From 2be4470bc544f7910fa65961270777cf9b1f648a Mon Sep 17 00:00:00 2001
From: Pete Batard <pete@akeo.ie>
Date: Fri, 8 Jul 2022 13:34:34 +0100
Subject: [PATCH 1/2] [iso] add workaround for ISOs that have a syslinux
 symbolic link to isolinux

* This is for Knoppix images that have a /boot/syslinux that links to /boot/isolinux/
  with EFI Syslinux trying to use /boot/syslinux/syslnx[32|64].cfg as its config file.
* Note to Knoppix devs, you could have ensured EFI File System transposition by using
  the same approach as we do here, which is to create non-symlinked /boot/syslinux
  config files that point back to the isolinux ones.
---
 src/iso.c    | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++--
 src/rufus.rc | 10 +++++-----
 2 files changed, 56 insertions(+), 7 deletions(-)

diff --git a/src/iso.c b/src/iso.c
index e52437c5..cf502e56 100644
--- a/src/iso.c
+++ b/src/iso.c
@@ -125,6 +125,7 @@ static uint8_t joliet_level = 0;
 static uint64_t total_blocks, nb_blocks;
 static BOOL scan_only = FALSE;
 static StrArray config_path, isolinux_path, modified_path;
+static char symlinked_syslinux[MAX_PATH];
 
 // Ensure filenames do not contain invalid FAT32 or NTFS characters
 static __inline char* sanitize_filename(char* filename, BOOL* is_identical)
@@ -789,8 +790,15 @@ static int iso_extract_files(iso9660_t* p_iso, const char *psz_path)
 			if (!is_identical)
 				uprintf("  File name sanitized to '%s'", psz_sanpath);
 			if (is_symlink) {
-				if (file_length == 0)
-					uprintf("  Ignoring Rock Ridge symbolic link to '%s'", p_statbuf->rr.psz_symlink);
+				if (file_length == 0) {
+					// Special handling for ISOs that have a syslinux → isolinux symbolic link (e.g. Knoppix)
+					if ((safe_stricmp(p_statbuf->filename, "syslinux") == 0) &&
+						(safe_stricmp(p_statbuf->rr.psz_symlink, "isolinux") == 0)) {
+						static_strcpy(symlinked_syslinux, psz_fullpath);
+						uprintf("  Found Rock Ridge symbolic link to '%s'", p_statbuf->rr.psz_symlink);
+					} else
+						uprintf("  Ignoring Rock Ridge symbolic link to '%s'", p_statbuf->rr.psz_symlink);
+				}
 				safe_free(p_statbuf->rr.psz_symlink);
 			}
 			file_handle = CreatePreallocatedFile(psz_sanpath, GENERIC_READ | GENERIC_WRITE,
@@ -912,6 +920,7 @@ BOOL ExtractISO(const char* src_iso, const char* dest_dir, BOOL scan)
 		}
 		nb_blocks = 0;
 		iso_blocking_status = 0;
+		symlinked_syslinux[0] = 0;
 		StrArrayCreate(&modified_path, 8);
 	}
 
