Adding Bitlocker to the ENGL build process

Written on .

If you want to enable Bitlocker during the ENGL build process this is the TID to digest first: "TID-2018001: Enabling BitLocker during the Build Process [ZENworks]" when using ZENworks or "TID-2018003: Enabling BitLocker during the Build Process [SCCM / ENGL Custom Deployment]" when using ConfigrMgr or ENGL custom deployment.

The registry settings below and its related information is taken from the "Operating system drive encryption settings" of Group Policy Home and Enable BitLocker Encryption on Windows 10 without TPM.

More references are BitLocker basic deploymentBitLocker Group Policy settings and Enable Trusted Platform Module on Virtual Machine.

This is taken from "Require additional authentication at startup":

 
Windows Registry Editor Version 5.00

;Control Panel Classic View
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search]
"AllowCortana"=dword:00000000

;Allow TPM 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE]
"UseAdvancedStartup"=dword:00000001
"EnableBDEWithNoTPM"=dword:00000001
"UseTPM"=dword:00000002
"UseTPMPIN"=dword:00000002
"UseTPMKey"=dword:00000002
"UseTPMKeyPIN"=dword:00000002


Add new comment

Disable Cortana on Windows 10

Written on .

This is what can be included in a phase4-after.reg file to disable Microsoft Cortana during the ENGL build process:

Windows Registry Editor Version 5.00

;Control Panel Classic View
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search]
"AllowCortana"=dword:00000000

 

 

Add new comment

Using Windows10Debloater.ps1 with ENGL Imaging Toolkit

Written on .

 

Here's where you can download the Windows10Debloater.ps1 from. But if you want to use this in a ENGL Imaging Toolkit phase script, phase4-after.ps1 e.g.you need to remove the dialog options in this script.

Search for all Prompt$ variables and replace it like this:

#$Prompt1 = [Windows.MessageBox]::Show($Ask, "Debloat or Revert", $Button, $ErrorIco)
$Prompt1 = "Yes"
#$Prompt2 = [Windows.MessageBox]::Show($EverythingorSpecific, "Everything or Specific", $Button, $Warn)
$Prompt2 = "Yes" 
#$Prompt3 = [Windows.MessageBox]::Show($EdgePdf, "Edge PDF", $Button, $Warn)
$Prompt3 = "Yes"

etc.

 

Also update the section about CloudStore. These are the current parameters which prevent from being prompted:

Write-Output "Removing CloudStore from registry if it exists"
$CloudStore = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\CloudStore'
If (Test-Path $CloudStore) {
    Stop-Process Explorer.exe -Force
    Remove-Item $CloudStore -Recurse -Force -Confirm:$false
    Start-Process Explorer.exe -Wait
}

Add new comment

Disable F8 in tftp\englpe\..\winpe.wim

Written on .

cd "C:\Users\engl\Desktop\tftp\englpe\x64" or cd "C:\Users\engl\Desktop\tftp\englpe\x86" depending on whether you need to update the winpe.wim for x86 or x64
mkdir c:\temp\englpe
dism /mount-wim /wimfile:"winpe.wim" /index:1 /mountdir:"c:\temp\englpe\"

edit ..\windows\system32\winpeshl.ini and remove ', /EnableF8' in line number 3:

commit the image using:

dism /unmount-wim /mountdir:"c:\temp\englpe"  /commit


Add new comment

Using OEMDefaultAssociations.xml in phase4

Written on .

phase3-after.vbs:

Set FSO = CreateObject("Scripting.FileSystemObject")
status = FSO.CopyFile("C:\Ztoolkit\OEMDefaultAssociations.xml", "C:\Windows\System32\", True)

OEMDefaultAssociations.xml

<?xml version="1.0" encoding="UTF-8"?>
<DefaultAssociations>
  <Association Identifier=".pdf" ProgId="AcroExch.Document.DC" ApplicationName="Adobe Acrobat Reader DC" />
</DefaultAssociations>

Export or Import Default Application Associations

 

 

 

Add new comment

More Articles ...