Windows manufacturing and deployment overview
This topic covers manufacturing and deployment and the process for how OEMs get customized versions of Windows onto their PCs. For step-by-step instructions on how to complete the image customization and deployment process, see the OEM deployment lab
Terms and tools
Below is a list of terms that are used in deployment and imaging.
Audit mode - An interactive desktop environment designed for making online customizations and validation. Audit mode allows you to login to a PC with the administrator account, without first going through the Out-of-box-experience (OOBE).
Customization - A modification to an image. Images come from Microsoft in a usable state, but PC manufacturers can customize an image and then deploy that image to multiple PCs.
DISM - The primary tool used to customize Windows images.
Image - An image is an archive file that contains a collection of files that comprise a Windows installation.
Image formats - Windows deployment tools support two different image types:
.WIM format - A file-based image format that can contain more than one image in a single file. A .wim image contains information about a single partition on a disk.
.FFU A sector-based image file that contains information about and entire disk. FFU images can only contain one image per image file.
Both of these image types can be servivced or customized. You can't directly make changes to image files, but you can mount them to a temporary location or apply them to a hard drive first. In the case of a mounted image, you can save your changes so that the image can be deployed again. In the case of an applied image, you can re-capture the changed image or boot and use the customized image.
Image servicing environments:
- Online - An image that's running on a booted PC.
- Offline image - An image that's been mounted to a technician PC, or applied to a PC from Windows PE but isn't booted.
Image types:
- Base image: An image that comes directly from Windows installation media, and has not been serviced or customized.
- Reference image: A reference image is a base image that includes customizations to suit your deployment scenario. A reference image can be deployed to several PCs as a starting point. Reference images save time in the deployment process by reducing or eliminating customizations you have to do after deploying an image.
Imaging: The part of the deployment process where an image is applied onto a PC. Imaging is done from Windows PE. After applying an image, you can make additional changes to the applied image to further customize the PC.
OOBE - Out-of-box experience, the experience that a user goes through the first time they boot their PC.
Provisioning package - A package that contains information about customizations, or payload that should be put on a PC. OEMs typically use Provisioning packages to configure Power Settings, COSA, and to capture changes that will be used in recovery scenarios. Provisioning packages are used most frequently in IT Pro PC configuration scenarios.
Recovery - Windows includes tools that users can use to reset their Windows installation in cases where their PC becomes unstable. OEMs can customize the recovery image that's contained within a Windows image to ensure that image customizations are retained through the reset process.
Servicing - Making changes to your Windows image, such as adding updates, languages, or Features on Demand.
Sysprep - System preparation tool. If you're making online customizations from Audit mode, you need to run the Sysprep tool to essentially make the Windows installation generic so you can deploy your image to PCs. Even if you're going to use your image only on PCs with hardware that's identical to the PC you built your image on, you need to run this tool. Sysprep only runs online, and is included in all Windows images.
Unattend - A configuration framework that's used to customize Windows at various phases of the deployment process. You can configure settings, run scripts, create users, and more. Windows System Image Manager is used to create the configuration file that's used during deployment.
Windows Assessment and Deployment Kit (ADK) - The ADK includes tools that that support the image cutomization and deployment process, including WinPE to boot your PC and work with your images, SIM to help you create unattend files, DISM, and more.
Windows PE - A small bootable Windows environment that you can boot from RAM to deploy your PC. The files you need to create a bootable Windows PE image are included in the Windows PE add-on for the ADK.
Hardware and collateral for the deployment process
This section covers the hardware and software that you'll need to create a reference image, then deploy the image to a PC.
Hardware
Technician PC - You'll need a Windows PC to start creating an image for your deployment.
- Can be a physical machine or a virtual machine (VM). If you're using a VM, make sure that you can copy files back and forth to either another PC or to removable media. This PC needs to have the ADK installed, and access to the collateral ISOs (either locally stored or from a network location).
- This PC will be used for creating an unattend file, offline customizations, and creating provisioning packages, and won't be wiped during customizations. So this PC doesn't have to be specifically for image creation.
- The Windows Assessment and Deployment Kit (ADK) should be installed on this PC. The ADK has tools to work with images, create unattended installation files, create provisioning packages, and more.
Reference PC This PC will be wiped during the image customization and deployment process, so make sure that this PC doesn't have any information that you need to keep. If there's anything on this PC that you need, make sure to backup any data as it will be erased.
