Resolved: Disable Network connection in Windows PE

Question:

I am generating a WindowsPE boot stick with the Microsoft Automation Installation Kit 10 (host is Windows 10) for a amd64 target platform.
Because i dont need network connections from within the WinPE, id like to completely and securely disable them.
I have a rough understanding of the WinPE bootchain so i know that i can pass a configuration file to wpeinit which would allow me to disable the network. The 10 year old mystery remains: how would that file have to be structured? A minimal example of

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <EnableNetwork>false</EnableNetwork>
</unattend>

does not throw an error message but also does not work. Its called from within startnet.cmd like this:
wpeinit -unattend:"%SystemRoot%\system32\Unattend.xml"
allthough i also have seen wpeinit /unattend: ....
The %SystemRoot%\system32\wpeinit.log logfile states:

2017-08-02 13:26:16.061, Info WPEINIT is processing the unattend file [X:\windows\system32\Unattend.xml] … 2017-08-02 13:26:16.295, Info ==== Initializing Network Access and Applying Configuration ==== 2017-08-02 13:26:16.295, Info No EnableNetwork unattend setting was specified; the default action for this context is to enable networking support.

The provided examples dont help me much either, i think this might be for automated installation, not configuration.
I verify that networks are disabled via the following commands

netsh interface ipv4 show interfaces
netsh interface ipv6 show interfaces

There is the possibility of disabling the connection via netsh like

netsh interface set interface "Local Area Connection" DISABLED

but im afraid that WinPE might have tried to access a DHCP already or was reachable via network for a short period of time.
So how can a networkless WinPE be achieved? Thanks!
Is not calling wpeinit from startnet.cmd an option since i need devices initialized with their drivers? Some posts suggest so.

Answer:

Heureka! I was so close that i finally managed to get it working (one reference in the question actually had the answer, only for x86).
Important lessons learned:

• target plattform is important for settings
• components are required, see their documentation, especially the Microsoft-Windows-Setup one which allows <EnableNetwork> configuration

Without further ado, this is the Unattend.xml which gets copied by the generation process to %SystemRoot%\system32:

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="windowsPE">
        <component name="Microsoft-Windows-Setup" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" processorArchitecture="AMD64">
            <EnableNetwork>false</EnableNetwork>
        </component>
    </settings>
    <cpi:offlineImage cpi:source="" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

called via the modified startnet.cmd

wpeinit /unattend="%SystemRoot%\system32\Unattend.xml"

which leads to the following log entry:

2017-08-02 14:51:20.747, Info WPEINIT is processing the unattend file [X:\windows\system32\Unattend.xml] … 2017-08-02 14:51:20.982, Info ==== Initializing Network Access and Applying Configuration ==== 2017-08-02 14:51:20.982, Info Networking support will not be enabled. 2017-08-02 14:51:20.982, Info STATUS: SUCCESS (0x00000001)

ATTENTION: the sole existance of the file in the System32 folder leads to its evaluation. So the parameter to wpeinit is actually not needed if the file resides at that location.

If you have better answer, please add a comment about this, thank you!