The deployed operating system does not retain security permissions from the reference computer after you use the Operating System Deployment Feature Pack in Systems Management Server 2003 to apply an image (919590)


The information in this article applies to:

  • Microsoft Systems Management Server 2003

SYMPTOMS

After you use the Microsoft Systems Management Server (SMS) 2003 Operating System Deployment (OSD) Feature Pack to deploy an operating system image to a destination computer, you experience the following symptoms:
  • The image that you deployed does not retain the security permissions that you configured on the reference computer from which you created the image.
  • The image that you deployed inherits the security permissions from the file system on the root hard disk of the destination computer.
You experience this issue if you deploy an operating system image to a computer that had an existing operating system.

CAUSE

This issue occurs because the OSD Feature Pack uses the file-based Windows Imaging Format (WIM) to create images. Because this is a file-based imaging format, WIM lets you deploy an operating system image to a destination computer without affecting other files and folders on the destination hard disk. However, because WIM is a file-based imaging format, WIM does not delete the root of the destination hard disk. Therefore, the image that you deploy inherits the security permissions that are defined on the root of the destination hard disk.

RESOLUTION

To resolve this issue, follow these steps:
  1. Configure the advanced image installation task sequencing procedure to include a custom action.
  2. Configure the custom action to run the Cacls.exe command in a batch file to modify the security permissions on the files and folders of the deployed operating system image.

    Note Run this batch file during the OSD Postinstall phase or during the OSD State Restore phase of the operating system deployment operation.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:

135268 How to use Cacls.exe in a batch file

MORE INFORMATION

Because the Cacls.exe program can run on operating systems other than Microsoft Windows XP, you may want to include the Cacls.exe program in the OSD packages that you deploy.

For more information about how to obtain the SMS 2003 OSD Feature Pack, visit the following Microsoft Web site:

http://www.microsoft.com/smserver/downloads/2003/osdfp.mspx

To view a Microsoft TechNet Webcast about the SMS 2003 OSD Feature Pack, visit the following Microsoft Web site:

http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032254841&Culture=en-US

Modification Type:MajorLast Reviewed:6/9/2006
Keywords:kbtshoot kbprb KB919590 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.