• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Windows 10 driver injection doesn't install during sysprep

Scheduled Pinned Locked Moved
Windows Problems
10
50
24.6k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • U
    UWPVIOLATOR @george1421
    last edited by Mar 30, 2018, 2:56 PM

    @george1421 said in Windows 10 driver injection doesn't install during sysprep:

    @echo off
    echo Please wait wile we install some things you’ll need
    %~dp0\Bluetooth\Setup.exe /quiet /passive /norestart
    %~dp0\WiFi\setup.exe -quiet -passive -norestart

    Trying to test this out and getting stuck. I am trying to get a HP Softpack to install. I extracted the softpack and got the setup.exe. Per the CVA file. The command for it is

    "setup.exe" /s /v"/qn /lv %ProgramData%\Hotkey_setup.log REBOOT=REALLYSUPPRESS"
    

    If I run this in windows the UAC will pop up. Will this be the same if its being called in setupcomplete? or how do you bypass the UAC? and thinking about how dumb all this is, what is the proper way we are supposed to be adding drivers to Windows as it seems like we are doing it all wrong as this is hard as ^^@&.

    G 1 Reply Last reply Mar 30, 2018, 3:07 PM Reply Quote 0
    • G
      george1421 Moderator @UWPVIOLATOR
      last edited by george1421 Mar 30, 2018, 9:08 AM Mar 30, 2018, 3:07 PM

      @uwpviolator The setupcomplete.cmd runs outside of UAC as does FOG Snap-ins. Running it interactively you will get a UAC prompt.

      Realize there is no magic bullet here. MS is making it harder with each release of MS Windows for third party imaging solutions. Soon, I fear, the only game in town will be SCCM.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

      1 Reply Last reply Reply Quote 0
      • F
        fishfox
        last edited by Apr 19, 2018, 8:51 PM

        @george1421 I’m having this same issue of course – just wondering if anybody had any update on what’s working with 1709?

        Putting the path on offlineServicing does not work (and in fact does not seem like it should as it runs during setup IE image generation).

        Altering HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\DevicePath also does not work.

        Using pnputil via SetupComplete.cmd runs into issues if the drivers aren’t signed (currently giving this a go).

        Currently giving dpinst.exe a go.

        G 1 Reply Last reply Apr 19, 2018, 9:04 PM Reply Quote 0
        • G
          george1421 Moderator @fishfox
          last edited by Apr 19, 2018, 9:04 PM

          @fishfox pnputil is the easiest fix if you have signed drivers. If you don’t have signed drivers, turn off driver signing requirements before you sysprep the image then turn the requirements back on after you run pnputil in setupcomplete.cmd. Not an ideal solution and really unsure why MS broken driver loading with 1709. I haven’t touched 1803 yet to see if they’ve fixed it or broke it even worse.

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

          F 1 Reply Last reply Apr 20, 2018, 12:39 AM Reply Quote 0
          • F
            fishfox @george1421
            last edited by Apr 20, 2018, 12:39 AM

            @george1421 How do I turn off driver signing requirements?

            Tried via Local Group Policy, BCDEdit, no luck.

            Thanks for all your help.

            G 2 Replies Last reply Apr 20, 2018, 12:41 AM Reply Quote 0
            • G
              george1421 Moderator @fishfox
              last edited by Apr 20, 2018, 12:41 AM

              @fishfox Give me a moment to look at my MDT setup

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

              1 Reply Last reply Reply Quote 0
              • G
                george1421 Moderator @fishfox
                last edited by george1421 Apr 19, 2018, 7:21 PM Apr 20, 2018, 12:51 AM

                @fishfox

                I can’t seem to get into my MDT environment at the moment, but I can get at the setupcomplete.cmd file.

                This undoes what our action turns on in MDT

                reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop /t REG_DWORD /d 1 /f
                bcdedit.exe -set loadoptions ENABLE_INTEGRITY_CHECKS
                bcdedit.exe -set TESTSIGNING OFF
                

                [Edit]: Look in this thread: https://social.technet.microsoft.com/Forums/en-US/865bc19b-c3f5-4a87-b1fb-b255de072180/temporary-disable-driver-signing-check-in-windows-7?forum=w7itproinstall

                Search for: “UAC Lower.bat” to see the premise of what is going on.

                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                1 Reply Last reply Reply Quote 0
                • S
                  sudburr
                  last edited by Apr 20, 2018, 1:45 PM

                  This is how I handle unsigned or untrusted drivers.

                  Windows Registry Editor Version 5.00
                  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
                  "1806"=dword:00000000
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
                  "1806"=dword:00000000
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Security]
                  "DisableSecuritySettingsCheck"=dword:00000001
                  

                  … then restart, install drivers, then

                  Windows Registry Editor Version 5.00
                  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
                  "1806"=-
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
                  "1806"=dword:00000001
                  [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer]
                  

                  [ Standing in between extinction in the cold and explosive radiating growth ]

                  F 1 Reply Last reply Apr 25, 2018, 3:31 AM Reply Quote 0
                  • F
                    fishfox @sudburr
                    last edited by Apr 25, 2018, 3:31 AM

                    @sudburr @george1421
                    Unfortunately neither of those worked for me – maybe a Win10 1709 thing.

                    I ended up setting up autologin and setting a PowerShell script as the shell for first logon. This was done via FOS registry edits.
                    This script installs the drivers and sets the shell back to Explorer.

                    Note this does require a hardcoded Administrator password.

                    Working on an improvement now that will set the built-in admin pass via chntpw as well. This will allow an image captured from uknown hardware to be redeployed with new hardware (even when you don’t have the benefit of sysprep / Administrator user setup).

                    If you’d like to view my progress see here: https://github.com/grlcboi/fogscripts

                    @george1421 I did borrow heavily from your 2017 tutorial and will be putting you the readme.

                    1 Reply Last reply Reply Quote 0
                    • S
                      sudburr
                      last edited by Apr 25, 2018, 2:08 PM

                      Perhaps I should expand.

                      This is what I did up to v1607.

                      My sysprep answer file sets autologon of Administrator for 99 times. It enables the Administrator account and has the password included (hashed by sysprep). It also includes a FirstLogonCommands to run a cleanup script.

                      That cleanup script performs the first part to remove security, rewrites the RunOnce registry value, then restarts the computer. Because the RunOnce registry value was recreated, the auto logon of Administrator launches that script again to perform further functions. After 3 more restarts the script turns off autologon, does not rewrite the RunOnce, re-enables security, then shuts the system down.

                      With v1709 I changed how I harvest driver files and have been able to install all drivers without the need to dumb down the security. I now install all general drivers from setupcomplete.cmd .

                      [ Standing in between extinction in the cold and explosive radiating growth ]

                      1 Reply Last reply Reply Quote 0
                      • 1
                      • 2
                      • 3
                      • 3 / 3
                      • First post
                        Last post

                      189

                      Online

                      12.0k

                      Users

                      17.3k

                      Topics

                      155.2k

                      Posts
                      Copyright © 2012-2024 FOG Project