@@ -1216,6 +1225,46 @@ out:
 			}
 			if (fd != NULL)
 				fclose(fd);
+			// Workaround needed for Knoppix that has a /boot/syslinux that links to /boot/isolinux/
+			// with EFI Syslinux trying to read /boot/syslinux/syslnx[32|64].cfg as the config file.
+			if (symlinked_syslinux[0] != 0) {
+				static const char* efi_cfg_name[] = { "syslnx32.cfg", "syslnx64.cfg" };
+				size_t len = strlen(symlinked_syslinux);
+				char isolinux_dir[MAX_PATH];
+				static_strcpy(isolinux_dir, symlinked_syslinux);
+				assert(len > 8);
+				// ".../syslinux" -> ".../isolinux"
+				isolinux_dir[len - 8] = 'i';
+				isolinux_dir[len - 7] = 's';
+				isolinux_dir[len - 6] = 'o';
+				// Delete the empty syslinux symbolic link remnant and replace it with a syslinux/ dir
+				DeleteFileA(symlinked_syslinux);
+				CreateDirectoryA(symlinked_syslinux, NULL);
+				// Now add the relevant config files that link back to the ones in isolinux/
+				for (i = 0; i < ARRAYSIZE(efi_cfg_name); i++) {
+					static_sprintf(path, "%s/%s", isolinux_dir, efi_cfg_name[i]);
+					if (!PathFileExistsA(path))
+						continue;
+					static_sprintf(path, "%s/%s", symlinked_syslinux, efi_cfg_name[i]);
+					fd = fopen(path, "w");
+					if (fd == NULL) {
+						uprintf("Unable to create %s - booting from USB may not work", path);
+						r = 1;
+						continue;
+					}
+					static_sprintf(path, "%s/%s", isolinux_dir, efi_cfg_name[i]);
+					fprintf(fd, "DEFAULT loadconfig\n\nLABEL loadconfig\n  CONFIG %s\n  APPEND %s\n", &path[2], &isolinux_dir[2]);
+					fclose(fd);
+					for (j = 0; j < len; j++)
+						if (symlinked_syslinux[j] == '/')
+							symlinked_syslinux[j] = '\\';
+					uprintf("Created: %s\\%s → %s", symlinked_syslinux, efi_cfg_name[i], &path[2]);
+					for (j = 0; j < len; j++)
+						if (symlinked_syslinux[j] == '\\')
+							symlinked_syslinux[j] = '/';
+					fd = NULL;
+				}
+			}
 		} else if (HAS_BOOTMGR(img_report) && enable_ntfs_compression) {
 			// bootmgr might need to be uncompressed: https://github.com/pbatard/rufus/issues/1381
 			RunCommand("compact /u bootmgr* efi/boot/*.efi", dest_dir, TRUE);
diff --git a/src/rufus.rc b/src/rufus.rc
index 228eb981..3c08d486 100644
--- a/src/rufus.rc
+++ b/src/rufus.rc
@@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
 IDD_DIALOG DIALOGEX 12, 12, 232, 326
 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
 EXSTYLE WS_EX_ACCEPTFILES
-CAPTION "Rufus 3.20.1915"
+CAPTION "Rufus 3.20.1916"
 FONT 9, "Segoe UI Symbol", 400, 0, 0x0
 BEGIN
     LTEXT           "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
@@ -395,8 +395,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 3,20,1915,0
- PRODUCTVERSION 3,20,1915,0
+ FILEVERSION 3,20,1916,0
+ PRODUCTVERSION 3,20,1916,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -414,13 +414,13 @@ BEGIN
             VALUE "Comments", "https://rufus.ie"
             VALUE "CompanyName", "Akeo Consulting"
             VALUE "FileDescription", "Rufus"
-            VALUE "FileVersion", "3.20.1915"
+            VALUE "FileVersion", "3.20.1916"
             VALUE "InternalName", "Rufus"
             VALUE "LegalCopyright", "© 2011-2022 Pete Batard (GPL v3)"
             VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
             VALUE "OriginalFilename", "rufus-3.20.exe"
             VALUE "ProductName", "Rufus"
-            VALUE "ProductVersion", "3.20.1915"
+            VALUE "ProductVersion", "3.20.1916"
         END
     END
     BLOCK "VarFileInfo"

From 14f19e527526f8d963424b7fbcd1f0989a8fc2d4 Mon Sep 17 00:00:00 2001
From: Pete Batard <pete@akeo.ie>
Date: Fri, 8 Jul 2022 18:48:02 +0100
Subject: [PATCH 2/2] [wue] revert to inserting the bypass registry keys
 directly where possible

