---
name: autounattend
description: >
  Generate, edit, and validate Windows autounattend.xml (answer file) for automated/unattended
  Windows installations on VMs and physical machines. Use this skill whenever the user mentions
  autounattend, unattend.xml, Windows unattended install, Windows automated setup, Windows
  answer file, unattended Windows VM provisioning, Packer Windows, Windows Setup automation,
  or asks how to install Windows without clicking through the installer. Also use when the user
  wants to configure Windows partitioning, bypass TPM/Secure Boot requirements, create local
  user accounts during setup, configure locale/language during install, remove bloatware,
  enable RDP, or configure Windows for VM guest tools — even if they haven't mentioned
  "autounattend" by name.
---

# Windows autounattend.xml Skill

You are an expert at creating and editing Windows answer files (autounattend.xml / unattend.xml).
You generate valid XML directly — no need to use the web UI at schneegans.de, though you may
reference its patterns for inspiration.

## Quick orientation

An answer file automates the Windows installer. It has:
- A fixed root: `<unattend xmlns="urn:schemas-microsoft-com:unattend">`
- Multiple `<settings pass="...">` blocks, each for a different installation phase
- `<component>` elements inside each pass that configure specific subsystems

**Critical rules:**
- File must be UTF-8 WITHOUT BOM, with `<?xml version="1.0" encoding="utf-8"?>` declaration
- Named `autounattend.xml` when placed on USB/ISO root (handles windowsPE + offlineServicing)
- Named `unattend.xml` when passed via `/unattend:` parameter or cached at `C:\Windows\Panther\`
- Settings in the wrong pass are **silently ignored** — pass placement matters

## The 7 configuration passes (in order)

| Pass | When | Typical use |
|------|------|-------------|
| `windowsPE` | During setup boot (WinPE) | Disk partitioning, image selection, locale for PE |
| `offlineServicing` | After image copied, before reboot | Inject drivers/packages into offline image |
| `specialize` | First boot of the new OS | Hostname, network, domain join, hardware-specific settings |
| `generalize` | Only when sysprep /generalize runs | Remove machine-specific info (SID, etc.) |
| `auditSystem` | Audit mode (system context) | Driver installs in system context |
| `auditUser` | Audit mode (user context) | Shell/user configuration in audit mode |
| `oobeSystem` | Before Windows Welcome screen | User accounts, autologon, OOBE customization, run-once scripts |

For a typical USB/VM install, you only need: `windowsPE`, `specialize`, `oobeSystem`.

## Minimal valid template

See `assets/base-template.xml` for a copy-paste starting point. It covers:
- GPT/UEFI disk layout (EFI + MSR + Windows + Recovery)
- English locale
- One local admin account
- Autologon for first boot
- No OOBE/telemetry prompts

## How to approach a user request

1. **Ask clarifying questions** if the scenario is ambiguous:
   - Physical machine or VM? (affects disk assumptions, WinRE, compact OS)
   - Which VM platform? (VirtualBox, VMware, QEMU/KVM, Hyper-V, Parallels)
   - UEFI/GPT or BIOS/MBR? (UEFI is the modern default)
   - Windows version? (Win 10 vs Win 11 — TPM bypass, Start menu differ)
   - Language/locale?
   - User accounts needed?
   - Any special tweaks (RDP, disable Defender, remove bloatware)?

2. **Generate the full XML** — don't generate partial snippets unless asked. A complete file
   is more useful than fragments the user has to assemble.

3. **Explain key decisions** briefly — especially non-obvious ones like partition sizes,
   pass placement, or security tradeoffs.

4. **Validate your output mentally** before presenting it:
   - Are all `<component>` elements in the correct pass?
   - Is the namespace correct on the root element?
   - Are disk indices zero-based? (first disk = `0`, first partition = `1`)
   - Are architecture/language attributes correct on each component?

## Component reference

See `references/components.md` for the full component name reference organized by pass.
See `references/common-configs.md` for ready-made XML snippets for common scenarios.
See `references/vm-configs.md` for VM-platform-specific guidance (VirtualBox, VMware, QEMU, Hyper-V).

## Lookup tables (authoritative IDs from cschneegans/unattend-generator)

Always use these when setting locale, keyboard, timezone, or removing bloatware — do not guess IDs.

See `references/lookup-languages.md` for Windows image language codes (`<UILanguage>`).
See `references/lookup-keyboards.md` for keyboard layout identifiers (`<InputLocale>`).
See `references/lookup-timezones.md` for Windows timezone IDs (`<TimeZone>`) — these differ from IANA names.
See `references/lookup-geo.md` for geographic location IDs (`Set-WinHomeLocation -GeoId`).
See `references/lookup-bloatware.md` for removable app identifiers and removal patterns.
See `references/lookup-editions.md` for Windows edition names and their generic product keys.
See `references/script-examples.md` for ready-to-use PowerShell, batch, and registry scripts for common setup tasks.

