Adding Bitlocker to the ENGL build process

If you want to enable Bitlocker during the ENGL build process this is the TID to digest first: "TID-2018001: Enabling BitLocker during the Build Process [ZENworks]" when using ZENworks or "TID-2018003: Enabling BitLocker during the Build Process [SCCM / ENGL Custom Deployment]" when using ConfigrMgr or ENGL custom deployment.

The registry settings below and its related information is taken from the "Operating system drive encryption settings" of Group Policy Home and Enable BitLocker Encryption on Windows 10 without TPM.

More references are BitLocker basic deploymentBitLocker Group Policy settings and Enable Trusted Platform Module on Virtual Machine.

This is taken from "Require additional authentication at startup":

Windows Registry Editor Version 5.00

;Control Panel Classic View
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search]

;Allow TPM 

Disable Cortana on Windows 10

This is what can be included in a phase4-after.reg file to disable Microsoft Cortana during the ENGL build process:

Windows Registry Editor Version 5.00

;Control Panel Classic View
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search]



Using Windows10Debloater.ps1 with ENGL Imaging Toolkit


Here's where you can download the Windows10Debloater.ps1 from. But if you want to use this in a ENGL Imaging Toolkit phase script, phase4-after.ps1 need to remove the dialog options in this script.

Search for all Prompt$ variables and replace it like this:

#$Prompt1 = [Windows.MessageBox]::Show($Ask, "Debloat or Revert", $Button, $ErrorIco)
$Prompt1 = "Yes"
#$Prompt2 = [Windows.MessageBox]::Show($EverythingorSpecific, "Everything or Specific", $Button, $Warn)
$Prompt2 = "Yes" 
#$Prompt3 = [Windows.MessageBox]::Show($EdgePdf, "Edge PDF", $Button, $Warn)
$Prompt3 = "Yes"



Also update the section about CloudStore. These are the current parameters which prevent from being prompted:

Write-Output "Removing CloudStore from registry if it exists"
$CloudStore = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\CloudStore'
If (Test-Path $CloudStore) {
    Stop-Process Explorer.exe -Force
    Remove-Item $CloudStore -Recurse -Force -Confirm:$false
    Start-Process Explorer.exe -Wait

Disable F8 in tftp\englpe\..\winpe.wim

cd "C:\Users\engl\Desktop\tftp\englpe\x64" or cd "C:\Users\engl\Desktop\tftp\englpe\x86" depending on whether you need to update the winpe.wim for x86 or x64
mkdir c:\temp\englpe
dism /mount-wim /wimfile:"winpe.wim" /index:1 /mountdir:"c:\temp\englpe\"

edit ..\windows\system32\winpeshl.ini and remove ', /EnableF8' in line number 3:

commit the image using:

dism /unmount-wim /mountdir:"c:\temp\englpe"  /commit

Using OEMDefaultAssociations.xml in phase4


Set FSO = CreateObject("Scripting.FileSystemObject")
status = FSO.CopyFile("C:\Ztoolkit\OEMDefaultAssociations.xml", "C:\Windows\System32\", True)


<?xml version="1.0" encoding="UTF-8"?>
  <Association Identifier=".pdf" ProgId="AcroExch.Document.DC" ApplicationName="Adobe Acrobat Reader DC" />

Export or Import Default Application Associations




More Articles ...