Rufus Windows 11 ISO - and added windows 11 tweaks to answer file

[LordX]

Hey all - I wanted to post this in case it helps anyone else.

I do a lot of fresh windows installs. Part of my value added service on new machines for customers. I have been using rufus for years, since it helps with some of the small steps like creating an account automatically etc - and of course the Windows 11 bypasses are great.

Recently, I decided to add some registry tweaks into the answer file to save me time on each install - and man I wish I had done this earlier!

I will post the code for the answer file below - but here are the tweaks that I put in:

1. disabled/deleted the requirement to change the password on first reboot that rufus sets.
2. restore windows classic right click menu
3. disable hibernate
4. orient start menu to the left
5. disable widgets
6-8. bypasses all the annoying MS Edge questions on the first load of edge. Now it just goes right in... to download chrome or firefox.. lol

Here is the code for the answer file:

<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<Order>1</Order>
<CommandLine>net accounts /maxpwage:unlimited</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>2</Order>
<Description>Restore Classic Context Menu</Description>
<CommandLine>reg.exe add "HKCU\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32" /f /ve</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>3</Order>
<Description>Disable Hibernate</Description>
<CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v HibernateEnabled /t REG_DWORD /d 0 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>4</Order>
<Description>Align Taskbar Left</Description>
<CommandLine>reg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v TaskbarAl /t REG_DWORD /d 0 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>5</Order>
<Description>Disable Widgets</Description>
<CommandLine>reg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v TaskbarDa /t REG_DWORD /d 0 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>6</Order>
<Description>Disable Edge FRE</Description>
<CommandLine>reg.exe add "HKCU\Software\Policies\Microsoft\Edge" /v HideFirstRunExperience /t REG_DWORD /d 1 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>7</Order>
<Description>Disable Edge Import Prompt</Description>
<CommandLine>reg.exe add "HKCU\Software\Policies\Microsoft\Edge" /v ImportOnEachLaunch /t REG_DWORD /d 0 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>8</Order>
<Description>Disable Edge Personalization Prompt</Description>
<CommandLine>reg.exe add "HKCU\Software\Policies\Microsoft\Edge" /v PersonalizationReportingEnabled /t REG_DWORD /d 0 /f</CommandLine>
</SynchronousCommand>
</FirstLogonCommands>

 

[fincoder]

Great info, thanks for posting your answer file code. Besides disabling Widgets, I turn off all options in Settings > System > Notifications > Additional Settings. Any idea how those can be turned off with an answer file?

But items 2 & 4, those things are personal preference and are going too far. In my opinion the basic OS operation should be left stock unless a customer asks. I believe mostly-benign Windows 11 changes (compared with Windows 10 operation) shouldn't be altered, because being exposed to such evolution of the OS might be beneficial when Windows 12 or higher comes along or when they jump on someone else's computer. Will your customers appreciate not having experienced a centred start menu when they come across it later on? I don't think so. And the new right-click menu is here to stay, third-party extensions can and do implement extensions for the new menu. I switched to NanaZip because it appears in the new right-click menu. Third-party developers need to get their act together, no reason why they couldn't have supported the new menu on day 1 (tested on pre-release Windows 11).

 

[LordX]

Great info, thanks for posting your answer file code. Besides disabling Widgets, I turn off all options in Settings > System > Notifications > Additional Settings. Any idea how those can be turned off with an answer file?

But items 2 & 4, those things are personal preference and are going too far. In my opinion the basic OS operation should be left stock unless a customer asks. I believe mostly-benign Windows 11 changes (compared with Windows 10 operation) shouldn't be altered, because being exposed to such evolution of the OS might be beneficial when Windows 12 or higher comes along or when they jump on someone else's computer. Will your customers appreciate not having experienced a centred start menu when they come across it later on? I don't think so. And the new right-click menu is here to stay, third-party extensions can and do implement extensions for the new menu. I switched to NanaZip because it appears in the new right-click menu. Third-party developers need to get their act together, no reason why they couldn't have supported the new menu on day 1 (tested on pre-release Windows 11).

