If you have to install Windows 11 many times, repeatedly asking the same questions about region, keyboard, account, privacy, or apps is a real drag. With a combination of scripts, unattended response files, and some Microsoft tools It is possible to make that whole process almost automatic, even skipping the OOBE experience and applying your own advanced settings.
In the following lines you will see how to take advantage SetupComplete.cmd, ErrorHandler.cmd, Unattend/autounattend.xml, PowerShell, and Configuration Manager...plus some tricks to avoid hardware checks or fully customize Windows 11. The idea is that you can create a bootable USB drive or a modified ISO capable of installing the system with your settings, your scripts and your applications, virtually without touching a key.
Windows installation scripts: SetupComplete.cmd and ErrorHandler.cmd
Within the Windows installer itself, there has been a mechanism for years to hook custom scripts in the later stages of installationThe two key files are SetupComplete.cmd y ErrorHandler.cmd, which are located on the route %WINDIR%\Setup\Scripts\ and are executed within the context of the local system.
The file SetupComplete.cmd It launches right after the main installation finishes and the desktop appears for the first time, before the user starts using the system normally. From there you can trigger other scripts. cscript or wscript, install applications, apply registry settings or perform any post-installation tasks. Keep in mind that on OEM-keyed equipment This option may be limited, except in Enterprise editions and Windows Server versions.
For its part, the script ErrorHandler.cmd It is designed as an emergency mechanism. When a serious failure occurs during installation that prevents further work, the installer checks if there is a backup system. %WINDIR%\Setup\Scripts\ErrorHandler.cmd and executes it with system privileges. This component is especially useful when Many machines are deployed at the same timebecause it allows you to record the error, collect information, or even attempt automated corrections.
If the installer encounters an unrecoverable error and ErrorHandler.cmd is missing, it displays a dialog box with the message and requires manual closure. However, when the script is present, it executes automatically. synchronous, without displaying messages to the userThe installation program then closes. Depending on the stage at which the failure occurred, the computer will revert to the previous environment, such as Windows PE or a previous Windows installation.
There are times when the installation detects several consecutive errors and therefore executes ErrorHandler.cmd more than once. When designing this script, it is essential to prepare it to be idempotentThat is, it can be run repeatedly without breaking anything or causing rare side effects.
How SetupComplete.cmd works and execution order
The behavior of SetupComplete.cmd follows a very specific sequence, allowing you to know with considerable accuracy. when your custom actions will be executed And what other Windows features are still pending?
After copying files and applying the image, before the login screen appears, the installer searches in %WINDIR%\Setup\Scripts\ a file with the name SetupComplete.cmdIf it finds it, it executes it with system credentials, logging the event to the log. C:\Windows\Panther\UnattendGC\Setupact.log, where you can check exactly what happened.
Something important: the configuration program does not validate the script's exit codeIn other words, even if SetupComplete.cmd fails or returns a non-zero error level, the installation will continue as if nothing happened. This forces you to be careful with error handling within the script itself and, if necessary, leave traces in custom logs.
Another detail to consider is the relationship with the domain joining and group policiesIf the computer is added to a domain during installation, the GPOs defined in that domain are not applied until SetupComplete.cmd finishes running. This prevents policy application from interfering with your post-installation scripts, giving you a valuable window of time to make adjustments before corporate settings take effect.
Advanced use of ErrorHandler.cmd for mass installations
When we deploy dozens or hundreds of systems, it's only a matter of time before one installation fails due to a conflicting driver, a network problem, or a corrupted image. In those scenarios, ErrorHandler.cmd is your best ally to capture diagnostic information and make automated decisions.
There are two main ways to include this script in your deployments. The first involves Mount the Windows image (for example, the install.wim file), create the path %WINDIR%\Setup\Scripts\ within that image and copy ErrorHandler.cmd there. After unmounting and saving the changes, every installation that uses that image will have error handling integrated.
Another option is to place ErrorHandler.cmd in a temporary folder accessible during installationFor example, C:\Temp\ErrorHandler.cmd, and run the Windows setup program with the parameter /m pointing to that location: Setup /m:C:\TempIn this way, the installer itself will automatically copy the files it finds in that folder to its internal structure, including the error script.
