none
new 8450 question before first capture RRS feed

  • Question

  • currently MDT2013 in prod serving multiple models with Windows 7 image...

    For W10 deployment I installed new 8450 with ADK 1809.

    First thing I would like to capture W10 1809 fully patched VM and then deploy it prior to start with real reference machine.

    My question is about the script for Blocking Internet Access to prevent MS Store App Updates.

    Should I use it in both capture and deploy images?

    Will appreciate detailed info (for achieving a success from first run :) ).

    Thanks.


    --- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

    Tuesday, January 15, 2019 7:39 PM

Answers

All replies

  • I would disable this in local group policy editor in the reference image:

    Computer Configuration>Administrative Templates>Windows Components>Store

    Enable: Turn off Automatic Download and Install of Updates

    • Marked as answer by pob579 Friday, January 18, 2019 12:53 PM
    Thursday, January 17, 2019 11:04 PM
  • Thanks for the tip.

    Looks much simpler than script involvement.

    Will give a try...


    --- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

    Friday, January 18, 2019 12:53 PM
  • 1.prior capturing

    Enabled: Turn off Automatic Download and Install of Updates

    2. the capture failed. BDD log is here:

    https://1drv.ms/u/s!Av7GxVRWTkZlghEAiAFiiduHrpl8

    I checked the errors... looks like they are not MS Store related.

    Please check...

    Again it is latest MDT with 1809 W10 around.

    Here is the quick pick of failure on captured VM:


    --- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

    Friday, January 18, 2019 7:40 PM
  • Looks like rearm sysprep. here are the comand lines from a bat file:

    @ECHO OFF

    reg add "HKLM\SYSTEM\Setup\Status\Sysprepstatus" /v CleanupState /t REG_DWORD /d 00000002 /F

    reg add "HKLM\SYSTEM\Setup\Status\Sysprepstatus" /v GeneralizationState /t REG_DWORD /d 00000007 /F

    reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v SkipRearm /t REG_DWORD /d 00000001

    msdtc -uninstall

    timeout 120

    msdtc -install

    timeout 120

    rmdir /Q /S "C:\Windows\System32\Sysprep\Panther" 
    del /Q "C:\Windows\System32\Sysprep\Sysprep_succeeded.tag"

    Friday, January 18, 2019 8:15 PM
  • sorry... could you elaborate... what to do for trying to fix a capture problem?

    --- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

    Monday, January 21, 2019 2:26 PM
  • before you capture run these commands from a command prompt in the reference image:

    reg add "HKLM\SYSTEM\Setup\Status\Sysprepstatus" /v CleanupState /t REG_DWORD /d 00000002 /F

    reg add "HKLM\SYSTEM\Setup\Status\Sysprepstatus" /v GeneralizationState /t REG_DWORD /d 00000007 /F

    reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v SkipRearm /t REG_DWORD /d 00000001

    msdtc -uninstall

    timeout 120

    msdtc -install

    timeout 120

    rmdir /Q /S "C:\Windows\System32\Sysprep\Panther" 
    del /Q "C:\Windows\System32\Sysprep\Sysprep_succeeded.tag"

    Monday, January 21, 2019 5:32 PM
  • I did try the commands. See output.

    It is French but easy comprehensible...

    So SkipRearm value did exist...

    And there are no Sysprep folder in clean W10 (installed from MS VLK ISO - W10 1809).

    What could be the obstacle for fresh 8450 adk1809 and W10 latest? I thought just Store update the only thing...

    Now it looks like not a trivial task.

    Other ideas?

    Thx.


    --- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

    Monday, January 21, 2019 7:02 PM
  • Did you try capturing again?
    Monday, January 21, 2019 7:51 PM
  • sure... sorry not obvious from my response with running commands.

    Yes I have exactly the same "pink screen" of litetouch (same errors). Don't think that bdd will be different.

    But if you'll ask I can post it...

    The capture starts... then the machine restarts and fails on sysprep.


    --- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis


    • Edited by pob579 Tuesday, January 22, 2019 12:54 PM
    Tuesday, January 22, 2019 12:53 PM
  • To me it looks like you captured the reference image already then just restarted it, and trued captured again. which lead to believe you just need to rearm sysprep.

    However, check this article out...its related to the store updates and sysprep failing:

    https://deploymentresearch.com/Research/Post/615/Fixing-why-Sysprep-fails-in-Windows-10-due-to-Windows-Store-updates

    Tuesday, January 22, 2019 2:04 PM
  • the machine was reverted after first capture, so always brand new install before capture.

    The error really looks as mine... that is why I started the thread with a question about the script to block Store access.

    Unfortunately, the GPO you proposed didn't work for the issue...

    Thanks for trying to help.


    --- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

    Tuesday, January 22, 2019 2:31 PM
  • The script for disabling access to Store suggested to apply to build and capture of reference image.

    The goal is to disable store access prior to starting capture.

    In my situation. I build the reference image as a first step - just applied MS updates.

