What’s New In Windows 8 Unattend Answer File

From the Microsoft Windows ADK Unattend help file we find the following new items:

New Windows Settings

The following table describes settings that are new in Windows 8 and Windows Server 8.

New Setting

Description

Microsoft-Windows-EnhancedStorage-Adm

Specifies settings for encrypted hard disk drives .

Microsoft-Windows-HelpAndSupport

Specifies OEM information to customize the Help and Support page.

Microsoft-Windows-Setup/DiskConfiguration/DisableEncryptedDiskProvisioning

Specifies whether Windows activates encryption on blank drives that are capable of hardware-based encryption.

Microsoft-Windows-UnattendedJoin/Identification/TimeoutPeriodInMinutes

Specifies the number of minutes that Windows waits before timing out when Windows tries to join the computer to a domain.

Security-Malware-Windows-Defender/ TrustedImageIdentifier

Specifies a unique identifier that signals that the files that are installed on the computer have already been scanned, and do not require additional scans by Windows Defender.

The Microsoft-Windows-EnhancedStorage-Adm component specifies settings for  encrypted drives (eDrives) a.k.a. encrypted hard disk drive (eHDDs).

This component contains setting DisableEncryptedDiskProvisioning, which is valid during specializing pass, provides TCGSecurityActivationDisabled setting which can be set to enabled or disabled. By default if Windows is installed on an eDrive/eHDD it is encrypted automatically using TCG and IEEE 1667 transport standards.

If you set this to True such drives will not be automatically encrypted.

The Microsoft-Windows-HelpAndSupport component allows you to specify OEM information for a customized Help & Support page. It is valid during oobeSystem & Specialize phases. In addition to setting Help page here you must also set Microsoft-Windows-Shell-Setup\OEMInformation\HelpCustomized to True.

You can specify the following options:

  • Logo (i.e. path to BMP file)
  • LogoURL
  • Manufacturer
  • SearchContent. This can be true or false. When set to true and a user performs a search on the Help and Support page when the computer is offline, Windows searches for offline Help content in the Windows offline Help files and in the offline Help files that the manufacturer provides. To use offline help you must also have configured HelpAndSupport/Manufacturer to true.
  • SupportSearchURL. The URL must contain {query} which will be replaced with user’s query. It can also contain {Locale} which will be replaced with user’s locale.
  • TileColor. The color of the tile using RGB value as an integer.

With Microsoft-Windows-UnattendedJoin/Identification/TimeoutPeriodInMinutes applied during specialized configuration pass, you can configure domain join timeout. The default is 15 minutes, but you can set it between 5 – 60 minutes.

If you need to use this setting I feel sorry for you Smile

TrustedImageIdentifier specifies a unique identifier that signals that the files that are installed on the computer have already been scanned, and do not require additional on-access scans by Windows Defender. This is applied during specialized configuration pass. By default, Windows Defender performs a scan of each file on the computer when the computer accesses the file for the first time. This is known as an on-access scan. When Windows Defender performs a quick scan or a full scan (also known as on-demand scans), the rest of the files on the system will be marked as safe. If you set a trusted image identifier, Windows Defender does not perform on-access scans of the individual files that belong to the trusted image. This can increase system speed.

The unattend help file adds note:

If you have already deployed a series of computers, and then later determine that there is a potential problem with the security of the image, contact your Depth Project Manager (PM) within the Windows Ecosystem Engagement team, and provide the unique identifier of the image. Microsoft will add this unique identifier into Windows Update. After a computer with that unique identifier receives updates from Windows Update, Windows Defender performs scans on all of the files on that computer.

Microsoft recommends using a GUID to identify the image, but it can be any string.

New Internet Explorer 10 Settings

These are probably some of my favourite settings! I like IE10 Metro Browser but sadly many enterprise apps not working there in the land without Flash & Java…maybe they’ll be upgraded to HTML5 in the next 10 years. Until then having IE open links in desktop browser is essential.

New Internet Explorer Setting

Description

Microsoft-Windows-IE-InternetExplorer/EnableAutoUpgrade

Specifies whether Internet Explorer is automatically upgraded when a new version is available.

Microsoft-Windows-IE-InternetExplorer/OpenIEFromLink

Specifies which Internet Explorer view opens when a user clicks a link.

Microsoft-Windows-IE-InternetExplorer/OpenIEFromTiles

Specifies which Internet Explorer view opens when a user selects the Internet Explorer tile, or a tile that specifies a link, from the Start experience.

 By default when a new version of Internet Explorer is available through Windows update it will get installed. You can set Microsoft-Windows-IE-InternetExplorer/EnableAutoUpgrade to False during the specialize configuration pass to prevent this. I would think in most enterprises this is a critical setting! Note: If you install the IE Update Blocker tool from Microsoft, this setting has no effect.

 

When IE is the default browser you can set which version is used: Internet Explorer (a.k.a Metro IE) or Internet Explorer on the Desktop.

Microsoft-Windows-IE-InternetExplorer/OpenIEFromLink has 3 options:

  • 0 – When a user selects a link in another application, the link opens in either Internet Explorer or Internet Explorer on the desktop. This is the default value.
  • 1 – When a user selects a link, the link opens in Internet Explorer.
  • 2 – When a user selects a link, the link opens in Internet Explorer on the desktop.