Most of my customers LOVE when I make their new systems like their old windows 10 systems. If they don't, it's an easy switch back. I also install Classic Start as well. Bringing the Windows 7 style start menu back. I have yet to have a single customer ask me to remove it.

 

[LordX]

Here are some further answer file tweaks:

If you find yourself deploying Windows 11 systems into an old Windows 10 environment with insecure or non passworded shares - here are the two commands that help 'open up' Windows 11 sharing again:

<SynchronousCommand wcm:action="add">
<Order>9</Order>
<Description>Disable SMB Client Security Signature</Description>
<CommandLine>powershell -Command "Set-SmbClientConfiguration -RequireSecuritySignature $false -Force"</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>10</Order>
<Description>Enable Insecure Guest Logons</Description>
<CommandLine>reg add "HKLM\Software\Policies\Microsoft\Windows\LanmanWorkstation" /v AllowInsecureGuestAuth /t REG_DWORD /d 1 /f</CommandLine>
</SynchronousCommand>

Obviously your customer should be made aware of what this means for them - but if there are two stationary desktops and they want to share files between them without a password - why not?

 

[britechguy]

Bringing the Windows 7 style start menu back. I have yet to have a single customer ask me to remove it.

I can't, and wouldn't, tell you what you should do, but I don't do this sort of thing for clients, ever. I am a firm believer in learning the latest UI of whatever OS you use, even if you do customize it somewhat to suit yourself. But anything that shells things to make them behave like a now dead OS is, in my estimation, something to be avoided.

I've seen what happens when users, and particularly unsophisticated users, use these shells/utilities and find themselves in front of a different Windows 11 computer, be it at a library, a coffee shop, etc., where they need (or really want) to use it, but are frozen like a deer in the headlights.

 

[LordX]

I can't, and wouldn't, tell you what you should do, but I don't do this sort of thing for clients, ever. I am a firm believer in learning the latest UI of whatever OS you use, even if you do customize it somewhat to suit yourself. But anything that shells things to make them behave like a now dead OS is, in my estimation, something to be avoided.

I've seen what happens when users, and particularly unsophisticated users, use these shells/utilities and find themselves in front of a different Windows 11 computer, be it at a library, a coffee shop, etc., where they need (or really want) to use it, but are frozen like a deer in the headlights.

Or maybe they tell their friend: Call my computer guy to make YOUR system as amazing as mine

 

[LordX]

Lastly: I am sure many of you have noticed that some of the newer Intel NVME systems do not have their drives show up with the default Windows 11 installer. I usually have the Intel RST 18, 19, and 20 drivers on the same stick as the installer to make this easier, but I thought - there must be a way to get this into the install itself. Had gemini write me a .bat file to integrate the Intel drivers I had directly into the Boot.wim file for my installer. Just another tweak to save time during installs!

Here is the batch file code - note the directories, and the assumed D: for your USB media - all of which can be changed to suit. Copied my Intel drivers into C:\drivers - and watched as they quickly merged into the boot.wim. Even tested it out on a newer system in the shop - worked like a charm!

NOTE: this also updates the recovery section of the Boot.wim - which could really pay dividends if you needed to access the drive using that.

@echo off
SET WIMPATH=D:\sources\boot.wim
SET MOUNTPATH=C:\Mount
SET DRIVERPATH=C:\Drivers

:: Loop through both Index 1 (Recovery) and Index 2 (Setup)
for /L %%i in (1,1,2) do (
echo -----------------------------------------------------------
echo Processing boot.wim - Index %%i
echo -----------------------------------------------------------

:: Mount the index
dism /Mount-Image /ImageFile:%WIMPATH% /Index:%%i /MountDir:%MOUNTPATH%

:: Inject drivers recursively
dism /Image:%MOUNTPATH% /Add-Driver /Driver:%DRIVERPATH% /Recurse

:: Save and Unmount
dism /Unmount-Image /MountDir:%MOUNTPATH% /Commit
)

echo -----------------------------------------------------------
echo DONE! Both Recovery and Setup environments are updated.
pause

 

[LordX]

Any other tweaks that you guys have done to your install media? Something perhaps I could add to my ever growing list of customizations?