- You'll use this PC to apply an image, make offline customizations, boot into Audit mode to make online customizations, and then boot into Windows PE to do a final capture of the image.
- Can be physical or VM. You'll need to be able to copy files back and forth from this PC when you're testing your deployment, so if you're using a VM make sure you understand how to do that.
- If you're using DISM to apply an image from Windows PE, you can use a reference PC that doesn't satisfy the Windows 11 hardware requirements, such as processor, TPM, etc, for image creation and customization, but final images should only be deployed to hardware that meets the Windows 11 minimum specifications.
Removable drive - You'll use this to boot to Windows PE, and can also use it to store collateral. If your removable drive is a USB drive to use with physical technician and reference PCs, Windows allows you to create a USB key that has multiple partitions so you can have a bootable FAT32 partition and also an NTFS partition that lets you store files larger than 4 Gb.
Collateral
Languages and Optional Features ISO - This ISO contains packages for installing Language Packs and Features on Demand. Fully localized languages, plus five partially-localized languages are available. This ISO doesn't contain any LXPs .appx packages, and only .cabs can be used for language preinstallation.
Inbox Apps ISO - AppX packages for reinstalling the apps that come with Windows. If you add a language to an image, you have to reinstall the apps that come with Windows to ensure they have the language resources they need to support the languages that you add.
Windows PE image - Create a base Windows PE image and bootable media using the ADK and Windows PE add-ons. The Windows ADK and Windows PE Add-ons include a basic Windows PE image. The basic image works for many scenarios, but can be customized to add drivers that are needed for a device to boot, BitLocker, PowerShell, or other tools that you choose to use in your deployment.
Manufacturing flow
Before you start manufacturing
Before you start building a PC, you need to have an image that you'll deploy to PCs as part of the deployment flow. The Base Windows image is called install.wim
and is available on Windows installation media in the Sources
folder. While you can use a base image to build a PC, most PC manufacturers and IT enterprises create reference images that include apps, languages, drivers, or other customizations to provide a better experience for their customers.
When you design your deployment, consider the environment you're deploying to so you can decide what's best for you. Consider how much flexibility you want for your deployment, how valuable the time it takes to deploy an image is, and how many different images you want to maintain.
Customize a deployment process
Because Windows images can be serviced or customized offline at several places during deployment, and also online during Audit mode, you can use these different customization times to create a deployment that best suits your needs. Here are a couple of examples of deployment scenarios:
Monolithic reference image (thick image): If you only have a single hardware configuration that will only ship to one country, and has applications that never need to be updated, it could be best for you to create a single monolithic image that includes all of your customizations. This type of imaging is useful for Build-to-stock scenarios and has the fastest deployment time, at the expense of flexibility. If you have multiple hardware configurations to support, you may need to maintain several different images, or frequently update the image to include the most recent apps, drivers, updates, etc.
Thin image If you have several different hardware configurations with different application and localization needs, it might make sense to start with a base Windows image that is customized as part of the deployment process. This style of deployment takes more time than using a monolithic image because customizations are done during the deployment process, but if you're starting with a base image you only have to maintain the collateral that is used during the imaging process and not the image itself.
Most deployments fall somewhere in between the two examples below, for example a customized base image that includes a set of customizations that apply to all PCs, with customizations to finalize the deployment added later. It's up to you to take advantage of the various cusomization opportunities to create a deployment that best suits your environment.
Plan how you'll customize your image
Once you have a plan for your image design, hardware, collateral, and an image to start with, you can design a deployment that leverages the various servicing environments and phases available in Windows.
Windows offers several points throughout the deployment process where you can make changes, such as:
- Adding languages and configuring localization settings
- Preinstalling Features on Demand
- Turning Windows Optional Features off or on
- Installing apps
- Adding cumulative updates and servicing stack updates
- Adding driver packages to support hardware in a PC
- Customizing the OOBE process
Once you've decided which customizations you want to add to an image, you'll need to consider at what points in the deployment process you want to make these changes.
Servicing environments
Two types of customization environments, online and offline:
- Offline: The image is mounted or applied to a disk, but not booted.
- Online: A PC that's had an image deployed and is booted into Audit mode (don't make customizations to a running PC that's not booted into Audit mode).
Whether to make changes online or offline is something you'll have to decide for your deployment. Most customizations are the same whether you make them online or offline, but consider how you can best group customization tasks so you don't have to add extra offline deployment phases for small changes, particularly if these changes can use a customization phase that's already part of your plan. Note, however, some customizatons can only be online or offline.
