locked
Missing \scripts\ZTIApplications.wsf preventing deployment RRS feed

  • Question

  • We are finding that the \scripts\ZTIApplications.wsf file on our DeploymentShare$ is just disappearing. It has happened several times today alone. I copy it back in from another source, and everything runs fine for a little while, then it disappears again. Any idea why this is happening? Or where I should look to try to debug? I can't find any log info that seems relevant, but I might have missed something. Thanks!
    Tuesday, July 16, 2019 10:49 PM

All replies

  • Have you check the Antivirus installed in reference system. It might be Windows Defender is detected it as Affected items during deployment. 
    Wednesday, July 17, 2019 9:19 AM
  • I agree, it sounds like an anti-virus/malware is quarantining or removing the script. You should create an exclusion for your deployment share folder, that might actually speed things up too if it's been scanning everything during deployments.

    Daniel Vega

    Wednesday, July 17, 2019 2:14 PM
  • The deployment share is on a 2012 server with no anti-malware software installed. I have it mounted as a lettered drive on my workstation, but my Avast software doesn't show any action on that drive. (Might still be mounted on someone else's workstation and scanned from there though.)
    Wednesday, July 17, 2019 3:32 PM
  • Acting on the theory that Windows Defender might be wreaking havoc, I tried modifying the task sequence to prevent it from doing its mischief. I first added an item to disable Defender as the first item in State Restore:

    Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f

    After a few successful reimages, the ZTIApplications.wsf file again disappeared from DeploymentShare$\scripts\. So same behavior as before.

    I then changed the item to execute this command instead:

    sc stop WinDefend

    Again, after a couple of successful reimages, the ZTI script disappeared again.

    So I'm baffled. Any ideas?

    Thursday, July 18, 2019 5:17 PM
  • I guess I haven't done the "sc stop WinDefend" TS item right. The TS Wizard's deployment summary says:

    "Failed to run the action: CMD-Stop Windows Defender. Access is denied (Error: 00000005; Source: Windows)."

    Guess I have to figure that one out first. Any ideas?

    Thursday, July 18, 2019 5:50 PM
  • Here's the two registry entries which have to be add. 

    Turn Off Windows Defender Antivirus 

    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
    "DisableAntiSpyware"=dword:00000001
    "DisableRoutinelyTakingAction"=dword:00000001

    Turn On Windows Defender Antivirus

    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
    "DisableAntiSpyware"=-
    "DisableRoutinelyTakingAction"=-  
    Saturday, July 20, 2019 2:34 AM
  • So, as a script then, it should read:

    Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f

    Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableRoutinelyTakingAction /t REG_DWORD /d 1 /f

    Right?

    Can you explain why the "sc stop WinDefend" script results in an Access Denied error?

    Tuesday, July 23, 2019 2:37 PM
  • Have you had any luck determining the root cause of this? I just had it happen on a customer's production deployment share. Very confusing.
    Thursday, August 1, 2019 8:57 PM