windowsinstallationappxmsixpost-install

Windows 10 OOBE Post-Setup: How to allow PowerShell Add-AppxPackage?


regarding a missing AppxPackage error on the last official Win 10 LTSC-Release I want to automatically install it in the post setup of Windows setup processing: Out of Box Experience (OOBE), the first boot UI. Therefore, I have the .appx file and put the following line in the SetupComplete.cmd:

powershell.exe -ExecutionPolicy bypass -Command "Add-AppxPackage %WINDIR%\Setup\Files\Microsoft.VCLibs.140.00_14.0.30704.0_x64__8wekyb3d8bbwe.appx" >> %WINDIR%\Setup\Files\log.txt

I am able to execute this line manually in a non-elevated PowerShell console but unfortunately, this is not working automatically within the Windows Setup processing as it says in the log (sorry, it is German):

Add-AppxPackage : Fehler bei Bereitstellung. HRESULT: 0x80073CF9, Fehler bei der Installation. Wenden Sie sich an den Softwarehersteller. (Ausnahme von HRESULT: 0x80073CF9) Der Bereitstellungsvorgang Add fr das Paket "Microsoft.VCLibs.140.00_14.0.30704.0_x64__8wekyb3d8bbwe" von der Installationsanforderung "Microsoft.VCLibs.140.00_14.0.30704.0_x64__8wekyb3d8bbwe.appx" wurde abgelehnt, da dieser Vorgang mit dem lokalen Systemkonto nicht ausgefhrt werden darf. HINWEIS: Wenn Sie weitere Informationen wnschen, suchen Sie im Ereignisprotokoll nach [ActivityId] 895ecdc3-eb9b-0002-0fcf-5e899bebd701, oder verwenden Sie die Befehlszeile Get-AppxLog -ActivityID 895ecdc3-eb9b-0002-0fcf-5e899bebd701 In Zeile:1 Zeichen:1

  • Add-AppxPackage C:\Windows\Setup\Files\Microsoft.VCLibs.140.00_14.0.3 ...
    + CategoryInfo          : WriteError: (C:\Windows\Setu...kyb3d8bbwe.appx:String) [Add-AppxPackage],
IOException
    + FullyQualifiedErrorId : DeploymentError,Microsoft.Windows.Appx.PackageManager.Commands.AddAppxPackageCommand

Why is the local system account not able to install that package?


Solution

  • MSIX/AppX application packages are installed separately for each Windows user account - the app files are extracted to a central system location, but the registration of the app with the system has to be done for each user. I don't know why the Local System account is specifically banned from installing packages, but I can guess why that is so: it doesn't make sense for app packages to be installed for a user account that doesn't even represent a real person, let alone one that can login to the device.

    If you'd like the package you're trying to install to be available to all users on the computer, you should "provision" the package using the Deployment Imaging and Servicing Manager (DISM). Provisioned packages will be installed automatically for all existing user accounts the next time they login, and for all newly created accounts on first login.

    With DISM's /Add-ProvisionedAppXPackage subcommand (PowerShell version: Add-AppXProvisionedPackage), you can add a provisioned package to the running copy of Windows. I recommend you not do this in OOBE but earlier, in sysprep audit mode:

    :: .bat or .cmd batch file would look like this:
    Dism.exe -online -add-provisionedAppxPackage -packagePath:X:\whatever.appx
    
    # PowerShell .ps1 script would look like this:
    Add-AppXProvisionedPackage -Online -PackagePath X:\whatever.appx
    

    You could also use DISM to provision the package in a Windows installation image (.WIM file) before Windows even gets installed on the device:

    :: use Dism.exe -get-wiminfo to find the WIM's "index" number for the Windows edition or custom image you want to change
    Dism.exe -mount-wim -wimFile:D:\sources\install.wim -index:1 -mountDir:X:\WimMount
    Dism.exe -image:X:\WimMount -add-provisionedAppxPackage -packagePath:X:\whatever.appx
    Dism.exe -unmount-wim -mountDir:X:\WimMount -commit
    
    # use Get-WindowsImage to find the index for the image you want to change
    Mount-WindowsImage -ImagePath D:\sources\install.wim -Index 1 -Path X:\WimMount
    Add-AppXProvisionedPackage -Path X:\WimMount -PackagePath X:\whatever.appx
    Dismount-WindowsImage -Path X:\WimMount -Save