Win11 Creator USB and Log Fixes (#4139)

* initial usb fixes

* fix full button width

* Cleanup and Verbose output for copy

* expand ui and fix clean and reset

* Add minimal driver injection

* initial driver support

* fix verbage

* fix syntax error

* create log file on iso generation

* inject to boot.wim for install

* fix single driver install issues

* fix first run probs

* cleanup injection

* improve clean up

* Fix OSCDIMG output and cleanup comments

* Fix Scrollviewer in Status Log

* large drive support and change to Exfat

* Fix BOOT for older UEFI and Add error checks for small usb drives

* fix single usb drive error

Author: ChrisTitusTech

.github/workflows/docs.yaml

@@ -47,7 +47,7 @@ jobs:
       - name: Setup Pages
         id: pages
         uses: actions/configure-pages@v5
-        
+
       - name: Generate Dev Docs from JSON
         shell: pwsh
         run: |

functions/private/Invoke-WinUtilISO.ps1

@@ -4,50 +4,38 @@ function Invoke-WinUtilISOScript {
         Applies WinUtil modifications to a mounted Windows 11 install.wim image.
 
     .DESCRIPTION
-        Performs the following operations against an already-mounted WIM image:
-
-        1. Removes provisioned AppX bloatware packages via DISM.
-        2. Removes OneDriveSetup.exe from the system image.
-        3. Loads offline registry hives (COMPONENTS, DEFAULT, NTUSER, SOFTWARE, SYSTEM)
-           and applies the following tweaks:
-             - Bypasses hardware requirement checks (CPU, RAM, SecureBoot, Storage, TPM).
-             - Disables sponsored-app delivery and ContentDeliveryManager features.
-             - Enables local-account OOBE path (BypassNRO).
-             - Writes autounattend.xml to the Sysprep directory inside the WIM and,
-               optionally, to the ISO/USB root so Windows Setup picks it up at boot.
-             - Disables reserved storage.
-             - Disables BitLocker device encryption.
-             - Hides the Chat (Teams) taskbar icon.
-             - Disables OneDrive folder backup (KFM).
-             - Disables telemetry, advertising ID, and input personalization.
-             - Blocks post-install delivery of DevHome, Outlook, and Teams.
-             - Disables Windows Copilot.
-             - Disables Windows Update during OOBE.
-        4. Deletes unwanted scheduled-task XML definition files (CEIP, Appraiser, etc.).
-        5. Removes the support\ folder from the ISO contents directory (if supplied).
-
-        Mounting and dismounting the WIM is the responsibility of the caller
-        (e.g. Invoke-WinUtilISO).
+        Removes AppX bloatware and OneDrive, optionally injects all drivers exported from
+        the running system into install.wim and boot.wim (controlled by the
+        -InjectCurrentSystemDrivers switch), applies offline registry tweaks (hardware
+        bypass, privacy, OOBE, telemetry, update suppression), deletes CEIP/WU
+        scheduled-task definition files, and optionally writes autounattend.xml to the ISO
+        root and removes the support\ folder from the ISO contents directory.
+
+        All setup scripts embedded in the autounattend.xml <Extensions><File> nodes are
+        written directly into the WIM at their target paths under C:\Windows\Setup\Scripts\
+        to ensure they survive Windows Setup stripping unrecognised-namespace XML elements
+        from the Panther copy of the answer file.
+
+        Mounting/dismounting the WIM is the caller's responsibility (e.g. Invoke-WinUtilISO).
 
     .PARAMETER ScratchDir
         Mandatory. Full path to the directory where the Windows image is currently mounted.
-        Example: C:\Users\USERNAME\AppData\Local\Temp\WinUtil_Win11ISO_20260222\wim_mount
 
     .PARAMETER ISOContentsDir
-        Optional. Root directory of the extracted ISO contents.
-        When supplied, autounattend.xml is also written here so Windows Setup picks it
-        up automatically at boot, and the support\ folder is deleted from that location.
+        Optional. Root directory of the extracted ISO contents. When supplied,
+        autounattend.xml is written here and the support\ folder is removed.
 
     .PARAMETER AutoUnattendXml
-        Optional. Full XML content for autounattend.xml.
-        In compiled winutil.ps1 this is the embedded $WinUtilAutounattendXml here-string;
-        in dev mode it is read from tools\autounattend.xml.
-        If empty, the OOBE bypass file is skipped and a warning is logged.
+        Optional. Full XML content for autounattend.xml. If empty, the OOBE bypass
+        file is skipped and a warning is logged.
+
+    .PARAMETER InjectCurrentSystemDrivers
+        Optional. When $true, exports all drivers from the running system and injects
+        them into install.wim and boot.wim index 2 (Windows Setup PE).
+        Defaults to $false.
 
