hashicorp
Automated Packer Build Halts at Initial Privacy and OOBE Screen for Windows 11 Enterprise Cloud PC SKU
Overview of the Issue
When attempting to build an Azure Virtual Desktop (AVD) personal image with Packer using the Windows 11 Enterprise Cloud PC SKU (win11-23h2-ent-cpc-os), the build process halts at the first boot due to a prompt for initial privacy and OOBE settings that requires manual intervention. This issue does not occur when using the Windows 11 Multi-Session SKU, which bypasses these prompts and allows full automation. The need for manual intervention disrupts the automated build process, and this issue also affects Azure Image Builder workflows.
Reproduction Steps
1. Use a Packer build with the Azure azure-arm plugin.
2. Configure the build to use the following image:
• SKU: win11-23h2-ent-cpc-os
• Offer: windows-ent-cpc
• Publisher: MicrosoftWindowsDesktop
3. Begin the build process, which initiates a VM with the selected image.
4. Observe the build halting at the initial OOBE privacy and settings screen, requiring manual confirmation to proceed.
Expected Behavior
The build process should proceed automatically through the initial privacy and OOBE screens without requiring manual intervention, allowing for a fully automated image creation.
Actual Behavior
The build stops at the initial OOBE privacy and settings screen, requiring a manual connection to the VM to confirm the privacy prompt before proceeding. Only after this intervention does the build continue, which interrupts the automated process.
Environment Details
• Packer Version: 1.11.2
• Plugins:
• azure-arm: v2.1.9
• windows-update: v0.16.7
• Operating System: Linux (amd64)
• Packer Host: /usr/bin/packer
• Image OS: Windows 11 Enterprise, Cloud PC
Additional Information
The Packer build only continued after I manually connected to the VM and confirmed the privacy prompt. This raises the question: How can this initial prompt be bypassed to ensure a fully automated build?
We ran into this with 24H2. It's not a packer issue, it's an issue with the image. This is the powershell script I wrote to bypass all of OOBE options
@(
"HideEULAPage",
"HideLocalAccountScreen",
"HideOEMRegistrationScreen",
"HideOnlineAccountScreens",
"HideWirelessSetupInOOBE",
"NetworkLocation",
"OEMAppId",
"ProtectYourPC",
"SkipMachineOOBE",
"SkipUserOOBE"
) | ForEach-Object {
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE" -Name $psitem -Value 1
}
Hi @jwmoss :)
I’m also encountering this issue, but I’m not sure how you integrated this script into the Packer build. Could you possibly share a brief example?
I tried using custom_script = ..., but the commands only executed after manually confirming the privacy settings.
Thank you in advance!
got it @jwmoss, i found my mistake. I still have a lot to learn :D Thanks for your Powershell script
Create a PowerShell script as specified above (I have named it “bypass_oobe.ps1”) and include it in the build.
build {
sources = ["source.azure-arm.win11_build"]
provisioner "powershell" {
script = "./bypass_oobe.ps1"
}
We also faced this same thing recently and resolved it using the code snippet below.
Write-Host "==> Disable Privacy Settings Experience at Sign-in <=="
if (-not (Test-Path -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\OOBE')) {
New-Item -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows' -Name 'OOBE' | Out-Null
}
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\OOBE' -Name DisablePrivacyExperience -Value 1 -Type DWord -Force
