Help with Win10 sysprep

John Sartoris

I thought I was going to be in the clear, I made my way past all of the Generalize issues, removal of the MS Store app that I didn’t install, etc. Updated my unattend.xml and ran my scripted cleanup and sysprep. The script isn’t anything fancy, just a process to empty temp files and such.

Problem is after I capture and deploy the image, the target gets stuck at “Just a moment” and reboots. This isn’t a problem with imaging either, the source system does it also. I’ve pulled the event log from the machines and found what I’m pretty sure is the issues, I just have no idea what I can do about it.

The process C:\Windows\System32\CloudExperienceHostBroker.exe (l-2640-win10i) has initiated the restart of computer l-2640-win10i on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Reconfiguration (Unplanned)
 Reason Code: 0x20004
 Shutdown Type: restart

This happens over and over again. I found one suggestion in all of my searching, to enable UAC via registry modification. Well, my was already enabled and disabling it didn’t help.

Wayne Workman

Not to change your mind at all, but is sysprep necessary?

To me it’s always been burdensome, I’ve been imaging with ghost and fog and other solutions for a while now, I’ve probably imaged well over 3,000 machines by now. I’ve never sys-prepped and I’ve installed just about every mainstream piece of software under the sun without issue. Every time someone suggests to me that it’s necessary - I point to my entire building that is running fine without being sysprepped, and I point to other buildings, other organizations, and my past jobs that are doing fine without it.

I’d suggest seeing if you can get it working without sys-prep first.

John Sartoris

I’ve been trying to find someone saying that, and I couldn’t find it. In the past I remember reading that it wasn’t even needed for 7, but I can’t find that anymore.

As for any reason I know it might be needed, is just regenerating some of the unique install IDs. The machine ID and a few other locations are used for tracking in WSUS and Windows KMS Server. I have however seen that these were not even being regenerated by my last few rounds of Win7 syspreps. Sure I have “skip rearm” set. I don’t remember why but I do remember it being needed/suggested somewhere.

I’ve had to manually rearm and regenerate quite a few hosts this last year in efforts to keep my kms server active. Fortunately it’s as simple as 2 bat files and I only need to get 30ish to have a safety margin beyond the 25 threshold.

If I could run these automatically on deploy, or maybe better would be to alter my pre-sysprep cleanup to run it and as you suggest skip sysprep.

I’ll run some tests. Still curious what went wrong and why “CloudExperienceHostBroker” is causing trouble.

Wayne Workman

@John-Sartoris I did a whole lot of research about this maybe a year ago - from memory, I remember one of the only reasons being WSUS.

But, I work for a school district where there is no tolerance for update failures. We just image yearly with an updated image and roll out a specific patch if needed but that’s rare.

george1421

@Wayne-Workman said:

Not to change your mind at all, but is sysprep necessary?

If you are capturing and deploying to the same hardware sysprep is not (absolutely) necessary. If you have one image for 12 hardware platforms, its a bit more important. FWIW: We always sysprep images just post MDT build.

Wayne Workman

@george1421 To have one image for many models, yes, sysprep is important.

But I keep one or more images per model. Storage is cheap and updates are easy to do. I think we’ve had this conversation before? lol

Either way anyone goes I totally respect their decision. But I personally value the simplicity of deployment (with the extra burden of time for building/updating many images) more than I do the complexities of building a single image that will work with many models.

MRCUR

Can you post the unattend file and whatever your cleanup script is? I just finished our initial batch of Win 10 Enterprise images and haven’t run into any issues with sysprep (I’m using our existing Win 7 sysprep file without any modifications).

This thread might be a good resource to compare your sysprep file to mine and others: https://forums.fogproject.org/topic/5873/windows-10-unattend-xml-sysprep-answer-file-challenge/15

I’m a big proponent of sysprep so I won’t try talking you out of using it.

John Sartoris

While trying to answer @Wayne-Workman 's questions, I started to isolate my problem piece by piece. I installed an absolute fresh copy on Win10 ENT 1511 and ran my cleanup and sysprep. It broke in the same way. I repeated with just sysprep and it got past my problem, so it wasn’t sysprep, it was my cleanup…

I think I have it sorted. I know for sure I had 2 things happening. First was removing the background updated store apps. I reverted to my backup and followed the workaround I found…

Really MS??? don’t connect the computer to the network??? How is that possible with installing 60+ software packages and countless windows updates?

So rather than uninstalling the updates, the workaround is to login with a different user and delete the “setup” user profile, then run sysprep from the secondary account. I used a domain account for installing software from our network resource, and then used our backup local user for the clean and sysprep. This got me past the OP problem. I guess it was related to the store apps I removed. I was using this script to process them in bulk. But now I’m not doing that at all.

My second problem that showed up after this was fixed was with the <ComputerName> option. I tried it several ways and all I was getting was “could not parse or process” “[specialize]”. In the end I simply removed the line, and now it assigns a random name and completes, FOG will take care of the rest.

One other thing I found that I’m not sure about was adding the product key. I am using KMS and I thought I updated it from my Win7 file, but when I double checked it was missing.

