Ignore Certs From USMT Transfer

[NathanTheGr8]

I would like to add to be able to ignore certificates during the USMT transfer. I have found this article but I am not sure if it will do what I want. Here is the xml they are recommending to add.

<component displayname="Microsoft-Windows-Crypto-keys" migrate="no" ID="http://www.microsoft.com/migration/1.0/migxmlext/cmi/microsoft-windows-crypto-keys/microsoft-windows-crypto-keys/settings"/>

 <component displayname="Microsoft-Windows-CAPI2-certs" migrate="no" ID="http://www.microsoft.com/migration/1.0/migxmlext/cmi/microsoft-windows-capi2-certs/microsoft-windows-capi2-certs/settings"/>

The certs I am trying to ignore can be seen in the below screenshot

[NathanTheGr8]

I was able to figure this out. The current tool just pass XML files using the /I flag. I needed to generate a xml file using "Scanstate /genconfig" edit these 3 lines to say migrate="no"

<component displayname="Microsoft-Windows-dpapi-keys" migrate="no" ID="http://www.microsoft.com/migration/1.0/migxmlext/cmi/microsoft-windows-dpapi-keys/microsoft-windows-dpapi-keys/settings"/>
<component displayname="Microsoft-Windows-Crypto-keys" migrate="no" ID="http://www.microsoft.com/migration/1.0/migxmlext/cmi/microsoft-windows-crypto-keys/microsoft-windows-crypto-keys/settings"/>
<component displayname="Microsoft-Windows-CAPI2-certs" migrate="no" ID="http://www.microsoft.com/migration/1.0/migxmlext/cmi/microsoft-windows-capi2-certs/microsoft-windows-capi2-certs/settings"/>

And then pass the new config to scanstate with the /config flag.

https://docs.microsoft.com/en-us/windows/deployment/usmt/usmt-customize-xml-files

I am not sure if I will submit a patch to the project, becuase my solution is hardcoded and not dynamic. The generated XML has hundreds of lines and options and I don't know what the all do. There even seem to be some redundant parts of the xml for what the project already does. I am attaching my generated XML. I had to modify the Invoke-USMTGUI script in the following sections

Line 789

                # Create config syntax for scanstate for custom XMLs.
                IF ($SelectedXMLS) {
                    #Create the scanstate syntax line for the config files.
                    foreach ($ConfigXML in $SelectedXMLS) {
                        $ConfigXMLPath = """$Script:USMTPath\$ConfigXML"""
                        $ConfigXMLConfigPath = """$Script:USMTPath\ConfigSettings.xml""" #https://docs.microsoft.com/en-us/windows/deployment/usmt/usmt-customize-xml-files
                        $ScanstateConfig = "/i:$ConfigXMLPath /config:$ConfigXMLConfigPath"
                    }
                }

                # Create config syntax for scanstate for generated XML.
                IF (!($SelectedXMLS)) {
                    # Create the scan configuration
                    Update-Log 'Generating configuration file...'
                    $Config = Set-Config
                    $GeneratedConfig = """$Config"""
                    $ConfigXMLConfigPath = """$Script:USMTPath\ConfigSettings.xml""" #https://docs.microsoft.com/en-us/windows/deployment/usmt/usmt-customize-xml-files
                    $ScanstateConfig = "/i:$GeneratedConfig /config:$ConfigXMLConfigPath"
                }

I am not sure if I needed to modify the loadstate commands also but I did.
Line 979

        # Set the value for the Config file if one exists.
        if (Test-Path "$Destination\Config.xml") {
            $LoadStateConfigFile = """$Destination\Config.xml"""
            $LoadStateSettingConfigFile = """$Script:USMTPath\ConfigSettings.xml""" #https://docs.microsoft.com/en-us/windows/deployment/usmt/usmt-customize-xml-files
            $LoadStateConfig = "/i:$LoadStateConfigFile /config:$LoadStateSettingConfigFile"
        }

ConfigSettings.xml.txt

Edit

I doesnt' seem like changing the load sate command matters. You just need to specifiy the config.xml in the scanstate

[nickrod518]

If you load that xml file into the tool using the custom XML button, does that not do the trick? I'm not sure I understand why there would need to be a change to the tool itself if the options you want changed are on the import/export side.

