Welcome to the UIU Blog

Industry Insights, Product Updates, Support Tips & Tricks, and all things related to Automated Driver Management.

Automated Driver Management with the UIU Logo


Recent Comments

"@Tobias - thanks for the comments - we probably didn't spell it out clearly enough in the last sentence of the "What MDT and WDS bring to the Table" section, but we agree - ZTI and other user-driven methods DO require System Center." Read more
by Nathaniel Bauer on The Sometimes Confusing Relationship Between WDS and MDT

"Good post sir." Read more
by Jeff Stokes on So Which Is It - ImageX or DISM?

"I think you made a mistake here. MDT does not support ZTI or ZeroTouch installations. Only LiteTouch. For a ZTI SCCM is required, but still you can manage to run the installation with at least one single click - so almost totally automated. But still ..." Read more
by Tobias on The Sometimes Confusing Relationship Between WDS and MDT

UIU Blog RSS Feed Email Subscribe Request Google Plus Share Twitter Share StumbleUpon Share UIU Facebook Page UIUtoob on YouTube

Fixing Software and Security Interference During OS Image Deployment

Posted by: Nathaniel Bauer on 12/4/2012

UIU Support Case Example - Fixing Software and Security Interference During OS Image Deployment

There are several factors that can interfere with the successful completion of a deployed image.  The factors generally amount to security restrictions relating to the copying of files or modification of the registry.

Software Interference

One common issue occurs when an installed and activated anti-virus or anti-malware software inhibits the modification of one or more registry settings. In this event, the typical error message presented during services startup phase is, "Windows Could Not Finish Configuring the System. To attempt to resume configuration, restart the computer.”  Unfortunately, restarting the computer results in the same error message and the administrator finds themselves in an infinite loop.

How can software interference be mitigated?
One method includes disabling (or in worst case scenarios, removing) the active protection components on the base image.  The recommended method includes preparing a base image without anti-virus or anti-malware software installed and relying on bonafide application deployment solutions to install these types of software in a layered approach to deployment - such as the OS is installed first, then configuration settings are applied by a directory service, and finally, applications are deployed to appropriate computers, based on requirements.

For example, if Kaspersky Endpoint Security is installed and enabled on the base image or WIM file, “Self Defense” could be disabled in the software’s settings. These settings should be re-enabled on each PC post-deployment to ensure protection.

Security Settings Interference
Another common issue occurs when security settings in the base image or WIM file are set to stringent levels, inhibiting or requiring authorization to copy/execute files to the secured operating system folders. The most common error presented in these instances is “Open File - Security Warning” at first login. These are realized frequently when Control Panel applications included with device drivers are presented for installation during OS deployment. (See Imaging Insights Newsletter Issue 3 "The Problem with Drivers that Include Executables)

How can security settings interference be mitigated?
There are many methods for solving this issue during OS deployment and a process should definitely be instituted to restore required security levels after deployment is completed. Some methods are relatively complicated and involve modifying zone settings to include trusted files or sites and some methods involve reducing security to the lowest levels.  The selected solution is likely to be driven by corporate policy.

For example, an administrator charged with deploying an OS to computers may have included a driver that was not prepared properly (potential driver signing issue) and is experiencing the following prompt upon first login:

An administrator may elect to modify Internet Zone settings to enable the launching of applications and unsafe files, accessible through Internet Explorer or Control Panel, Internet Options.

This method may cause Internet Explorer to repeatedly complain about the apparent lapse in security and may be silenced through the use of Group Policy Editor.
It is beneficial to minimize the potential for errors or interference during the OS deployment process and a well-planned method that includes a layered approach to application deployment as well as a careful analysis of PC security settings will provide successful PC deployments with maximum efficiency.

Create a trackback from your own site.


Leave A Comment

Please enter the CAPTCHA phrase above.

About the UIU Blog

The UIU Blog is brought to you by Support, Development and Management at Big Bang LLC to provide industry news, product development and updates, support cases, release notes, and discussion of OS Deployment and the Universal Imaging Utility.

We would appreciate your comments and suggestions.

If you have a UIU Support issue, please email Support at support@bigbangllc.com or call us at 414.369.5020.




Subscribe to UIU Blog Via Email   Subscribe to UIU Blog Share UIU Blog via Twitter   Share UIU Blog via Google Plus   Share UIU Blog via LinkedIn   Share UIU Blog via Stumbleupon Visit the UIU Facebook Page   Visit the UIU Youtube Page

Universal Imaging Utility   |  Products  |  Free Trial   |   Purchase   |  Support   |  Testimonials   |   Contact   |  About   |  Partners   |   Media

9851 S. 27th St.   |  Franklin, WI 53132  |  Toll Free: 866-754-3592  |  Direct: 414-225-9075   |  info@bigbangllc.com

Privacy Statement
  Find Us on the Web

UIUtoob Link
UIU Facebook Page LinkBigBangLLC Twitter Link

Copyright 2013
Big Bang LLC