Registry sync broken when using a privacy setting!

H

HSeber

New Member
When you disable "DisableWindowsConsumerFeatures" setting under Privacy Setting - this will break the shared Policy key sync in the registry! (verified)

Details:

Key "HKEY_LOCAL_MACHINE\SOFTWARE\Policies"
is a shared location with
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies"

docs.microsoft.com

Registry Keys Affected by WOW64 - Win32 apps

Under WOW64, certain registry keys are redirected.
docs.microsoft.com

If you "deactivate" the mentioned privacy setting the sync between those two keys is broken. If you have active GPO's - those will not populate into
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies

To fix the registry sync you can (you can't if the sync is working!) need to delete the whole key "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies" followed by a immediately reboot.

I would mark this as a major issue.
NTLite v.2.2.0.8160
 
Last edited:
Hi,

thanks for pointing this out.
Before trying and testing, I wonder if know to save me time if the issue is only there when applied on an image, no issue if set after install?
In which case it's easy to add a delay-apply switch in the tweak, so we can continue using it.
 
Hi Nuhi,

well, i'll describe how to reproduce the issue:

I always use a untouched MSDN Windows 10 Business Edition ISO image for customization's.
Loading the Enterprise Edition in NTLite then i call my preset which include:
<Tweak name="CloudContent\DisableWindowsConsumerFeatures">1</Tweak>
I apply the changes & Trim Editions, leaving only Enterprise and Windows Setup in boot.wim. - create ISO.

Fire up the ISO in a VM (without network). On OOBE i enter audit mode to install some Desktop Applications for a sysprep afterwards.
Once i enter the audit mode and checking the registry -> sync is already broken, WOW6432Node\Policies contains only the consumer key (I'll try to get a screenshot for you, which will probably help you to identify the issue)

All remaining steps are uninteresting, sync stays broken even after sysprep and final ISO creation.
Currently my workaround is to inject the value DisableWindowsConsumerFeatures=1 via "SetupComplete.cmd" :
REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent /v DisableWindowsConsumerFeatures /t REG_DWORD /d 1 /f

So, i think that key probably gets somehow wrong injected by NTLite?
This problem has existed for several NTLite versions and we have only now found out the cause.

When you rely on GPO's and in your AD...you've got real problems.
 

Attachments

  • issue.xml
    7.1 KB
Nuhi,

the bug is still present in current NTLite (2.3.0.8396)
Testing now with Windows 11 but makes no difference. Attached a screenshot of the broken sync.
In the WOW6432Node there exist only one DWORD32 key.
 

Attachments

  • Policy_sync_error.jpg
    Policy_sync_error.jpg
    157.5 KB
I have this problem even without using any item in Settings. I tried to maintain Content Delivery Manager, Telemetry Client and several other components without success. I'm trying to find the culprit.
 
When I read the WOW64 registry docs, it says the Windows registry redirector mirrors updates to WOW64 on a live system.
But this process is not running for any offline image. The correct action is for NTLite to write keys in both locations on the mounted hive.

- Applying reg file in Post-Setup works, because the redirector will sync.
- Deleting WOW64 keys and rebooting works, because the redirector will sync.
- Modifying an offline image doesn't work, because there is no redirector present.

The obvious test is by checking if mirroring ONLY works for post-setup, but not offline integration (which Settings is the same action).

https://docs.microsoft.com/en-us/windows/win32/winprog64/registry-reflection
https://docs.microsoft.com/en-us/windows/win32/winprog64/shared-registry-keys
 
Last edited:
garlin said:
The obvious test is by checking if mirroring ONLY works for post-setup, but not offline integration (which Settings is the same action).
Click to expand...
Basically i know of 3 ways (2 offline & 1 online) to configure this setting in NTLite:
"DisableWindowsConsumerFeatures"=dword:00000001

1. Configure - Settings -> BAD (sync broken)
2. Integrate - Registry -> WORKS (sync not broken)
3. Automate - Post-Setup -> WORKS (sync not broken)

I've tested all 3 options.
I guess No.2 is also a kind of "offline" integration. So i would answer to your question with: No

PS: I found another Settings who is causing the same problem ->
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent]
"DisableCloudOptimizedContent"=dword:00000001
 
HSeber, oh my, after writing a book to reply where to next, I think I got it thanks to your initial post.
It's so simple, NTLite is explicitly setting the WOW64 key for this entry for completion sake, thus overwriting the mirror.
Mirroring is working, but as you said first need to delete the explicit key which is masking/blocking it.

Will correct this and send two of you a test version to confirm.
Of course will create a test first to catch all of the mirroring possibilities, not just this key.
 
nuhi said:
It's so simple, NTLite is explicitly setting the WOW64 key for this entry for completion sake, thus overwriting the mirror.
Mirroring is working, but as you said first need to delete the explicit key which is masking/blocking it.
Click to expand...
This makes perfect sense. Looks like you've solved the mystery :)

I deleted the key "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies" and the mirror is working again. Before that I only had one key in WOW6432Node\Policies related to Windows Defender (component that I removed). So in my case any component that when removed by NTLite it creates a key in WOW6432Node\Policies will stop the mirror.
 
Thanks for your pre-release input, the fix is released in 8526+.
Let me know if you see any leftover issues regarding this topic.
 
You must log in or register to reply here.
Back
Top