* The use of an unattend.xml to create the TPM/Secure Boot/Disk/RAM bypass keys was
  prompted by Microsoft restricting the ability of Windows Store app from manipulating
  offline registry hives.
* However, the use of a windowsPE phase in unattend.xml to insert the keys results in
  a windows command prompt briefly appearing when setup launches, as well as slightly
  different Windows setup screens from the default.
* So we are now reverting to trying to edit the boot.wim registry hive offline (which
  should work for the non Store version of Rufus) while falling back to using a PE
  unattend section if that doesn't work.
* Closes #1971
---
 src/format.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++----
 src/rufus.c  | 41 ++++++++++--------------------
 src/rufus.h  | 14 ++++++++++
 src/rufus.rc | 10 ++++----
 4 files changed, 100 insertions(+), 37 deletions(-)

diff --git a/src/format.c b/src/format.c
index 837376ad..d996b2d0 100644
--- a/src/format.c
+++ b/src/format.c
@@ -71,10 +71,12 @@ extern const int nb_steps[FS_MAX];
 extern uint32_t dur_mins, dur_secs;
 extern uint32_t wim_nb_files, wim_proc_files, wim_extra_files;
 static int actual_fs_type, wintogo_index = -1, wininst_index = 0;
+extern int unattend_xml_selection;
 extern BOOL force_large_fat32, enable_ntfs_compression, lock_drive, zero_drive, fast_zeroing, enable_file_indexing;
-extern BOOL write_as_image, use_vds, write_as_esp, is_vds_available, enable_inplace, set_drives_offline;
+extern BOOL write_as_image, use_vds, write_as_esp, is_vds_available;
 extern const grub_patch_t grub_patch[2];
 extern char* unattend_xml_path;
+extern const char* bypass_name[4];
 uint8_t *grub2_buf = NULL, *sec_buf = NULL;
 long grub2_len;
 
@@ -1470,7 +1472,7 @@ static BOOL SetupWinToGo(DWORD DriveIndex, const char* drive_name, BOOL use_esp)
 	// "upgrade" the ReFS version on all drives to v3.7, thereby preventing you from being able to mount
 	// those volumes back on Windows 10 ever again. Yes, I have been stung by this Microsoft bullshit!
 	// See: https://gist.github.com/0xbadfca11/da0598e47dd643d933dc#Mountability
-	if (set_drives_offline) {
+	if (unattend_xml_selection & UNATTEND_OFFLINE_INTERNAL_DRIVES) {
 		uprintf("Setting the target's internal drives offline using command:");
 		// This applies the "offlineServicing" section of the unattend.xml (while ignoring the other sections)
 		static_sprintf(cmd, "dism /Image:%s\\ /Apply-Unattend:%s", drive_name, unattend_xml_path);
@@ -1499,12 +1501,17 @@ static BOOL SetupWinToGo(DWORD DriveIndex, const char* drive_name, BOOL use_esp)
  */
 BOOL ApplyWindowsCustomization(char drive_letter, BOOL windows_to_go)
 {
-	BOOL r = FALSE;
+	BOOL r = FALSE, is_hive_mounted = FALSE;
+	int i;
 	const int wim_index = 2;
-	char boot_wim_path[] = "?:\\sources\\boot.wim";
+	const char* offline_hive_name = "RUFUS_OFFLINE_HIVE";
+	char boot_wim_path[] = "?:\\sources\\boot.wim", key_path[64];
 	char appraiserres_dll_src[] = "?:\\sources\\appraiserres.dll";
 	char appraiserres_dll_dst[] = "?:\\sources\\appraiserres.bak";
 	char *mount_path = NULL, path[MAX_PATH];
+	HKEY hKey = NULL, hSubKey = NULL;
+	LSTATUS status;
+	DWORD dwDisp, dwVal = 1;
 
 	assert(unattend_xml_path != NULL);
 	uprintf("Applying Windows customization:");
@@ -1522,7 +1529,7 @@ BOOL ApplyWindowsCustomization(char drive_letter, BOOL windows_to_go)
 		uprintf("Added '%s'", path);
 	} else {
 		boot_wim_path[0] = drive_letter;
-		if (enable_inplace) {
+		if (unattend_xml_selection & UNATTEND_WINPE_SETUP_MASK) {
 			// Create a backup of sources\appraiserres.dll and then create an empty file to
 			// allow in-place upgrades without TPM/SB. Note that we need to create an empty,
 			// appraiserres.dll otherwise setup.exe extracts its own.
@@ -1542,6 +1549,53 @@ BOOL ApplyWindowsCustomization(char drive_letter, BOOL windows_to_go)
 		if (mount_path == NULL)
 			goto out;
 