     .PARAMETER Log
-        Optional ScriptBlock used for progress/status logging.
-        Receives a single [string] message argument.
-        Defaults to { param($m) Write-Output $m } when not supplied.
+        Optional ScriptBlock for progress/status logging. Receives a single [string] argument.
 
     .EXAMPLE
         Invoke-WinUtilISOScript -ScratchDir "C:\Temp\wim_mount"
@@ -62,24 +50,19 @@ function Invoke-WinUtilISOScript {
     .NOTES
         Author  : Chris Titus @christitustech
         GitHub  : https://github.com/ChrisTitusTech
-        Version : 26.02.22
+        Version : 26.03.02
     #>
     param (
         [Parameter(Mandatory)][string]$ScratchDir,
-        # Root directory of the extracted ISO contents. When supplied, autounattend.xml
-        # is written here so Windows Setup picks it up automatically at boot.
         [string]$ISOContentsDir = "",
-        # Autounattend XML content. In compiled winutil.ps1 this comes from the embedded
-        # $WinUtilAutounattendXml here-string; in dev mode it is read from tools\autounattend.xml.
         [string]$AutoUnattendXml = "",
+        [bool]$InjectCurrentSystemDrivers = $false,
         [scriptblock]$Log = { param($m) Write-Output $m }
     )
 
-    # ── Resolve admin group name (for takeown / icacls) ──────────────────────
     $adminSID   = New-Object System.Security.Principal.SecurityIdentifier('S-1-5-32-544')
     $adminGroup = $adminSID.Translate([System.Security.Principal.NTAccount])
 
-    # ── Local helpers ─────────────────────────────────────────────────────────
     function Set-ISOScriptReg {
         param ([string]$path, [string]$name, [string]$type, [string]$value)
         try {
@@ -100,15 +83,37 @@ function Invoke-WinUtilISOScript {
         }
     }
 
-    # ═════════════════════════════════════════════════════════════════════════
-    #  1. Remove provisioned AppX packages
-    # ═════════════════════════════════════════════════════════════════════════
+    function Add-DriversToImage {
+        param ([string]$MountPath, [string]$DriverDir, [string]$Label = "image", [scriptblock]$Logger)
+        & dism /English "/image:$MountPath" /Add-Driver "/Driver:$DriverDir" /Recurse 2>&1 |
+            ForEach-Object { & $Logger "  dism[$Label]: $_" }
+    }
+
+    function Invoke-BootWimInject {
+        param ([string]$BootWimPath, [string]$DriverDir, [scriptblock]$Logger)
+        Set-ItemProperty -Path $BootWimPath -Name IsReadOnly -Value $false -ErrorAction SilentlyContinue
+        $mountDir = Join-Path $env:TEMP "WinUtil_BootMount_$(Get-Random)"
+        New-Item -Path $mountDir -ItemType Directory -Force | Out-Null
+        try {
+            & $Logger "Mounting boot.wim (index 2) for driver injection..."
+            Mount-WindowsImage -ImagePath $BootWimPath -Index 2 -Path $mountDir -ErrorAction Stop | Out-Null
+            Add-DriversToImage -MountPath $mountDir -DriverDir $DriverDir -Label "boot" -Logger $Logger
+            & $Logger "Saving boot.wim..."
+            Dismount-WindowsImage -Path $mountDir -Save -ErrorAction Stop | Out-Null
+            & $Logger "boot.wim driver injection complete."
+        } catch {
+            & $Logger "Warning: boot.wim driver injection failed: $_"
+            try { Dismount-WindowsImage -Path $mountDir -Discard -ErrorAction SilentlyContinue | Out-Null } catch {}
+        } finally {
+            Remove-Item -Path $mountDir -Recurse -Force -ErrorAction SilentlyContinue
+        }
+    }
+
+    # ── 1. Remove provisioned AppX packages ──────────────────────────────────
     & $Log "Removing provisioned AppX packages..."
 
