UIU Blog

Audit Mode and the UIU

What is Audit Mode?

Although the feature has been an option since Windows 7, it has become increasingly necessary when deploying Windows 10 operating systems. Audit Mode allows the OS to enter a state using only the default, built-in Administrator profile so that system and application settings are only applied to the single instance of the profile. This becomes crucial in the preparation of a base image used in OS deployments, enterprise-wide.

Why is Audit Mode a thing?

Because Microsoft Sysprep is a thing… Windows 10 employs a method of Application Provisioning that can cause problems with Sysprep. During the OOBE (Out Of Box Experience) process, profiles (in addition to the built-in Administrator profile), will be created. As applications are installed, either as a function of the OS install or by the Technician, Windows 10 Application Provisioning will apply settings to available profiles which may cause Microsoft Sysprep to fail during execution.

For more information, please review: Sysprep fails after you remove or update Microsoft Store apps that include built-in Windows images

How do I use Audit Mode?

Step 1 – Boot the base image PC (Windows 10) to Audit Mode
Remove the base image PC from Internet Access.

Establish the base image; install the Windows 10 operating system, presumably from DVD media.

After Windows installs necessary operating system files, (potentially requiring several reboots), the administrator will be presented with customization options.



Settings Dialog Box


Disable Auto Updates


Do NOT select any options on this screen!




Instead, initiate Audit Mode with the key combination CTRL+SHIFT+F3. The machine will then reboot and enter Audit Mode. This will prevent the creation of user profiles and the built-in Administrator account will automatically sign-in. A Sysprep dialog window will launch and should be minimized.



Note: Once a machine has been booted into Audit Mode, it will remain in that mode, (regardless of reboots during software installation and configuration), until OOBE is explicitly initiated with Sysprep, either manually by executing Sysprep.exe or through the use of the Sysprep Assistant.



In Audit Mode, the built-in administrator account is enabled by the system and allows the administrator to make all changes desired. Once sysprep is executed (with OOBE), this account will be disabled by default. For more information, please review Enable and Disable the Built-in Administrator Account.


It should be stressed that Windows Store apps must not be allowed to automatically update (which they are set to do by default). It is strongly advised to leave the machine disconnected from any networks until Windows Store apps can be disabled from updating automatically, or leave it unplugged for the duration of setup.

To disable Windows Store automatic updates:
  • Run: gpedit.msc (elevated privileges)
  • Navigate to Computer Configuration > Administrative Templates > Windows Components > Store
  • ul>



    gpedit.msc


    Disable Auto Updates


    Select “Enabled” for the setting: “Turn off Automatic Download and Install of updates”





    After Windows Store Apps automatic updates are disabled, attach the base image PC to a network with Internet Access.

    Step 2 – Customize the Windows 10 image
    With Audit Mode enabled, all changes to system (OS) settings as well as application settings will be made to the Default User profile which will be used later to create local PC users. Consider two types of applications that may be installed. Applications that are installed from executable files (e.g. setup.exe) will be referred to as Application Installations. Applications that are part of the Microsoft Store (provisioned applications) will be referred to as Microsoft Provisioned Apps.

    Application Installations may be launched from Windows File Manager by browsing and launching the appropriate executable.

    In order to install Microsoft Provisioned Apps, it is recommended to utilize PowerShell with the integrated module, PackageManagement or OneGet. PowerShell may need to be launched manually from the Windows folder.

    Navigate to C:\Windows\syswow64\WindowsPowerShell\v1.0 and then execute the powershell.ise application.

    In order to enable the installation of software from a package provider, rights must be extended to run scripts:

    Set-ExecutionPolicy Unrestricted

    Next, a package manager or provider must be selected. The package manager requires unrestricted script execution policy, which is why it was set first thing after PowerShell is launched. Add the provider using the Get-Packageprovider <PROVIDER> command.

    More information on this command can be found here: Get-PackageProvider

    Step 3 – Install the software required on all machines
    In order to install Microsoft Provisioned Apps, apply the Install-Package script.

    For example, to install Google Chrome, Adobe Reader, 7Zip and Brave:

    Find-Package –Name GoogleChrome, AdobeReader, 7zip, Brave | Install-Package

    The system may require a reboot to install an application and will return to Audit Mode post-reboot.

    Step 4 – Installing Windows Update (if desired)
    The Windows Update Center is dependent upon OOBE mode in order to apply updates and will fail in Audit Mode for operating systems newer than Windows 8.1. In this case, the PoerShell module PSWindowsUpdate may be used.