    So clean VM is ready for capture.

    During capture I am getting the errors shown in the article suggesting the script.

    https://deploymentresearch.com/Research/Post/615/Fixing-why-Sysprep-fails-in-Windows-10-due-to-Windows-Store-updates

    My question:

    at what place in Capture TS I have to enter the script execution?

    here is the Build and Capture TS with suggested script application:


    --- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

    Tuesday, January 22, 2019 7:34 PM
  • My question:

    at what place in Capture TS I have to enter the script execution?


    Your picture shows only the Capture TS.

    The Disable-Store-Updates script must be added before the Capture TS, i.e., it must occur immediately after Build (specifically, it must execute as the next step after Install-OS, else the updating will begin automatically)

    Does this help?


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    • Marked as answer by pob579 Wednesday, January 23, 2019 5:06 PM
    Tuesday, January 22, 2019 8:49 PM
  • Don,

    during years I am using the method below for building the reference image prior the capture... and it worked just fine... please let me know if it's against the right approach of using MDT (I don't think so):

    a) install VLK OS on VM. Fully patch it. Install the apps that must be present for all users (Office, .Net and few corporate apps)

    b) take a snapshot of the VM

    c) perform the capture

    d) revert a snapshot and then delete it.

    e) in 3-6 month install new Windows Updates, create a snapshot, capture the machine.

    f) replace an existing wim for the deployment image by just captured one...

    and the cycle repeated...

    With Windows 10 we have an issue known for about 2 years. Store stuff... that affect some people.

    The first helper stevefrat20 understood my scenario from the beginning and provided a beautiful solution that supposed to help in my scenario:

    "I would disable this in local group policy editor in the reference image:

    Computer Configuration>Administrative Templates>Windows Components>Store

    Enable: Turn off Automatic Download and Install of Updates

    I would disable this in local group policy editor in the reference image:

    Computer Configuration>Administrative Templates>Windows Components>Store

    Enable: Turn off Automatic Download and Install of Updates"

    I was happy to see that, because it supposed to stop Store connection prior the capture. But it didn't work and fail with the same error as without changing local GPO.

    From reading your note I have a feeling that may be I have to turn on the GPO advised (for disabling store access) right after OS install (prior the first connection to Internet). Then to enable Internet and download all the patches.

    Does it make sense?

    And please say yes/no about my approach for dealing with reference image.

    Steve, what is your thinking about my guess for using proposed GPO right after OS install?

    I want to make work W10. Why it should be so complicated and during 2 years no some silent fix for latest MDT and ADK builds...?

    Thx.


    --- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis


    • Edited by pob579 Wednesday, January 23, 2019 5:00 PM
    Wednesday, January 23, 2019 1:58 PM
  • It works fine!

    as mentioned in previous post as my "theory", following Don's notes about Store, I installed OS without enabling

    NIC. Then Turned OFF all the Store heck in GPO (THANKS Steve!).

    Capture went fine.

    Will perform a deploy a bit later and pretty sure there should not be any issue...

    Will address here in case of a problem :).

    Thanks guys!


    --- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

    Wednesday, January 23, 2019 5:06 PM
  • Windows10 and Windows8, both have this issue, it's because of the way Metro/Modern/Store apps are managed/updated.

    It has always been this way with Win8/Win10. And I expect it will always be this way.

    I guess your method has always been fine for Win7 and older OS, but your original method, which did not block app updates, is what has caused your issue for years. It's very well known in the IT community, for those who frequently deal with customised image 'factory' tasks.

    Mike Niehaus and Johan Arwidmark and many others have blogged about it many many times ;)

    https://blogs.technet.microsoft.com/brandonlinton/2015/08/28/windows-10-sysprep-fails-after-removing-or-updating-windows-built-in-windows-store-apps/

    https://blogs.technet.microsoft.com/mniehaus/2018/04/17/cleaning-up-apps-to-keep-windows-10-sysprep-happy/

    https://support.microsoft.com/en-us/help/2769827/sysprep-fails-after-you-remove-or-update-windows-store-apps-that-inclu


    Don [doesn't work for MSFT, and they're probably glad about that ;]



    • Edited by DonPick Wednesday, January 23, 2019 7:49 PM add links
    • Marked as answer by pob579 Thursday, January 24, 2019 3:24 PM
    Wednesday, January 23, 2019 7:44 PM
  • As expected, the deployment after capture went fine.

    I really do not need Build and Capture approach for permitting Store Apps update. I keep the things simple by preparing reference image manually (installing updates and enterprise apps).

    Absolutely no need in Store apps and their updates. Contrary, looking for a way to remove and lock maximum possible of W10 forced stuff (OneDrive and other things that "talking" to Internet).

    I need secure and stable OS without any gimmicks. Don't trying to pretend to be a smart one but really don't see a necessity of keeping bulk stuff for creating troubles to myself.

    Do I miss something important by choosing the old days approach of creating reference image?


    --- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

    Thursday, January 24, 2019 3:24 PM