Why do my /ue: switches not work in WinPE for USMT ?

Posted on January 13, 2017 by ncbrady

Introduction

This is a quick post which hopefully will help others. When troubleshooting USMT data migration you may want to have user exclusions in order to exclude migrating data from certain domain and local accounts. In our case however, the exclusions were totally ignored. Why ?

Problem

In WinPE when doing offline User State Migration Tasks, scanstate cannot resolve the username to a sid and therefore ignores the /ue:DOMAIN\USER command.

Solution

Use the domain user (or local user) SID value to exclude that user account, for example

D:\USMT\amd64\scanstate.exe D:\StateStore /c /o /nocompress /ue:DOMAIN\USER /hardlink /i:D:\USMT\amd64\MigApp.xml /i:D:\USMT\amd64\MigUser.xml /config:D:\USMT\amd64\Windows10_Config.xml /efs:hardlink /offlinewinold:D:\Windows /v:13 /l:D:\_SMSTaskSequence\scanstate.log

becomes

D:\USMT\amd64\scanstate.exe D:\StateStore /c /o /nocompress /ue:S-1-5-21-1393529485-3094145746-2189747129-280253 /hardlink /i:D:\USMT\amd64\MigApp.xml /i:D:\USMT\amd64\MigUser.xml /config:D:\USMT\amd64\Windows10_Config.xml /efs:hardlink /offlinewinold:D:\Windows /v:13 /l:D:\_SMSTaskSequence\scanstate.log

Also, if you have ‘include’ rules (for file extensions etc) in your miguser.xml or custom.xml files, you’ll need an unconditional exclusion for the user’s profile such as below

<!– unconditionalExclude SECTION –>
<component type=”Documents” context=”System”>
<displayName _locID=”miguser.userdata”>Common Exclusions</displayName>
<role role=”Data”>
<rules>
<unconditionalExclude>
<objectSet>
<pattern type=”File”>C:\Users\USER\*[*]</pattern>
</objectSet>
</unconditionalExclude>
</rules>
</role>
</component>

Recommended reading

https://technet.microsoft.com/sv-se/itpro/windows/deploy/usmt-common-issues

 

This entry was posted in unconditionalexclude, USMT, Windows 10. Bookmark the permalink.

2 Responses to Why do my /ue: switches not work in WinPE for USMT ?

  1. kuvinod7 says:
    August 24, 2017 at 7:11 pm

    Hi – In the XMl should we also specify the folder name of the user account ? Like
    C:\Users\USER

    Reply
  2. kuvinod7 says:
    September 8, 2017 at 8:19 pm

    Hi – I was able to find a way to exclude the accounts even when running in WINPE. This are the steps that was followed :
    1. Create a custom task sequence variable and associate them with the SID’s.
    2. During Restore phase call the /UE option with the custom TS variable.

    Script:
    On Error Resume Next
    Const HKEY_LOCAL_MACHINE = &H80000002
    strComputer = “.”
    i = 0
    set env = CreateObject(“Microsoft.SMS.TSEnvironment”)
    Set objRegistry=GetObject(“winmgmts:\\” & _
    strComputer & “\root\default:StdRegProv”)
    strKeyPath = “SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList”
    objRegistry.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubkeys
    For Each objSubkey In arrSubkeys
    strValueName = “ProfileImagePath”
    strSubPath = strKeyPath & “\” & objSubkey
    objRegistry.GetExpandedStringValue HKEY_LOCAL_MACHINE,strSubPath,strValueName,strvValue
    strValue = lcase(strvValue)
    If Instr(objSubkey, “S-1-5-21″) 0 then
    If Instr(strvValue,”\svc”) 0 or Instr(strvValue,”\localadmin”) then
    i = i + 1
    TSSIDi = “TSSID”&i
    env(TSSIDi) = objSubkey
    End If
    End If
    Next

    Under Restore Option in Task Sequence:
    OSDMigrateAdditionalRestoreOptions –
    /ui:DomainName\%SMSTSUDAUSERS% /config:%_SMSTSMDataPath%\Packages\ABC00001\%PROCESSOR_ARCHITECTURE%\Config.xml /ue:%TSSID1% /ue:%TSSID2% /ue:%TSSID3% /ue:%TSSID4% /ue:%TSSID5%

    Thanks,

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.