Image Building Checklist

With the recent release of Windows 10 Anniversary addition, I was tasked with creating a new desktop image to deployed on any newly-purchased computers. While this is a fairly straightforward task, I know that I always forget to include something in the image. It's generally something trivial, but it's annoying. It requires that you I back and make the change in the VM, re-capture the image, and then deploy again. Ultimately, I'm lazy, meaning those steps never actually happen and I just make do until it comes time to build another new image.

With this latest image, I wanted to make absolutely certain that I wouldn't forget even the smallest of details. Searching through Google for a "Image Building Checklist" came up empty, so I decided to create my own. Granted, everyone's environment is different, but for a SMB (like I work for), this list should be somewhat comprehensive.

  • Manage Optional Features (uninstall handwriting, etc)
    * Settings > System > Apps & Features > Manage Optional Features
  • Disable Windows Store
    * Gpedit.msc * Computer Config > Windows Settings > Security Settings > Software Restriction Policies * Right-click and select "New" * Additional Rules > Right-click "New Path Rule" * %programfiles%\WindowsApps\Microsoft.WindowsStore*
  • Set time & timezone
  • Modify Start Menu
    * powershell * Export-StartLayout -Path 'C:\users\All Users\Desktop\customlayout.xml' -verbose * Import-StartLayout -LayoutPath 'C:\users\All Users\Desktop\customlayout.xml'-MountPath c:\ -verbose * del 'C:\users\All Users\Desktop\customlayout.xml' -verbose
  • Turn on system restore
  • Open file explorer to 'This PC'
  • Install .NET Framework 3.5
    * Mount Windows 10 Disc * Dism /online /enable-feature /featurename:NetFx3 /All /Source:D:\sources\sxs /LimitAccess
  • Enable Remote Desktop
  • Be sure to move the new computers to correct OU.
  • Remove SkyDrive (OneDrive) from Office (if installed).
  • Run Windows 10 Decrapify script
  • Install Software
    * Java * Anti-Virus/Anti-Malware (I like Sophos and Malware Bytes) * Chrome * 7-Zip * CutePDF * Adobe Photoshop, Lightroom, etc. * Microsoft Office * VMWare Fusion * etc.
  • Have all members of the IT department log in (to create profiles -- saving time on profile generation)
  • Create default users desktop (Add 'This PC' icon, Internet Explorer, other custom adjustments)
  • Remove Microsoft Edge from Taskbar
  • Set default file associations
    * Export before Sysprep
      * dism /online /Export-DefaultAppAssociations:C:\associations.xml
    * Import after Sysprep
      * dism /online /Import-DefaultAppAssociations:C:\assocations.xml
  • Add/Remove features (remove Media Player, enable SMTP, etc.)
  • Disable Local Administrator account (Disabled by default, but double-check anyway)
  • Set up proper User & Admin Groups (GPOs may already do this)