Powershell script to prep a new WIM image

Given a new WIM fresh from the Windows 10 ISO, prep the image by mounting it, mounting the registry, applying updates, and removing undesired provisioned apps such as solitaire and candy crush.

Expects a collection of .REG file, which are editd in-transit to make sure they apply to the correct hive/key.
**Note it currently has a few bugs.

# Purpose: prepare a fresh WIM file for deployment
# Author: Roger C
$Version = ""
# Logic: Mount the WIM
#        Remove any unwanted Provisioned Packages
#        Mount the registry files from the WIM
#        Apply the desired REG files to the WIM
#        unmount the WIM to save the changes

$RegFilesSource = “\\of-fs-02.expn.corp\sccmsource$\Desktop\Platform Delivery\WindowsImages\Windows 10_1607_base image_with_updates\Windows 10 wim\windows 10 modifications\Registry tweaks (Original)”
$SourceWim = "c:\dev\ISO\Sources\install.wim"
$WimDir = "c:\dev\WIM"
$RegDir = "c:\dev\Reg"

#---[ choose the index for the WIndows version we want to install ]----------------------
$DesiredIndex = 3 # Windows 10 Enterprise

#---[ mount the virgin WIM from the ISO ]------------------------------------------------
if (Dism /Get-MountedImageInfo | select-string -quiet -SimpleMatch $SourceWim) { # check if it's already mounted
    write-host "$SourceWim is already mounted"
} else { 
    write-host "Mount $SourceWim" -ForegroundColor Green 
    dism /mount-wim /wimfile:$SourceWim  /index:$DesiredIndex /mountdir:$WimDir /Optimize

    # the Wim folder will have permissions issues, so let's take ownership and assign permissions
    write-host "Take ownership of the WIM folder" -ForegroundColor Green
    TAKEOWN /D Y /R /F $WimDir | out-null
    write-host "Assign Everyone:Full to the WIM folders" -ForegroundColor Green
    ICACLS $WimDir /grant:r "Everyone:(OI)(CI)F" /t | out-null

#---[ set array of provisioned packages that will be removed ]---------------------------
# This list was obtained with the command: Get-AppxProvisionedPackage -Path $WimDir 
$RemoveThese = @(
#---[ Go through each array element, and remove the provisioned app ]-------------------
try {
    #Write-Host "-- Expect a delay while the data is read from the WIM" -ForegroundColor yellow
    Write-Host "Remove the following Built-in apps :" -ForegroundColor Green 
    $apps = Get-AppxProvisionedPackage -Path $WimDir | `
    ForEach-Object {
        if ($RemoveThese.contains($_.DisplayName)) {
            Write-Host "Delete:" $_.DisplayName -ForegroundColor Green
            Remove-AppxProvisionedPackage  -Path $WimDir -PackageName $_.PackageName

catch [Exception] {
    Write-Host "Removing Built-in apps failed..." -ForegroundColor Red;
    Write-Host "Error:" $_.Exception.Message -ForegroundColor Red; break

#---[ load the software and Default user hives ]-----------------------------------------
Write-Host "Load Software hive" -ForegroundColor Green;
reg load HKLM\WIM_SOFTWARE $WimDir\windows\system32\config\software
Write-Host "Load Default User hive" -ForegroundColor Green;
reg load HKU\WIM_DEFUSER $WimDir\windows\system32\config\default

# ---[ REGISTRY TWEAKS ]-----------------------------------------------------------------
# for each REG file found, copy the file into the destination folder while replacing as needed to point to the correct hive

if(!(Test-Path -Path $RegFilesSource )){
    Write-Host "Catastrophic failure" -ForegroundColor Red;
    Write-Host "Cannot find folder containing registry entries: $RegFilesSource" -ForegroundColor Red;

Write-Host "Copy REG files to working folder" -ForegroundColor Green;
Get-ChildItem $RegFilesSource -Filter *.reg | 
Foreach-Object {
    try {
        Write-Host "Import:" $_.Name -ForegroundColor Green
        # copy the REG file from the original location, and put into the REG folder, while also performing required edits
        ( `
            (Get-Content $_.FullName).replace( ` # read the content, and perform replace on the pipeline
            )).replace( `                        # perform another replace on the pipeline
            )  |                                 # pipe the results to the output folder\file
        Set-Content "$RegFileDestination\$_"
        regedit /S ("$RegFileDestination\" + $_.Name) # import the file into the mounted registry
    catch [Exception] {
        Write-Host "Importing registry file failed..." -ForegroundColor Red;
        Write-Host "Error:" $_.Exception.Message -ForegroundColor Red; break

#reg load HKLM\WIM_SOFTWARE $WimDir\windows\system32\config\software
Write-Host "Unload Software hive" -ForegroundColor Green;

#reg load HKU\WIM_DEFUSER $WimDir\windows\system32\config\default
Write-Host "Unload Default User hive" -ForegroundColor Green;

#---[ Dismount the WIM ]-----------------------------------------------------------------
write-host "Take ownership of the WIM folder" -ForegroundColor Green
TAKEOWN /D Y /R /F $WimDir | out-null
write-host "Assign Everyone:Full to the WIM folders" -ForegroundColor Green
ICACLS $WimDir /grant:r "Everyone:(OI)(CI)F" /t | out-null

Dism /Unmount-Wim /MountDir:$WimDir /Commit

dism /cleanup-wim
Dism /Unmount-Wim /MountDir:$WimDir /Discard

Dism /Get-MountedImageInfo

#===[Comments notes and tips]============================================================
# use this to speed up the mount -> /Optimize
#dism /mount-wim /wimfile:$SourceWim  /index:$DesiredIndex /mountdir:$WimDir /Optimize

#Dismount, Committing changes
#Dism /Unmount-Wim /MountDir:$WimDir /Commit

#Dismount, discarding changes
#Dism /Unmount-Wim /MountDir:$WimDir /Discard

#dism /cleanup-wim

# Read information about the WIM
#Dism /Get-ImageInfo /ImageFile:$SourceWim
#Dism /Get-ImageInfo /ImageFile:$SourceWim /index:3

#dism /mount-wim /wimfile:$SourceWim  /index:$DesiredIndex /mountdir:$WimDir
#dism /unmount-wim /mountdir:$WimDir /discard

# get list of provisioned apps from the WIM file
#$apps = Get-AppxProvisionedPackage  -Path $WimDir

# note the reg files are modified to write to the mounted hives instead of the local hives
# Dism /Get-MountedImageInfo

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s