How to create an automated install for Windows Server 2012 R2
If you want to automate a Windows install, you must create a .XML file containing the responses to prompts for any input. Microsoft provides a tool to create these .XML files. It's called the Windows System Image Manager (WSIM). WSIM is part of the Windows Assessment and Deployment Kit (Windows ADK). You can get Windows ADK via the Windows Assessment and Deployment Kit.
The Windows System Image Manager is fairly complicated to use and it requires a Windows machine. Since I don't use WSIM very often, I'm documenting the settings I use most frequently when I create a new .XML response file.
Installing the Windows System Image Manager (WSIM)
You'll need a Windows machine to run Windows System Image Manager. I use a Windows virtual machine on my Mac that I created with VMware Fusion. The WSIM tool doesn't require many resources to run. I find that WSIM runs just fine on a VM with 1 processor core and 2GB of memory.
Download the Windows Assessment and Deployment Kit to get the WSIM install.
The only feature you need to install is "Deployment Tools" to install the Windows System Image Manager (WSIM).
Create and select a Windows catalog file
Next grab a copy of the ISO for the version of Windows you want to install. You'll need to create a catalog (CLG) file from the install.wim
file. A catalog file is a small file that contains an index of all the of all the files on an install.wim
image. That way you can choose packages and components to install without needing to have the 5-7GB install.wim
file. Also you can store a CLG file in source control as they are around 1-2MB.
Mount the Windows ISO. Under the \sources
subdirectory, you should find the install.wim
file.
Copy that install.wim
file to a local drive that has read-write access. If you don't, you'll get this lovely error.
Launch Windows System Manager - you'll find it under the Windows Kits
folder on your start menu.
Choose File > Select Windows Image...
from the Windows System Image Manager menu:
Then open the install.wim
file for the version of the Windows install you wish to automate.
Some versions of Windows include multiple installs. If so, you will be prompted to choose the correct one:
And then Windows System Image Manager will prompt to get elevated permissions to create a catalog file:
If you see this error, make sure you copy the install.wim
file to a writable location (I warned you earlier grin):
It will take MANY minutes to index all the files in the install.wim
. Go and get a coffee. Because it takes so long to generate these catalog (CLG) files. Once the indexing is done, you'll see the Components
and Packages
in the Windows Image
pane of WSIM:
I would recommend storing them in source control alongside your .XML
response files. You'll need the corresponding CLG file for the version of Windows to add anything new to an .XML
response file in WSIM.
You'll find the .clg
file created in the same directory as your install.wim
. That's why WSIM needed a writable location.
I like to put my .clg
under the same absolute path \wsim
so multiple people can work edit the WSIM .XML
files. Unfortunately the WSIM tool stores absolute paths to the .clg
files. I would also recommended taking the time hit and creating a whole batch of .clg
files for your .iso
so you don't have to remember where you got it originally when you created a .clg
.
Testing your .XML response file
You'll need to create a floppy disk image on which to place your test autounattend.xml
file.
Download a blank floppy disk image from here: https://forums.virtualbox.org/download/file.php?id=4594
Mount it on your Mac, then copy in your autounattend.xml
then unmount.
In a Windows image with your Windows ISO, add a floppy, selecting your unattend.img
file with the autounattend.xml
file on it.
When you boot your Windows ISO it will read the settings in the autounattend.xml
file on the floppy.
WSIM Settings to make a Windows 2012 R2 install completely silent
You must configure the following settings to make a Windows 2012 R2 install completely silent.
- Create a new answer file with
File > New Answer File
in WSIM. File > Save Answer File
asautounattend.xml
The Components folder will be filled with blank components, as shown:
Then follow the directions to create sections for each action:
- Disable the
language and other preferences
dialog - Disable the Select Operating System dialog
- Disable the EULA dialog
- Disable the Disk Allocation dialog
- Disable the Administrator password prompt
Disabling the language settings dialog
The settings in this section will provide input to the language and other preferences prompt:
In the Windows Image pane, select the component amd64_Microsoft-Windows-International-Core-WinPE_6.3.9600.16384_neutral. Right-click and choose Add Setting to Pass 1 windowsPE.