Customization | Offline (applied or mounted) image | Online, Audit mode |
---|---|---|
Languages | ✓ | ✓ |
Features on Demand | ✓ | ✓ |
Optional components | ✓ | ✓ |
Update packages | ✓ | ✓, starting with Windows 11, version 22H2 |
Win32 Apps | ✓ | |
AppX apps, including inbox apps | ✓ | ✓ |
Drivers | ✓ | ✓ |
Provisioning packages | ✓ | ✓ |
OOBE | ✓ | ✓ |
Offline servicing
Offline customizations are made to an image that's not booted. You can't directly modify an image, so to make changes to an offline image, you have to either mount the image to a technician PC or apply the image to a PC from WinPE so you can make changes.
Offline customizations are typically used:
- To customize an image from a technician PC by mounting and then making changes using DISM.
- To make changes from the Windows PE environment to an image that's been deployed to a PC. These changes often happen after imaging but prior to booting the image.
Online (Audit mode) servicing
Audit mode allows you to make additional changes to the Windows installation before you send the computer to a customer or capture the image for reuse in your organization. You can install drivers packages that are only available as part of an executable package, install desktop applications, or make other updates that require the Windows installation to be running. You can also use Audit mode to capture your customizations into a recovery provisioning package that you use to ensure that your customizations are retained in the event that a user resets their PC.
Unattend framework
The Unattend framework is a customization framework that allows you to configure customizations to be made during various phases of the deployment process. It isn't a single servicing environment or phase during a deployment where you can use it to make changes, so you can use a single Unattend file that includes customizations for all of the phases. For example The same unattend file can be used to make changes to WinPE, an offline image, Sysprep, first boot, audit mode, and the first time a user logs into Windows.
Not all Unattend settings are available in all phases, so make sure you understand when you can configure each of your setting to take effect.
Servicing phases
In addition to the servicing environments above, you can customize images in several different phases throughout the manufacturing process, for example:
- Before you start: by mounting and servicing an image on a technician PC. Some customizations you can make here are:
- Creating an image that includes drivers, packages, or features that are shared across all devices that are using the image. You can then further customize this image during deployment.
- Fully customize an image for faster deployment.
- While installing Windows: You can choose to install Windows in a couple of different ways:
- Booting to Windows PE and using DISM to apply an image to the PC's disk. This method reduces deployment time, adds flexibility to the deployment, and is preferred by most OEMs.
- Installs Windows by directly applying the image onto a hard drive, skipping the Windows Setup process.
- Images that are applied can be customized offline prior to booting to the image.
- Windows Setup for one-time installations. This is usually used by consumers for new Windows installations or upgrades. You can use Unattaned and setup configuration files to automate installation with Windows Setup. If you're using Windows Setup, the PC must meet the Windows minimum hardware requirements.
- Booting to Windows PE and using DISM to apply an image to the PC's disk. This method reduces deployment time, adds flexibility to the deployment, and is preferred by most OEMs.
- After you apply an image, while still in Windows PE: An applied image is an offline image, so after you apply an image you can add drivers, apps, etc. to the applied image.
- Audit Mode: You can boot into your Windows installation, using Audit mode, to make additional changes that you're not able to make to offline images. Once you're done making changes in Audit mode, run Sysprep to make your image ready for a customer or to be booted back into Windows PE where it can be re-captured as a new reference image that can be deployed to more PCs.
Through all of these phases, you can use the Unattend framework to modify settings during various predefined places.
Additional customization opportunities
OOBE
You can customize the Out-of-box experience to tailor what a user sees the first time the PC is booted. You can configure OOBE to display a custom EULA, gather information about a user, configure HID setup, or to be skipped.
Recovery
Windows has a built-in recovery environment that allows users to recover, refresh, or reset their PC. The recovery process uses an image that boots into the recovery environment, which then uses packages in a Windows installation's SxS store to rebuild a Windows installation. The recovery image can, and should, be customized to reflect languages and update packages that you make to your Windows image. The recovery environment image (WinRE.wim) is part of a Windows image.
When you're finished customizing your image
After you've applied an image, booted into Audit mode, finished your customizations, and run Sysprep you can:
- Capture the fully customized image so you can deploy it to additional PCs.
- Shutdown the PC and ship it, provided it's configured to boot into OOBE on next boot.