diff --git a/functions/microwin/Microwin-NewFirstRun.ps1 b/functions/microwin/Microwin-NewFirstRun.ps1
index 614df6bc..d6e5d4b7 100644
--- a/functions/microwin/Microwin-NewFirstRun.ps1
+++ b/functions/microwin/Microwin-NewFirstRun.ps1
@@ -63,6 +63,22 @@ function Microwin-NewFirstRun {
     {
 
     }
+
+    # Get BCD entries and set bootmgr timeout accordingly
+    try
+    {
+        # Check if the number of occurrences of "path" is 2 - this fixes the Boot Manager screen issue (#2562)
+        if ((bcdedit | Select-String "path").Count -eq 2)
+        {
+            # Set bootmgr timeout to 0
+            bcdedit /set `{bootmgr`} timeout 0
+        }
+    }
+    catch
+    {
+
+    }
+
 '@
     $firstRun | Out-File -FilePath "$env:temp\FirstStartup.ps1" -Force
 }
diff --git a/functions/microwin/Microwin-NewUnattend.ps1 b/functions/microwin/Microwin-NewUnattend.ps1
index 87188aca..dda71bb3 100644
--- a/functions/microwin/Microwin-NewUnattend.ps1
+++ b/functions/microwin/Microwin-NewUnattend.ps1
@@ -31,7 +31,7 @@ function Microwin-NewUnattend {
                             <Group>Administrators</Group>
                             <Password>
                                 <Value>PW-REPLACEME</Value>
-                                <PlainText>true</PlainText>
+                                <PlainText>PT-STATUS</PlainText>
                             </Password>
                         </LocalAccount>
                     </LocalAccounts>
@@ -42,7 +42,7 @@ function Microwin-NewUnattend {
                     <LogonCount>1</LogonCount>
                     <Password>
                         <Value>PW-REPLACEME</Value>
-                        <PlainText>true</PlainText>
+                        <PlainText>PT-STATUS</PlainText>
                     </Password>
                 </AutoLogon>
                 <OOBE>
@@ -295,15 +295,40 @@ function Microwin-NewUnattend {
     </settings>
 '@
     if ((Microwin-TestCompatibleImage $imgVersion $([System.Version]::new(10,0,22000,1))) -eq $false) {
-    # Replace the placeholder text with an empty string to make it valid for Windows 10 Setup
-    $unattend = $unattend.Replace("<#REPLACEME#>", "").Trim()
+        # Replace the placeholder text with an empty string to make it valid for Windows 10 Setup
+        $unattend = $unattend.Replace("<#REPLACEME#>", "").Trim()
     } else {
-    # Replace the placeholder text with the Specialize pass
-    $unattend = $unattend.Replace("<#REPLACEME#>", $specPass).Trim()
+        # Replace the placeholder text with the Specialize pass
+        $unattend = $unattend.Replace("<#REPLACEME#>", $specPass).Trim()
     }
+
+    # User password in Base64. According to Microsoft, this is the way you can hide this sensitive information.
+    # More information can be found here: https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/wsim/hide-sensitive-data-in-an-answer-file
+    # Yeah, I know this is not the best way to protect this kind of data, but we all know how Microsoft is - "the Apple of security" (in a sense, it takes them
+    # an eternity to implement basic security features right. Just look at the NTLM and Kerberos situation!)
+
+    $b64pass = ""
+
     # Replace default User and Password values with the provided parameters
     $unattend = $unattend.Replace("USER-REPLACEME", $userName).Trim()
-    $unattend = $unattend.Replace("PW-REPLACEME", $userPassword).Trim()
+    try {
+        # I want to play it safe here - I don't want encoding mismatch problems like last time
+
+        # NOTE: "Password" needs to be appended to the password specified by the user. Otherwise, a parse error will occur when processing oobeSystem.
+        # This will not be added to the actual password stored in the target system's SAM file - only the provided password
+        $b64pass = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes("$($userPassword)Password"))
+    } catch {
+        $b64pass = ""
+    }
+    if ($b64pass -ne "") {
+        # If we could encode the password with Base64, put it in the answer file and indicate that it's NOT in plain text
+        $unattend = $unattend.Replace("PW-REPLACEME", $b64pass).Trim()
+        $unattend = $unattend.Replace("PT-STATUS", "false").Trim()
+        $b64pass = ""
+    } else {
+        $unattend = $unattend.Replace("PW-REPLACEME", $userPassword).Trim()
+        $unattend = $unattend.Replace("PT-STATUS", "true").Trim()
+    }
 
     # Save unattended answer file with UTF-8 encoding
     $unattend | Out-File -FilePath "$env:temp\unattend.xml" -Force -Encoding utf8
diff --git a/functions/microwin/Microwin-RemovePackages.ps1 b/functions/microwin/Microwin-RemovePackages.ps1
index ed53056c..470d4df4 100644
--- a/functions/microwin/Microwin-RemovePackages.ps1
+++ b/functions/microwin/Microwin-RemovePackages.ps1
@@ -45,7 +45,8 @@ function Microwin-RemovePackages {
                 $_ -NotLike "*Foundation*" -AND
                 $_ -NotLike "*LanguageFeatures*" -AND
                 $_ -NotLike "*VBSCRIPT*" -AND
-                $_ -NotLike "*License*"
+                $_ -NotLike "*License*" -AND
+                $_ -NotLike "*Hello-Face*"
             }
 
         $failedCount = 0