Multi-OEM/Retail Project {MRP} - Mk3

Discussion in 'MDL Projects and Applications' started by mxman2k, Oct 15, 2016.

  1. mxman2k

    mxman2k MDL Developer

    Jun 20, 2007
    4,910
    16,040
    150
    Code:
    [USRD0] The 'defaultuser0' account was present, removal process has started.
    [RDUPM] First method for removal of the 'defaultuser0' account has failed - retrying enhanced removal...
    [RDUPM] Enhanced removal of the 'defaultuser0' account has failed - retrying with standard 'net user' method...
    [RDUWM] Standard 'net user' method removal of the 'defaultuser0' account was successful.
    It got there in the end :D:D

    It also goes to show that Powershell is not that powerful at times :p
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. mxman2k

    mxman2k MDL Developer

    Jun 20, 2007
    4,910
    16,040
    150
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    42,908
    79,002
    450
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. mxman2k

    mxman2k MDL Developer

    Jun 20, 2007
    4,910
    16,040
    150
    Grr there again AV's usually do interfere with the QT, but usually it prevents running the exe altogether, but the DMI routine is standard checks from registry or WMIC so it should not of been affected in that area. :g:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    42,908
    79,002
    450
    I saw it happening live in front of my eyes, it quarantined 4 routines from the QT.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. mxman2k

    mxman2k MDL Developer

    Jun 20, 2007
    4,910
    16,040
    150
    hmm one must of been Generic* for SLIC/MSDM/loader detection, another ChkValid (my routine to remove invalid chars and extra spaces etc). :)

    Those two are usually grabbed - nothing nasty in them just AV's being fussy :D

    I have even had Powershell scripts nabbed that do nothing special or evil so i guess it just one of those things :D:D
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    42,908
    79,002
    450
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. The_Guardian

    The_Guardian Contributor

    May 7, 2012
    2,054
    6,803
    90
    @mxman2k
    Have you tried signing the exe's to reduce false positives? You could import cert so when exe is ran the exe sig and sig within the cert match, should reduce false positives. Just a thought...
     
  9. mxman2k

    mxman2k MDL Developer

    Jun 20, 2007
    4,910
    16,040
    150
    i have tried and failed :D

    Plus there are several exe's and the Generic_x.exe are C# exe's that i have no idea how to add signing to as i am not good with c# etc :(
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. mxman2k

    mxman2k MDL Developer

    Jun 20, 2007
    4,910
    16,040
    150
    either way, AV's will find a way to grab 'iffy' files anyway, so it be a cat and mouse affair and not worth the effort.

    Sometimes Defender is kind and not nab the QT files, MRP isnt too affected as that run via oobe before any AV is active.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. snoop1979

    snoop1979 MDL Novice

    Jan 19, 2011
    19
    6
    0
    I can confirm that i was able to generalize and the next time booting into oobe MRP project kicked in and apply all customization.
    Windows preserved my installed printers too! Like Enthousiast said just copy script folder into c:/windows/setup.

    I have an off topic question for you. Could you briefly tell me whats your procedure for capturing that generalize system into a win and transfer to a install iso/media?
    In my case after i generalize/shutdown, boot to a cloning software, clone disk to image then restore into other PC's.
     
  12. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    42,908
    79,002
    450
    https://forums.mydigitallife.net/th...firstlogon-silent-install.73131/#post-1317912
    And next i put the captured wim in an iso.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. The_Guardian

    The_Guardian Contributor

    May 7, 2012
    2,054
    6,803
    90
  14. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    42,908
    79,002
    450
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. mxman2k

    mxman2k MDL Developer

    Jun 20, 2007
    4,910
    16,040
    150
    MRP v122 is now in progress after a short break. :) No new options at this time but there have been a few code tweaks here and there.

    Query Tool (QT) v104 has already started, in a pre-test internal mode. One addition is if the W7 ESU bypass has been used it will hopefully show that it is in use and which methodology. <-- experimental at moment.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. BALTAGY

    BALTAGY MDL Guide Dog

    Dec 23, 2014
    337
    563
    10
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. mxman2k

    mxman2k MDL Developer

    Jun 20, 2007
    4,910
    16,040
    150
    the project adds that icon or you probably end up with either a weird blank one or a black sort of thing :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. mxman2k

    mxman2k MDL Developer

    Jun 20, 2007
    4,910
    16,040
    150
    How to manually add the icon as standard may be blank/black or just a shield thing... depending on OS. :)
    Code:
    REG add "HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage" /v "Icon" /t REG_EXPAND_SZ /d "MyComput.dll" /f
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. BALTAGY

    BALTAGY MDL Guide Dog

    Dec 23, 2014
    337
    563
    10
    Is the weird blank one from MRP or it's microcrap ?

    I was using v114 if i remember correctly and until v1909 and didn't notice any weird blank icon there
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...