Applies To

WIM images created with Imaging Toolkit 10.0.2 or earlier

Issue

In certain circumstances WIM images produced by Build Console 10.0.2 and prior may contain ACLs which cause invalid security settings to be applied. This may present itself in a number of ways but running "cacls c:\" presents a list of users which includes two <account domain not found> entries.

Solution

Two alternate solutions are available both of which require Imaging Toolkit 10.0.3 or later.

NOTE: Only one of the following is required. Select the one most appropriate for your environment.



1. Recreate all existing images
2. Disable ACL restore for add-on images


WARNING! Ensure you have backups of all files before continuing and test fully in a non-production environment.

  1. Recreate existing images

    If you only have a few WIM images recreating them is the recommended approach.

    Done Task
     
    1. Recreate driver images
     
    2. Recreate hotfixes images
     
    3. Recreate ztoolkit images
     
    4. Recreate components images

    1. Recreate driver images

      Recreate all driver images using any of the normal methods.

      NOTE: Creating a large number of driver images at one time may cause Build Console to crash. Consider creating a few at a time.

    2. Recreate hotfixes images

      Run Zupdate to recreate a new hotfixes.wim.

    3. Recreate ztoolkit images

      For each project, open the project and use the Deployment Wizard to recreate the ztoolkit image.

    4. Recreate components images

      For each project, open the project and use the Deployment Wizard to recreate the Novell (novcomp) or SCCM components (sccmcomp) image as appropriate.

  2. Disable ACL restore for add-on images

    If you have many WIM images and recreating them is not feasible it is possible to filter the ACLs when restoring add-on images.

    Done Task
     
    1. Update Zim binaries
     
    2. Modify zim.cfg

    1. Update Zim binaries

      Run the Build Console Integration Wizard and update the Zim binaries and license files as per the upgrade instructions in the documentation.

    2. Modify zim.cfg

      Using your preferred text editor modify the zim.cfg file to disable the restore of ACLs when applying add-on images by setting the reserved variable _WIM_RestoreACLs to "false".

      For example, in a standard zim.cfg template add the following lines shown in green below:

      ....
    End:
End:
    
; Disable restore of WIM ACLs for add-on images
Set:_WIM_RestoreACLs,"false"
    
Wim:Apply,"%Images_Path%\projects\%Project_Image_Path%\hotfixes.wim","1","%Project_Partition%"
....

      Ensure that the updated file is replicated to all TFTP servers' zimfiles folders.

      NOTE: For completeness this setting should be set to "true" before restoring the base image however as this is the default setting it is un-necessary unless attempting to apply the images twice within the same session. It is left to the reader to determine the likelihood of ever wishing to do this and the changes required.

Test

Done Task
 
1. Restore images and allow a machine to build as normal
 
2. Run "cacls c:\"
 
3. The security rights are valid

If you have any problems or questions about the steps in this TID please contact the ENGL support team