MRCUR

@John-Sartoris I’m not sure what the issue is with connecting to the network. Below are the commands to remove the “Modern” apps and make it so they never reinstall.

Get-AppXPackage -AllUsers | Remove-AppXPackage
Get-AppXProvisionedPackage -Online | Remove-AppXProvisionedPackage -Online

JJ Fullmer

I also am a loather of sysprep.
Looking through this forum post might help a little, maybe not a lot
https://forums.fogproject.org/topic/6431/cortana-windows-search-breaks-in-default-profile/18

I use one image for multiple hardwares without sysprep
I just had to figure out what sysprep was doing that was so important.

The biggest thing is uninstalling drivers.
But doing that manually in the device manager is time consuming and if you uninstall the wrong thing, you can lose your mouse.
What you need is devcon from the windows WDK. http://go.microsoft.com/fwlink/p/?LinkId=526733
Then copy devcon.exe from the install folder of the wdk to C:\Windows\System32 on your image

Then
devcon -r remove * Will uninstall all devices in the device manager like sysprep does and then it restarts, which would be your last step before imaging.

The downisde is that it ends up removing some devices used for remote desktop and they don’t auto reinstall.
But that’s fixed with this magic script FixRemoteDesktop.bat after imaging.

@ECHO off
	REM Script for fixing remote desktop after uninstalling all devices

	call :main
	exit

:main
	call :funcHead "Welcome to the remote desktop fix!"
	call :setVars
	call :addDriver "NDIS Virtual Network Adapter Enumerator" "%drivers%\ndisvirtualbus.inf_amd64_c420021ea374b6f3\ndisvirtualbus.inf" ROOT\NdisVirtualBus
	call :addDriver "UMBus Root Bus Enumerator" "%drivers%\umbus.inf_amd64_b5911c04e2dae8d2\umbus.inf" root\umbus.inf
	call :addDriverAndRestart "Remote Desktop Device Redirector Bus" "%drivers%\rdpbus.inf_amd64_e1a9f2699d349149\rdpbus.inf" ROOT\RDPBUS

	EXIT /B

:setVars
	set drivers=C:\Windows\System32\DriverStore\FileRepository

	EXIT /B

:addDriver
	echo. installing %~1...	
	Devcon install %~2 %~3
	echo. done!
	EXIT /B

:addDriverAndRestart
	echo. installing %~1 and restarting computer...	
	Devcon -r install %~2 %~3
	echo. done!
	REM just in case -r doesn't reboot...
	Devcon reboot & exit
	EXIT /B

:dots
	REM just echoing dots in a Function instead of copy pasting them so that it's consistent
	echo ......................................................................
	EXIT /B

:funcHead
	REM A simple function for displaying a consistent header at the start of functions
	call :dots
	echo. %~1
	call :dots
	EXIT /B

Then you don’t have to deal with slow buggy sysprep.
There are some other things that you had to do in the registry for windows 7 and 8 to reset the security id, but from what I can tell windows 10 does all that automagically when it finds itself on a new computer. But that might just be me being in an ignorant bliss.
But in the time I’ve been using this method I have had 0 residual driver issues on client computers.
So I recommend ditching sysprep and making your own imageprep

JJ Fullmer

@MRCUR There is also a separate version of Windows 10 you can get with your volume licensing. The LTSB version takes out all the
“modern” apps plus the ability to just add the ones you want and don’t want I believe. I haven’t tried that as of yet

MRCUR

@Arrowhead-IT Edge is also removed. We’re deploying Enterprise with all of the “Modern” apps removed at first. We’ll add some back later, but for now we’re starting with a minimal install.

MRCUR

@Arrowhead-IT You will likely run into issues with WSUS and KMS without running sysprep. I’m not trying to convince you to switch your method which seems to work well for you guys, but just want to be sure people know what the risks are when they do not use the Microsoft method of creating images.

John Sartoris

@MRCUR said:

@John-Sartoris I’m not sure what the issue is with connecting to the network. Below are the commands to remove the “Modern” apps and make it so they never reinstall.

Get-AppXPackage -AllUsers | Remove-AppXPackage
Get-AppXProvisionedPackage -Online | Remove-AppXProvisionedPackage -Online

I tried that when I started, unfortunately it didn’t seem to do anything for me. Then I found the “All Users” apps that also needed to be processed, and the “All Users” versions of the Remove commands don’t pipe. So you have to run each app manually, that where the script I linked to comes in.

@Arrowhead-IT said:

devcon -r remove *

I have been using a custom script for a few years with Win7 that processes device drivers using this set of commands and a network driver store. Works great, I’ve got one image that works on at least a dozen different models of machine. As long as it’s AHCI and I’ve included the network drivers in the image all it good and it will send me an email when it’s done with the cleanup.

Now to sort out if FOG can tell the difference between a workgroup and a domain. I know the answer in the past was no.

John Sartoris

@MRCUR said:

@Arrowhead-IT Edge is also removed. We’re deploying Enterprise with all of the “Modern” apps removed at first. We’ll add some back later, but for now we’re starting with a minimal install.

