/build/static/layout/Breadcrumb_cap_w.png

Systems Deployment Question


Sysprep Executor Detecting Defender on Win 10 1909

12/16/2019 1387 views

I'm currently attempting to prep a new Win 10 1909 Image. The VM is using a fresh install of Windows. When I run the Sysprep Executor (v4.1.1.0) it says Windows Defender is still running. I've tried turning it off manually and still get the same results.

2 Comments   [ + ] Show comments

Comments

  • 2019-12-16 14:44:21, Info SYSPRP ========================================================
    2019-12-16 14:44:21, Info SYSPRP === Beginning of a new sysprep run ===
    2019-12-16 14:44:21, Info SYSPRP ========================================================
    2019-12-16 14:44:21, Info [0x0f004d] SYSPRP The time is now 2019-12-16 14:44:21
    2019-12-16 14:44:21, Info [0x0f004e] SYSPRP Initialized SysPrep log at C:\Windows\System32\Sysprep\Panther
    2019-12-16 14:44:21, Info [0x0f0054] SYSPRP ValidatePrivileges:User has required privileges to sysprep machine
    2019-12-16 14:44:21, Info [0x0f007e] SYSPRP FCreateTagFile:Tag file C:\Windows\System32\Sysprep\Sysprep_succeeded.tag does not already exist, no need to delete anything
    2019-12-16 14:44:21, Info [0x0f005f] SYSPRP ParseCommands:Found supported command line option 'GENERALIZE'
    2019-12-16 14:44:21, Info [0x0f005f] SYSPRP ParseCommands:Found supported command line option 'OOBE'
    2019-12-16 14:44:21, Info [0x0f005f] SYSPRP ParseCommands:Found supported command line option 'SHUTDOWN'
    2019-12-16 14:44:21, Info [0x0f005f] SYSPRP ParseCommands:Found supported command line option 'UNATTEND'
    2019-12-16 14:44:21, Info [0x0f00d7] SYSPRP WinMain:Pre-validing 'cleanup' internal providers.
    2019-12-16 14:44:21, Info SYSPRP RunDlls:Running platform actions specified in action file for phase 3
    2019-12-16 14:44:21, Info SYSPRP SysprepSession::CreateSession: Successfully created instance with action file C:\Windows\System32\Sysprep\ActionFiles\Cleanup.xml, and mode <null>
    2019-12-16 14:44:21, Info SYSPRP SysprepSession::Validate: Beginning action execution from C:\Windows\System32\Sysprep\ActionFiles\Cleanup.xml
    2019-12-16 14:44:21, Info SYSPRP SysprepSession::CreateXPathForSelection: Sysprep mode in registry is <null>
    2019-12-16 14:44:21, Info SYSPRP SysprepSession::CreateXPathForSelection: Processor architecture in registry is AMD64
    2019-12-16 14:44:21, Info SYSPRP ActionPlatform::LaunchModule: Executing method 'Sysprep_Clean_Validate_Opk' from C:\Windows\System32\spopk.dll
    2019-12-16 14:44:21, Info CSI 00000001 Shim considered [l:125]'\??\C:\Windows\Servicing\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.411_none_5f53d2d858cf8961\wcp.dll' : got STATUS_OBJECT_PATH_NOT_FOUND
    2019-12-16 14:44:21, Info CSI 00000002 Shim considered [l:122]'\??\C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.411_none_5f53d2d858cf8961\wcp.dll' : got STATUS_SUCCESS
    2019-12-16 14:44:21, Error SYSPRP Sysprep_Clean_Validate_Opk: Audit mode can't be turned on if there is an active scenario.; hr = 0x800F0975
    2019-12-16 14:44:21, Error SYSPRP ActionPlatform::LaunchModule: Failure occurred while executing 'Sysprep_Clean_Validate_Opk' from C:\Windows\System32\spopk.dll; dwRet = 0x975
    2019-12-16 14:44:21, Error SYSPRP SysprepSession::Validate: Error in validating actions from C:\Windows\System32\Sysprep\ActionFiles\Cleanup.xml; dwRet = 0x975
    2019-12-16 14:44:21, Error SYSPRP RunPlatformActions:Failed while validating Sysprep session actions; dwRet = 0x975
    2019-12-16 14:44:21, Error [0x0f0070] SYSPRP RunDlls:An error occurred while running registry sysprep DLLs, halting sysprep execution. dwRet = 0x975
    2019-12-16 14:44:21, Error [0x0f00d8] SYSPRP WinMain:Hit failure while pre-validate sysprep cleanup internal providers; hr = 0x80070975
    2019-12-16 14:44:57, Info [0x0f0052] SYSPRP Shutting down SysPrep log
    2019-12-16 14:44:57, Info [0x0f004d] SYSPRP The time is now 2019-12-16 14:44:57
  • It had pending updates thanks for the help.

All Answers

5

Did you install any updates from Windows Updates?

Also if you manually disable the Real time protection, Does Windows Warns you about having Defender OFF?

(You should get a notifications from Windows, warning you about Defender being Disabled).


Have you tried running the Sysprep file manually?

(this sounds like an OS issue, remember the Sysprep Executor, is just a KACE front-end for the Microsoft Tool).

and if that fails check the panther directory logs for the specific error.

Copy the Answer file (unattend.xml) to windows\system32\sysprep


Open a command window

1- Go to the Sysprep Folder

cd  \windows\system32\sysprep

2- Run this

sysprep /generalize /oobe /shutdown /unattend:c:\windows\system32\sysprep\unattend.xml


Post here the results.

Answered 12/16/2019 by: Channeler
Red Belt

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