     $packages = & dism /English "/image:$ScratchDir" /Get-ProvisionedAppxPackages |
-        ForEach-Object {
-            if ($_ -match 'PackageName : (.*)') { $matches[1] }
-        }
+        ForEach-Object { if ($_ -match 'PackageName : (.*)') { $matches[1] } }
 
     $packagePrefixes = @(
         'AppUp.IntelManagementandSecurityStatus',
@@ -155,25 +160,46 @@ function Invoke-WinUtilISOScript {
         'MicrosoftTeams'
     )
 
-    $packagesToRemove = $packages | Where-Object {
-        $pkg = $_
-        $packagePrefixes | Where-Object { $pkg -like "*$_*" }
-    }
-    foreach ($package in $packagesToRemove) {
-        & dism /English "/image:$ScratchDir" /Remove-ProvisionedAppxPackage "/PackageName:$package"
+    $packages | Where-Object { $pkg = $_; $packagePrefixes | Where-Object { $pkg -like "*$_*" } } |
+        ForEach-Object { & dism /English "/image:$ScratchDir" /Remove-ProvisionedAppxPackage "/PackageName:$_" }
+
+    # ── 2. Inject current system drivers (optional) ───────────────────────────
+    if ($InjectCurrentSystemDrivers) {
+        & $Log "Exporting all drivers from running system..."
+        $driverExportRoot = Join-Path $env:TEMP "WinUtil_DriverExport_$(Get-Random)"
+        New-Item -Path $driverExportRoot -ItemType Directory -Force | Out-Null
+        try {
+            Export-WindowsDriver -Online -Destination $driverExportRoot | Out-Null
+
+            & $Log "Injecting current system drivers into install.wim..."
+            Add-DriversToImage -MountPath $ScratchDir -DriverDir $driverExportRoot -Label "install" -Logger $Log
+            & $Log "install.wim driver injection complete."
+
+            if ($ISOContentsDir -and (Test-Path $ISOContentsDir)) {
+                $bootWim = Join-Path $ISOContentsDir "sources\boot.wim"
+                if (Test-Path $bootWim) {
+                    & $Log "Injecting current system drivers into boot.wim..."
+                    Invoke-BootWimInject -BootWimPath $bootWim -DriverDir $driverExportRoot -Logger $Log
+                } else {
+                    & $Log "Warning: boot.wim not found — skipping boot.wim driver injection."
+                }
+            }
+        } catch {
+            & $Log "Error during driver export/injection: $_"
+        } finally {
+            Remove-Item -Path $driverExportRoot -Recurse -Force -ErrorAction SilentlyContinue
+        }
+    } else {
+        & $Log "Driver injection skipped."
     }
 
-    # ═════════════════════════════════════════════════════════════════════════
-    #  2. Remove OneDrive
-    # ═════════════════════════════════════════════════════════════════════════
+    # ── 3. Remove OneDrive ────────────────────────────────────────────────────
     & $Log "Removing OneDrive..."
     & takeown /f "$ScratchDir\Windows\System32\OneDriveSetup.exe" | Out-Null
     & icacls    "$ScratchDir\Windows\System32\OneDriveSetup.exe" /grant "$($adminGroup.Value):(F)" /T /C | Out-Null
     Remove-Item -Path "$ScratchDir\Windows\System32\OneDriveSetup.exe" -Force -ErrorAction SilentlyContinue
 
-    # ═════════════════════════════════════════════════════════════════════════
-    #  3. Registry tweaks
-    # ═════════════════════════════════════════════════════════════════════════
+    # ── 4. Registry tweaks ────────────────────────────────────────────────────
     & $Log "Loading offline registry hives..."
     reg load HKLM\zCOMPONENTS "$ScratchDir\Windows\System32\config\COMPONENTS"
     reg load HKLM\zDEFAULT    "$ScratchDir\Windows\System32\config\default"
@@ -222,14 +248,37 @@ function Invoke-WinUtilISOScript {
     Set-ISOScriptReg 'HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\OOBE' 'BypassNRO' 'REG_DWORD' '1'
 
