Windows 10 Sysprep fails after removing or updating Windows built-in Windows Store apps


So by now you have had an opportunity to start playing around with Windows 10 and maybe your organization is thinking about deploying Windows 10 in the Enterprise so we need to work on getting a custom image built and captured for deployment.  MDT 2013 Update 1 is available and highly recommended for Build and capture scenarios.  MDT 2013 Update 1 does have its fair share of bugs which are being worked quickly and an update to resolve those issues will hopefully be out soon but luckily Keith Garner has written up many of the bugs with workarounds so you don’t have to experience the pain of figuring them out on your own.

System Center 2012 Configuration Manager SP2/R2 SP1 is also available and provides deployment support for Windows 10 while you could use this I still recommend MDT due to the ease of use, separation of infrastructure, portability, No client in the image and the fact that MDT uses the administrator account vs. system which allows easy profile customizations to name a few.  Some additional guidance ensure you have CU1 applied to ConfigMgr which resolves an issue with importing Windows 10 drivers.  Also make sure you have hotfix installed prior to importing drivers to resolve an issue with driver bloat.

The issue at hand is actually an issue from Windows 8 where if you remove the built-in apps during a build and capture sysprep will fail. Sad smile  I had imagined this was resolved by now but the fix is still in the works.  The workaround is pretty simple we just need to kill access to the internet while we are building our image.  There are many ways to achieve this depending on what you have at your disposal but below is a quick and easy netsh command to block internet access which will resolve our problems and allow sysprep to complete successfully.  In the meantime ensure to keep your reference image patched with the latest CU’s for Windows 10 and this issue will hopefully be resolved and we can safely remove this step in the future.

Block Internet Access:

cmd.exe /c netsh advfirewall firewall add rule name="Block Internet" proto=TCP dir=out localport=any action=block en=yes profile=any remoteport=80,443


Enable Internet Access:

cmd.exe /c netsh advfirewall firewall delete rule name="Block Internet"


Disclaimer: The information on this site is provided "AS IS" with no warranties, confers no rights, and is not supported by the authors or Microsoft Corporation. Use of included script samples are subject to the terms specified
in the
Terms of Use .