As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

Need assistance from Windows 10 and DISM experts

So I'm in an enterprise environment, we are currently working to roll out windows 10. We decided to try DISM to create .wim files of our system os with modifications, and push that to several systems during roll out. Unfortunately we've hit a strange snag and I can't figure where my problem is.

So the jist is this, we use a USB HDD with windows PE (dism commands loaded) to capture the image. We can apply that image to any of our identical modeled PCs. The first .WIM you apply works without issue. The second is where we start noticing problems. Meaning, we apply any .wim file, and then do that exact or different .wim file after a reboot.

This causes DISM to report error code 5 access is denied. To overcome this we format the c:\ and push the new wim file. This however causes our GPT drives to malfunction in boot. So we boot to a CD of Windows 10 and run the 2 repair commands through command prompt for the boot partition. This allows the system to boot.

This is where I get lost. For some reason when you try to create a new profile, local account or domain, I get a user profile service failure message at login. My previous profiles are working fine. My fear is that this is merely the first symptom of many future problems.

I know I'm doing wonky stuff, so I'm hoping someone can read through my rambling and help. Happy to answer any questions to get this working. Thanks in advance!

Posts

  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    What are you trying to accomplish with the second wim? Why not apply all your necessary modifications to the first wim?

    Disclosure: I'm not a DISM expert. I find the whole ecosystem of Microsoft deployment tools (DISM/WAIK/etc) to be unnecessarily opaque. But I've never heard of anybody applying a second wim to a freshly imaged computer.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • texasheattexasheat Registered User regular
    Well this is testing phase. For initial roll out, not required to do a second wim, of course. However, as we update systems and roll new images in the future we will need to push new wims. So we were testing now to ensure our processes are going to work moving forward.

  • texasheattexasheat Registered User regular
    @feral I'm kind of curious now that I've thought about it for a sec. If you don't use windows deployment kits, what do you use? We were previously using Norton Ghost. However, with GPT requirements starting to fall in, Ghost cannot communicate with GPT, so we are looking to change our imaging process. That is kind of why we are testing on DISM now. If you have a solution/product that works I would be very interested in taking a look at it.

  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    We do use Windows deployment tools. I just find them difficult to work with.

    In my environment we use DISM to modify WIM files, and then the WIM files are imported into a WDS server for deployment over the network with PXE boot.

    I wasn't trying to convince you to leave DISM, I just wanted to accurately represent the limitations of my knowledge.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • nexuscrawlernexuscrawler Registered User regular
    As with all thing MS theres always like 6 ways to do things

    We use MDT to deploy our images

  • texasheattexasheat Registered User regular
    @nexuscrawler I'm not really familiar with MDT, I've been looking at it on TechNet since you mentioned it, so not very long. I can't really tell how it works. Like just the basics really. Is it something I need a server for? I have very limited resources for supporting this. Which is why we were looking at dism and pe, free right?

    Thanks for the input, i'll keep looking at it either way.

  • nexuscrawlernexuscrawler Registered User regular
    Yeah setting up MDT requires a server as does WDS

    I'm a bit confused why you'd be pushing a second WIM on the machine. You can use DISM to modify any existing image if you need to make changes.

    Feral
  • CiriraCirira IowaRegistered User regular
    We use MDT and a WDS for our imaging as well. I've never tried to deploy two WIMs onto the same PC before so that seems a bit off to me. I've done the image capture via DISM and PE to a disk before also, but only for a single WIM file that I just modified as needed for a machine.

    Feral
  • nexuscrawlernexuscrawler Registered User regular
    It sounds like the 2nd WIM is borking the bootloader(which the repair function later fixes.)

  • texasheattexasheat Registered User regular
    The second wim is testing for future updates. For example. If I roll the wim I have today. In 6 months I may need to update it and roll again. Upon testing this back to back today, we notice that it generates an error. I agree it's a bit odd, but we're trying to plan for the future.

    We can fix the problems with a full format and repair, but that's not really what we are hoping to do with 400+ systems.

    WDS might be a good solution, however, we can't use wireless anything in our facility.

    Upon testing further we believe something is grabbing files within the OS we are attempting to overwrite and not allowing a delete or remove command. I'm thinking an antivirus product could preform that function so I'm looking into McAfee's functionality. Might be a long shot...

    Thanks again for the input, if you have any further ideas, please feel free to add them.

  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    edited July 2017
    1) Exactly what method are you using to apply the second image? For example, are you using the dism /apply-image command?

    (I have a strong feeling you're trying to use a screwdriver as a hammer here.)

    2) Just out of curiosity, do either of your WIMs enable the Windows Subsystem for Linux (WSL) feature? There's a known issue with using dism /apply-image with that feature:

    https://support.microsoft.com/en-us/help/3179598/dism-apply-image-command-fails-with-error-code-5-error-access-denied?sd=rss&spid=18165

    3)
    WDS might be a good solution, however, we can't use wireless anything in our facility.