     if ($AutoUnattendXml) {
-        # ── Place autounattend.xml inside the WIM (Sysprep) ──────────────────
-        $sysprepDest = "$ScratchDir\Windows\System32\Sysprep\autounattend.xml"
-        Set-Content -Path $sysprepDest -Value $AutoUnattendXml -Encoding UTF8 -Force
-        & $Log "Written autounattend.xml to Sysprep directory."
-
-        # ── Place autounattend.xml at the ISO / USB root ──────────────────────
-        # Windows Setup reads this file first (before booting into the OS),
-        # which is what drives the local-account / OOBE bypass at install time.
+        try {
+            $xmlDoc = [xml]::new()
+            $xmlDoc.LoadXml($AutoUnattendXml)
+
+            $nsMgr = New-Object System.Xml.XmlNamespaceManager($xmlDoc.NameTable)
+            $nsMgr.AddNamespace("sg", "https://schneegans.de/windows/unattend-generator/")
+
+            $fileNodes = $xmlDoc.SelectNodes("//sg:File", $nsMgr)
+            if ($fileNodes -and $fileNodes.Count -gt 0) {
+                foreach ($fileNode in $fileNodes) {
+                    $absPath  = $fileNode.GetAttribute("path")
+                    $relPath  = $absPath -replace '^[A-Za-z]:[/\\]', ''
+                    $destPath = Join-Path $ScratchDir $relPath
+                    New-Item -Path (Split-Path $destPath -Parent) -ItemType Directory -Force -ErrorAction SilentlyContinue | Out-Null
+
+                    $ext = [IO.Path]::GetExtension($destPath).ToLower()
+                    $encoding = switch ($ext) {
+                        { $_ -in '.ps1', '.xml' }        { [System.Text.Encoding]::UTF8 }
+                        { $_ -in '.reg', '.vbs', '.js' } { [System.Text.UnicodeEncoding]::new($false, $true) }
+                        default                          { [System.Text.Encoding]::Default }
+                    }
+                    [System.IO.File]::WriteAllBytes($destPath, ($encoding.GetPreamble() + $encoding.GetBytes($fileNode.InnerText.Trim())))
+                    & $Log "Pre-staged setup script: $relPath"
+                }
+            } else {
+                & $Log "Warning: no <Extensions><File> nodes found in autounattend.xml — setup scripts not pre-staged."
+            }
+        } catch {
+            & $Log "Warning: could not pre-stage setup scripts from autounattend.xml: $_"
+        }
+
         if ($ISOContentsDir -and (Test-Path $ISOContentsDir)) {
             $isoDest = Join-Path $ISOContentsDir "autounattend.xml"
             Set-Content -Path $isoDest -Value $AutoUnattendXml -Encoding UTF8 -Force
@@ -272,8 +321,8 @@ function Invoke-WinUtilISOScript {
     Remove-ISOScriptReg 'HKLM\zSOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\DevHomeUpdate'
 
     & $Log "Disabling Copilot..."
-    Set-ISOScriptReg 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\WindowsCopilot' 'TurnOffWindowsCopilot'    'REG_DWORD' '1'
-    Set-ISOScriptReg 'HKLM\zSOFTWARE\Policies\Microsoft\Edge'                   'HubsSidebarEnabled'        'REG_DWORD' '0'
+    Set-ISOScriptReg 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\WindowsCopilot' 'TurnOffWindowsCopilot'      'REG_DWORD' '1'
+    Set-ISOScriptReg 'HKLM\zSOFTWARE\Policies\Microsoft\Edge'                   'HubsSidebarEnabled'          'REG_DWORD' '0'
     Set-ISOScriptReg 'HKLM\zSOFTWARE\Policies\Microsoft\Windows\Explorer'       'DisableSearchBoxSuggestions' 'REG_DWORD' '1'
 
     & $Log "Disabling Windows Update during OOBE (re-enabled on first logon via FirstLogon.ps1)..."
@@ -304,12 +353,9 @@ function Invoke-WinUtilISOScript {
     reg unload HKLM\zSOFTWARE
     reg unload HKLM\zSYSTEM
 
-    # ═════════════════════════════════════════════════════════════════════════
-    #  4. Delete scheduled task definition files
-    # ═════════════════════════════════════════════════════════════════════════
+    # ── 5. Delete scheduled task definition files ─────────────────────────────
     & $Log "Deleting scheduled task definition files..."
     $tasksPath = "$ScratchDir\Windows\System32\Tasks"
-
     Remove-Item "$tasksPath\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" -Force -ErrorAction SilentlyContinue
     Remove-Item "$tasksPath\Microsoft\Windows\Customer Experience Improvement Program"                  -Recurse -Force -ErrorAction SilentlyContinue
     Remove-Item "$tasksPath\Microsoft\Windows\Application Experience\ProgramDataUpdater"               -Force -ErrorAction SilentlyContinue
@@ -321,12 +367,9 @@ function Invoke-WinUtilISOScript {
     Remove-Item "$tasksPath\Microsoft\Windows\WaaSMedic"                                               -Recurse -Force -ErrorAction SilentlyContinue
     Remove-Item "$tasksPath\Microsoft\Windows\WindowsUpdate"                                           -Recurse -Force -ErrorAction SilentlyContinue
     Remove-Item "$tasksPath\Microsoft\WindowsUpdate"                                                   -Recurse -Force -ErrorAction SilentlyContinue
-
     & $Log "Scheduled task files deleted."
 
-    # ═════════════════════════════════════════════════════════════════════════
-    #  5. Remove ISO support folder (fresh-install only; not needed)
-    # ═════════════════════════════════════════════════════════════════════════
+    # ── 6. Remove ISO support folder ─────────────────────────────────────────
     if ($ISOContentsDir -and (Test-Path $ISOContentsDir)) {
         & $Log "Removing ISO support\ folder..."
         Remove-Item -Path (Join-Path $ISOContentsDir "support") -Recurse -Force -ErrorAction SilentlyContinue