…

On Mon, Apr 8, 2019 at 1:08 PM Nathan ***@***.***> wrote: I was able to figure this out. The current tool just pass XML files using the /I flag. I needed to generate a xml file using "Scanstate /genconfig" edit these 3 lines to say migrate="no" <component displayname="Microsoft-Windows-dpapi-keys" migrate="no" ID="http://www.microsoft.com/migration/1.0/migxmlext/cmi/microsoft-windows-dpapi-keys/microsoft-windows-dpapi-keys/settings"/> <component displayname="Microsoft-Windows-Crypto-keys" migrate="no" ID="http://www.microsoft.com/migration/1.0/migxmlext/cmi/microsoft-windows-crypto-keys/microsoft-windows-crypto-keys/settings"/> <component displayname="Microsoft-Windows-CAPI2-certs" migrate="no" ID="http://www.microsoft.com/migration/1.0/migxmlext/cmi/microsoft-windows-capi2-certs/microsoft-windows-capi2-certs/settings"/> And then pass the new config to scanstate with the /config flag. https://docs.microsoft.com/en-us/windows/deployment/usmt/usmt-customize-xml-files I am not sure I will be able to submit a patch to the project because currently, my solution is hardcoded and not dynamic. The generated XML has hundreds of lines and options and I don't know what the all do. There even seem to be some redundant parts of the xml. I am attaching my generated XML. I had to modify the Invoke-USMTGUI script in the following sections Line 789 # Create config syntax for scanstate for custom XMLs. IF ($SelectedXMLS) { #Create the scanstate syntax line for the config files. foreach ($ConfigXML in $SelectedXMLS) { $ConfigXMLPath = """$Script:USMTPath\$ConfigXML""" $ConfigXMLConfigPath = """$Script:USMTPath\ConfigSettings.xml""" #https://docs.microsoft.com/en-us/windows/deployment/usmt/usmt-customize-xml-files $ScanstateConfig = "/i:$ConfigXMLPath /config:$ConfigXMLConfigPath" } } # Create config syntax for scanstate for generated XML. IF (!($SelectedXMLS)) { # Create the scan configuration Update-Log 'Generating configuration file...' $Config = Set-Config $GeneratedConfig = """$Config""" $ConfigXMLConfigPath = """$Script:USMTPath\ConfigSettings.xml""" #https://docs.microsoft.com/en-us/windows/deployment/usmt/usmt-customize-xml-files $ScanstateConfig = "/i:$GeneratedConfig /config:$ConfigXMLConfigPath" } I am not sure if I needed to modify the loadstate commands also but I did. Line 979 # Set the value for the Config file if one exists. if (Test-Path "$Destination\Config.xml") { $LoadStateConfigFile = """$Destination\Config.xml""" $LoadStateSettingConfigFile = """$Script:USMTPath\ConfigSettings.xml""" #https://docs.microsoft.com/en-us/windows/deployment/usmt/usmt-customize-xml-files $LoadStateConfig = "/i:$LoadStateConfigFile /config:$LoadStateSettingConfigFile" } ConfigSettings.xml.txt <https://github.com/nickrod518/Migrate-WindowsUserProfile/files/3055482/ConfigSettings.xml.txt> — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#45 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ACFW-0eGsU1Eb0bi8t1T1LcOYxWmuSk1ks5ve3d7gaJpZM4aNsqW> .

[NathanTheGr8]

No, because the custom XML button loads each file with the /i flag, I need to run this file with the /config flag.

.\Migrate-WindowsUserProfile-master\Migrate-WindowsUserProfile-master\USMT\amd64\scanstate.exe "\\10.3.32.69\C$\TEMP\MigrationStore\OldName" /i:".\Migrate-WindowsUserProfile-master\Migrate-WindowsUserProfile-master\USMT\amd64\ConfigSettings.xml"  /o /vsc /ue:* /ue:"OldName\*" /ue:"NT Service\*"  "/ui:Domain\account"   "/listfiles:\\10.3.32.69\C$\TEMP\MigrationStore\OldName\FilesMigrated.log" "/l:\\10.3.32.69\C$\TEMP\MigrationStore\OldName\scan.log" "/progress:\\10.3.32.69\C$\TEMP\MigrationStore\OldName\scan_progress.log" /efs:skip /c 

Saving state of IT5CG8443VM5L to \\10.3.32.69\C$\TEMP\MigrationStore\IT5CG8443VM5L....Complete!
Results:
| - Check log for any errors found in loaded migxml files
| - Verify config xml file is not loaded using /i
| - If duplicate SID exists from temp profile – use environment variable or delete temp profile
+-----------------------------------------------------------------------------------------

From the Scan.log

2019-04-08 15:58:16, Info                  [0x000000] Script file specified: C:\Users\user\Downloads\Migrate-WindowsUserProfile-master\Migrate-WindowsUserProfile-master\USMT\amd64\ConfigSettings.xml
2019-04-08 15:58:16, Error                 [0x08055d] MXE Agent: Migration XML C:\Users\uaser\Downloads\Migrate-WindowsUserProfile-master\Migrate-WindowsUserProfile-master\USMT\amd64\ConfigSettings.xml is not properly formatted. Message: Should be exactly one <migration> element.
2019-04-08 15:58:16, Error                 [0x000000] EngineStartup caught exception: FormatException: Should be exactly one <migration> element. __cdecl Mig::CMXEMigrationXml::CMXEMigrationXml(class Mig::CPlatform *,class UnBCL::String *,class UnBCL::XmlDocument *,class UnBCL::String *,class UnBCL::String *)
2019-04-08 15:58:16, Error                 [0x000000] Error while trying to start the migration engine
2019-04-08 15:58:16, Warning               [0x000000] Internal error 4 was translated to a generic error
2019-04-08 15:58:16, Info                  [0x000000] Failed.[gle=0x00000091]
2019-04-08 15:58:16, Info                  [0x000000]   Software malfunction or Unknown exception[gle=0x00000091]
2019-04-08 15:58:16, Info                  [0x000000] USMT Completed at 2019/04/08:15:58:16.500[gle=0x00000091]
2019-04-08 15:58:16, Info                  [0x000000] ----------------------------------- USMT ERROR SUMMARY -----------------------------------
2019-04-08 15:58:16, Info                  [0x000000] * USMT error code 26: 
2019-04-08 15:58:16, Info                  [0x000000] +-----------------------------------------------------------------------------------------
2019-04-08 15:58:16, Info                  [0x000000] | Software malfunction or Unknown exception, please check the following possible solutions:
2019-04-08 15:58:16, Info                  [0x000000] | - Check log for any errors found in loaded migxml files
2019-04-08 15:58:16, Info                  [0x000000] | - Verify config xml file is not loaded using /i
2019-04-08 15:58:16, Info                  [0x000000] | - If duplicate SID exists from temp profile – use environment variable or delete temp profile
2019-04-08 15:58:16, Info                  [0x000000] +-----------------------------------------------------------------------------------------