Using the Answer File Properties and Settings panes, configure the following:
- InputLocale = en-US
- SystemLocale = en-US
- UILanguage = en-US
- UserLocale = en-US
Next, in the Windows Image pane, select the component amd64_Microsoft-Windows-Setup_6.3.9600.17031_neutral. Right-click on UserData/ProductKey and choose Add Setting to Pass 1 windowsPE.
Using the Answer File Properties and Settings panes, configure the following:
- Key = <YOUR_PRODUCT_KEY>
- WillShowUI = OnError
The official Microsoft KMS keys are listed [here](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj612867(v=ws.11) and make a good starting point to test installs.
Disabling the Select Operating System dialog
The settings in this section will provide input to the Select Operating System dialog:
In the Windows Image pane, select the component amd64_Microsoft-Windows-Setup_6.3.9600.17031_neutral. Right-click on ImageInstall/OSImage/InstallFrom/Metadata and choose Add Setting to Pass 1 windowsPE.
Using the Answer File Properties and Settings panes, configure the following:
- Key = /IMAGE/NAME
- Value = Windows Server 2012 R2 SERVERDATACENTER
NOTE: Make sure the /IMAGE/NAME
value matches the Windows Server 2012 R2 image flavour you selected. Possible values are:
- Windows Server 2012 R2 SERVERDATACENTER
- Windows Server 2012 R2 SERVERDATACENTERCORE
- Windows Server 2012 R2 SERVERSTANDARD
- Windows Server 2012 R2 SERVERSTANDARDCORE
Disabling the EULA dialog
The settings in this section will provide input to the EULA dialog:
In the Windows Image pane, select the component amd64_Microsoft-Windows-Setup_6.3.9600.17031_neutral. Right-click on UserData and choose Add Setting to Pass 1 windowsPE.
Using the Answer File Properties and Settings panes, configure the following:
- AcceptEula = true
Disabling the Disk Allocation dialog
The settings in this section will provide input to the Disk Allocation dialog:
You'll need to allocate disk differently depending on whether you are using a UEFI-based PC or BIOS-based PC. Most modern PCs (and VMs) are UEFI-based.
Disabling the Disk Allocation dialog (UEFI/Secure Boot)
Here's the default partition layout for UEFI-based machines
- The EFI System partition (ESP) must be formatted using the FAT32 filesystem. For drives that are using 4K native sectors, the minimum size is 260MB. For 512 byte sector drives, you can get away with using 100MB for the ESP.
- You must use UEFI disk allocation if you are using Advanced Format 4Kn drives.
- The recommended size for the Microsoft reserved partition (MSR) is 16MB.
- The MSR is used to help with partition management. The MSR is a reserved partition that does not receive a partition ID. It cannot store user data.
- Recovery partition is optional. We won't provision it in this example.
In the Windows Image pane, select the component amd64_Microsoft-Windows-Setup_6.3.9600.17031_neutral. Right-click on DiskConfiguration/Disk and choose Add Setting to Pass 1 windowsPE.
Using the Answer File Properties and Settings panes, configure the following:
- DiskID = 0
- WillWipeDisk = true
In the Windows Image pane, select the component amd64_Microsoft-Windows-Setup_10.0.14393.0_neutral. Right-click on DiskConfiguration/Disk/CreatePartitions/CreatePartition and choose Add setting to Pass 1 windowsPE.
Right click on CreatePartitions in the Answer File window and choose Insert New CreatePartition to add the EFI System Reserved partition.
