Remove From My Forums

Build 1903 not honouring "disable privacy settings"

Question
1

Sign in to vote
I have just started automating the release of build 1903 and I have noticed that no matter what options I set, or how I go about setting them, Windows 10 1903 and an AutoUnattend.XML file will always present the OOBE option to change / set your "...privacy settings for your device".

I have tried

using 7/Microsoft-Windows-Shell-Setup/OOBE/ProtectYourPC values (1, 2 and 3) - no obvious difference.
using 4/Microsoft-Windows-Deployment/RunSynchronous/Command/ to add the HKLM\Software\Policies\Microsoft\Windows\OOBE\DisablePrivacyExperience reg key and set it to 1

regardless it still pops up at first boot only. When the build is almost finished and the screen opens, I have SHIFT-F10 to get a command prompt, run REGEDIT and checked the relevant locations, all set correctly.

It's almost like there is a setting needed for the machine. If I accept the defaults, logon as any local or domain user I am not asked for privacy settings again, and the profile is created etc. Just that one time at initial boot after build.

What am I missing?

Anyone else having similar issues.

Thanks

Al.
Saturday, June 22, 2019 7:56 AM

Reply

|

Quote

All replies

1

Sign in to vote

Hi,

What's the version of Windows 10 1903? (Professional, Enterprise or others?)

Make sure you have configured the following parts.

Bests,
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Monday, June 24, 2019 2:33 AM

Reply

|

Quote

Moderator
0

Sign in to vote

Hi there. Thanks for responding. The edition is Enterprise, but have also tried it with Professional with the same outcome.

I have double checked and all the OOBE entries have been set as per your screen shot, even though SIM complains that SkipMachineOOBE and SkipUserOOBE are deprecated.

Monday, June 24, 2019 3:22 AM

Reply

|

Quote
0

Sign in to vote

Hi,

Just found the following description about the deprecated option "Skip machine OOBE"

Link: SkipMachineOOBE

So I think we could configure values for each page of Windows Welcome instead of use SkipMachineOOBE option.

Bests,
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Tuesday, June 25, 2019 1:53 AM

Reply

|

Quote

Moderator
0

Sign in to vote

Hi. I have seen this and have completed what I think are all the steps I can find to configure the values for Windows Welcome. To this end, I have configured a locale, keyboard, license, user accounts, protection, time and date, admin password, computer name and domain join. There is nothing else I can see that allows me to determine the values for the privacy page.

I was thinking that it may be because I have not specified a value for each of the requested items in my autounattend.xml file, but cannot find where those values would be specified. There is nothing obvious in the components extracted from my windows image (which is the same image as being used for the build - just in case you were wondering). It is almost as if there is a screen missing from the list of items you can hide under OOBE/Settings (e.g. HidePrivacySettings = TRUE)

Appreciate you helping me though - thanks so much

Al

Tuesday, June 25, 2019 2:07 AM

Reply

|

Quote
0

Sign in to vote

Hi,

Please upload your unattended.xml file to One Drive and paste the link here. We will check if any related information or error could be found in this file.

Bests,
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Wednesday, June 26, 2019 9:19 AM

Reply

|

Quote

Moderator
0

Sign in to vote
I cannot use onedrive as I do not allow anonymous access to sharepoint in my org. However, see embedded xml file below (redacted).

