Help with Win10 sysprep

MRCUR

@Arrowhead-IT You will likely run into issues with WSUS and KMS without running sysprep. I’m not trying to convince you to switch your method which seems to work well for you guys, but just want to be sure people know what the risks are when they do not use the Microsoft method of creating images.

John Sartoris

@MRCUR said:

@John-Sartoris I’m not sure what the issue is with connecting to the network. Below are the commands to remove the “Modern” apps and make it so they never reinstall.

Get-AppXPackage -AllUsers | Remove-AppXPackage
Get-AppXProvisionedPackage -Online | Remove-AppXProvisionedPackage -Online

I tried that when I started, unfortunately it didn’t seem to do anything for me. Then I found the “All Users” apps that also needed to be processed, and the “All Users” versions of the Remove commands don’t pipe. So you have to run each app manually, that where the script I linked to comes in.

@Arrowhead-IT said:

devcon -r remove *

I have been using a custom script for a few years with Win7 that processes device drivers using this set of commands and a network driver store. Works great, I’ve got one image that works on at least a dozen different models of machine. As long as it’s AHCI and I’ve included the network drivers in the image all it good and it will send me an email when it’s done with the cleanup.

Now to sort out if FOG can tell the difference between a workgroup and a domain. I know the answer in the past was no.

John Sartoris

@MRCUR said:

@Arrowhead-IT Edge is also removed. We’re deploying Enterprise with all of the “Modern” apps removed at first. We’ll add some back later, but for now we’re starting with a minimal install.

Pretty much in the same boat here. We don’t like taking away features, but don’t have plans for them yet. We only have a hand full of windows touch devices, but we are talking about a student cart of Surface tablets for an art class. Need to find out about deployment tools for modern apps. Is it part of the Meraki free MDM?

MRCUR

@John-Sartoris I would try those commands again while in audit mode. They 100% work for me on Enterprise 1511 (latest update, build 11586.104 I think?) while in audit mode using the built in admin account. You’ll see a bunch of failures for apps that cannot be removed (like Edge), but it still works. The Start menu should be pretty much empty once they’re run.

MRCUR

@John-Sartoris I think Meraki may have added something for Win 10 in their latest Systems Manager release, but you’d need to be on the Enterprise version (free for 100 or less devices, paid otherwise).

John Sartoris

@MRCUR said:

@John-Sartoris I would try those commands again while in audit mode. They 100% work for me on Enterprise 1511 (latest update, build 11586.104 I think?) while in audit mode using the built in admin account. You’ll see a bunch of failures for apps that cannot be removed (like Edge), but it still works. The Start menu should be pretty much empty once they’re run.

The commands worked, but I think I was removing something that I shouldn’t have. Initially I started removing the modern apps because of the “was installed for a user, but not provisioned for all users. This package will not function properly in the sysprep image.” error. I think it started as “Microsoft.WindowsCamera” but I don’t have notes of that. Then it moved on to “NET-Framework-Core” I think. And at some point I removed “Microsoft.WindowsStore”, then it really wasn’t happy.

Anyway, I now have an image that sysprep, captures and restores. I’m ok having the stock apps available for now. I expect to find a way to remove/block unwanted ones with group policy or some other tool. If not I’ll make another revision of the image. I’ve still got plenty of testing and experimentation before our mass roll out to the majority of our 1300+ hosts.

Wayne Workman

@MRCUR said:

@John-Sartoris I’m not sure what the issue is with connecting to the network. Below are the commands to remove the “Modern” apps and make it so they never reinstall.

Get-AppXPackage -AllUsers | Remove-AppXPackage
Get-AppXProvisionedPackage -Online | Remove-AppXProvisionedPackage -Online

#wiki

Wayne Workman

@Arrowhead-IT said:

I also am a loather of sysprep.
Looking through this forum post might help a little, maybe not a lot
https://forums.fogproject.org/topic/6431/cortana-windows-search-breaks-in-default-profile/18

I use one image for multiple hardwares without sysprep
I just had to figure out what sysprep was doing that was so important.

The biggest thing is uninstalling drivers.
But doing that manually in the device manager is time consuming and if you uninstall the wrong thing, you can lose your mouse.
What you need is devcon from the windows WDK. http://go.microsoft.com/fwlink/p/?LinkId=526733
Then copy devcon.exe from the install folder of the wdk to C:\Windows\System32 on your image

Then
devcon -r remove * Will uninstall all devices in the device manager like sysprep does and then it restarts, which would be your last step before imaging.

The downisde is that it ends up removing some devices used for remote desktop and they don’t auto reinstall.
But that’s fixed with this magic script FixRemoteDesktop.bat after imaging.

@ECHO off
	REM Script for fixing remote desktop after uninstalling all devices

	call :main
	exit

:main
	call :funcHead "Welcome to the remote desktop fix!"
	call :setVars
	call :addDriver "NDIS Virtual Network Adapter Enumerator" "%drivers%\ndisvirtualbus.inf_amd64_c420021ea374b6f3\ndisvirtualbus.inf" ROOT\NdisVirtualBus
	call :addDriver "UMBus Root Bus Enumerator" "%drivers%\umbus.inf_amd64_b5911c04e2dae8d2\umbus.inf" root\umbus.inf
	call :addDriverAndRestart "Remote Desktop Device Redirector Bus" "%drivers%\rdpbus.inf_amd64_e1a9f2699d349149\rdpbus.inf" ROOT\RDPBUS

	EXIT /B

:setVars
	set drivers=C:\Windows\System32\DriverStore\FileRepository

	EXIT /B

:addDriver
	echo. installing %~1...	
	Devcon install %~2 %~3
	echo. done!
	EXIT /B

:addDriverAndRestart
	echo. installing %~1 and restarting computer...	
	Devcon -r install %~2 %~3
	echo. done!
	REM just in case -r doesn't reboot...
	Devcon reboot & exit
	EXIT /B

:dots
	REM just echoing dots in a Function instead of copy pasting them so that it's consistent
	echo ......................................................................
	EXIT /B

:funcHead
	REM A simple function for displaying a consistent header at the start of functions
	call :dots
	echo. %~1
	call :dots
	EXIT /B

Then you don’t have to deal with slow buggy sysprep.
There are some other things that you had to do in the registry for windows 7 and 8 to reset the security id, but from what I can tell windows 10 does all that automagically when it finds itself on a new computer. But that might just be me being in an ignorant bliss.
But in the time I’ve been using this method I have had 0 residual driver issues on client computers.
So I recommend ditching sysprep and making your own imageprep

#wiki

We need an article talking ALL about everything you just said. Please get with me when you get time.

Wayne Workman

@John-Sartoris said:

I have been using a custom script for a few years with Win7 that processes device drivers using this set of commands and a network driver store. Works great, I’ve got one image that works on at least a dozen different models of machine. As long as it’s AHCI and I’ve included the network drivers in the image all it good and it will send me an email when it’s done with the cleanup.

We need information in our #wiki on this area - please get with me when you have time via messaging.

JJ Fullmer

@Wayne-Workman I would love to
However I would wait until I have finished my current project of using fog to upgrade all clients to windows 10 so that this method is more thoroughly tested first.
It’s tested, but not thorough and I will likely make some changes to my image prep script along the way. Then making it a wiki article will pretty much be copy paste from my documentation on the work project. Should be done by the end of next month, hopefully sooner, but I’m anticipating more troubles.