imagex was almost fully deprecated, until they added ESD/LZMS support to it in b14393 it can even capture recovery esd file directly, instead wim capture then export to esd
I have a win 10 HOME SL license laptop Theres no select the sku during initial setup It automacally install home sl Sorry i should post in windows 1709 thread
Easy fix: put in an ei.cfg into "iso\sources\" ei.cfg: Code: [Channel] _Default [VL] 0 Now it will ask for the sku to be installed.
I'm wonder did you published a list of tips ? Or do you have an idea to assign full control (with one .batch file) ? Code: Regedit_PathFull = "HKEY_LOCAL_MACHINE\WIM_Software\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages" As for now, my search results aren't very good...
Use NSudo to launch cmd as TrustedInstaller , then use SetACL Code: SetACL.exe -on "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ot reg -actn ace -ace "n:S-1-5-32-544;s:y;p:full" or if you use unattend answer file, you can add the commad to specialize pass, it already run with full privileges
I may sound stupid but can't find the path to ESD file on my system partition, can you help me ? still no trace of such file
Sorry for the little late and thank you @abbodi1406. But I was thinking perhaps there is an easier way ? Do we need a tool (such as NSudo, etc) each time ? It can't be realize just with a simple script (batch, powershell, etc) ?
You only need NSudo/SetAcl one time only it can be done with powershell, but not very reliable save as cbs.ps1 Spoiler Code: function enable-privilege { param( [ValidateSet( "SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege", "SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege", "SeCreatePagefilePrivilege", "SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege", "SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege", "SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege", "SeLockMemoryPrivilege", "SeMachineAccountPrivilege", "SeManageVolumePrivilege", "SeProfileSingleProcessPrivilege", "SeRelabelPrivilege", "SeRemoteShutdownPrivilege", "SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege", "SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege", "SeTakeOwnershipPrivilege", "SeTcbPrivilege", "SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege", "SeUndockPrivilege", "SeUnsolicitedInputPrivilege")] $Privilege, $ProcessId = $pid, [Switch] $Disable ) $definition = @' using System; using System.Runtime.InteropServices; public class AdjPriv { [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen); [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid); [StructLayout(LayoutKind.Sequential, Pack = 1)] internal struct TokPriv1Luid { public int Count; public long Luid; public int Attr; } internal const int SE_PRIVILEGE_ENABLED = 0x00000002; internal const int SE_PRIVILEGE_DISABLED = 0x00000000; internal const int TOKEN_QUERY = 0x00000008; internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020; public static bool EnablePrivilege(long processHandle, string privilege, bool disable) { bool retVal; TokPriv1Luid tp; IntPtr hproc = new IntPtr(processHandle); IntPtr htok = IntPtr.Zero; retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok); tp.Count = 1; tp.Luid = 0; if(disable) { tp.Attr = SE_PRIVILEGE_DISABLED; } else { tp.Attr = SE_PRIVILEGE_ENABLED; } retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid); retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero); return retVal; } } '@ $processHandle = (Get-Process -id $ProcessId).Handle $type = Add-Type $definition -PassThru $type[0]::EnablePrivilege($processHandle, $Privilege, $Disable) } function take-ownership($hive, $subkey) { enable-privilege SeTakeOwnershipPrivilege switch ($hive.ToString().tolower()) { "HKCR" { $key = [Microsoft.Win32.Registry]::ClassesRoot.OpenSubKey($subkey, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::TakeOwnership) } "HKCU" { $key = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey($subkey, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::TakeOwnership) } "HKLM" { $key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($subkey, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::TakeOwnership) } } $acl = $key.GetAccessControl([System.Security.AccessControl.AccessControlSections]::None) $acl.SetOwner([System.Security.Principal.NTAccount]"Administrators") $key.SetAccessControl($acl) $acl = $key.GetAccessControl() $person = [System.Security.Principal.NTAccount]"Administrators" $access = [System.Security.AccessControl.RegistryRights]"FullControl" $inheritance = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit" $propagation = [System.Security.AccessControl.PropagationFlags]"None" $acltype = [System.Security.AccessControl.AccessControlType]"Allow" $rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$acltype) $acl.SetAccessRule($rule) $key.SetAccessControl($acl) $key.Close() [System.Security.Principal.NTAccount]$TrustedInstaller = "NT SERVICE\TrustedInstaller" switch ($hive.ToString().tolower()) { "HKLM" { $key = "HKLM:\$subkey" } "HKCU" { $key = "HKCU:\$subkey" } "HKCR" { $key = "HKLM:\SOFTWARE\Classes\$subkey" } } $acl = Get-Acl $key $acl.SetOwner($TrustedInstaller) enable-privilege SeRestorePrivilege Set-Acl -Path $key -AclObject $acl } take-ownership "HKLM" "SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" | Out-Null in admin cmd run Code: PowerShell -ExecutionPolicy Bypass -File cbs.ps1
Well, imagex.exe is basically an embedded wimgapi.dll with CLI front-end i found out that imagex.exe 15063 and later can be used for direct applying it support using /REF *.* or multiple /REF and recognize cab files as reference Code: imagex /apply Education_en-us.esd 3 Z: /ref *.esd /ref *.cab imagex /apply Education_en-us.esd 3 Z: /ref *.* it actually require and make use of the $filehashes$.dat file inside the cab to work (all UUP, FOD, LP files have it since 15063) it also support applying Express UUP (expanded folders) Code: imagex /apply Education_en-us.esd 3 Z: /ref UUP\* unfortunately, this doesn't work for exporting while it also recognize cab files, but for some reason (seems intentional), imagex does not recognize solid ESD files as reference if i convert ESD file to WIM, then imagex recognize them and successfully export edition to install.wim however, the resulted file can't be opened with 7-zip wimlib-imagex info show a warning about duplicate Blobs in the file likewise, if i convert CAB files to ESD and use dism for building install.wim, 7-zip also can't open file and wimlib-imagex shows the same warning so wimlib-imagex.exe still the reliable solution to convert UUP > ISO maybe synchronicity (Eric Biggers) can add the support for cab files as reference too
Maybe it's fatser because like i said, imagex is wimgapi itself, so it handle the process natively i mean, Microsoft knows better sometimes
Once more thank you @abbodi1406 but at the end, it's seem just SetACL will be another good enough solution. That's why it didn't work as expected. Because in French the right syntaxe is Administrateurs. Code: D:\SetACL_v3.0.6.exe -on "HKLM\WIM_Software\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages" -ot reg -actn setowner -ownr "n:Administrateurs" D:\SetACL_v3.0.6.exe -on "HKLM\WIM_Software\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages" -ot reg -actn ace -ace "n:Administrateurs;p:full" By the way there is somewhere one list reliable about these Packages ? Code: Erreur : 0x800f0805 { Microsoft-Windows-PeerDist-Client-WOW64-Package~31bf3856ad364e35~amd64~~10.0.16299.15 Windows-Defender-Client-WOW64-Package~31bf3856ad364e35~amd64~~10.0.16299.15 } Apparently there is one order to respect, right ? At least it's seem to work at the right place (upper in the list). But how are we supposed to avoid this kind of errors ? Code: #### One good example because in this order I didn't met the error : "0x800f0805" Dism /Image:D:\IsoWindows10 /Remove-Package /Packagename:Microsoft-Windows-OfflineFiles-UI-Package~31bf3856ad364e35~amd64~~10.0.16299.15 Dism /Image:D:\IsoWindows10 /Remove-Package /Packagename:Microsoft-Windows-OfflineFiles-Package~31bf3856ad364e35~amd64~~10.0.16299.15 It will be nice to have one list about HyperV. Because there are plenty of packages (hard to correct or understand) and I don't need it.
Hi everyone, Is there any link to download 1607 Win ADK ISO? One of the applications I want to use doesn't detect 1709 and forces the users to install 1607 instead. Thanks for any input
Such tools are a bit difficult to install and run smoothly on Windows. A minor mistake will lead to fatal failure and irreversible errors on mechanics.
Windows 10 Build 16299.98 ISO: I have build 16299.98. Is there a way to create an ISO setup file without it defaulting back to 16299.15 after I reinstall windows 10?