+		if (unattend_xml_selection & UNATTEND_WINPE_SETUP_MASK) {
+			// Try to create the registry keys directly, and fallback to using unattend
+			// if that fails (which the Windows Store version is expected to do).
+			static_sprintf(path, "%s\\Windows\\System32\\config\\SYSTEM", mount_path);
+			if (!MountRegistryHive(HKEY_LOCAL_MACHINE, offline_hive_name, path)) {
+				uprintf("Falling back to creating the registry keys through unattend.xml");
+				goto copy_unattend;
+			}
+			UpdateProgressWithInfoForce(OP_PATCH, MSG_325, 101, PATCH_PROGRESS_TOTAL);
+			is_hive_mounted = TRUE;
+
+			static_sprintf(key_path, "%s\\Setup", offline_hive_name);
+			status = RegOpenKeyExA(HKEY_LOCAL_MACHINE, key_path, 0, KEY_READ | KEY_CREATE_SUB_KEY, &hKey);
+			if (status != ERROR_SUCCESS) {
+				SetLastError(status);
+				uprintf("Could not open 'HKLM\\SYSTEM\\Setup' registry key: %s", WindowsErrorString());
+				goto copy_unattend;
+			}
+
+			status = RegCreateKeyExA(hKey, "LabConfig", 0, NULL, 0,
+				KEY_SET_VALUE | KEY_QUERY_VALUE | KEY_CREATE_SUB_KEY, NULL, &hSubKey, &dwDisp);
+			if (status != ERROR_SUCCESS) {
+				SetLastError(status);
+				uprintf("Could not create 'HKLM\\SYSTEM\\Setup\\LabConfig' registry key: %s", WindowsErrorString());
+				goto copy_unattend;
+			}
+
+			for (i = 0; i < ARRAYSIZE(bypass_name); i++) {
+				if (!(unattend_xml_selection & (1 << (i / 2))))
+					continue;
+				status = RegSetValueExA(hSubKey, bypass_name[i], 0, REG_DWORD, (LPBYTE)&dwVal, sizeof(DWORD));
+				if (status != ERROR_SUCCESS) {
+					SetLastError(status);
+					uprintf("Could not set 'HKLM\\SYSTEM\\Setup\\LabConfig\\%s' registry key: %s",
+						bypass_name[i], WindowsErrorString());
+					goto copy_unattend;
+				}
+				uprintf("Created 'HKLM\\SYSTEM\\Setup\\LabConfig\\%s' registry key", bypass_name[i]);
+			}
+			// We were successfull in creating the keys so disable the windowsPE section from unattend.xml
+			// We do this by replacing '<settings pass="windowsPE">' with '<settings pass="disabled">'
+			if (replace_in_token_data(unattend_xml_path, "<settings", "windowsPE", "disabled", FALSE) == NULL)
+				uprintf("Warning: Could not disable 'windowsPE' pass from unattend.xml");
+			UpdateProgressWithInfoForce(OP_PATCH, MSG_325, 102, PATCH_PROGRESS_TOTAL);
+		}
+
+copy_unattend:
 		static_sprintf(path, "%s\\Autounattend.xml", mount_path);
 		if (!CopyFileU(unattend_xml_path, path, TRUE)) {
 			uprintf("Could not create boot.wim 'Autounattend.xml': %s", WindowsErrorString());
@@ -1553,6 +1607,14 @@ BOOL ApplyWindowsCustomization(char drive_letter, BOOL windows_to_go)
 	r = TRUE;
 
 out:
+	if (hSubKey != NULL)
+		RegCloseKey(hSubKey);
+	if (hKey != NULL)
+		RegCloseKey(hKey);
+	if (is_hive_mounted) {
+		UnmountRegistryHive(HKEY_LOCAL_MACHINE, offline_hive_name);
+		UpdateProgressWithInfoForce(OP_PATCH, MSG_325, 104, PATCH_PROGRESS_TOTAL);
+	}
 	if (mount_path) {
 		uprintf("Unmounting '%s'...", boot_wim_path, wim_index);
 		WimUnmountImage(boot_wim_path, wim_index);
diff --git a/src/rufus.c b/src/rufus.c
index 73199e37..1b477627 100755
--- a/src/rufus.c
+++ b/src/rufus.c
@@ -60,19 +60,6 @@ enum bootcheck_return {
 	BOOTCHECK_GENERAL_ERROR = -3,
 };
 