This last method is very convenient when working with a deployment environment where you already have shared resources, because it allows update the script without touching the base imageIn any case, it is advisable that ErrorHandler.cmd has sufficient logic to record the context of the failure (relevant logs, network status, hardware information) and, if necessary, forward that data to a central server for further analysis.
Unattended installations with Unattend.xml and autounattend.xml
If what you want is for Windows 11 to be installed without asking you any questions Regarding language, keyboard, account, OOBE, licenses, or similar, the key component is the response file. Unattend.xml or autounattend.xmlThanks to it, you can guide the installer step by step, indicating in advance all the options that you would normally have to fill in by hand.
Unattend.xml can be run at different stages of the setup process. Some options are launched very early on, during the setup phase. Windows-Setupideal for preparing disk partitions. Others trigger during the steps of auditUser, oobeSystem or firstLogon, more suitable for installing applications, activating services or applying user settings.
To launch commands while the installer is still booting, you can use the sections Microsoft-Windows-Setup\RunAsynchronous o RunSynchronousThey are perfect for defining the disk partitioning style (e.g., GPT with EFI and recovery partitions), erasing the contents of the main drive, or applying previous changes before the first reboot.
If you want to automate what happens in the audit modeWhen the system enters a special state for testing and customization, you have the keys at your disposal. Microsoft-Windows-Deployment\RunAsynchronousCommand y RunSynchronicCommand in the phase auditUserThat's where scripts designed to test applications, install large packages, or configure corporate templates are usually placed.
Finally, to control what happens after the OOBE, before the user sees the desktop, the following sections are used: Microsoft-Windows-Shell-Setup\LogonCommands\AsynchronousCommands y FirstLogonCommands\SynchronousCommandThese commands are ideal for Add or remove apps, apply language settings, disable suggestions, or customize the Start menu.However, it's best not to overuse them: scripts that are too long delay the user's arrival at the desktop, and in commercial versions of Windows, there are additional limitations that are important to respect.
Windows 11 unattended: completely skip the OOBE
Microsoft has complicated the out-of-the-box (OOBE) phase of Windows 11 with each update, adding screens to connect to the network, create or force Microsoft accounts, activate OneDrive, try Office, define device usage, or accept a long list of privacy options. All of this can be avoided with a unattended installation based on autounattend.xml.
The idea is to create a bootable installation media (usually a USB drive) with the Windows 11 ISO and place it in the root directory of the drive, at the same level as setup.exe, a file called autoattend.xmlWhen the installer detects this file at startup, it uses it as a guide to answer all your questions.
With a well-prepared autounattend.xml file, you can specify that it should be installed. Windows 11 Pro in fully automatic mode, create an administrator account (for example, Admin) and another standard user (User) with the same predefined password, and leave the generic product key in the background, which can later be replaced by your actual license.
Furthermore, it's possible to postpone network configuration until the end, which, combined with certain settings, allows you to Install Windows 11 without an internet connection or Microsoft accountThis creates local accounts, disables telemetry, changes Windows Update behavior to manual updates, disables Bing web results in the Start menu, prevents suggested applications, and restores, if desired, the classic context menu similar to that of Windows 10.
The same response file may include commands for display common icons on the desktop such as This PC, Network, Recycle Bin, Control Panel, or the user folder, as well as to customize Explorer to your liking (for example, by always enabling known file extensions). Many of these customizations are applied using additional scripts and may take a few minutes to become visible after the first login.
Overcoming Windows 11 hardware requirements and limitations
Officially, Windows 11 requires relatively recent processors, TPM 2.0, Secure Boot, 4 GB of RAM, minimum storage, and a DirectX 12 compatible GPUThese restrictions exclude many computers that are still perfectly capable of performing office or laboratory tasks, but which are left without updates due to overly strict checks.
Although Microsoft does not promote it, there are community-documented methods for Inject into autounattend.xml the keys that disable TPM, Secure Boot, or minimum memory checkingThis allows the installation to continue without getting stuck on the requirements screen, even on unsupported hardware. This is a very useful feature for test environments, older machines, or training labs.
It is important to be aware, however, that Microsoft itself has warned that devices that bypass the requirements will be affected. They might stop receiving updates through Windows Updateespecially those related to security. Furthermore, the lack of compatible hardware can trigger problems: drivers that don't work properly, more frequent blue screens of death (BSODs) on machines with little RAM, incompatibilities with virtualization software, or significant performance drops in some games.