Using the Answer File Properties and Settings panes, configure the following settings:
- Extend = false
- Order = 1
- Size = 260
- Type = EFI
Right click on CreatePartitions in the Answer File window and choose Insert New CreatePartition to add the SYS partition. Using the Answer File Properties and Settings panes, configure the following settings:
- Extend = false
- Order = 2
- Size = 16
- Type = MSR
Right click on CreatePartitions in the Answer File window and choose Insert New CreatePartition to add the Primary partition. Using the Answer File Properties and Settings panes, configure the following settings:
- Extend = false
- Order = 3
- Size = 20000
- Type = Primary
NOTE: Don't worry about getting the size exact - just set it to a reasonable minimum. In the next setting, we will extend the partition to fill all remaining disk space on the drive.
Right click on ModifyPartitions in the Answer File window and choose Insert New ModifyPartition to format the EFI System partition.
Using the Answer File Properties and Settings panes, configure the following settings:
- Format = FAT32
- Label = System
- Order = 1
- PartitionID = 1
Right click on ModifyPartitions in the Answer File window and choose Insert New ModifyPartition to add the Primary partition. Using the Answer File Properties and Settings panes, configure the following settings:
Right-click on DiskConfiguration/Disk/ModifyPartitions/ModifyPartition and choose Add setting to Pass 1 windowsPE. Using the Answer File Properties and Settings panes, configure the following settings:
- Extend = true
- Format = NTFS
- Label = OS
- Letter = C
- Order = 2
- PartitionID = 3
In the Windows Image pane, select the component amd64_Microsoft-Windows-Setup_6.3.9600.17031_neutral. Right-click on ImageInstall/OSImage/InstallTo and choose Add setting to Pass 1 windowsPE.
Using the Answer File Properties and Settings panes, configure the following:
- DiskID = 0
- PartitionID = 3
Disabling the Disk Allocation dialog (Legacy BIOS)
Here's the default partition layout for legacy BIOS machines:
- Each bootable drive must contain a system partition. The system partition must be configured as the active partition.
- The minimum size of the System partition is 100 MB. On Windows 2016 the recommended System Reserved Partition size is 500 MB.
- The Windows partition must be at least 20 GB in size and formatted using the NTFS file system.
- The Windows partition has a maximum size limit of 2 TB on BIOS machines.
- The recovery partition is optional. We won't provision it in this example.
In the Windows Image pane, select teh component amd64_Microsoft-Windows-Setup_10.0.14393.0_neutral. Right-click on DiskConfiguration/Disk and choose Add Setting to Pass 1 windowsPE.
Using the Answer File Properties and Settings panes, configure the following:
- DiskID = 0
- WillWipeDisk = true
First create a System Reserved partition. This is used to store Boot Configuration Data and BitLocker Drive Encryption files. On Windows 2016 the recommended System Reserved Partition size is 500MB. You aren't required to create System Reserved Partition, but either way the boot files take space on your hard drive and most people would expect them to be on a separate partition.
In the Answer File pane, right-click on DiskConfiguration/Disk/CreatePartitions/CreatePartition and choose Insert New CreatePartition.
Using the Answer File Properties and Settings panes, configure the following settings:
Extend = false
Order = 1
Size = 500
Type = Primary
Then create at least one partition for your Windows install.
Right-click on DiskConfiguration/Disk/CreatePartitions/CreatePartition Insert New CreatePartition.
Using the Answer File Properties and Settings panes, configure the following settings:
- Extend = true
- Order = 2
- Type = Primary
In the Answer File pane, right-click on DiskConfiguration/Disk/ModifyPartitions/ModifyPartition and choose Insert New ModifyPartition.
Using the Answer File Properties and Settings panes, configure the following settings:
- Active = true
- Format = NTFS
- Label = System
- Order = 1
- PartitionID = 1
In the Answer File pane, right-click on DiskConfiguration/Disk/ModifyPartitions/ModifyPartition and choose Insert New ModifyPartition.