-#define UNATTEND_SECUREBOOT_TPM_MASK        0x01
-#define UNATTEND_MINRAM_MINDISK_MASK        0x02
-#define UNATTEND_NO_ONLINE_ACCOUNT_MASK     0x04
-#define UNATTEND_NO_DATA_COLLECTION_MASK    0x08
-#define UNATTEND_OFFLINE_INTERNAL_DRIVES    0x10
-#define UNATTEND_DEFAULT_MASK               0x1F
-
-#define UNATTEND_WINPE_SETUP_MASK           (UNATTEND_SECUREBOOT_TPM_MASK | UNATTEND_MINRAM_MINDISK_MASK)
-#define UNATTEND_SPECIALIZE_DEPLOYMENT_MASK (UNATTEND_NO_ONLINE_ACCOUNT_MASK)
-#define UNATTEND_OOBE_SHELL_SETUP           (UNATTEND_NO_DATA_COLLECTION_MASK)
-#define UNATTEND_OFFLINE_SERVICING          (UNATTEND_OFFLINE_INTERNAL_DRIVES)
-#define UNATTEND_DEFAULT_SELECTION          (UNATTEND_SECUREBOOT_TPM_MASK | UNATTEND_NO_ONLINE_ACCOUNT_MASK | UNATTEND_OFFLINE_INTERNAL_DRIVES)
-
 static const char* cmdline_hogger = "rufus.com";
 static const char* ep_reg = "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer";
 static const char* vs_reg = "Software\\Microsoft\\VisualStudio";
@@ -128,17 +115,17 @@ DWORD MainThreadId;
 HWND hDeviceList, hPartitionScheme, hTargetSystem, hFileSystem, hClusterSize, hLabel, hBootType, hNBPasses, hLog = NULL;
 HWND hImageOption, hLogDialog = NULL, hProgress = NULL, hDiskID;
 HANDLE dialog_handle = NULL;
-BOOL is_x86_32, use_own_c32[NB_OLD_C32] = { FALSE, FALSE }, mbr_selected_by_user = FALSE;
-BOOL op_in_progress = TRUE, right_to_left_mode = FALSE, has_uefi_csm = FALSE, its_a_me_mario = FALSE, enable_inplace = FALSE;
-BOOL enable_HDDs = FALSE, enable_VHDs = TRUE, enable_ntfs_compression = FALSE, no_confirmation_on_cancel = FALSE, lock_drive = TRUE;
-BOOL advanced_mode_device, advanced_mode_format, allow_dual_uefi_bios, detect_fakes, enable_vmdk, force_large_fat32, usb_debug;
-BOOL use_fake_units, preserve_timestamps = FALSE, fast_zeroing = FALSE, app_changed_size = FALSE;
+BOOL is_x86_32, use_own_c32[NB_OLD_C32] = { FALSE, FALSE }, mbr_selected_by_user = FALSE, lock_drive = TRUE;
+BOOL op_in_progress = TRUE, right_to_left_mode = FALSE, has_uefi_csm = FALSE, its_a_me_mario = FALSE;
+BOOL enable_HDDs = FALSE, enable_VHDs = TRUE, enable_ntfs_compression = FALSE, no_confirmation_on_cancel = FALSE;
+BOOL advanced_mode_device, advanced_mode_format, allow_dual_uefi_bios, detect_fakes, enable_vmdk, force_large_fat32;
+BOOL usb_debug, use_fake_units, preserve_timestamps = FALSE, fast_zeroing = FALSE, app_changed_size = FALSE;
 BOOL zero_drive = FALSE, list_non_usb_removable_drives = FALSE, enable_file_indexing, large_drive = FALSE;
 BOOL write_as_image = FALSE, write_as_esp = FALSE, use_vds = FALSE, ignore_boot_marker = FALSE;
-BOOL appstore_version = FALSE, is_vds_available = TRUE, set_drives_offline = FALSE;
+BOOL appstore_version = FALSE, is_vds_available = TRUE;
 float fScale = 1.0f;
 int dialog_showing = 0, selection_default = BT_IMAGE, persistence_unit_selection = -1, imop_win_sel = 0;
-int default_fs, fs_type, boot_type, partition_type, target_type;
+int default_fs, fs_type, boot_type, partition_type, target_type, unattend_xml_selection = 0;
 int force_update = 0, default_thread_priority = THREAD_PRIORITY_ABOVE_NORMAL;
 char szFolderPath[MAX_PATH], app_dir[MAX_PATH], system_dir[MAX_PATH], temp_dir[MAX_PATH], sysnative_dir[MAX_PATH];
 char app_data_dir[MAX_PATH], user_dir[MAX_PATH];
@@ -151,6 +138,7 @@ StrArray BlockingProcess, ImageList;
 // Number of steps for each FS for FCC_STRUCTURE_PROGRESS
 const int nb_steps[FS_MAX] = { 5, 5, 12, 1, 10, 1, 1, 1, 1 };
 const char* flash_type[BADLOCKS_PATTERN_TYPES] = { "SLC", "MLC", "TLC" };
+const char* bypass_name[4] = { "BypassTPMCheck", "BypassSecureBootCheck", "BypassRAMCheck", "BypassStorageCheck" };
 RUFUS_DRIVE rufus_drive[MAX_DRIVES] = { 0 };
 
