Jump to content


sweety_devil

How to exclude system and user certificates with USMT

Recommended Posts

We are migrating from Windows 7 to Windows 10 1703 and we have a task sequence with USMT.

We have an issue with the old certificates which are imported during the capture and prevent the SCCM client to work correctly.

Do you know how to exclude the certificates during the capture ?

I tried to modify my custom.xml and add theses lines but it doesn't work:

<component type="Documents" context="System">
       <displayName>SkipMachineCerts</displayName>
       <role role="Data">
          <rules>
             
      <unconditionalExclude>
                <objectSet>
                   <pattern type="Registry">HKLM\SOFTWARE\Microsoft\SystemCertificates\My\Certificates\*[*]</pattern>
                </objectSet>
             </unconditionalExclude>
          </rules>
       </role>
    </component>

Share this post


Link to post
Share on other sites

On 1/31/2018 at 3:40 AM, sweety_devil said:

We are migrating from Windows 7 to Windows 10 1703 and we have a task sequence with USMT.

We have an issue with the old certificates which are imported during the capture and prevent the SCCM client to work correctly.

Do you know how to exclude the certificates during the capture ?

I tried to modify my custom.xml and add theses lines but it doesn't work:

<component type="Documents" context="System">
       <displayName>SkipMachineCerts</displayName>
       <role role="Data">
          <rules>
             
      <unconditionalExclude>
                <objectSet>
                   <pattern type="Registry">HKLM\SOFTWARE\Microsoft\SystemCertificates\My\Certificates\*[*]</pattern>
                </objectSet>
             </unconditionalExclude>
          </rules>
       </role>
    </component>

The most precise way to do this is to set the "migrate" property to "no" in the following two lines of your generated Config.xml file:

<component displayname="Microsoft-Windows-Crypto-keys" migrate="no" ID="http://www.microsoft.com/migration/1.0/migxmlext/cmi/microsoft-windows-crypto-keys/microsoft-windows-crypto-keys/settings"/>

<component displayname="Microsoft-Windows-CAPI2-certs" migrate="no" ID="http://www.microsoft.com/migration/1.0/migxmlext/cmi/microsoft-windows-capi2-certs/microsoft-windows-capi2-certs/settings"/>

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.