Access Denied creating directory in Windows\Winsxs using Imagex


  • Using WinPE/Diskpart/Imagex

    Steps I have performed are as followed:

    1. Boot to Windows PE
    2. Run Diskpart
    3. Select Disk 0
    4. Clean
    5. Create partition primary
    6. Format FS=ntfs quick
    7. Assign
    8. active
    9. exit
    10. Imagex /apply imagefile 1 c:

    Using these steps Imagex Starts to image the drive.

    It halts stating

    [ ERROR ] C:\Windows\winsxs\amd64_microsoft-windows-blb-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_489a9cfa1badc4c5 (Error = 5)

    Error Restoring image.

    Access is Denied.

    Unsuccessful solution attempts

    Create smaller partitions, format, reclean etc

    Using full format not just quick format

    using 3rd party tools to clean the disk and mbr

    attempted to create directory manually (access is denied)

    System Information

    Windows 7 SP1 (previous image and new image are actually the SAME image)

    EEPC. Mcafee EEPC seems to be the catalyst. I only get this issue when this is installed on the machine. Mcafee says it's not them, it's not their problem, contact the makers of imagex.

    If you reboot the machine and reload windows PE this error goes away.

    The only file in this directory is windowsbackup.admx


    There is something RAM resident on the machine preventing the creation of this directory. BMC's BladeLogic system doesnt allow for an extra reboot in the imaging/provisioning process.

    If this were an issue of information on the disk, a full format would clear that out.

    I am looking for suggestions, ideas, information on what might be causing this error, and how to bypass it. I am willing to use any process i can automate (ie scripted CLI tools or batchable winPE functions.

    Monday, April 09, 2012 4:20 PM


All replies

  • 1. If you feel that AV program is causing problem try it without AV.

    2. Try use full pathes and verify

    3. Use Process Monitor to catch faulting spot (from Sysinternals)



    Monday, April 09, 2012 6:49 PM
  • 1. Each machine has EEPC on it, and removing EEPC prior to imaging would be a 4-14 hour process depending on the speed of the machine..

    2. Full paths and verify do not have any effect.

    3. Using process monitor.. it looks like the virtual disk service tries to write .. it gets access denied.

    There are even points that I see in process monitor where VDS is getting FSCTL_LOCK_VOLUME when trying to access the flash drive that the image is stored on..

    It keeps trying to write to 3 directories on the C: drive (target for image)

    • C:\windows\system32\driverstore\filerepository
    • c:\windows\winsxs
    • c:\$mft

    At one point it looks like it is trying to lock the volume and failing.. Then it tries to set some HKLM regkeys for mounteddevices.

    It looks like it loops around trying to figure out why it cant write.. tries to pull on cscapi.dll (which isn't on pe)..

    I mean it almost looks like it is trying to use winsxs while imaging the machine..

    I can provide lots of procmon files etc if they will help.


         Neal Pellis

         BMC Software

    Tuesday, October 09, 2012 10:52 PM