Using the Answer File Properties and Settings panes, configure the following settings:
- Format = NTFS
- Label = Windows
- Letter = C
- Order = 2
- PartitionID = 2
In the Windows Image pane, select the component amd64_Microsoft-Windows-Setup_10.0.14393.0_neutral. Right-click on ImageInstall/OSImage/InstallTo and choose Add setting to Pass 1 windowsPE. Using the Answer File Properties and Settings panes, configure the following:
- DiskID = 0
- PartitionID = 2
Disabling the Adminsitrator password prompt
The settings in this section will provide input to the Administrator password prompt.
As you enter passwords in WSIM, you may want to consider unchecking Tools > Hide Sensitive Date
so that passwords are saved in plain text. Unless you have some other system for tracking passwords, there is no easy way to go backwards from the encrypted password to the plain text version if you forget it ;-)
In the Windows Image pane, select the component amd64_Microsoft-Windows-Shell-Setup_6.3.9600.17031_neutral. Right-click on UserAccounts/AdministratorPassword and choose Add Setting to Pass 7 oobeSystem.
Using the Answer File Properties and Settings panes, configure the following:
- Value = your_password
Additional WSIM Settings for Windows Server 2012 R2
Set up vagrant autologin
In the Windows Image pane, select the component amd64_Microsoft-Windows-Shell-Setup_10.0.14393.0_neutral. Right-click on UserAccounts/LocalAccounts/LocalAccount and choose Add Setting to Pass 7 oobeSystem. Using the Answer File Properties and Settings panes, configure the following settings:
- Description = Vagrant User
- DisplayName = vagrant
- Group = Administrators
- Name = vagrant
In UserAccounts/LocalAccounts/LocalAccount/Password configure the following:
- Value = vagrant
In the Windows Image pane, select the component amd64_Microsoft-Windows-Shell-Setup_10.0.14393.0_neutral. Right-click on AutoLogon and choose Add Setting to Pass 7 oobeSystem. Using the Answer File Properties and Settings panes, configure the following:
- Enabled = true
- Username = vagrant
In the Windows Image pane, select the component amd64_Microsoft-Windows-Shell-Setup_10.0.14393.0_neutral. Right-click on AutoLogon/Password and choose Add Setting to Pass 7 oobeSystem. Using the Answer File Properties and Settings panes, configure the following:
- Value = vagrant
First Logon Commands
In the Windows Image pane, select the component amd64_Microsoft-Windows-Shell-Setup_10.0.14393_neutral. Right-click on FirstLogonCommands/SynchronousCommand and choose Add Setting to Pass 7 oobeSystem. Using the Answer File Properties and Settings panes, configure the following:
- CommandLine=cmd.exe /c a:\000-run-all-scripts.cmd
- Description=Run all scripts
- Order=1
- RequiresUserInput=true
Do not show Server Manager at login
In the Windows Image pane, select the component amd64_Microsoft-Windows-ServerManager-SvrMgrNc_6.3.9600.16384_neutral. Right-click and choose Add Setting to Pass 4 specialize. Using the Answer File Properties and Settings panes, configure the following:
- DoNotOpenServerManagerAtLogon = true
Enable Remote Desktop
In the Windows Image pane, select the component amd64_Microsoft-Windows-TerminalServices-LocalSessionManager_6.3.9600.17031_neutral. Right-click and choose Add Setting to Pass 4 specialize. Using the Answer File Properties and Settings panes, configure the following:
- fDenyTSConnections = false
In the Windows Image pane, select the component amd64_Networking-MPSSVC-Svc_6.3.9600.16384_neutral. Right-click on FirewallGroups/FirewallGroup and choose Add Setting to Pass 4 specialize. Using the Answer File Properties and Settings panes, configure the following settings:
- Active = true
- Group = Remote Desktop
- Key = RemoteDesktop
- Profile = all
In the Windows Image pane, select the component amd64_Microsoft-Windows-TerminalServices-RDP-WinStationExtensions_6.3.9700.16384_neutral. Right-click and choose Add Setting to Pass 4 specialize. Using the Answer File Properties and Settings panes, configure the following settings:
- SecurityLayer = 1
- UserAuthentication = 0