Generate autounattend.xml files for Windows 10/11

Since i‘ve been doing this sort of thing for many years here are some basic rules: - Get LTSC (W10) or IoT/Enterprise (W11) images to begin with - Get https://www.ntlite.com/ .. you won‘t find any other tool which does a better job at removing packages, adding drivers, etc. Worth every penny with great support. - Use GroupPolicies to configure your system. Take the time and download them for Office, Edge, Chrome, Firefox and update those that come with Windows. - Integrate drivers not only for the base image but also in the recovery and setup image. - Install a firewall (binisoft is fine) - Use NextDNS - If you don’t mind the security implications: Disable Defender, SmartScreen, BootGuard and VBS (use bcdedit) - Disable Microcode loading (delete the DLL) - Disable Spectre/Meltdown mitigations - If you need Office: Use the LTSC version

Most third party tools are outdated or do stupid stuff which isn’t needed. You can silence Windows with the right GroupPolicies quite easy.

Exactly what is this trying to achieve? Running a third party tool to modify the OS, disabling security features, using "downloaded" group policies (what policies?), and sending all your DNS traffic to a third party (when on PC it's possible to just modify the etc/hosts file) -- these aren't exactly the best security practices. The only reasonable suggestion is the IoT Windows version.

Agreed with the "what does this achieve". In Corporate environments you would use SCCM or simply the Windows ADK plus WDS.

Installing a custom Firewall and Antivirus ist straight counteproductive, as ist disabling security features... obvisouly.

Downloading and installing group policies however is often required and a typical enterprise scenario.

Whenever I hear people praise these kind of things I know they don't really have any professional knowledge. It's fine to configure your own system, but suggesting these things SHOULD be done pisses me off to no end.