    That doesn't make any sense. WDS doesn't have anything to do with wireless. It pushes out Windows installations by a network but that network can be wireless or wired. (And, honestly, should be wired because most computers can't even PXE boot from wifi and you don't want to push that much data over wifi anyway.) Are you saying your computers don't have any network access?

    Feral on
    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • texasheattexasheat Registered User regular
    On the WDS I might have mis-read what it was on TechNet, "A wireless distribution system (WDS) is a system enabling the wireless interconnection of access points in an IEEE 802.11 network". So that's where I got confused on that...I'll look closer into that solution, sorry for that.

    We are attempting to apply-image A, then modify image file A to create image file B, and apply-image B overwriting image A.

    No we aren't using any Linux based stuff in this environment. I don't believe WSL is enabled or even installed. I'll look for it in my image and repost when I'm sure.

    Your right, we may be using this tool improperly. My understanding of DISM Capture and Apply is that I can capture an image file, WIM, and apply that image to multiple systems. I can also update the WIM and continue to push to multiple systems as required. Perhaps I'm asking too much of capture and apply...

  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    edited July 2017
    texasheat wrote: »
    On the WDS I might have mis-read what it was on TechNet, "A wireless distribution system (WDS) is a system enabling the wireless interconnection of access points in an IEEE 802.11 network". So that's where I got confused on that...I'll look closer into that solution, sorry for that.

    Oh! Same acronym, totally different system.

    WDS = Windows Deployment Services. In brief, it is:

    A feature of Windows Server (2008/2012/2016)...
    ...that you point a DHCP option towards so you can...
    ...PXE boot a computer into Windows PE and run Windows setup...
    ...to install a Windows image file (WIM).

    https://technet.microsoft.com/en-us/library/hh831764(v=ws.11).aspx

    A very common scenario (that we use in our environment) is to combine Windows Deployment Services (WDS) with the Windows Assessment and Deployment Kit (WADK). WADK contains DISM. Use WADK & DISM to customize your Windows image, then use WDS to push it out over the LAN.

    We have a special subnet & VLAN just for that purpose. When a new employee starts, a technician plugs the computer on that VLAN, PXE boots into Windows PE, chooses a Windows image, and lets it install (wiping the drive in the process).

    That said, we only use that for the initial install, on a computer we don't mind reformatting. Any further customization to that PC is done with other tools.

    texasheat wrote: »
    We are attempting to apply-image A, then modify image file A to create image file B, and apply-image B overwriting image A.

    No we aren't using any Linux based stuff in this environment. I don't believe WSL is enabled or even installed. I'll look for it in my image and repost when I'm sure.

    Your right, we may be using this tool improperly. My understanding of DISM Capture and Apply is that I can capture an image file, WIM, and apply that image to multiple systems. I can also update the WIM and continue to push to multiple systems as required. Perhaps I'm asking too much of capture and apply...

    Everything I've read and can find right now about dism /apply-image talks about it being used on a formatted hard drive.

    What you might be able to do instead is boot into Windows PE, and using the "Upgrade" feature of Windows setup to apply the second WIM. I don't know if that would work, but it would be only a minor change from what you're doing right now.

    Feral on
    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • texasheattexasheat Registered User regular
    Again though on WDS, it requires a server, one we don't have currently. It sounds very useful, but I think based on what I saw if you try to re-image a system with it, you'll end up with the same problem because it's using the PE and Dism commands to actually preform the imaging. Might be fun to play with though.

    Upgrade sounds interesting. Is that a command from dism or pe? I don't see it listed as a standard command-let.

  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    texasheat wrote: »
    Upgrade sounds interesting. Is that a command from dism or pe? I don't see it listed as a standard command-let.

    Using the Windows setup GUI:

    NsdwkkR.png

    If you want to have it truly unattended, you would set this in your unattend.xml in the UpgradeData section:

    https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-setup-upgradedata

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • VoodooVVoodooV Registered User regular
    edited July 2017
    I currently use WinPE plus DISM/ImageX to deploy a sysprepped Win7, which then calls a post-setup script to install anything INF files don't take care of. Slowly migrating everything over to Win10, but it looks like I'll be forced to abandon it to use SCCM provided by another agency. SCCM does have some nice benefits, but it honks me off that SCCM just uses all the same tools I'm already using and WinPE is portable....no need for SCCM should it go down

    Dunno if it helps, but I used the following document heavily as a guide when I updated to Win10 imaging: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/configure-uefigpt-based-hard-drive-partitions

    Cuz the WIM concepts pretty much stay the same, it's just the partitioning that gets changed radically.

    VoodooV on
Sign In or Register to comment.