Microsoft KB Archive/919590

= The deployed operating system does not retain security permissions from the reference computer after you use the Operating System Deployment Feature Pack in Systems Management Server 2003 to apply an image =

Article ID: 919590

Article Last Modified on 11/5/2007

-

APPLIES TO


 * Microsoft Systems Management Server 2003

-





SYMPTOMS
After you use the Microsoft Systems Management Server (SMS) 2003 Operating System Deployment (OSD) Feature Pack to deploy an operating system image to a destination computer, you experience the following symptoms:
 * The image that you deployed does not retain the security permissions that you configured on the reference computer from which you created the image.
 * The image that you deployed inherits the security permissions from the file system on the root hard disk of the destination computer.

You experience this issue if you deploy an operating system image to a computer that had an existing operating system.



CAUSE
This issue occurs because the OSD Feature Pack uses the file-based Windows Imaging Format (WIM) to create images. Because this is a file-based imaging format, WIM lets you deploy an operating system image to a destination computer without affecting other files and folders on the destination hard disk. However, because WIM is a file-based imaging format, WIM does not delete the root of the destination hard disk. Therefore, the image that you deploy inherits the security permissions that are defined on the root of the destination hard disk.



RESOLUTION
To resolve this issue, follow these steps:
 * 1) Configure the advanced image installation task sequencing procedure to include a custom action.
 * 2) Configure the custom action to run the Cacls.exe command in a batch file to modify the security permissions on the files and folders of the deployed operating system image.

Note Run this batch file during the OSD Postinstall phase or during the OSD State Restore phase of the operating system deployment operation.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

135268 How to use Cacls.exe in a batch file



MORE INFORMATION
Because the Cacls.exe program can run on operating systems other than Microsoft Windows XP, you may want to include the Cacls.exe program in the OSD packages that you deploy.

For more information about how to obtain the SMS 2003 OSD Feature Pack, visit the following Microsoft Web site:

http://technet.microsoft.com/en-us/sms/bb676770.aspx

To view a Microsoft TechNet Webcast about the SMS 2003 OSD Feature Pack, visit the following Microsoft Web site:

http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032254841&Culture=en-US

Keywords: kbtshoot kbprb KB919590

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.