    Windows Update PowerShell Module

    Excerpt from Technet:
    Module can be installed manualy (sic) by downloading Zip file and extract in two places:

    • %USERPROFILE%\Documents\WindowsPowerShell\Modules
    • %WINDIR%\System32\WindowsPowerShell\v1.0\Modules
    Be sure to run the PSWindowsUpdate.cmd, As Administrator. After all available Windows Updates have been applied, the extracted module may be removed from the Windows folder.

    Step 5 – Remove built-in applications (optional)
    If desired, built-in applications may be removed using the following scripts: (This may no longer be a complete list)

    Get-AppxPackage *Twitter* | Remove-AppxPackage
    Get-AppxPackage *CandyCrushSaga* | Remove-AppxPackage
    Get-AppxPackage *solitairecollection* | Remove-AppxPackage
    Get-AppxPackage *bingweather* | Remove-AppxPackage
    Get-AppxPackage *bingnews* | Remove-AppxPackage
    Get-AppxPackage *bingsports* | Remove-AppxPackage
    Get-AppxPackage *3dbuilder* | Remove-AppxPackage
    Get-AppxPackage *windowsalarms* | Remove-AppxPackage
    Get-AppxPackage *Appconnector* | Remove-AppxPackage
    Get-AppxPackage *windowscalculator* | Remove-AppxPackage
    Get-AppxPackage *windowscommunicationsapps* | Remove-AppxPackage
    Get-AppxPackage *windowscamera* | Remove-AppxPackage
    Get-AppxPackage *officehub* | Remove-AppxPackage
    Get-AppxPackage *skypeapp* | Remove-AppxPackage
    Get-AppxPackage *getstarted* | Remove-AppxPackage
    Get-AppxPackage *zunemusic* | Remove-AppxPackage
    Get-AppxPackage *windowsmaps* | Remove-AppxPackage
    Get-AppxPackage *Messaging* | Remove-AppxPackage
    Get-AppxPackage *ConnectivityStore* | Remove-AppxPackage
    Get-AppxPackage *bingfinance* | Remove-AppxPackage
    Get-AppxPackage *zunevideo* | Remove-AppxPackage
    Get-AppxPackage *onenote* | Remove-AppxPackage
    Get-AppxPackage *people* | Remove-AppxPackage
    Get-AppxPackage *CommsPhone* | Remove-AppxPackage
    Get-AppxPackage *windowsphone* | Remove-AppxPackage
    Get-AppxPackage *photos* | Remove-AppxPackage
    Get-AppxPackage *WindowsScan* | Remove-AppxPackage
    Get-AppxPackage *windowsstore* | Remove-AppxPackage
    Get-AppxPackage *Office.Sway* | Remove-AppxPackage
    Get-AppxPackage *soundrecorder* | Remove-AppxPackage
    Get-AppxPackage *xboxapp* | Remove-AppxPackage
    Get-AppxPackage *XboxOneSmartGlass* | Remove-AppxPackage


    Step 6 – Preparing to use the UIU

    UIU Classic

    Within Audit Mode: Run the UIU Classic (including the import of or creation of a Sysprep answer file)

    Shutdown and capture, then deploy.


    UIU5

    Within Audit Mode: Complete the base image setup by executing Sysprep with appropriate flags:

    C:\Windows\System32\Sysprep\Sysprep.exe /unattend:<path to file>\filename /generalize /oobe

    For more information, please review: Methods for Running Windows Setup

    Shutdown and capture, then deploy with the UIU 5 product:
    UIU 5 - Quick Steps


    UIU Plug-ins 2.0 for MDT/SCCM

    Assuming that a base image was created and imported into MDT or SCCM:

    Within Audit Mode: Complete the base image setup by executing Sysprep with appropriate flags:

    C:\Windows\System32\Sysprep\Sysprep.exe /unattend:<path to file>\filename /generalize /oobe

    For more information, please review: Methods for Running Windows Setup

    Shutdown and capture, then deploy with the UIU Plug-ins2.0 product:
    MDT UIU Plug-ins 2.0 for MDT - Quick Steps

    SCCM UIU Plug-ins 2.0 for SCCM - Quick Steps



Comments are closed.
Showing 0 Comment


Archives

  • 2019
  • 2018
  • 2017
  • 2015
  • 2014
  • 2013
  • 2012