There is also a curious shortcut, shared by the community, that allows you to launch the Windows 11 installer from an existing Windows session using the command setup /product server in a command prompt window with administrator privileges. Doing so forces the installer to adopt an upgrade path similar to that of server versions, where hardware requirements are checked differently or relaxed.
Using these tricks in a production environment has its risks: you could end up with a system lacking fully stable drivers or long-term security patches. For many home users, it might be better to stick with Windows 10, which is still supported until 2025, rather than... Forcing Windows 11 on very old machinesBut for laboratories, testing, or equipment that was already out of service, these solutions open an interesting door.
Create and customize autounattend.xml for your environment
Building an autounattend.xml file from scratch can be tedious, but there are online tools and dedicated utilities that simplify the process. One of the most convenient is a web-based generator capable of Create Unattend templates for Windows 10 and 11, in which you choose options through forms and don't have to struggle with XML syntax.
With this type of generator you can load a pre-prepared example file, click on "Select File" To import it, you'll then review the configured preferences section by section: language, partitions, accounts, privacy settings, Windows Update behavior, feature activation or deactivation, etc. If something doesn't fit your environment, you adapt it, and when finished, you download it again. custom autounattend.xml.
The archive includes sections such as Run custom scriptsThis section defines the additional commands and scripts that will be executed upon completion of the installation, both at the system and user levels. Here you can link PowerShell scripts, .cmd or .bat files that apply optimizations, clean bloatware, change registry settings, or deploy your organization's own software.
The unattended facility also controls the partitioning scheme of the main disk. For example, you can specify that all contents of the drive be erased and a GPT partition table be created with a 300 MB EFI partition for booting and a 1000 MB recovery partition containing Windows RE. The remaining space is allocated to the system partition, avoiding surprises with residual partitions from previous installations.
Once you have the autounattend.xml ready, there are two typical ways to use it: copy it to the root of an installation USB drive (along with setup.exe) or modify the ISO itself with a utility like Any BurnAdding the file back to the root directory of the image ensures that any media created from that ISO will run Windows 11 with the automated configuration already included.
Configure custom scripts and deep settings with WinScript
Although Unattend/autounattend allows you to automate much of the installation, sometimes you want to go further and to thoroughly modify the internal configuration of Windows 10 and 11 without having to manually edit the registry or create tons of scripts from scratch. This is where a very interesting open-source tool comes in called WinScript.
WinScript is presented as a free application, available in both installable and portable versions, which It mimics the Windows 11 Settings interface. It offers, in a side panel, different categories of settings: privacy, telemetry, performance, games, pre-installed applications, etc. On the right side, you'll find the specific options for each category, each with an on/off switch.
As you activate or deactivate these switches, WinScript will automatically generating a script It's an internal system that captures all these changes. There are no predefined profiles, which forces you to carefully review each category to build your own ideal Windows "recipe." The advantage is that you don't need in-depth scripting knowledge: each setting includes a short description explaining exactly what it does.
When you finish configuring your settings, you can save the application with the resulting script in a usb driveThis way, you can simply run WinScript on any newly installed computer to apply your set of changes at once: uninstall bloatware, disable superfluous services, adjust telemetry policies, optimize performance and much more.
Before making aggressive modifications, it is always advisable to take advantage of WinScript's built-in option to create a system restore pointThis way, if any customization breaks something or you're not happy with it, you can quickly revert to the previous state without having to reformat or restore the entire system image.
Automate PowerShell scripts with Configuration Manager
In corporate environments, where teams already have the client of Configuration manager (current branch), the integration with PowerShell scripts is a real lifesaver. This feature allows you to create, approve, and run scripts across entire collections of Windows devices, with centralized tracking and consolidated results.
To use this feature, customers must have PowerShell 3.0 or higher (or the version required by the specific script) and a Configuration Manager client at least version 1706. In addition, certain permission requirements must be met: the person creating the scripts needs create permissions on "SMS Scripts", the person approving them must have approval permissions, and the person running them needs "Run script" permission on collections.
The console clearly distinguishes between authors, approvers, and executors of scriptsBy default, a single user should not be able to create and approve their own scripts, which adds an important layer of security to the process. This double approval can be disabled for testing purposes in labs, but maintaining role segregation is recommended for production environments.
