- Local time
- 6:26 AM
- Posts
- 811
- OS
- Windows 11 PRO x64 Dev
This post is based on my very subjective, personal opinion That opinion in its turn is based on some facts about changes in Windows versions, starting with Windows 10 version 1709.
Please, don't take this wrong. I am still a huge Windows fan. I just don't like the changes Windows developer teams have made to how Audit Mode and the built-in administrator behave.
I do a lot of image customisation, A new version of Windows is released, I customise it on a reference machine in Audit Mode, sysprep it, capture the WIM image, and create my install media. In fact, I do this with almost every new Windows build released to Windows Insider Dev Channel.
FACT:
Version 1709 enabled Store and Store apps for the built-in administrator account. It also allowed user to switch the built-in admin account to a Microsoft account, the problem being that the account cannot be switched back to a local account. Once done, and you lose control of your MS account, you are screwed.
WHAT CHANGED:
Up to version 1703, the only Store app working when signed in as the built-in admin was Windows Settings. Not even Edge browser could be used:
If you wanted to use Internet in Audit Mode, which by default signs user in with built-in admin account, you had to use Internet Explorer. This made complete sense. When signed in as built-in admin, there should be no reason whatsoever to let that user access Microsoft Store and apps, or switch this local built-in admin account to a Microsoft account, especially considering that this switch is irreversible.
As no Store apps could not be used, Store could not update them, and they could not be provisioned. Generalizing a Windows image with sysprep was easy, it worked flawlessly.
I tried to find Microsoft documentation to explain app provisioning for those interested, this was the closest match:
How provisioning works in Windows
Learn more about how provisioning package work on Windows client devices. A provisioning package (.ppkg) is a container for a collection of configuration settings.
docs.microsoft.com
So, in W10 version 1709 and up to version 1901, you simply removed app provisioning from all other Store apps than Store itself, using command shown in @Brink's excellent tutorial on our sister site Ten Forums, see its Option 12 Step 4:
Uninstall Apps in Windows 10
How to Uninstall Desktop Apps and Windows Apps in Windows 10
www.tenforums.com
Next blow came in W10 version 1902. Suddenly, there were a few native system apps not allowing user to remove their provisioning, thus causing generalizing the image to fail:
<package name> was installed for a user, but not provisioned for all users. This package will not function properly in the sysprep image.
Option 12 Step 4 in above mentioned tutorial on Ten Forums stopped working at this point, failing always completely, or latest after removing provisioning from a few apps:
Modifying the command a bit, making it first list all provisioned apps in a Grid-View table, allowing me to select apps to remove provisioning, I narrowed it down to these six native system apps:
OK, what happens now when reference machine is connected to Internet, and you have done your customizations, removed provisioning from apps when possible, and finally sysprep: the sysprep using /generalize switch usually fails.
MY WORKAROUND:
Workaround I use is far from perfect, but at least it works. I have a created a VHD file called Assets.vhdx. I mount it on my host machine every time I need to add or remove something on it. I always use a Hyper-V virtual machine as my reference machine. When starting to create a new custom image, I create a new VM for that, adding this Assets VHD file as its secondary VHD, and making sure that VM has no network connection. This makes it impossible for Windows Update and / or Microsoft Store to start updating and provisioning any apps.
I then install all software I need from offline installers or ISO files on Assets VHD file, make the changes in registry and visual aspects, generalize with sysprep, and capture the image.
Not perfect. Better would be, if Micosoft had not made these ridiculous changes for built-in admin account and Audit Mode.
Kari
Last edited:
My Computers
System One System Two
-
- OS
- Windows 11 PRO x64 Dev
- Manufacturer/Model
- Hyper-V Virtual Machine (host in System 2 specs)
- CPU
- Intel Core i7-8550U
- Memory
- 6 GB
- Graphics Card(s)
- Microsoft Hyper-V Video
- Monitor(s) Displays
- Laptop display (17.1") & Samsung U28E590 (27.7")
-
- Operating System
- Windows 11 PRO x64 Dev Channel
- Computer type
- Laptop
- Manufacturer/Model
- HP HP ProBook 470 G5
- CPU
- Intel Core i7-8550U
- Motherboard
- HP 837F KBC Version 02.3D.00
- Memory
- 16 GB
- Graphics card(s)
- Intel(R) UHD Graphics 620 & NVIDIA GeForce 930MX
- Sound Card
- Conexant ISST Audio
- Monitor(s) Displays
- Laptop display (17.1") & Samsung U28E590 (27.7")
- Hard Drives
- 128 GB SSD & 1 TB HDD
- Mouse
- Wireless Logitech MSX mouse
- Keyboard
- Wireless Logitech MK710 keyboard
- Internet Speed
- 100 Mbps down, 20 Mbps up
- Browser
- Edge Chromium Dev Channel
- Antivirus
- Windows Defender
- Other Info
- 2 * 3 TB USB HDD
6 TB WD Mirror NAS