Pretty much in the same boat here. We don’t like taking away features, but don’t have plans for them yet. We only have a hand full of windows touch devices, but we are talking about a student cart of Surface tablets for an art class. Need to find out about deployment tools for modern apps. Is it part of the Meraki free MDM?

MRCUR

@John-Sartoris I would try those commands again while in audit mode. They 100% work for me on Enterprise 1511 (latest update, build 11586.104 I think?) while in audit mode using the built in admin account. You’ll see a bunch of failures for apps that cannot be removed (like Edge), but it still works. The Start menu should be pretty much empty once they’re run.

MRCUR

@John-Sartoris I think Meraki may have added something for Win 10 in their latest Systems Manager release, but you’d need to be on the Enterprise version (free for 100 or less devices, paid otherwise).

John Sartoris

@MRCUR said:

@John-Sartoris I would try those commands again while in audit mode. They 100% work for me on Enterprise 1511 (latest update, build 11586.104 I think?) while in audit mode using the built in admin account. You’ll see a bunch of failures for apps that cannot be removed (like Edge), but it still works. The Start menu should be pretty much empty once they’re run.

The commands worked, but I think I was removing something that I shouldn’t have. Initially I started removing the modern apps because of the “was installed for a user, but not provisioned for all users. This package will not function properly in the sysprep image.” error. I think it started as “Microsoft.WindowsCamera” but I don’t have notes of that. Then it moved on to “NET-Framework-Core” I think. And at some point I removed “Microsoft.WindowsStore”, then it really wasn’t happy.

Anyway, I now have an image that sysprep, captures and restores. I’m ok having the stock apps available for now. I expect to find a way to remove/block unwanted ones with group policy or some other tool. If not I’ll make another revision of the image. I’ve still got plenty of testing and experimentation before our mass roll out to the majority of our 1300+ hosts.

Wayne Workman

@MRCUR said:

@John-Sartoris I’m not sure what the issue is with connecting to the network. Below are the commands to remove the “Modern” apps and make it so they never reinstall.

Get-AppXPackage -AllUsers | Remove-AppXPackage
Get-AppXProvisionedPackage -Online | Remove-AppXProvisionedPackage -Online

#wiki

Wayne Workman

@Arrowhead-IT said:

I also am a loather of sysprep.
Looking through this forum post might help a little, maybe not a lot
https://forums.fogproject.org/topic/6431/cortana-windows-search-breaks-in-default-profile/18

I use one image for multiple hardwares without sysprep
I just had to figure out what sysprep was doing that was so important.

The biggest thing is uninstalling drivers.
But doing that manually in the device manager is time consuming and if you uninstall the wrong thing, you can lose your mouse.
What you need is devcon from the windows WDK. http://go.microsoft.com/fwlink/p/?LinkId=526733
Then copy devcon.exe from the install folder of the wdk to C:\Windows\System32 on your image

Then
devcon -r remove * Will uninstall all devices in the device manager like sysprep does and then it restarts, which would be your last step before imaging.

The downisde is that it ends up removing some devices used for remote desktop and they don’t auto reinstall.
But that’s fixed with this magic script FixRemoteDesktop.bat after imaging.

@ECHO off
	REM Script for fixing remote desktop after uninstalling all devices

	call :main
	exit

:main
	call :funcHead "Welcome to the remote desktop fix!"
	call :setVars
	call :addDriver "NDIS Virtual Network Adapter Enumerator" "%drivers%\ndisvirtualbus.inf_amd64_c420021ea374b6f3\ndisvirtualbus.inf" ROOT\NdisVirtualBus
	call :addDriver "UMBus Root Bus Enumerator" "%drivers%\umbus.inf_amd64_b5911c04e2dae8d2\umbus.inf" root\umbus.inf
	call :addDriverAndRestart "Remote Desktop Device Redirector Bus" "%drivers%\rdpbus.inf_amd64_e1a9f2699d349149\rdpbus.inf" ROOT\RDPBUS

	EXIT /B

:setVars
	set drivers=C:\Windows\System32\DriverStore\FileRepository

	EXIT /B

:addDriver
	echo. installing %~1...	
	Devcon install %~2 %~3
	echo. done!
	EXIT /B

:addDriverAndRestart
	echo. installing %~1 and restarting computer...	
	Devcon -r install %~2 %~3
	echo. done!
	REM just in case -r doesn't reboot...
	Devcon reboot & exit
	EXIT /B

:dots
	REM just echoing dots in a Function instead of copy pasting them so that it's consistent
	echo ......................................................................
	EXIT /B

:funcHead
	REM A simple function for displaying a consistent header at the start of functions
	call :dots
	echo. %~1
	call :dots
	EXIT /B

Then you don’t have to deal with slow buggy sysprep.
There are some other things that you had to do in the registry for windows 7 and 8 to reset the security id, but from what I can tell windows 10 does all that automagically when it finds itself on a new computer. But that might just be me being in an ignorant bliss.
But in the time I’ve been using this method I have had 0 residual driver issues on client computers.
So I recommend ditching sysprep and making your own imageprep

#wiki

We need an article talking ALL about everything you just said. Please get with me when you get time.