Preparing Windows 10 (or Windows 11) to run Sysprep through Ghost Solution Suite Capture Image Task
search cancel

Preparing Windows 10 (or Windows 11) to run Sysprep through Ghost Solution Suite Capture Image Task

book

Article ID: 171149

calendar_today

Updated On:

Products

Ghost Solution Suite

Issue/Introduction

Sysprep fails to run on the client machine when trying to capture a disk image through Ghost Solution Suite with the 'Prepare using Sysprep - Configure:' option checked.

Sysprep changes are not implemented after imaging. Post-imaging issues including duplicate GUIDs, other tasks fails, imaging fails, etc.

Resolution

OVERVIEW:

This method will remove Windows Store Apps that are provisioned as '-allusers' from the operating system.  Applications such as 'Microsoft Edge and possibly Microsoft.ECAapp' may remain but Sysprep will not fail on these applications. Once the apps are removed the system will be in a 'fresh' state and Sysprep can be ran with the Create Disk Image task.

Note: The steps below are requirements that Microsoft has added to Windows 10.  Instructions are the same for Windows 11.


I. Perform a clean installation of Windows 10

  1. Use physical media (CD/DVD) or extract ISO content to a USB drive to install Windows 10, or an Scripted OS Install (SOI) job using the GSS console
  2. Sysprep is only supported on Volume and Retail licensed installs of Windows. Sysprep will fail if performed on an OEM install. This can be verified by running "slmgr /dlv" from command prompt on the endpoint.
  3. During installation create a local Administrator account
  4. After installation is complete, login to the system as the recently created local Administrator account
  5. Do not join the machine to a domain.  This is all done with a local administrator account.

II. Perform ‘Prepare using Sysprep - Configure:’ prerequisite tasks

  1. Disable Automatic update of Windows Store apps
    1. Open ‘Windows Store’
    2. Click ‘Windows Start Button > Store’
    3. For build 1703 click on the three horizontal lines in the upper left hand corner
    4. For build 1709 click on the person icon
    5. Click ‘Settings’
    6. Move slider on setting ‘Update apps automatically’ from ‘on’ to ‘off’
  2. Use ‘Windows update’ to install latest patches to the system
    1. Delay Feature Updates (Build 1703/1709 steps)
      1. Click ‘Windows Start Button > Settings > Update and security > Windows Update’
      2. On the right side click ‘Advanced Options’
      3. Click on the drop down box under ‘A feature update includes new capabilities and improvements.  It can be deferred for this many days:
        1. Select ‘8’
    2. Install Updates
      1. Click ‘Windows Start Button > Settings > Update and security > Windows Update’
      2. Click ‘Check for updates’
    3. Make sure that all reboots are completed after patches are applied
      1. Login back into the system as the recently created local Administrator Account
      2. Verify system has not been upgraded to a new version of the OS
  3. Install Ghost Solution Suite Dagent on client machine
    1. Use the Remote Agent Installer to push the Dagent to the client machine
  4. Disable User Access Control (UAC)
    1. Open Regedit.exe
    2. Check for the following key:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.  
    3. Set EnableLUA to '0'
    4. Reboot the computer    
    5. Login as the local Administrator created during installation
  5. Remove Windows Store Apps (Also known as ‘modern’ or ‘UWP’ apps)
    1. NOTE: These apps will automatically be reinstalled by Microsoft mini-setup after the source system is rebooted to production.
    2. Log into the system with local administrator account created during install.  
    3. Click on the ‘Cortana’ icon (circle next to start) in the task bar and search for 'Powershell'. Wait for the Windows PowerShell application to appear at the top.
    4. Right Click 'Windows Powershell' at the top of the list and choose 'Run as Administrator'.
    5. In the Powershell window, type:
      1. Get-AppxPackage -AllUser | Where PublisherId -eq 8wekyb3d8bbwe | Format-List -Property PackageFullName,PackageUserInformation
        1. This command lists the Windows 10 'Modern/Windows Store' packages/apps that are ‘Installed’ for the user(s)
      2. Get-AppxPackage -AllUsers | Remove-AppxPackage
        1. Errors will be displayed but this is okay. This command removes the Windows store apps for the currently logged in user.  It DOES NOT remove the apps from other users on the system.  It is removing every app that is provisioned as ‘AllUsers’
      3. Get-AppxPackage -AllUser | Where PublisherId -eq 8wekyb3d8bbwe | Format-List -Property PackageFullName,PackageUserInformation
        1. This command shows if the apps have been returned to a ‘staged’ state.  
          • Some packages/apps will be left 'Installed' for the user and can be safely ignored. Apps/packages that will not be set to 'staged' may include the following:
            Microsoft.AsyncTextService
            Microsoft.ECApp
            Microsoft.MicrosoftEdge
            NcsiUwpApp
            Microsoft.Windows.NarratorQuickStart
            Microsoft.UI.Xaml
            Microsoft.SecHealthUI
            Microsoft.VCLibs
            Microsoft.NET.Native

