MattHiggs Posted April 24, 2016 Posted April 24, 2016 (edited) I am currently head of a project to deploy os images to tablets. I almost have my reference image built the exact way I want it, but there are two issues I continuously run into which require me to manually perform configurations and take time, and since I am expected to deploy and ship out 100 a week, every second counts. The first issue involves sideloading a custom Windows LOB app written by the development team in the company I work for. No matter what I try, I cannot provision the app as part of the custom capture image (both online and offline). I can successfully install it using a powershell script that is generated when the package is build in visual studio, but any attempt to run sysprep at that point results in sysprep failing until the app is uninstalled and using DISM to attempt to add the app to the offline, mounted capture results in the attached error. Furthermore, today I ran the app through the App certification kit which comes with the Windows SDK and got the other attached error message. Now I am aware that there are many reasons why it is failing that I need to take into account: the certificate which the app uses is not signed by a Official CA, so I need to import the certificate manually. Having little to no experience whatsoever with importing certificates, I wanted to get some feedback on the following questions, as well as any other feedback that you feel would add to the chances of including the app as part of the windows install image: 1) since my knowledge of manually importing certificates into the certificate store is fairly limited, while I know that the certificate needs to be imported to the local machine, does it need to be imported to a particular certificate store in which the certificate should be placed in order for the deployment to succeed? More specifically, in what context would one import a certificate to a particular certificate store? 2) The developer settings in the captured image are set to "sideloading apps", but is that all that is necessary? As you can see from the App certification error message, it would appear that the app does not have a license associated with it, which makes since due to the fact I have been using the "skiplicense" parameter when installing the app due to my inability to locate one. However, the whole concept of the license is confusing me. IS the license something that is generated by visual studio when the package is built? Do I need the source project files in order to generate a license to use? Is it something that you can obtain on your computer by running a couple of powershell commands (https://msdn.microsoft.com/en-us/library/windows/apps/hh974578.aspx)? Am I completely misunderstanding the whole concept and still confused as to why the crap I need a license when my company developed the app? Is this really even needed in order to accomplish what I need (I think it is, but Microsoft has schizophrenia sometimes)? This is the area in which I run into the most confusion. 3) This one is a multi-parter, but relates to the same issue concerning pre-installed windows store apps. Is there a way to remove all of the windows store apps with the exception of a select few (Edge, Camera, Photos) AND prevent them from reinstalling as part of the operating system installation? I can't tell you how annoying it is to go and uninstall all of the windows apps only to find that at some point a few minutes later they have reinstalled because "Update apps automatically" setting which is enabled by default and can't be turned off when creating the capture image. The apps can't be uninstalled before the creation of the capture image either because that will fail sysprep also (https://support.microsoft.com/en-us/kb/2769827). Let me just vent some steam real quick and complain about how, for a tool which is meant to let you create customizable images of windows for you to install to devices, it actually doesn't really support a great deal of customization and if you do too much, it will just break or ignore the changes you tried to make. Working with sysprep and imaging software by Microsoft is just a continuous kick in the jewels. Anyway, The reason for uninstalling the apps being that, by default, these apps are set to run background processes that, since the devices use their SIM card networks, consume battery and heat up the device like summer in hell. I can disable the applications that have can run in the background, but since they install after setup is complete, more apps configured to run in the background have appeared from the time I accessed the menu, begging the question "when are all of them done? Can I just get the freaking store apps to go the freak away!?!?! For the ones that will not go away, is there a way I can, by default, set their behavior and the store's behavior to not run in the background and consume the devices precious resources? AND the start screen still has all of the app icons present, which is exactly one of the things I specifically modified the capture image to NOT FREAKING HAVE and used the "copy profile" setting in the unattend file for the capture image deployment to try to be rid of!!! Oh, and I tried contacting microsoft's support concerning this too, and trying to get any useful information out of them and not some cheap stupid run-around is probably an even harder and more constant kick in the jewels than their shit deployment software. As you can probably tell, I have long since lost whatever patience I had trying to get configure an image with all the customizations I need with little to no intervention from myself or another technician. Any advice you could give to help me with this would be great. Hell, if you actually manage to provide the answer to my dilemma, your my new hero!! Edited October 20, 2016 by MattHiggs
MattHiggs Posted October 20, 2016 Author Posted October 20, 2016 For those who are interested in this topic, I was able to find the solution. This is only applicable in Enterprise and pro versions of windows 8.1 and 10. In order to successfully sideload the app into the operating system, you need to either configure a particular group policy setting if the device is joined to a domain, or edit the local device policy settings (typing "gpedit.msc" into run prompt) if the device is not joined to a domain or can be locally configured within domain. The picture below shows the group policy setting that needs to be configured and the correct setting to set it to.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now