 // TODO: Remember to update copyright year in stdlg's AboutCallback() WM_INITDIALOG,
@@ -1268,7 +1256,7 @@ static char* CreateUnattendXml(int arch, int mask)
 	FILE* fd;
 	int i, order;
 	const char* xml_arch_names[5] = { "x86", "amd64", "arm", "arm64" };
-	const char* bypass_name[4] = { "BypassTPMCheck", "BypassSecureBootCheck", "BypassRAMCheck", "BypassStorageCheck" };
+	unattend_xml_selection = mask;
 	if (arch < ARCH_X86_32 || arch >= ARCH_ARM_64 || mask == 0)
 		return NULL;
 	arch--;
@@ -1282,10 +1270,11 @@ static char* CreateUnattendXml(int arch, int mask)
 	fprintf(fd, "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n");
 	fprintf(fd, "<unattend xmlns=\"urn:schemas-microsoft-com:unattend\">\n");
 
-	// This part produces the unbecoming display of a command prompt window during initial setup, which
-	// may scare users... But the Windows Store version doesn't allow us to edit an offline registry...
+	// This part produces the unbecoming display of a command prompt window during initial setup as well
+	// as alters the layout and options of the initial Windows installer screens, which may scare users.
+	// So, in format.c, we'll try to insert the registry keys directly and drop this section. However,
+	// because Microsoft prevents Store apps from editing an offline registry, we do need this fallback.
 	if (mask & UNATTEND_WINPE_SETUP_MASK) {
-		enable_inplace = TRUE;
 		order = 1;
 		fprintf(fd, "  <settings pass=\"windowsPE\">\n");
 		fprintf(fd, "    <component name=\"Microsoft-Windows-Setup\" processorArchitecture=\"%s\" language=\"neutral\" "
@@ -1351,7 +1340,6 @@ static char* CreateUnattendXml(int arch, int mask)
 	if (mask & UNATTEND_OFFLINE_SERVICING) {
 		fprintf(fd, "  <settings pass=\"offlineServicing\">\n");
 		if (mask & UNATTEND_OFFLINE_INTERNAL_DRIVES) {
-			set_drives_offline = TRUE;
 			fprintf(fd, "    <component name=\"Microsoft-Windows-PartitionManager\" processorArchitecture=\"%s\" language=\"neutral\" "
 				"xmlns:wcm=\"http://schemas.microsoft.com/WMIConfig/2002/State\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" "
 				"publicKeyToken=\"31bf3856ad364e35\" versionScope=\"nonSxS\">\n", xml_arch_names[arch]);
@@ -2768,8 +2756,7 @@ static INT_PTR CALLBACK MainCallback(HWND hDlg, UINT message, WPARAM wParam, LPA
 			fs_type = (int)ComboBox_GetCurItemData(hFileSystem);
 			write_as_image = FALSE;
 			write_as_esp = FALSE;
-			enable_inplace = FALSE;
-			set_drives_offline = FALSE;
+			unattend_xml_selection = 0;
 			// Disable all controls except Cancel
 			EnableControls(FALSE, FALSE);
 			FormatStatus = 0;
diff --git a/src/rufus.h b/src/rufus.h
index 2f3598d4..fa036b1e 100644
--- a/src/rufus.h
+++ b/src/rufus.h
@@ -494,6 +494,20 @@ enum ArchType {
 	ARCH_MAX
 };
 