          • THIS STEP WILL NOT BE NEEDED IF THE STEPS IN THIS KB HAVE BEEN FOLLOWED: Should the packages show that another user is still installed after running this PowerShell script, repeat steps under section ‘5(1 and 2)’above substituting the appropriate user(s) for the ‘local administrator account created during install’
          • Once all applications – except those listed above– are in a ‘staged’ state, continue to step ‘3’ below

*Some antivirus software can interfere with Sysprep. It is not recommended to deploy/install antivirus software until after Sysprep has completed to avoid unnecessary troubleshooting.*

III. Run the Create Disk Image job against the system

  1. Make sure the 'Prepare using Sysprep - Configure:' option is checked within the Create Disk Image task
    1. Click on Sysprep Settings
    2. Specify the correct operating system
    3. Select the Use Existing Key option for the Product Key
    4. Select the Administrator User radial button
      1. specify a user with administrator rights on the Windows 10 client machine

Troubleshooting:

Note: Before calling support for assistance, gather the ‘setupact.log’ and 'setuperr.log' from '<drive>:\Windows\System32\Sysprep\Panther' from the system.

  • If Sysprep runs forever with 0% CPU one of the following may be occurring:
    1. There are Windows Store apps that are in the installed state.  
    2. Verify that the following PowerShell command shows that all apps are cleared:
      Get-AppxPackage -AllUser | Where PublisherId -eq 8wekyb3d8bbwe | Format-List -Property PackageFullName,PackageUserInformation
    3. Run PowerShell command again: 
      Get-AppxPackage -AllUsers | Remove-AppxPackage
    • *Make sure to login and run the commands with the user who is defined in Syspre Settings 
  • Sysprep logs show: ‘System Preparation Tool 3.14 A fatal error occurred while trying to sysprep the machine’
    1. The Windows Store apps have updated and are provisioned for 'one user' instead of 'all users'.  
      1. Read Microsoft KB https://support.microsoft.com/en-us/kb/2769827
        1. The solution in this KB does not always work
  • The computer\username supplied to the ‘Sysprep Settings’ button, under the Create Disk Image task, doesn’t have sufficient rights
    • Ensure that the user is an administrator to the system.
  • System may have been logged into with more than one user
    1. Login to the system for each user that has previously logged in
    2. Follow Remove Windows Store Apps (Also known as ‘modern’ or ‘UWP’ apps) steps above
  • Setuperr.log file indicates an App is installed for a user ( note the package full name)
    1. from powershell enter: Remove-AppxPackage -Package <package full name>
    2. from powershell enter: Remove-AppxProvisionedPackage -Online -PackageName <package full name>
  • Setuperr.log file indicates: Sysprep error “Machine is in an invalid state or we couldn’t update the recorded state.”
    1. run to check is the registry keys for Sysprep look like: 
      reg query HKLM\System\Setup\status\SysprepStatus
       
      HKEY_LOCAL_MACHINE\System\Setup\status\SysprepStatus
          GeneralizationState    REG_DWORD    0x7
          CleanupState           REG_DWORD    0x2

       

    2. n a normal state these values are set as shown above. If not set it with:

      reg add HKLM\System\Setup\status\SysprepStatus /v GeneralizationState /t REG_DWORD /d 7 /f
      reg add HKLM\System\Setup\status\SysprepStatus /v CleanupState        /t REG_DWORD /d 2 /f

Additional information from third party sources regarding issues can be found here:

  • http://support.microsoft.com/kb/2769827
  • https://kb.vmware.com/s/article/2079196
  • https://virtuallyinclined.com/2017/01/08/windows-10-appx-packages-can-break-sysprep/
  • http://www.thewindowsclub.com/disable-automatic-updates-for-windows-store-apps-in-windows-10
  • https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/sysprep--generalize--a-windows-installation