 

[timeshifter]

I usually have the Intel RST 18, 19, and 20 drivers on the same stick

Can you help me with where to get those drivers? I usually just grab a driver from Dell's site based on the model of the machine I'm working on. I presume there's only a handful of disk drivers that would work on all Dells and other brands.

 

[LordX]

I zipped the 4 different ones I use - here they are: https://drive.google.com/file/d/1ta9rlGJaWh1nrMUC_ok818mrTMvASv4Z/view?usp=sharing

Merging them into the Boot.wim saves some extra time too, and makes the recovery part of windows setup work with these systems.

Note: If you plan to use them manually, start with the oldest first, then work your way up. I once tried the 19 or 20 version, which showed the drive, but I wasn't able to re-partition - restarted and used the 18.x version, bam no issues.

I THINK the RST drivers are more 'generic' - e.g. not brand specific.

 

[Markverhyden]

How fortuitous. My business Windows laptop, W11Pro, just got into a repair boot that won't repair this past weekend. So I'll download this and roll it up to see how it goes. Thanks.

 

[GTP]

Most of my customers LOVE when I make their new systems like their old windows 10 systems. If they don't, it's an easy switch back. I also install Classic Start as well. Bringing the Windows 7 style start menu back. I have yet to have a single customer ask me to remove it.

My experience was the same.
I would change everything possible back to the "known, trusted and much loved" Windows 10/7 style for start menu, Taskbar, Windows Title Bars/Borders, RC menu's etc.

Never had a single complaint or request to "put it back to original." I did get a lot of "thank you's" though.

 

[LordX]

I am experimenting with some additional answer code. The above code for widgets doesn't work, got that solved but now having issues with the notifications - seems harder to turn off by default in 25H2. I also added some extra stuff to disable ADS in file explorer, and internet search in the 'search' bar. Will post final longer list once I see it works.

 

[LordX]

Ok, so in the end, the best I could do for Notifications was to have Do Not Disturb set to ON by default. Here is the complete answer file list now - with a variety of fixes. Each has its own description, so I will not be listing each one up here. I took care to not 'HARD' stop things, so its easy to go into settings and turn off DND for example. That being said, the Widgets ARE hard stopped - was the only way to stop them without them popping back as soon as internet was connected.

<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<Order>1</Order>
<CommandLine>net accounts /maxpwage:unlimited</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>2</Order>
<Description>Restore Classic Context Menu</Description>
<CommandLine>reg.exe add "HKCU\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32" /f /ve</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>3</Order>
<Description>Disable Hibernate</Description>
<CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v HibernateEnabled /t REG_DWORD /d 0 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>4</Order>
<Description>Align Taskbar Left</Description>
<CommandLine>reg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v TaskbarAl /t REG_DWORD /d 0 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>5</Order>
<Description>Hide Widgets Icon from Taskbar</Description>
<CommandLine>reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>6</Order>
<Description>Disable Edge FRE</Description>
<CommandLine>reg.exe add "HKCU\Software\Policies\Microsoft\Edge" /v HideFirstRunExperience /t REG_DWORD /d 1 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>7</Order>
<Description>Disable Edge Import Prompt</Description>
<CommandLine>reg.exe add "HKCU\Software\Policies\Microsoft\Edge" /v ImportOnEachLaunch /t REG_DWORD /d 0 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>8</Order>
<Description>Disable Edge Personalization Prompt</Description>
<CommandLine>reg.exe add "HKCU\Software\Policies\Microsoft\Edge" /v PersonalizationReportingEnabled /t REG_DWORD /d 0 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>9</Order>
<Description>Disable SMB Client Security Signature</Description>
<CommandLine>powershell -Command "Set-SmbClientConfiguration -RequireSecuritySignature $false -Force"</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>10</Order>
<Description>Enable Insecure Guest Logons</Description>
<CommandLine>reg add "HKLM\Software\Policies\Microsoft\Windows\LanmanWorkstation" /v AllowInsecureGuestAuth /t REG_DWORD /d 1 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>11</Order>
<Description>Enable Do Not Disturb (Global)</Description>
<CommandLine>reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings" /v "NOC_GLOBAL_SETTING_TOASTS_ENABLED" /t REG_DWORD /d 0 /f</CommandLine>
</SynchronousCommand>