+// Windows User Experience (unattend.xml) options
+#define UNATTEND_SECUREBOOT_TPM_MASK        0x01
+#define UNATTEND_MINRAM_MINDISK_MASK        0x02
+#define UNATTEND_NO_ONLINE_ACCOUNT_MASK     0x04
+#define UNATTEND_NO_DATA_COLLECTION_MASK    0x08
+#define UNATTEND_OFFLINE_INTERNAL_DRIVES    0x10
+#define UNATTEND_DEFAULT_MASK               0x1F
+
+#define UNATTEND_WINPE_SETUP_MASK           (UNATTEND_SECUREBOOT_TPM_MASK | UNATTEND_MINRAM_MINDISK_MASK)
+#define UNATTEND_SPECIALIZE_DEPLOYMENT_MASK (UNATTEND_NO_ONLINE_ACCOUNT_MASK)
+#define UNATTEND_OOBE_SHELL_SETUP           (UNATTEND_NO_DATA_COLLECTION_MASK)
+#define UNATTEND_OFFLINE_SERVICING          (UNATTEND_OFFLINE_INTERNAL_DRIVES)
+#define UNATTEND_DEFAULT_SELECTION          (UNATTEND_SECUREBOOT_TPM_MASK | UNATTEND_NO_ONLINE_ACCOUNT_MASK | UNATTEND_OFFLINE_INTERNAL_DRIVES)
+
 /*
  * Globals
  */
diff --git a/src/rufus.rc b/src/rufus.rc
index 3c08d486..d6b7faf5 100644
--- a/src/rufus.rc
+++ b/src/rufus.rc
@@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
 IDD_DIALOG DIALOGEX 12, 12, 232, 326
 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
 EXSTYLE WS_EX_ACCEPTFILES
-CAPTION "Rufus 3.20.1916"
+CAPTION "Rufus 3.20.1917"
 FONT 9, "Segoe UI Symbol", 400, 0, 0x0
 BEGIN
     LTEXT           "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
@@ -395,8 +395,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 3,20,1916,0
- PRODUCTVERSION 3,20,1916,0
+ FILEVERSION 3,20,1917,0
+ PRODUCTVERSION 3,20,1917,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -414,13 +414,13 @@ BEGIN
             VALUE "Comments", "https://rufus.ie"
             VALUE "CompanyName", "Akeo Consulting"
             VALUE "FileDescription", "Rufus"
-            VALUE "FileVersion", "3.20.1916"
+            VALUE "FileVersion", "3.20.1917"
             VALUE "InternalName", "Rufus"
             VALUE "LegalCopyright", "© 2011-2022 Pete Batard (GPL v3)"
             VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
             VALUE "OriginalFilename", "rufus-3.20.exe"
             VALUE "ProductName", "Rufus"
-            VALUE "ProductVersion", "3.20.1916"
+            VALUE "ProductVersion", "3.20.1917"
         END
     END
     BLOCK "VarFileInfo"