Security environments are used for limit who can see and use certain scriptsBy assigning custom labels and roles, you can create, for example, a "Script Executors" role with only read and execute permissions on collections and scripts, an "Authors" role with the ability to create, modify, and delete scripts but without executing them, and a third "Approvers" role exclusively responsible for reviewing and approving.
Creating scripts from the console is relatively straightforward: choose a descriptive name, specify PowerShell as the language, import your prepared ps1 file or write it directly there, and configure parameters if needed. The script then has a state... "Awaiting approval" until an approver reviews it and marks it as "Approved." Only then can it be deployed on devices or collections.
Parameters, validation, and scheduled script execution
One of the strengths of Configuration Manager's "Run scripts" feature is its ability to manage typed and validated parametersYou can define input variables of type string, integer or lists of values, up to a maximum of ten parameters per script, which provides great flexibility without overcomplicating the interface.
Each parameter has its own properties box, where you can set minimum and maximum length, regular expressions, and custom error messagesFor example, for a string parameter "FirstName", you could require between 2 and 30 characters and prohibit the inclusion of specific uppercase letters using a RegEx like If the operator enters a value that does not meet these conditions, the system will display the error message you have defined.
The default parameter values ​​are obtained from the PowerShell script itself, but Configuration Manager does not modify or overwrite them; it simply It displays them in the interface as a suggestionIf you need to change the actual default value, you must edit the script directly, not the parameter definition in the console.
When it's time to run a script, you can do so over a single device or a complete collectionThe system initiates the command as a high-priority operation that typically completes in under an hour. Results are returned via status messages, including an exit code (usually 0 for success) and the script's standard output in JSON or plain text format.
In recent versions, it's possible to schedule execution for a specific date and time, always in UTC formatThis is very useful if you want to synchronize global deployments or avoid launching them during peak hours. The scripts run under the device's local system account, which has limited network access, so any need to reach remote resources must be handled carefully (for example, by using managed credentials or appropriate distribution points).
Monitoring, JSON output, and diagnostic logging
To avoid going in blind, Configuration Manager includes a panel of monitoring the status of scriptsIn the "Script Status" section, you can check in near real-time how many devices received the command, how many executed the script successfully, how many failed, or how many were offline at the time.
In addition, since the "Scheduled Scripts" view You can track the executions you've scheduled. Each entry displays the client operation ID, the scheduled time, the current status (for example, "Scheduled" or "Client operation successfully started"), and other useful metadata. After execution, the results are also reflected in the script status node, referenced by the same ID.
The output of the scripts is preferably returned in JSONusing the cmdlet ConvertTo-Json to serialize the generated objects. This allows the console to display a structured representation of the output, much easier to read and analyze than a simple wall of text. If the script does not return objects or the output is not valid JSON, it will be displayed in plain text format.
It's best to avoid excessively large outputs: the system truncates the results to 4 KBTherefore, scripts that return a lot of information run the risk of leaving out important data. It's also advisable to manually convert certain special types, such as enumerations, to strings, so that the resulting JSON is clean and easy to interpret.
In case of problems, there are several logs worth knowing about. On the client itself, in C:\Windows\CCM\Logs, stand out Scripts.log y CcmMessaging.logThe administration module contains MP_RelayMsgMgr.log and on the site server, usually under C:\Program Files\Configuration Manager\Logs, the file SMS_Message_Processing_Engine.logThese logs are the first mandatory stop when something goes wrong with the execution or reporting of scripts.
This entire ecosystem of scripts, unattended response files, and centralized management tools allows for building highly automated Windows 11 installation workflowsFrom skipping OOBE and hardware checks to launching Sysprep, running PSWindowsUpdate scripts to install drivers from Windows Update, restarting multiple times, and returning the computer to the user-ready OOBE, virtually any repetitive scenario can be encapsulated in a set of well-designed files and a few best practices.
- Automate Windows 11 This involves combining Unattend/autounattend.xml files with scripts such as SetupComplete.cmd and ErrorHandler.cmd.
- Facilities Unattended allow you to skip the OOBEConfigure language, accounts and privacy, and even overcome TPM and Secure Boot requirements.
- Tools like WinScript and Configuration Manager They facilitate creating, approving, and running PowerShell scripts with parameters and centralized tracking.
- Careful script and log design ensures more reliable mass deployments, with less manual intervention and better diagnostic capabilities.
