Setting to Pass 7 oobeSystem. Using the Answer File Properties and Settings panes, configure the following settings:

Description = Vagrant User
DisplayName = vagrant
Group = Administrators
Name = vagrant

In UserAccounts/LocalAccounts/LocalAccount/Password configure the following:

Value = vagrant

In the Windows Image pane, select the component amd64_Microsoft-Windows-Shell-Setup_10.0.14393.0_neutral. Right-click on AutoLogon and choose Add Setting to Pass 7 oobeSystem. Using the Answer File Properties and Settings panes, configure the following:

Enabled = true
Username = vagrant

In the Windows Image pane, select the component amd64_Microsoft-Windows-Shell-Setup_10.0.14393.0_neutral. Right-click on AutoLogon/Password and choose Add Setting to Pass 7 oobeSystem. Using the Answer File Properties and Settings panes, configure the following:

Value = vagrant

First Logon Commands

In the Windows Image pane, select the component amd64_Microsoft-Windows-Shell-Setup_10.0.14393_neutral. Right-click on FirstLogonCommands/SynchronousCommand and choose Add Setting to Pass 7 oobeSystem. Using the Answer File Properties and Settings panes, configure the following:

CommandLine=cmd.exe /c a:\000-run-all-scripts.cmd
Description=Run all scripts
Order=1
RequiresUserInput=true

Do not show Server Manager at login

In the Windows Image pane, select the component amd64_Microsoft-Windows-ServerManager-SvrMgrNc_6.3.9600.16384_neutral. Right-click and choose Add Setting to Pass 4 specialize. Using the Answer File Properties and Settings panes, configure the following:

DoNotOpenServerManagerAtLogon = true

Enable Remote Desktop

In the Windows Image pane, select the component amd64_Microsoft-Windows-TerminalServices-LocalSessionManager_6.3.9600.17031_neutral. Right-click and choose Add Setting to Pass 4 specialize. Using the Answer File Properties and Settings panes, configure the following:

fDenyTSConnections = false

In the Windows Image pane, select the component amd64_Networking-MPSSVC-Svc_6.3.9600.16384_neutral. Right-click on FirewallGroups/FirewallGroup and choose Add Setting to Pass 4 specialize. Using the Answer File Properties and Settings panes, configure the following settings:

Active = true
Group = Remote Desktop
Key = RemoteDesktop
Profile = all

In the Windows Image pane, select the component amd64_Microsoft-Windows-TerminalServices-RDP-WinStationExtensions_6.3.9700.16384_neutral. Right-click and choose Add Setting to Pass 4 specialize. Using the Answer File Properties and Settings panes, configure the following settings:

SecurityLayer = 1
UserAuthentication = 0