<SynchronousCommand wcm:action="add">
<Order>12</Order>
<Description>Force Quiet Hours State</Description>
<CommandLine>reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings" /v "QuietHoursState" /t REG_DWORD /d 1 /f</CommandLine>
</SynchronousCommand>

<SynchronousCommand wcm:action="add">
<Order>13</Order>
<Description>Disable Tips and Suggestions</Description>
<CommandLine>reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338389Enabled" /t REG_DWORD /d 0 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>14</Order>
<Description>Remove Start Menu Recommendations</Description>
<CommandLine>reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Start_IrisRecommendations" /t REG_DWORD /d 0 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>15</Order>
<Description>Disable Start Menu Web Search</Description>
<CommandLine>reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "ConnectedSearchUseWeb" /t REG_DWORD /d 0 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>16</Order>
<Description>Disable File Explorer Ads</Description>
<CommandLine>reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSyncProviderNotifications" /t REG_DWORD /d 0 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>17</Order>
<Description>Disable Lock Screen Ads</Description>
<CommandLine>reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "RotatingLockScreenOverlayEnabled" /t REG_DWORD /d 0 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>18</Order> <Description>Disable Start Menu Web Search (User)</Description>
<CommandLine>reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Search" /v "BingSearchEnabled" /t REG_DWORD /d 0 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>19</Order>
<Description>Disable Tailored Experience</Description>
<CommandLine>reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Privacy" /v "TailoredExperiencesWithDiagnosticDataEnabled" /t REG_DWORD /d 0 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>20</Order>
<Description>Disable News and Interests Feed (Soft)</Description>
<CommandLine>reg add "HKLM\SOFTWARE\Policies\Microsoft\Dsh" /v "AllowNewsAndInterests" /t REG_DWORD /d 0 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>21</Order>
<Description>Set Widgets to Opt-Out State</Description>
<CommandLine>reg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\Widgets\Settings" /v "IsWidgetPickerOnboarded" /t REG_DWORD /d 1 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>22</Order>
<Description>Suppress Notification Banners</Description>
<CommandLine>reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\PushNotifications" /v "NoToastAdvertisement" /t REG_DWORD /d 1 /f</CommandLine>
</SynchronousCommand>
</FirstLogonCommands>

 

[LordX]

Since widgets become completely grayed out with the above answer files I had gemini create a .reg file to reverse the changes in case a customer demands them. I don't feel like this will get a lot of use, but it's good to have a quick fix on hand:

The "Restore Widgets" Registry File​

Copy the text below into Notepad and save the file with a .reg extension (e.g., Restore_Widgets.reg):

Code snippet

Windows Registry Editor Version 5.00<br><br>;
1. Remove the Machine Policy that grays out the toggle<br>[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Dsh]<br>"AllowNewsAndInterests"=-<br><br>;
2. Show the Widgets icon on the Taskbar again<br>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]<br>"TaskbarMn"=dword:00000001<br><br>;
3. Reset the Onboarding state so the user can set them up fresh<br>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Widgets\Settings]<br>"IsWidgetPickerOnboarded"=dword:00000000

 

[LordX]

How fortuitous. My business Windows laptop, W11Pro, just got into a repair boot that won't repair this past weekend. So I'll download this and roll it up to see how it goes. Thanks.

How did you make out?

 

[Markverhyden]

How did you make out?

Still WIP. Making money is a priority..........