Bart Simons

Bart Simons

Thoughts, stories and ideas.

Bart Simons



.net .net 5 .net core Apache C# CentOS LAMP NET Framework Pretty URLs Windows Server WireGuard access log add analysis android api at the same time authentication authorization automate automation azure azurerm backup bash basics batch bootstrap build capture cheat sheet chromium chroot class cli click to close code coverage code snippet command line commands compile compiling compression containers control controller controlling convert cpu usage create credentials csv csvparser curl data dd deployment desktop detect devices disable diskpart dism distributed diy docker dom changes dotnet core drivers ease of access encryption example export file transfer files fix folders framework generalize getting started ghost gui guide gunicorn gzip html html tables icewarp igd imagex import inotify install installation interactive ios iphone itunes java javascript jquery json kiosk kotlin linux live load data loading screen lock screen loopback audio lxc lxd lxml macos manage manually message messages minio mirrored mod_rewrite monitor monitoring mstest mutationobserver mysql net 5 nexmo nginx no oobe node node.js nodejs not installing notification notifications object storage on desktop one command openssl owncloud parallels parallels tools parse perfect philips hue play port forwarding powershell processing ps-spotify python quick raspberry pi record rip ripping rsync rtmp save save data sbapplication scraping script scripting scriptingbridge scripts security send server service sharedpreferences sms songs sonos spotify spotify api spotlight ssh stack streaming streamlink studio sudo swarm swift sync sysprep system audio systemd tables terminal testing tracking tutorial twilio ubiquiti ubuntu ubuntu 18.04 ui code unifi unlock unsplash source upnp uptime usb tethering wallpapers wasapi website websites webview windows windows 10 without itunes without oobe workaround xaml

Sysprep generalize Windows image without OOBE

One of the missing options of sysprep in my opinion is to just generalize an installation. Alternatives are to use third-party utilities to reset the computers' SID, but since it's not an official solution, I will show you how to do it the 'official way' by using an answer file. The only two options available in the sysprep utility are:

This guide doesn't require you to install any tools, all you need to do basically is create a file called deploy.xml and put the following content in it:

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="" xmlns:xsi="">

Next up is to perform a sysprep like this (run this in a cmd window or from a run box):

C:\Windows\System32\Sysprep\sysprep.exe /oobe /generalize /unattend:C:\path\to\deploy.xml

Please note that if you want to use this on a 32-bit image, you need to replace amd64 with x86 in the deploy.xml file.

Let me explain what this does and how it works. Basically, the deploy.xml file contains everything to override anything that has to do with OOBE. This will essentially render the oobe flag useless, so you pratically have just geleralized an image without having the somewhat annoying OOBE screens.

What is this solution good for?

It's a great alternative for manually resetting the SID of a computer without using any third party tools. I have checked it and this method actually resets the SID after running the sysprep. Great!

Why should I reset my SID with this method?

It's actually pretty fast. Way faster than other tools like sidchg by Stratesave Systems, as far as I have tested. Since no third party tools are involved, you can rely on Microsoft and the reliability of sysprep. Nice!

What OSes are supported/tested?

Any version of Windows 10 and Windows Server 2016, but older versions might work too. I've tested those two operating systems and it works perfectly on there.

How do I automate this in bulk deployments?

Just create a new REG_SZ (string) value in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce and give it any name you want. The value needs to be written down in this format:

"C:\Windows\System32\Sysprep\sysprep.exe" /oobe /generalize /unattend:C:\path\to\deploy.xml

This will execute once when the admin logs in for the first time on the machine. You can also use the /reboot flag to reboot the machine once the sysprep process is finished.

I hope that this article is useful for you, and if you have any questions: don't hesistate to ask them in the comment section. Thanks for your time and have a nice day!

Bart Simons

Bart Simons

View Comments