-------------------------
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SetupUILanguage>
<UILanguage>en-NZ</UILanguage>
</SetupUILanguage>
<InputLocale>1409:00000809</InputLocale>
<SystemLocale>en-NZ</SystemLocale>
<UserLocale>en-NZ</UserLocale>
<UILanguage>en-US</UILanguage>
<UILanguageFallback></UILanguageFallback>
</component>
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DiskConfiguration>
<Disk wcm:action="add">
<CreatePartitions>
<CreatePartition wcm:action="add">
<Order>3</Order>
<Size>16</Size>
<Type>MSR</Type>
</CreatePartition>
<CreatePartition wcm:action="add">
<Order>1</Order>
<Size>500</Size>
<Type>Primary</Type>
</CreatePartition>
<CreatePartition wcm:action="add">
<Order>2</Order>
<Size>100</Size>
<Type>EFI</Type>
</CreatePartition>
<CreatePartition wcm:action="add">
<Order>4</Order>
<Extend>true</Extend>
<Type>Primary</Type>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition wcm:action="add">
<Format>NTFS</Format>
<Label>WinRE</Label>
<Order>1</Order>
<PartitionID>1</PartitionID>
<TypeID>DE94BBA4-06D1-4D40-A16A-BFD50179D6AC</TypeID>
</ModifyPartition>
<ModifyPartition wcm:action="add">
<Label>System</Label>
<Format>FAT32</Format>
<Order>2</Order>
<PartitionID>2</PartitionID>
</ModifyPartition>
<ModifyPartition wcm:action="add">
<Format>NTFS</Format>
<Label>O/S & System</Label>
<Letter>C</Letter>
<Order>4</Order>
<PartitionID>4</PartitionID>
</ModifyPartition>
<ModifyPartition wcm:action="add">
<Order>3</Order>
<PartitionID>3</PartitionID>
</ModifyPartition>
</ModifyPartitions>
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
</Disk>
<WillShowUI>OnError</WillShowUI>
</DiskConfiguration>
<ImageInstall>
<OSImage>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>4</PartitionID>
</InstallTo>
</OSImage>
</ImageInstall>
<UserData>
<ProductKey>
<WillShowUI>OnError</WillShowUI>
<Key>REDACTED</Key>
</ProductKey>
<AcceptEula>true</AcceptEula>
<FullName>Automation System</FullName>
<Organization>S.I.S</Organization>
</UserData>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Themes>
<SystemUsesLightTheme>true</SystemUsesLightTheme>
<WindowColor>Automatic</WindowColor>
</Themes>
<ComputerName>ClonePC</ComputerName>
<CopyProfile>true</CopyProfile>
<RegisteredOrganization>S.I.S</RegisteredOrganization>
<RegisteredOwner>S.I.S</RegisteredOwner>
<ShowPowerButtonOnStartScreen>true</ShowPowerButtonOnStartScreen>
<TimeZone>New Zealand Standard Time</TimeZone>
<SignInMode>1</SignInMode>
</component>
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Identification>
<Credentials>
<Domain>secinfo.nz</Domain>
<Password>REDACTED</Password>
<Username>REDACTED</Username>
</Credentials>
<JoinDomain>secinfo.nz</JoinDomain>
<MachineObjectOU>OU=AutoBuild,DC=secinfo,DC=nz</MachineObjectOU>
<TimeoutPeriodInMinutes>5</TimeoutPeriodInMinutes>
</Identification>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Path>reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE /v DisableVoice /d 1 /t REG_DWORD /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Description>Turn off consumer crap</Description>
<Order>2</Order>
<Path>reg add HKLM\Software\Policies\Microsoft\Windows\CloudContent /v DisableWindowsConsumerFeatures /t REG_DWORD /d 1 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Description>turn off store</Description>
<Order>3</Order>
<Path>reg add HKLM\SOFTWARE\Policies\Microsoft\WindowsStore /v AutoDownload /t REG_DWORD /d 2 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Description>privacy off</Description>
<Order>4</Order>
<Path>reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\OOBE /v DisablePrivacyExperience /t REG_DWORD /d 1 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>5</Order>
<Path>net user administrator /active:yes</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>6</Order>
<Description>Powershell clearup</Description>
<Path>powershell Get-AppxPackage *office* |Remove-AppxPackage -allusers</Path>
</RunSynchronousCommand>
</RunSynchronous>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>1409:00000809</InputLocale>
<SystemLocale>en-NZ</SystemLocale>
<UILanguage>en-US</UILanguage>
<UserLocale>en-NZ</UserLocale>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideLocalAccountScreen>true</HideLocalAccountScreen>
<HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<ProtectYourPC>2</ProtectYourPC>
<UnattendEnableRetailDemo>false</UnattendEnableRetailDemo>
</OOBE>
<WindowsFeatures>
<ShowMediaCenter>false</ShowMediaCenter>
<ShowWindowsMediaPlayer>false</ShowWindowsMediaPlayer>
<ShowInternetExplorer>true</ShowInternetExplorer>
</WindowsFeatures>
<UserAccounts>
<AdministratorPassword>
<Value>REDACTED</Value>
<PlainText>false</PlainText>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>REDACTED</Value>
<PlainText>false</PlainText>
</Password>
<DisplayName>Administrator</DisplayName>
<Group>Administrators</Group>
<Name>Administrator</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
</component>
</settings>
<cpi:offlineImage cpi:source="wim:c:/iso_files/win10_1903/sources/install.wim#Windows 10 Enterprise" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>
- Edited by --Al-- Thursday, July 11, 2019 12:44 AM
Monday, July 1, 2019 4:40 AM

Reply

|

Quote
0

Sign in to vote
Same issue here. Can't Skip Protectyourpc screens in 1903 and I need it for a big deployment.

Please Help us microsoft.
- Edited by Alacabe Friday, July 5, 2019 10:57 AM
Friday, July 5, 2019 10:56 AM

Reply

|

Quote
0

Sign in to vote

Please could some help us? Thanks

Monday, July 8, 2019 8:21 AM

Reply

|

Quote
0

Sign in to vote

Finally I could fix it adding a scheduled task that changes the registry entrie and reboots the computer.

After that the computer boots normally and the deployment continues with any issues.

Cheers

Wednesday, July 10, 2019 1:15 PM

Reply

|

Quote
0

Sign in to vote

When you say a scheduled task - do you mean a task in the build process (like an asynchronous task in the specialize section above? Or have you a script running on the machine post initial build? I ask because my machine has all the registry settings set as part of the build process - not sure what you have managed to gain here that is different from me.

Are you able to let me know what registry setting you changed please?

Thanks

Thursday, July 11, 2019 12:43 AM

Reply

|

Quote
0

Sign in to vote

Put the following line as a Run Command Line task in MDT, before the Upgrade Windows Step:

schtasks /create /tn goodbyeOOBE /TR C:\MININT\SCRIPTS\goodbyeOOBE.bat /sc ONLOGON /f

This creates a scheduled task in the computer before the windows upgrade (I'm doing an upgrade from win 7 to win 10 1903).

I called my script "goodbyeOOBE.bat" and this is the content:

powershell.exe -command reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\DisablePrivacyExperience" /v "value" /t REG_DWORD /d 1 /f
schtasks /delete /tn goodbyeOOBE /f
shutdown -r -t 10

Copy the goodOOBE.bat into %SCRIPTROOT% in MDT, and edit the script "%SCRIPTROOT%\LTICopyScripts.wsf" adding the goodbyeOOBE.bat. (this script will copy the goodbyeOOBE to C:\Minint\scripts on the target computer and there is where the scheduled task is pointing.

The task will launch the script and the script changes the reg entry and reboot the computer deleting also the task. Goodbye OOBE!! :D

If you have more questions don't hesitate to write, I'll be pending. Good Luck

Thursday, July 11, 2019 12:47 PM

Reply

|

Quote