Follow up questions (OOBE)

[Hollywood]

Hi,
I successfully created an NTLite Windows 11 22H2 custom install CD. I built it from a custom install and used Sysprep > Audit mode, deleted the existing user(s), then Sysprep generalize and WinPE to create a new install.wim. I then ran it through NTLite again to verify some settings and set again the Unattended settings.

1. There is a Get Going Fast (privacy options). Is this the radio switches after you put in your user name and set your password? If so, what would the default answer be if I set it? I would want them all off.

2. The OOBE asks 3 security questions (pet's name, mothers maiden name, etc). Is there a setting to bypass this?

3. My installation correctly created the appdata roaming folders Public, Default, and my newly created user folder. It also created a folder called "defaultuser()". What is that? I deleted it without issue, but wonder what and why it was created.

Thanks!

 

[garlin]

1. There is a Get Going Fast (privacy options). Is this the radio switches after you put in your user name and set your password? If so, what would the default answer be if I set it? I would want them all off.

Skipping the Privacy Settings leaves the answers to whatever Window's default. I don't have a list offhand, but you can find this on Google.

2. The OOBE asks 3 security questions (pet's name, mothers maiden name, etc). Is there a setting to bypass this?

Normally, you would integrate this reg file:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"NoLocalPasswordResetQuestions"=dword:00000001

Last time I checked, disabling security questions breaks W11 OOBE. I believe this can only be configured post-OOBE.

3. My installation correctly created the appdata roaming folders Public, Default, and my newly created user folder. It also created a folder called "defaultuser()". What is that? I deleted it without issue, but wonder what and why it was created.

defaultuser0 is a dummy account Windows creates for OOBE Setup, to guarantee there's a logon user to run provisioning tasks. When OOBE is finished, this user is removed. But leftovers may exist on a sysprepped image.

 

[Hollywood]

Thank you!

 

[nuhi]

1. There is a Get Going Fast (privacy options). Is this the radio switches after you put in your user name and set your password? If so, what would the default answer be if I set it? I would want them all off.

You can pre-set all the choices, and more on the Settings - Privacy group in the tool after loading an image.

2. The OOBE asks 3 security questions (pet's name, mothers maiden name, etc). Is there a setting to bypass this?

Also if it's an option, pre-add the user on the Unattended page, otherwise I'll review the garlin's proposed tweak and add it to the list where it works.

3. My installation correctly created the appdata roaming folders Public, Default, and my newly created user folder. It also created a folder called "defaultuser()". What is that? I deleted it without issue, but wonder what and why it was created.

NTLite doesn't cause that, it's a Windows thing as garlin explained. If anyone proves differently, I'm interested in the preset.

Thanks.

 

[Hollywood]

You can pre-set all the choices, and more on the Settings - Privacy group in the tool after loading an image.


Also if it's an option, pre-add the user on the Unattended page, otherwise I'll review the garlin's proposed tweak and add it to the list where it works.


NTLite doesn't cause that, it's a Windows thing as garlin explained. If anyone proves differently, I'm interested in the preset.

Thanks.

Thanks, those questions were follow ups after the new install, but were not a real big deal. I just wanted to know so when I create another install disk, I can at least eliminate the radios. Anyway, thanks!!

The main reason I used NTLite is to create as secure of a computer as best I could without loosing function. My computer is password protected, but I decided to google how to bypass the Windows password. I downloaded a program and booted the ISO from a thumb drive and within seconds it removed the password and Windows started without one! That is unacceptable. It's not an NTLite issue, but I am mentioning it because many come here to try to make a more secure PC. I think being able to bypass the logon password is bad.

The good news is I just used BitLocker on my system drive and that program no longer works. A side note: many NTLite users attempt many trial installs to test their modifications. Most backup software backs up your drive while it is in the unlocked state. If you do a Restore, be sure to re-enable BitLocker.

 

[garlin]

Windows security on any non-encrypted disk can always be bypassed. Macrium and some of the better backup tools can store a copy of your BitLocker keys on the custom WinPE recovery image they create for you.

 

[Hollywood]

Windows security on any non-encrypted disk can always be bypassed. Macrium and some of the better backup tools can store a copy of your BitLocker keys on the custom WinPE recovery image they create for you.

Looks like. I am learning.

I also use a firewall program set to custom rule set, don't use trusted connects, and Create Rules for all applications. Even with as many privacy settings I changed with NTLite, there are a lot of system apps trying to access the internet. I realize if you are connected you are never truly safe, but I do banking on my computer. Can that really be safe? So much to watch for, but I think addressing this is better then doing nothing.

 

[Hollywood]

You can pre-set all the choices, and more on the Settings - Privacy group in the tool after loading an image.

Sorry, I looked under Configure > Settings > Privacy and did not see it. Most of my Privacy settings are Disabled. Did I miss it or am I looking in the wrong place?

Thanks!

 

[garlin]

I'm not sure there's a direct match of W11's OOBE Privacy settings to NTLite's settings. The displayed options are different from W10's.

While everyone explains how to skip the Privacy screen, nobody bothers to list what actual data it manages. I had to install NirSoft's RegistryChangesView, to view a comparison of the before & after reg keys.

This is what you get if you switch every OOBE Privacy setting from its default: a random list of App permissions. I don't think it's useful to make some reg file to copy the same changes. You're better served by using a dedicated W10/11 privacy tool or script to manage those settings.

 

[Hollywood]

I'm not sure there's a direct match of W11's OOBE Privacy settings to NTLite's settings. The displayed options are different from W10's.

When the OOBE kept looping on previous NTLite builds, I was rushing to get through the new user questions as I did not know what was causing the looping. Now that I no longer have that looping issue, those 3 questions are not as big of a deal. But as it is, I always answer them with random key strokes as banks and others use some of those same questions for verification. I keep excellent system and data backups and choose to restore from a backup rather then use the Windows process.

 

[bobbintb]

I

I'm not sure there's a direct match of W11's OOBE Privacy settings to NTLite's settings. The displayed options are different from W10's.

While everyone explains how to skip the Privacy screen, nobody bothers to list what actual data it manages. I had to install NirSoft's RegistryChangesView, to view a comparison of the before & after reg keys.

This is what you get if you switch every OOBE Privacy setting from its default: a random list of App permissions. I don't think it's useful to make some reg file to copy the same changes. You're better served by using a dedicated W10/11 privacy tool or script to manage those settings.

I don't want to necro an old thread but I am finding myself in this situation as well. I want to set all those privacy options off and skip it in the setup but I don't know which ones in NTLite they correspond to and I haven't been able to find the answer. Does anyone know?

 

[garlin]

I don't want to necro an old thread but I am finding myself in this situation as well. I want to set all those privacy options off and skip it in the setup but I don't know which ones in NTLite they correspond to and I haven't been able to find the answer. Does anyone know?

1. From the Unattended page, enable the setting Skip 'Get going fast' page (Privacy options).

Don't touch SkipMachineOOBE or SkipUserOOBE.​

2. If you prefer not using Unattended mode, then load this reg file under the Registry page:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE]
"PrivacyConsentStatus"=dword:00000001