## Key component names (most-used)

```
windowsPE pass:
  amd64_Microsoft-Windows-International-Core-WinPE_neutral
  amd64_Microsoft-Windows-Setup_neutral

specialize pass:
  amd64_Microsoft-Windows-Shell-Setup_neutral         ← computer name
  amd64_Microsoft-Windows-International-Core_neutral  ← locale/timezone
  amd64_Microsoft-Windows-TCPIP_neutral               ← networking
  amd64_Microsoft-Windows-TerminalServices-LocalSessionManager_neutral  ← RDP

oobeSystem pass:
  amd64_Microsoft-Windows-Shell-Setup_neutral         ← user accounts, autologon, OOBE
  amd64_Microsoft-Windows-International-Core_neutral  ← OOBE locale
```

## Architecture strings

Always match architecture across all components in a file:
- `amd64` — 64-bit Intel/AMD (most common)
- `x86` — 32-bit Intel/AMD
- `arm64` — ARM 64-bit
- `arm` — ARM 32-bit

Language attribute is almost always `neutral` for modern Windows.

## Windows 11 TPM/Secure Boot bypass

Add to the `windowsPE` pass `Microsoft-Windows-Setup` component:
```xml
<RunSynchronousCommand wcm:action="add">
  <Order>1</Order>
  <Path>reg add "HKLM\SYSTEM\Setup\LabConfig" /v BypassTPMCheck /t REG_DWORD /d 1 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
  <Order>2</Order>
  <Path>reg add "HKLM\SYSTEM\Setup\LabConfig" /v BypassSecureBootCheck /t REG_DWORD /d 1 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
  <Order>3</Order>
  <Path>reg add "HKLM\SYSTEM\Setup\LabConfig" /v BypassRAMCheck /t REG_DWORD /d 1 /f</Path>
</RunSynchronousCommand>
```

## Standard GPT/UEFI disk layout (most common)

```xml
<DiskConfiguration>
  <Disk wcm:action="add">
    <DiskID>0</DiskID>
    <WillWipeDisk>true</WillWipeDisk>
    <CreatePartitions>
      <!-- EFI System Partition -->
      <CreatePartition wcm:action="add">
        <Order>1</Order>
        <Type>EFI</Type>
        <Size>100</Size>
      </CreatePartition>
      <!-- Microsoft Reserved -->
      <CreatePartition wcm:action="add">
        <Order>2</Order>
        <Type>MSR</Type>
        <Size>16</Size>
      </CreatePartition>
      <!-- Windows -->
      <CreatePartition wcm:action="add">
        <Order>3</Order>
        <Type>Primary</Type>
        <Extend>true</Extend>
      </CreatePartition>
    </CreatePartitions>
    <ModifyPartitions>
      <ModifyPartition wcm:action="add">
        <Order>1</Order>
        <PartitionID>1</PartitionID>
        <Format>FAT32</Format>
        <Label>System</Label>
      </ModifyPartition>
      <ModifyPartition wcm:action="add">
        <Order>2</Order>
        <PartitionID>2</PartitionID>
      </ModifyPartition>
      <ModifyPartition wcm:action="add">
        <Order>3</Order>
        <PartitionID>3</PartitionID>
        <Format>NTFS</Format>
        <Label>Windows</Label>
        <Letter>C</Letter>
      </ModifyPartition>
    </ModifyPartitions>
  </Disk>
</DiskConfiguration>
<ImageInstall>
  <OSImage>
    <InstallTo>
      <DiskID>0</DiskID>
      <PartitionID>3</PartitionID>
    </InstallTo>
    <WillShowUI>OnError</WillShowUI>
  </OSImage>
</ImageInstall>
```

For a 4-partition layout WITH Windows Recovery Environment (WinRE), see `references/components.md`.

## User account patterns

Passwords in answer files should use `PlainText>true</PlainText>` for simplicity or
Base64-encode them. For production deployments, use a setup script to set passwords post-install
and delete the answer file from `C:\Windows\Panther\`.

## Security note

Answer files cached at `C:\Windows\Panther\unattend.xml` may contain passwords/keys.
Always add a `FirstLogonCommands` entry to delete it for non-test deployments:
```xml
<FirstLogonCommands>
  <SynchronousCommand wcm:action="add">
    <Order>99</Order>
    <CommandLine>cmd /c del /f /q "C:\Windows\Panther\unattend.xml"</CommandLine>
    <Description>Remove cached answer file</Description>
  </SynchronousCommand>
</FirstLogonCommands>
```