If web applications in your environment require Flash, JRE, ActiveX controls then I strongly recommend using setting 2.

You can also set Microsoft-Windows-IE-InternetExplorer/OpenIEFromTiles

  • 0 – When a user selects the Internet Explorer tile or a tile that specifies a link, Internet Explorer on the desktop opens.
  • 1 – When a user selects the Internet Explorer tile or a tile that specifies a link, Internet Explorer opens. This is the default setting.

I have mixed feelings about this settings. I love the pure speed/reliability/HTML5/fullscreen/add-on free IE10 Metro experience, but also now how many crappy old web applications I have to deal with. Will the choice confuse end-users? Probably…

New Internet Explorer 9 Settings

The following table describes settings in the Microsoft-Windows-IE-InternetExplorer component that are new in Internet Explorer 9.

New Internet Explorer Setting

Description

Microsoft-Windows-IE-InternetExplorer/SearchScopes/Scope/ShowTopResult

Specifies whether a search provider can skip the results page and instead return the new site.

Microsoft-Windows-IE-InternetExplorer/SearchScopes/Scope/TopResultURL

Specifies the URL of the webpage that shows the TopResult search results.

For information about deploying Windows 7 together with Internet Explorer 9 settings, see Internet Explorer 9 Preinstallation Techniques.

 

Changed Windows Settings

The following table describes Windows 8 and Windows Server 8 settings that have changed from Windows 7 and Windows Server 2008 R2.

Changed Setting

Description of Setting

Description of Change

Microsoft-Windows-IE-InternetExplorer/EnableLinksBar

Specifies whether the Favorites bar appears in Internet Explorer.

The default value is changed from true to false.

Microsoft-Windows-IE-InternetExplorer/ShowCommandBar

Specifies whether the Command bar appears in Internet Explorer.

The default value is changed from true to false.

Microsoft-Windows-IE-InternetExplorer/ShowStatusBar

Specifies whether the Status bar appears in Internet Explorer.

The default value is changed from true to false.

 

Renamed or Deprecated Windows Settings

The following table recommends replacements for Windows 7 and Windows Server 2008 R2 settings that have been renamed or deprecated in Windows 8 and Windows Server 8.

Renamed or Deprecated Setting from Windows 7 or Windows Server 2008 R2

Status or Recommendation for Windows 8 or Windows Server 8

Microsoft-Windows-OutOfBoxExperience

These settings are deprecated. By default, the Initial Configurations Tasks application does not appear in Windows Server 8. Use Microsoft-Windows-ServerManager-SvrMgrNc instead.

Microsoft-Windows-Sidebar

These settings are deprecated. Gadgets are not available in Windows 8.

Microsoft-Windows-Security-SPP-UX-SPPCC\ReferralId

This setting is deprecated. For information about the Windows Anytime Upgrade program, see Windows Anytime Upgrade.

Microsoft-Windows- Shell-Setup\ShowWindowsLive

This setting is deprecated. In Windows® 8, the Get Windows® Live Essentials item does not appear in the Start menu.

Microsoft-Windows-TabletPC-Platform-Input-Core: TouchUI and TouchUISize

These settings are deprecated. In Windows 8, the touch pointer is not available.

Removed Windows Settings

The following table recommends replacements for Windows 7 and Windows Server 2008 R2 settings that have been removed from Windows 8 and Windows Server 8.

Removed Setting from Windows 7 or Windows Server 2008 R2

Windows 8 or Windows Server 8 Recommendation

Microsoft-Windows-IE-InternetExplorer\IEWelcomeMsg

To skip the First Run wizard and the welcome page when Internet Explorer opens for the first time, use the DisableFirstRunWizard and DisableWelcomePage settings.

Microsoft-Windows-Security-Licensing-SLC\SkipRearm

Replace with Microsoft-Windows-Security-SPP\SkipRearm.

Microsoft-Windows-Security-Licensing-SLCC\PartnerId

For information about the Windows Anytime Upgrade program, see Windows Anytime Upgrade.

Microsoft-Windows-Security-Licensing-SLCC\ReferralId

For information about the Windows Anytime Upgrade program, see Windows Anytime Upgrade.

Microsoft-Windows-Security-Licensing-SLCC\WAUSetupLocation

For information about how to upgrade to a higher edition of Windows 8 and Windows Server 8, see the “Change the Windows Image to a Higher Edition” topic in the Windows® Assessment and Deployment Kit (Windows ADK) Technical Reference.

Microsoft-Windows-Security-Licensing-SLC-UX\SkipAutoActivation

Use Microsoft-Windows-Security-SPP-UX\SkipAutoActivation.

Microsoft-Windows-Shell-Setup\StartPanelOff

The classic Windows XP Start panel is not available in Windows 8.

About chentiangemalc

specializes in end-user computing technologies. disclaimer 1) use at your own risk. test any solution in your environment. if you do not understand the impact/consequences of what you're doing please stop, and ask advice from somebody who does. 2) views are my own at the time of posting and do not necessarily represent my current view or the view of my employer and family members/relatives. 3) over the years Microsoft/Citrix/VMWare have given me a few free shirts, pens, paper notebooks/etc. despite these gifts i will try to remain unbiased.
This entry was posted in Windows 8 and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s