none
File explorer in a DISM-mounted install.wim reports unordered file system permissions

    Question

  • First some background:

    I wanted to deploy a custom start menu and taskbar layout with windows 10, but there is a problem with using Import-StartLayout on an image mounted with DISM.   I found a forum entry where someone said they dropped the LayoutModification.xml file into the proper folder and everything worked, so I thought I'd try that instead. 

    Copying and renaming the file was no problem.  However,  I realized that I had logged in to the computer where the image had been mounted as a domain user, and the file was "owned" by that user.  So I opened the file's properties in File Explorer to change the owner.

    I received a warning about the file's permissions being out of order. I allowed Windows to reorder the permissions , changed the owner, then replaced the existing permissions with the inherited ones.  The only security principals in the DACL are the local Administrators and local Users group, which have well-known SIDs. When the image is deployed to a new computer, those SIDs should map to the deployed computer's local groups (I think). 

    My question is, are the disordered permissions something in the image, or an artifact of the image's being mounted? At any rate, should I have a problem deploying this image?

    Wednesday, March 22, 2017 3:31 PM

All replies

  • Hi Spencer,

    Your idea is reasonable, I think you could deploy this image, permission should not influence image deployment.

    However, in my opinion, the simplest method to deploy custom start menu and taskbar layout for Windows 10 clients is using GPO. Just need to export start layout and apply start layout to clients, this way will enforce the layout and prevent users from performing changes, as a system admin, you might be interested in it.

    For detailed steps, please refer to this link.

    Windows 10 Start Layout Customization

    https://blogs.technet.microsoft.com/deploymentguys/2016/03/07/windows-10-start-layout-customization/

    Best regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, March 23, 2017 1:54 AM
    Moderator
  • It would be really nice to know why the permissions are disordered in the factory install.wim, but if it works, it works.

    Thanks for wanting to talk about start layout customization, but I'm doing this particular customization for a different reason -- to simplify downstream image development. Perhaps there will be a GPO for the final deployed systems; perhaps not.  

    Thursday, March 23, 2017 1:51 PM
  • Of course, the deployment method is up to you, I just provide a suggestion.

    You are welcome, I am happy to assist you with demand and question, please mark your reply to close this case.

    Reagrds


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, March 28, 2017 8:55 AM
    Moderator