So I'm in an enterprise environment, we are currently working to roll out windows 10. We decided to try DISM to create .wim files of our system os with modifications, and push that to several systems during roll out. Unfortunately we've hit a strange snag and I can't figure where my problem is.
So the jist is this, we use a USB HDD with windows PE (dism commands loaded) to capture the image. We can apply that image to any of our identical modeled PCs. The first .WIM you apply works without issue. The second is where we start noticing problems. Meaning, we apply any .wim file, and then do that exact or different .wim file after a reboot.
This causes DISM to report error code 5 access is denied. To overcome this we format the c:\ and push the new wim file. This however causes our GPT drives to malfunction in boot. So we boot to a CD of Windows 10 and run the 2 repair commands through command prompt for the boot partition. This allows the system to boot.
This is where I get lost. For some reason when you try to create a new profile, local account or domain, I get a user profile service failure message at login. My previous profiles are working fine. My fear is that this is merely the first symptom of many future problems.
I know I'm doing wonky stuff, so I'm hoping someone can read through my rambling and help. Happy to answer any questions to get this working. Thanks in advance!
Posts
Disclosure: I'm not a DISM expert. I find the whole ecosystem of Microsoft deployment tools (DISM/WAIK/etc) to be unnecessarily opaque. But I've never heard of anybody applying a second wim to a freshly imaged computer.
the "no true scotch man" fallacy.
In my environment we use DISM to modify WIM files, and then the WIM files are imported into a WDS server for deployment over the network with PXE boot.
I wasn't trying to convince you to leave DISM, I just wanted to accurately represent the limitations of my knowledge.
the "no true scotch man" fallacy.
We use MDT to deploy our images
Thanks for the input, i'll keep looking at it either way.
I'm a bit confused why you'd be pushing a second WIM on the machine. You can use DISM to modify any existing image if you need to make changes.
We can fix the problems with a full format and repair, but that's not really what we are hoping to do with 400+ systems.
WDS might be a good solution, however, we can't use wireless anything in our facility.
Upon testing further we believe something is grabbing files within the OS we are attempting to overwrite and not allowing a delete or remove command. I'm thinking an antivirus product could preform that function so I'm looking into McAfee's functionality. Might be a long shot...
Thanks again for the input, if you have any further ideas, please feel free to add them.
(I have a strong feeling you're trying to use a screwdriver as a hammer here.)
2) Just out of curiosity, do either of your WIMs enable the Windows Subsystem for Linux (WSL) feature? There's a known issue with using dism /apply-image with that feature:
https://support.microsoft.com/en-us/help/3179598/dism-apply-image-command-fails-with-error-code-5-error-access-denied?sd=rss&spid=18165
3)
That doesn't make any sense. WDS doesn't have anything to do with wireless. It pushes out Windows installations by a network but that network can be wireless or wired. (And, honestly, should be wired because most computers can't even PXE boot from wifi and you don't want to push that much data over wifi anyway.) Are you saying your computers don't have any network access?
the "no true scotch man" fallacy.
We are attempting to apply-image A, then modify image file A to create image file B, and apply-image B overwriting image A.
No we aren't using any Linux based stuff in this environment. I don't believe WSL is enabled or even installed. I'll look for it in my image and repost when I'm sure.
Your right, we may be using this tool improperly. My understanding of DISM Capture and Apply is that I can capture an image file, WIM, and apply that image to multiple systems. I can also update the WIM and continue to push to multiple systems as required. Perhaps I'm asking too much of capture and apply...
Oh! Same acronym, totally different system.
WDS = Windows Deployment Services. In brief, it is:
A feature of Windows Server (2008/2012/2016)...
...that you point a DHCP option towards so you can...
...PXE boot a computer into Windows PE and run Windows setup...
...to install a Windows image file (WIM).
https://technet.microsoft.com/en-us/library/hh831764(v=ws.11).aspx
A very common scenario (that we use in our environment) is to combine Windows Deployment Services (WDS) with the Windows Assessment and Deployment Kit (WADK). WADK contains DISM. Use WADK & DISM to customize your Windows image, then use WDS to push it out over the LAN.
We have a special subnet & VLAN just for that purpose. When a new employee starts, a technician plugs the computer on that VLAN, PXE boots into Windows PE, chooses a Windows image, and lets it install (wiping the drive in the process).
That said, we only use that for the initial install, on a computer we don't mind reformatting. Any further customization to that PC is done with other tools.
Everything I've read and can find right now about dism /apply-image talks about it being used on a formatted hard drive.
What you might be able to do instead is boot into Windows PE, and using the "Upgrade" feature of Windows setup to apply the second WIM. I don't know if that would work, but it would be only a minor change from what you're doing right now.
the "no true scotch man" fallacy.
Upgrade sounds interesting. Is that a command from dism or pe? I don't see it listed as a standard command-let.
Using the Windows setup GUI:
If you want to have it truly unattended, you would set this in your unattend.xml in the UpgradeData section:
https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-setup-upgradedata
the "no true scotch man" fallacy.
Dunno if it helps, but I used the following document heavily as a guide when I updated to Win10 imaging: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/configure-uefigpt-based-hard-drive-partitions
Cuz the WIM concepts pretty much stay the same, it's just the partitioning that gets changed radically.
Enlist in Star Citizen! Citizenship must be earned!