Enabling Trusted Directory Approval of WIM Files
search cancel

Enabling Trusted Directory Approval of WIM Files


Article ID: 288716


Updated On:


Carbon Black App Control (formerly Cb Protection)


How to enable Trusted Directory Approval of WIM files to perform Windows upgrades.


  • App Control Console: All Supported Versions
  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions


  1. Choose or create the Trusted Directory, on a system with an Agent installed, which contains the WIM files (including those in ISOs).
  2. Download and install the Microsoft Windows Automated Installation Kit (AIK) or the Assessment and Deployment Kit (ADK).
    • Windows AIK for Windows XP, Vista and Server equivalents.
    • Windows ADK for Windows 8, 10, 11 and Server equivalents.
    • Note: The AIK (or ADK) includes ImageX.exe, which will be required for WIM Approval. The version of ImageX.exe is the same for both downloads, using the version specified for the required OS makes installation simpler.
  3. Temporarily disable Tamper Protection on the Agent running on the Trusted Directory server.
  4. Copy ImageX.exe from the download into the Agent's installation directory (C:\Program Files (x86)\Bit9\Parity Agent).
  5. Approve (Locally or Globally) the ImageX.exe file in the Console > Tools Find Files > ImageX.exe
  6. Enable Tamper Protection.
  7. Verify Deep Crawl is enabled with support for .wim files:
  8. Verify the Agent on the Trusted Directory server shows as Up to Date in the Policy Status before proceeding.
  9. Copy or move any ISO files and/or separate WIMs that require Approval into the Trusted Directory.

Note: The full Inventory & Approval process may take several hours to complete, and could consume more system resources than normal during this time.

Additional Information